Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label IT Systems. Show all posts
Social Security Numbers
Data Breach Healthcare Data IT Systems NYBC Ransomware Social Security Numbers

New York Blood Center Data Breach Exposes Nearly 200,000 Records

 



The New York Blood Center Enterprises (NYBCe) has reported a major cybersecurity incident that compromised the personal information of nearly 194,000 people. The breach occurred between January 20 and January 26, 2025, when an unauthorized party gained access to the organization’s network and extracted copies of certain files.


What information was taken

The investigation confirmed that sensitive details were involved in the leak. These included names, Social Security numbers, driver’s license and other state-issued identification numbers, as well as bank account information for individuals who received payments by direct deposit. In some cases, health data and medical test results were also exposed.

NYBCe has not disclosed how the attackers infiltrated its systems, whether ransomware was used, or if any ransom demand was made. No known criminal group has claimed responsibility for the breach so far.


Why affected individuals may not receive notices

Unlike many healthcare providers, NYBCe does not maintain contact information for all of its patients and service users. As a result, it cannot directly notify every individual whose records were accessed. Instead, the organization has urged anyone who has received services to call a dedicated helpline at 877-250-2848 to confirm whether their data was compromised.

To support those impacted, NYBCe is offering complimentary access to Experian’s identity protection and credit monitoring services for one year. Additional details are available through a filing with the Vermont Attorney General’s office.


Scale of the incident

Cybersecurity researchers note that this is among the largest healthcare-related breaches of 2025. Data compiled by Comparitech shows that the incident ranks as the fourth-largest ransomware-related exposure this year in terms of records affected, with healthcare organizations remaining frequent targets. By mid-2025, more than 60 attacks on hospitals, clinics, and direct care providers had been recorded, exposing over 5 million patient records.


Steps individuals should take

Experts emphasize that people potentially affected by this breach should take immediate precautions:

1. Contact NYBCe: Call the helpline to verify if your records were involved.

2. Use identity protection tools: Enroll in the free Experian services being offered, and consider placing a credit freeze or fraud alert with the credit bureaus.

3. Stay alert for scams: Watch for phishing emails or phone calls pretending to be official messages. Avoid clicking links, opening attachments, or sharing personal information unless you can confirm the source.

4. Monitor financial accounts: Check bank statements and health insurance records regularly for unusual charges or activity.

5. Adopt cybersecurity practices like second nature: Use strong passwords, enable two-factor authentication, and keep antivirus software updated.


The breach at NYBCe is a testament to the growing threat facing healthcare organizations, which often hold large amounts of sensitive data but face challenges in securing complex IT systems. Security experts warn that similar incidents are likely to continue, making it critical for organizations to improve defenses and for individuals to remain vigilant about protecting their personal information.



Read more »
US
Department of Homeland Security IT Systems Privacy Sensitive Information US

DHS Data Sharing Error Left Sensitive Intelligence Open to Thousands

 



A technology mishap inside the U.S. Department of Homeland Security (DHS) briefly left sensitive intelligence records open to people who were never supposed to see them. The issue, which lasted for several weeks in 2023, involved the Homeland Security Information Network (HSIN) — a platform where intelligence analysts share unclassified but sensitive reports with select government partners.

The restricted section of HSIN, known as HSIN-Intel, is designed for law enforcement agencies and national security officials who require access to intelligence leads and analyses. However, due to a misconfiguration, access controls were set incorrectly, making the files visible to the entire network rather than just the authorized users. As a result, thousands of individuals, including government employees in unrelated departments, private contractors, and even some foreign officials were able to view materials meant for a much smaller audience.

An internal review later revealed that 439 intelligence products were exposed during this period, with unauthorized users opening them more than 1,500 times. While many of the users were from within the United States, the inquiry confirmed that several foreign accounts also accessed the data. Nearly 40 percent of the leaked material related to cybersecurity, including reports on state-sponsored hacking groups and foreign attempts to infiltrate government IT systems. Other exposed content included law enforcement tips, assessments of disinformation campaigns, and files mentioning protest activity within the United States.

DHS acted quickly to fix the technical error once it was discovered. The department later stated that oversight bodies determined no serious harm resulted from the incident. Yet not all officials agreed with this conclusion. The internal memo describing the incident argued that personally identifiable information, such as details connected to U.S. citizens had been exposed and that the impact might have been greater than DHS initially suggested. The document recommended additional training for staff to ensure stronger protection of personal data.

Privacy experts point out that the incident raises wider concerns about domestic surveillance practices. When government agencies collect and store intelligence on Americans, even unclassified data, errors in handling it can create risks for both national security and individual privacy. Critics argue that such leaks highlight the need for stronger oversight and accountability, especially as legislative efforts to reform DHS’s intelligence powers continue in Congress.

Although DHS maintains that the exposure was contained and promptly resolved, the episode underlines how technical flaws in sensitive systems can have unintended consequences. When security tools are misconfigured, information meant for a limited circle of analysts can spread far beyond its intended audience. For citizens and policymakers alike, the event is a reminder of the delicate balance between gathering intelligence to protect the country and ensuring that privacy and civil liberties are not compromised in the process.



Read more »
Supply Chain
Cyber Attacks highlighting Automotive Cybersecurity risks IT Systems Jaguar Land Rover Cybersecurity Breach disrupts Production Manufacturing Retail Operations Supply Chain

Cybersecurity Breach Leads to Major Disruption at Jaguar Land Rover


 

In a major cybersecurity incident which has caused major disruption to the operations of Jaguar Land Rover, it highlights the growing vulnerability of automakers across the world to cyberattacks, underlining the increasing need to maintain communication channels between automakers and their customers. 

In a statement released on September 2, the British luxury car manufacturer said that the attack had severely disrupted its core computer systems. This led to the suspension of production across the company's UK assembly plants and ripple effects throughout the entire organisation, including global operations, supply chain coordination, and manufacturing engineering. 

Having taken proactive measures to counter the threat, JLR disabled several key systems, resulting in widespread problems in how suppliers and logistics partners could communicate in real-time with one another.

Although the company has not yet provided any details concerning the ransomware or any other forms of malicious code that were responsible for the breach, the company has stated that its internal security experts are working closely with external cyber experts to investigate it, with critical systems currently being restored in a "controlled fashion" under the guidance of external cyber experts.

A major impact of the disruption has already been felt by Jaguar Land Rover’s workforce and production schedule. The Halewood plant, located near Liverpool, was instructed to close early Monday morning via email. Local news reports indicate that the shutdown will continue until midweek, as local reports have suggested. 

There have been a number of issues that have affected the company’s manufacturing operations, but also its retail outlets, which have disrupted the flow of vehicles to customers in the wake of the incident. A JLR official statement confirmed that the company was dealing with a “cyber incident” and that critical systems had been shut down promptly to contain the situation. 

However, the automaker stressed that, although there are ongoing investigations into the issue, there is no indication that any customer data has been compromised at the moment. Although the company acknowledged that both retail and production activities have been severely disrupted, it explained that global applications are gradually being restored in a controlled manner, a process that it described as controlled. 

Last year, JLR generated revenues of more than £28.99 billion ($38.75 billion), employing over 39,000 people across the globe. However, recent financial struggles have resulted in a 49 per cent drop in pre-tax profits for the company in the second quarter, owing in part to the fact that U.S. exports are slowed by tariffs. 

In addition to this attack, JLR has also joined Marks & Spencer, the Co-op, and Harrods among the growing list of high-profile British brands targeted by cyber attacks this year, adding the retailer to the list. In a recent report, the cyberattack is reported to have begun on Sunday, coinciding with the beginning of September, a time when the automotive industry in the UK is experiencing heightened importance, due to the introduction of new registration plate identifiers. 

A biannual change in vehicle prices usually occurs in March and September, and it is widely acknowledged as one of the most important promotional windows for manufacturers, as it drives a significant surge in vehicle sales. Therefore, the disruption has come at a particularly sensitive time for Jaguar Land Rover, since a large portion of the company's annual sales are attributed to these particular months, which are more critical than usual.

As reported by the BBC, the automaker discovered the attack while it was still unfolding, which prompted it to shut down potentially affected IT systems to limit the consequences. In its statement issued on 2 September, Jaguar Land Rover confirmed that work is underway to return global applications to service in a controlled manner. 

Even though retail and production operations remain severely affected, no evidence has been found that customer data has been compromised. There is a growing vulnerability in highly digitalised manufacturing environments, according to industry experts, and the incident underscores that. As a result of the integration of IT with operational technology, a single breach can freeze entire plants and ripple through the entire supply chain in a matter of seconds. 

As a result of any downtime, suppliers, retailers, and their partners are affected by loss of production, delayed sales, and disruptions. During his recent comment, Dray Agha, Senior Manager of Security Operations at Huntress, expressed his opinion that this example illustrates how one single IT system attack could shut down a multi-billion-dollar production line, causing direct sales to be negatively impacted, especially during a key period like a new registration period. 

It has been reported by SecurityScorecard’s Chief Threat Intelligence Officer, Ryan Sherstobitof, that in addition to forcing the shutdown of JLR’s Solihull factory, the cyberattack also prevented dealers in the UK from registering new cars and supplying parts. With no information available from the company as to what caused the breach or when it was expected to recover, the company did not provide details on the situation. 

After a cyber incident in March involving Jaguar Land Rover, which claimed that hackers had stolen the source code and tracking data, the disruption marks the second cyber incident to have struck Jaguar Land Rover this year. This recurrence raised concerns about the possibility of exploiting vulnerabilities that were previously exposed in the earlier breach, said Nick Tausek, Lead Security Automation Architect at Swimlane.

It is also important to emphasise, according to other cybersecurity specialists, that this episode highlights the urgency of strengthening cyber hygiene, robust authentication and authorisation practices, as well as tightening data flow protections. "Cyber resilience is fundamental to overall business resilience," said Jon Abbott, CEO of ThreatAware. He said that disruptions can be hugely destructive to a business. 

There are many manufacturers in the manufacturing sector that are so heavily dependent on the uptime of their operations that they would never want to become the subject of future headlines regarding cyber incidents. The recent developments at Jaguar Land Rover serve as a timely reminder that cybersecurity is no longer just a peripheral concern, but rather a vital component of operational continuity. 

It is becoming increasingly important for digital infrastructure to have resilience as cars become increasingly connected and production systems become more deeply intertwined with global supply chains, which has a direct impact on market stability and customer confidence. 

Manufacturers can do their part not just by implementing reactive containment measures, but also by investing in proactive measures—enhancing endpoint protection, implementing layered defences, and conducting rigorous penetration tests to identify hidden vulnerabilities in their systems. In addition to technology, it is equally important to cultivate a culture of cyber awareness throughout the organisation in order to ensure that every employee understands their role in safeguarding critical systems, regardless of the technology they use. 

It's widely believed that companies which embed cyber resilience into the very core of their business DNA will gain a competitive advantage over their peers in the long run. Investors and consumers alike will gravitate towards brands which can demonstrate resilience when dealing with ever-evolving digital threats. Ultimately, the incident represents more than a disruption, as it also highlights the need for cybersecurity to be deemed just as important as innovation, safety, and sustainability in the automotive industry as a whole.
Read more »
Sensitive Data Leak
Cyber Attacks Data Leak data security Data Theft IT Systems Ransomware attack Ransomware group Ransomwares Sensitive Data Leak

Tata Technologies Cyberattack: Hunters International Ransomware Gang Claims Responsibility for 1.4TB Data Theft

 

Hunters International, a ransomware group known for high-profile cyberattacks, has claimed responsibility for a January 2025 cyberattack on Tata Technologies. The group alleges it stole 1.4TB of sensitive data from the company and has issued a threat to release the stolen files if its ransom demands are not met. Tata Technologies, a Pune-based global provider of engineering and digital solutions, reported the cyberattack in January. 

The company, which operates in 27 countries with over 12,500 employees, offers services across the automotive, aerospace, and industrial sectors. At the time of the breach, Tata Technologies confirmed that the attack had caused disruptions to certain IT systems but stated that client delivery services remained unaffected. The company also assured stakeholders that it was actively restoring impacted systems and conducting an internal investigation with cybersecurity experts. 

However, more than a month later, Hunters International listed Tata Technologies on its dark web extortion page, taking responsibility for the attack. The group claims to have exfiltrated 730,000 files, totaling 1.4TB of data. While the ransomware gang has threatened to publish the stolen files within a week if a ransom is not paid, it has not provided any samples or disclosed the nature of the compromised documents. Tata Technologies has yet to release an update regarding the breach or respond to the hackers’ claims. 

BleepingComputer, a cybersecurity news platform, attempted to contact the company for a statement but did not receive an immediate response. Hunters International emerged in late 2023, suspected to be a rebranded version of the Hive ransomware group. Since then, it has carried out multiple high-profile attacks, including breaches of Austal USA, a U.S. Navy contractor, and Japanese optics company Hoya. 

The group has gained notoriety for targeting various organizations without ethical restraint, even engaging in extortion schemes against individuals, such as cancer patients from Fred Hutchinson Cancer Center. Although many of the gang’s claims have been verified, some remain disputed. For example, in August 2024, the U.S. Marshals Service denied that its systems had been compromised, despite Hunters International’s assertions.  

With cybercriminals continuing to exploit vulnerabilities, the Tata Technologies breach serves as another reminder of the persistent and evolving threats posed by ransomware groups.
Read more »
Supply chain vulnerability
CNI CrowdStrike CrowdStrike outage Cyber Security cybersecurity resilience IT Industry IT Systems Supply chain vulnerability

2024 CrowdStrike Outage Reveals Critical IT Vulnerabilities

 


The CrowdStrike outage in July 2024 exposed significant weaknesses in global IT supply chains, raising concerns about their resilience and dependence on major providers. The disruption caused widespread impact across critical sectors, including healthcare, transportation, banking, and media. Key services—such as parts of the NHS, international transport hubs, and TV networks—experienced significant downtime, highlighting vulnerabilities in centralized IT systems.

The outage was attributed to a faulty software update for Microsoft Windows users provided by cybersecurity firm CrowdStrike. Initial fears of a cyberattack were ruled out, but the incident shed light on the inherent risks of reliance on a few dominant providers in global IT supply chains. Experts warned that such dependencies create singular points of failure, leaving essential infrastructure exposed to systemic disruptions.

One of the most affected sectors was healthcare, where operations in the NHS were forced to revert to manual methods like pen and paper. Dafydd Vaughan, chief technology officer at Public Digital, emphasized the dangers of monopolistic control in critical services. He highlighted that EMIS, a provider serving over 60% of GP surgeries in England and Wales, dominates the healthcare IT landscape. Vaughan advocated for increased competition within IT supply chains to mitigate risks and enhance resilience.

Far-Reaching Impacts

The repercussions of the outage extended beyond healthcare, disrupting transport systems, banking operations, and broadcasting networks. These interruptions prompted calls for enhanced safeguards and reinforced the need for robust IT infrastructure. Recognizing the severity of these vulnerabilities, the UK government elevated data centres to the status of critical national infrastructure (CNI). This designation ensures they receive additional protection and resources, similar to essential utilities like water and energy.

Government Response and Future Legislation

In response to the crisis, the Labour Government, which assumed power in July 2024, announced plans to introduce the Cyber Security and Resilience Bill in 2025. This proposed legislation aims to expand regulatory oversight, enforce stringent cybersecurity standards, and improve reporting protocols. These measures are designed to fortify national defenses against both outages and the escalating threat of cyberattacks, which increasingly target critical IT systems.

The CrowdStrike incident underscores the pressing need for diversified and resilient IT supply chains. While the government has taken steps to address existing vulnerabilities, a sustained focus on fostering competition and enhancing infrastructure is essential. By proactively preparing for evolving threats and ensuring robust safeguards, nations can protect critical services and minimize the impact of future disruptions.

Read more »
Ransomwares
Cyber Attacks Defense Hacker attack Inc ransomware IT Systems IT systems breach Military Data NATO Ransomwares

Hungarian Defence Agency Hacked: Foreign Hackers Breach IT Systems

 

Foreign hackers recently infiltrated the IT systems of Hungary’s Defence Procurement Agency, a government body responsible for managing the country’s military acquisitions. According to Gergely Gulyas, the chief of staff to Hungarian Prime Minister Viktor Orban, no sensitive military data related to Hungary’s national security or its military structure was compromised during the breach. Speaking at a press briefing, Gulyas confirmed that while some plans and procurement data may have been accessed, nothing that could significantly harm Hungary’s security was made public. The attackers, described as a “hostile foreign, non-state hacker group,” have not been officially identified by name. 

However, Hungarian news outlet Magyar Hang reported that a group known as INC Ransomware claimed responsibility for the breach. According to the outlet, the group accessed, encrypted, and reportedly published some files online, along with screenshots to demonstrate their access. The Hungarian government has refrained from confirming these details, citing an ongoing investigation to assess the breach’s scope and potential impact fully. Hungary, a NATO member state sharing a border with Ukraine, has been increasing its military investments since 2017 under a modernization and rearmament initiative. 

This program has seen the purchase of tanks, helicopters, air defense systems, and the establishment of a domestic military manufacturing industry. Among the notable projects is the production of Lynx infantry fighting vehicles by Germany’s Rheinmetall in Zalaegerszeg, a region in western Hungary. The ongoing conflict in Ukraine, which began with Russia’s 2022 invasion, has further driven Hungary to increase its defense spending. The government recently announced plans to allocate at least 2% of its GDP to military expenditures in 2024. Gulyas assured reporters that Hungary’s most critical military data remains secure. 

The Defence Procurement Agency itself does not handle sensitive information related to military operations or structural details, limiting the potential impact of the breach. The investigation aims to clarify whether the compromised files include any material that could pose broader risks to the nation’s defense strategy. The breach raises concerns about the cybersecurity measures protecting Hungary’s defense systems, particularly given the escalating reliance on advanced technology in modern military infrastructure. With ransomware attacks becoming increasingly sophisticated, governments and agencies globally are facing heightened pressure to bolster their cybersecurity defenses. 

Hungary’s response to this incident will likely involve a combination of intensified cybersecurity protocols and ongoing collaboration with NATO allies to mitigate similar threats in the future. As the investigation continues, the government is expected to release further updates about the breach’s scope and any additional preventive measures being implemented.
Read more »
TCS
AI Revolution BPO Call Center Cyber Attacks CyberCrime Cybersecurity IT Systems Policymakers Software TCS

TCS CEO Predicts AI Revolution to Decimate India's Call Center Industry in Just One Year

 


As early as next year, Tata Consultancy Services' head said, artificial intelligence will generate a "minimal" need for call centres, as AI's rapid advancements to date are set to disrupt a vast industry across Asia and beyond. AI's rapid advancements are expected to result in the demise of vast call centres across the globe. 

The chief executive of TCS, K Krithivasan, told the Financial Times that although he had not seen any job reductions at the company so far, the wider adoption of generative artificial intelligence by multinational clients will transform the kinds of customer support centres that have created a lot of jobs in countries like India and the Philippines because of the massive growth in customer service. 

The author believes that chatbots equipped with generative artificial intelligence will be capable of analysing customer transaction histories as well as performing tasks traditionally handled by call centre agents. As a result of the possibility that generative AI might negatively affect white-collar jobs, such as call centre employees and software developers, policymakers around the globe have expressed concern. 

In the $48.9 billion IT and business process outsourcing industry that accounts for over five million jobs in India according to Nasscom, this is a significant threat to the country, which is known for its back-office services. It has been highlighted once again in the comments of the TCS CEO that AI is likely to take over many jobs, including call centre agents and software developers in the future.

The remarks of the TCS CEO are very important for India, which, according to Nasscome, employs over five million people in IT and BPO processes. In his opinion, AI will have a far greater impact on society than has been anticipated in the short term, even though there have been exaggerated expectations regarding its immediate effects. 

The chairman also mentioned that a growing need for individuals with technological skills will be observed in the coming years. Among the more than 600,000 employees of TCS, an arm of India’s Tata conglomerate, which develops IT systems for multinational companies, the company generates revenues of more than $30 billion annually. 

The flow is expected to be "significantly increased" and will almost double over a few more quarters, according to Krithivasan. To date, the company has been able to pay off its investment by selling a record number of orders worth $42.7 billion for the financial year that ends in March. Due to factors such as inflation, geopolitical tensions, and past elections, Krithivasan explained that previously, IT services spending had been clouded with "uncertainty." 

These factors have forced businesses to postpone investments in new technology projects due to the risk associated with such uncertainties. The CEO explained that considering TCS's revenue growth declined by 3% in 2005 as a result of this uncertainty. The chairman goes on to explain that TCS itself has an ongoing pipeline of generative AI projects of $900 million worth, he continues. It was also Krithivasan who stated during the announcement of TCS's Q4 financial results that the company have seen greater traction in the market since its AI. 

The cloud business unit was launched during the quarter. According to Krithivasan, TCS is also working on projects of generative AI, and as reported by the Financial Times, for the quarter ended at the end of the third quarter, the value of the project had doubled to be worth $900 million, an increase of 80% over the prior quarter. According to him, in the following quarters, order flows are expected to increase significantly. 

According to Krithivasan, this would not hurt employment if the demand for tech talent is increased, but not decreased as a consequence of this situation. His advice is that they need to train their workforce if they are to meet this demand, especially in India, where there is a high demand. According to the third quarter earnings report published on April 12 by the biggest IT services firm in India on the Fourth quarter earnings for the financial year 2023-24 (Q4 FY24), the company posted a net profit of Rs 12,434 crore, up 9.1 per cent from the third quarter. 

A revenue of Rs 61,237 crore was also reported for the quarter, an increase of 3.5 per cent from the previous quarter, corresponding to an increase of one per cent over the year-ago quarter. The notable difference between generative AI and traditional AI, however, is that Krithivasan warns that the benefits of generative AI shouldn't be overestimated, despite the expected disruptions. 

Krithivasan, the CEO of TCS, acknowledged the current buzz surrounding AI and its potential impact on jobs, but he stressed that its true effects will unfold gradually, possibly presenting new job opportunities rather than simply displacing existing ones. Addressing concerns about job losses, Krithivasan expressed confidence in the rising demand for tech talent, especially in countries like India. 

He proposed that the evolution of AI would result in the emergence of more skilled professionals, ultimately leading to job growth rather than reduction. However, a recent report from McKinsey Global Institute titled "Generative AI and the Future of Work in America" paints a contrasting picture. According to the report, jobs involving tasks that can be automated, such as data collection and repetitive duties, will likely be taken over by AI to enhance efficiency. 

Sectors like office support, customer service, and food service are expected to be particularly impacted by this AI-driven transformation, potentially leading to significant changes in employment dynamics.
Read more »
Sensitive data
Compliance Cyber Essentials scheme Data Breach Data protection Electoral Commission email security government-backed schemes Hackers Information Security IT audit IT Security IT Systems Sensitive data

Electoral Commission Fails Cyber-Security Test Amidst Major Data Breach

 

The Electoral Commission has acknowledged its failure in a fundamental cyber-security assessment, which coincided with a breach by hackers gaining unauthorized access to the organization's systems. 

A whistleblower disclosed that the Commission received an automatic failure during a Cyber Essentials audit. Last month, it was revealed that "hostile actors" had infiltrated the Commission's emails, potentially compromising the data of 40 million voters.

According to a Commission spokesperson, the organization has not yet managed to pass this basic security test. In August of 2021, the election watchdog disclosed that hackers had infiltrated their IT systems, maintaining access to sensitive information until their detection and removal in October 2022. 

The unidentified attackers gained access to Electoral Commission email correspondence and potentially viewed databases containing the names and addresses of 40 million registered voters, including millions not on public registers.

The identity of the intruders and the method of breach have not yet been disclosed. However, it has now been revealed by a whistleblower that in the same month as the intrusion, the Commission received notification from cyber-security auditors that it was not in compliance with the government-backed Cyber Essentials scheme. 

Although participation in Cyber Essentials is voluntary, it is widely adopted by organizations to demonstrate their commitment to security to customers. For organizations bidding on contracts involving sensitive information, the government mandates holding an up-to-date Cyber Essentials certificate. In 2021, the Commission faced multiple deficiencies in their attempts to obtain certification. 

A Commission spokesperson acknowledged these shortcomings but asserted they were unrelated to the cyber-attack affecting email servers.

One of the contributing factors to the failed test was the operation of around 200 staff laptops with outdated and potentially vulnerable software. The Commission was advised to update its Windows 10 Enterprise operating system, which had become outdated for security updates months earlier. 

Auditors also cited the use of old, unsupported iPhones by staff for security updates as a reason for the failure. The National Cyber Security Centre (NCSC), an advocate for the Cyber Essentials scheme, advises all organizations to keep software up to date to prevent exploitation of known vulnerabilities by hackers.

Cyber-security consultant Daniel Card, who has assisted numerous organizations in achieving Cyber Essentials compliance, stated that it is premature to determine whether the identified failures in the audit facilitated the hackers' entry. 

He noted that initial signs suggest the hackers found an alternative method to access the email servers, but there is a possibility that these inadequately secured devices were part of the attack chain.

Regardless of whether these vulnerabilities played a role, Card emphasized that they indicate a broader issue of weak security posture and likely governance failures. The NCSC emphasizes the significance of Cyber Essentials certification, noting that vulnerability to basic attacks can make an organization a target for more sophisticated cyber-criminals.

The UK's Information Commissioner's Office, which holds both Cyber Essentials and Cyber Essentials Plus certifications, stated it is urgently investigating the cyber-attack. When the breach was disclosed, the Electoral Commission mentioned that data from the complete electoral register was largely public. 

However, less than half of the data on the open register, which can be purchased, is publicly available. Therefore, the hackers potentially accessed data of tens of millions who had opted out of the public list.

The Electoral Commission confirmed that it did not apply for Cyber Essentials in 2022 and asserted its commitment to ongoing improvements in cyber-security, drawing on the expertise of the National Cyber Security Centre, as is common practice among public bodies.
Read more »
User Privacy
Data Breach Game Hacking IT Systems PDF Exploits Ransomware Attacks. Source Code leak User Privacy

Riot Games Hit by Data Breach

Riot Games reported last week that a social engineering attempt had infiltrated the systems in their software platform. Motherboard got the ransom note that was sent to Riot Games and reported that hackers demanded $10 million in exchange for keeping the stolen source code a secret and erasing it from their servers.

The LoL and TFT teams are investigating how to cheat developers who might exploit the data that was obtained to create new tools and evaluating whether any fixes are necessary to resist such nefarious attempts. According to the game creator, the game source code obtained during the security breach also includes certain unreleased features that might not make it to the release stage.

Hackers gave Riot Games two sizable PDFs as proof, claiming that they would demonstrate their access to Packman and the League of Legends source code. These files were also obtained by Motherboard, and they seem to display directories connected to the game's code. According to the ransom message, the hackers threatened to remove the code from their servers in exchange for payment and give insight into how the intrusion occurred and offer guidance on preventing future breaches.

The hackers indicated Riot Games could contact them through a Telegram chat, and they provided a link to that chat in the post. The motherboard has joined this channel. Its members contained usernames that corresponded to the names of Riot Games personnel.

No player or user information was taken during the attempt, as per Riot, but the company warned that it would take some time to adequately protect the systems and that patches might be delayed. The breach is the subject of an investigation by Riot Games. It appears that the attacker did not utilize ransomware but instead concentrated on stealing source code so they could demand money from the business.
Read more »
IT Systems
Cyber Security Cybersecurity DIHK IT Systems

DIHK Suffers Cyberattacks, Shuts Down IT Systems


About the DIHK Attack

The association of German Chambers of Industry and Commerce (DIHK) was compelled to close down all of its IT systems and shut off digital services, telephones, e-mail servers, as a counter measure to the cyberattack. 

DIHK is an association of 79 chambers that represent organizations within the German state, with more than 3 million members having business ranging from small shops to large enterprises within the country. 

The organisations attends to matters of legal representation foreign trade promotion, consultation, regional economic development, training, and offers generic assistance services to the members. 


How did attackers breach DIHK

A statement released on the DIHK site explains the shutdown as a precautionary measures, and provide IT teams time to find a solution and bring out a counter measure. 

Few services of the companies are slowly getting available again after some aggressive reviews that make sure it's safe to use them. But, the restoration of service isn't complete at the moment. 

DIHK general manager Michael Bergmann via a LinkedIn post told the public about the cyberattack incident that happened on Wednesday, and noted the incident as 'massive.' Currently, DIHK can't sayfor how long the urgent shutdown measures will be needed. 

The attack shows hints of ransomware, the systems have been shut down to stop the malware from spreading further, however, this information hasn't been verified officially. 

Besides this, no announcements of a successful compromise off DIHK on any of the big ransomware websites, however, it is too soon to comment on that. The cyberattack's impact doesn't have any local focus. 

Bleeping Computers reports "individual divisions in North Rhine-Westphalia, Lower Saxony, Bavaria, and Mecklenburg-Western Pomerania have all confirmed facing problems. For example, the Chamber of Industry and Commerce in Köln informed the public that phone lines work to a limited extent, while its website was still offline at the time of this writing."





Read more »
User Privacy
Cyber Attacks Email Attacks German Cyber Security IT Systems Russian Hackers User Privacy

14 Account's Email System Targeted the Green Party of Germany

 

The foreign minister Annalena Baerbock and the economy minister Robert Habeck's email accounts were both compromised last month, according to the German Green party, which is a member of the coalition government of the nation. 

The party acknowledged a revelation published on Saturday by the German magazine Der Spiegel, but claimed that the two had stopped using official party accounts since January.

According to a report on a German magazine Der Spiegel on Thursday, the Green Party said that a total of 14 accounts, including the party's co-leaders' Omid Nouripour and Ricarda Lang, were also hacked and that certain messages were sent to other servers. The article further read that the attack also had an impact on the party's "Grüne Netz" intranet IT system, where private information is exchanged.

The party declined to acknowledge Der Spiegel's claim that an electronic trace suggested the cyberattack may have originated in Russia because of the current investigation by German authorities.

"More than these email accounts are affected," the party official claimed. The topic concerns emails using the domain "@gruene.de." The representative stated that it was yet unknown who had hacked in. The first indication of the attack came on May 30 and since June 13, when specialists determined that there had been a breach, access to the system has been restricted. 

Authorities blamed the unauthorized access on Russian state-sponsored hackers. Baerbock has consistently taken a harsh approach in response to Russia's abuse of human rights and aggression against Ukraine. Since taking office in December, Habeck has been in charge of Germany's initiatives to wean itself off of Russian energy sources.

Network logs, according to the Greens, did not reflect any signs of the increased traffic levels that would indicate the theft of a significant amount of data.
Read more »
Wightlink
Cyber Attacks data security Ferry Company Hacking IT Systems Ports User Data User Privacy User Security Wightlink

Wightlink Customers' Details Compromised in Cyber Attack

 

Wightlink, a UK ferry company, has been struck by a highly complex cyber-attack that may have exposed the personal information of "a small number of customers and staff." Wightlink stated, the incident, which occurred in February, reportedly impacted certain back-office IT systems but not its ferry services, booking system, and website.

According to the company, law enforcement and the UK's Information Commissioner's Office (ICO) have been contacted, since they have possible breach victims. Wightlink has three routes between Hampshire in southeast England and the Isle of Wight, an island off the south coast. The company claims to carry 4.6 million passengers each year on over 100 daily sailings.

Wightlink claimed in a statement received by The Daily Swig: “Unfortunately, despite Wightlink taking appropriate security measures, some of its back-office IT systems were affected by a cyber-attack last month. However, this criminal action has not affected Wightlink’s ferries and FastCats, which have continued to operate normally during and following the attack, nor were its booking system and website affected.” 

Wightlink said it hired third-party cybersecurity experts to analyse and analyse the situation as soon as it was detected. The operator stated it was working with the South East Regional Organised Crime Unit in addition to reporting the incident to the ICO. 

The company stated, “Wightlink does not process or store payment card details for bookings. However, the investigation has identified a small number of customers and staff for whom other items of personal information may have been compromised during the incident. 

Wightlink chief executive Keith Greenfield stated, “I would like to thank all my colleagues at Wightlink who responded quickly ensuring that the impact to customers was minimised and that cross-Solent travel and bookings were unaffected.”
Read more »
Subscribe to: Comments (Atom)