Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Private Data. Show all posts
Private Data
Data Breach Data Leak MyPillow Play Ransomware Private Data

MyPillow Private Data Leaked Online After Mike Lindell Denies Hack

 

Mike Lindell, CEO of MyPillow, insists his company was never hacked, but a ransomware group leaked nearly 12,000 internal files online just two days after his public denial. The Play ransomware gang published a 9.8-gigabyte data cache containing sensitive financial, payroll, and personal information from the pillow manufacturer, directly contradicting Lindell’s claim that MyPillow was “the most secure company” in the country. 

The attack began when Play announced on its dark web blog last week that it had stolen data from MyPillow, threatening to publish everything on Friday if ransom demands were not met. In a Wednesday telephone interview with Straight Arrow News, Lindell said he never received any ransom demand and asserted no data was taken, calling the allegations “another hit job by outside sources because I’m running for governor”. He is currently seeking the Republican nomination for Minnesota governor. 

Straight Arrow’s initial analysis of the leaked data revealed nearly 1,000 vendor invoices, including payments to high-profile figures like Trump Media & Technology Group (owner of Truth Social), conspiracy theorist Alex Jones, and Lara Trump. Documents show MyPillow paid Lara Trump $2,156.33 for advertising services in December 2023 and wired $4,023.16 to Jones’ Free Speech Systems the same month for running a company promo. Bank statements, audit files, wire transfers from 2026, and American Express statements for Lindell’s businesses including FrankSpeech (now LindellTV) are also present. 

The data breach exposes severely sensitive personal information, including payroll records with employees’ full names and phone numbers, plus tax forms like 1099s and W-9s containing names, addresses, and Social Security numbers. A folder titled “Aviation” contains private jet expenses and flight logs from 2018 to 2024. The files span from before 2011 through 2026, covering over a decade of internal company operations. 

Lindell claimed his company stores no sensitive data internally and relies on external third parties, but the leaked cache proves otherwise. When Straight Arrow shared photos of the data with Lindell via text, he did not immediately respond. This incident follows MyPillow’s 2019 Magecart credit card hack, raising serious questions about the company’s cybersecurity posture as Lindell campaigns for governor.
Read more »
Private Data
Data Breach NHS Trust Nottingham Attacks Patient Records Private Data

Nottingham Attacks Survivors Left Out in Data Breach Inquiry as NHS Trust Apologizes

 

Nottingham University Hospitals NHS Trust has issued an apology after a public inquiry revealed that survivors of the Nottingham attacks were not properly considered when a major data breach investigation began. Medical director Manjeet Shehmar acknowledged that the trust’s early response caused additional distress to victims and their families, admitting that the initial focus was too narrow and primarily centered on the families of those who died rather than including the people who survived the attack. 

The breach stems from the June 13, 2023 attacks carried out by Valdo Calocane, who murdered three people and seriously injured three others at locations in and around Nottingham. Following the attacks, it was discovered that staff at the trust had inappropriately accessed medical records belonging to victims without proper authorization. The trust launched an internal investigation in 2025, which uncovered widespread unauthorized access to sensitive patient information during a period when survivors and bereaved families were already coping with extreme trauma. 

The inquiry found that 11 employees were dismissed after the trust confirmed multiple serious breaches of data protection protocols. The dismissed staff included nurses and other healthcare workers, indicating that the unauthorized access was not confined to a single department. Several other employees received final written warnings or first written warnings. The scale of the dismissals and warnings highlighted how deeply the breach penetrated the trust’s operations and raised serious concerns about internal safeguards for protecting patient records.

Survivors’ legal representatives had to intervene before the trust fully recognized that survivors should be included in the inquiry process from the beginning. This delay meant that the emotional and psychological impact on the people who lived through the attack was not initially addressed, even though they were directly affected by both the original violence and the subsequent data breach. The trust acknowledged that it failed to consider survivors from the start, which compounded the distress caused by the breach. 

The case has become a significant example of how institutions must balance their duty to investigate data breaches with their responsibility to protect the well-being of victims. For survivors and bereaved families, critical questions remain about what specific information was accessed, who viewed the records, and why existing safeguards were not strong enough to prevent unauthorized access. The inquiry continues to examine these issues as part of a broader review of institutional responses to major crimes when the very systems meant to protect patients fail during times of crisis.
Read more »
university of Pennsylvania
Data Breach Emails Hackers Private Data Student Data university of Pennsylvania

University of Pennsylvania Hit by Hackers: Fake Emails, Data Leak Threats, and Political Backlash

 



The University of Pennsylvania is investigating a cybersecurity incident after unknown hackers gained access to internal email accounts and sent thousands of misleading messages to students, alumni, and staff on Friday morning. The fraudulent emails, which appeared to come from the university’s Graduate School of Education (GSE), contained inflammatory and false statements aimed at discrediting the institution.

The messages, distributed through multiple legitimate @upenn.edu accounts, mocked the university’s data protection standards and included offensive remarks about its internal policies. Some messages falsely claimed the university violated the Family Educational Rights and Privacy Act (FERPA) and threatened to release private student data. Several recipients reported receiving the same message multiple times from different Penn-affiliated senders.

In a statement to media outlets, Penn spokesperson Ron Ozio confirmed that the university’s incident response team is actively handling the situation. He described the email as “fraudulent,” adding that the content “does not reflect the mission or actions of Penn or Penn GSE.” The university emphasized that it is coordinating with cybersecurity specialists to contain the breach and determine the extent of access obtained by the attackers.

Preliminary findings suggest the threat actors may have compromised university email accounts, likely through credential theft or phishing, and used them to send the mass messages. According to reports, the attackers claim to have obtained extensive data including donor, student, and alumni records, and have threatened to leak it online. However, Penn has not verified these claims and continues to assess which systems were affected.

The timing and tone of the hackers’ messages suggest that their motive may extend beyond simple disruption. The emails referenced university fundraising efforts and included statements like “please stop giving us money,” implying an intent to undermine donor confidence. Analysts also noted that the incident followed Penn’s public rejection of a White House initiative known as the “Compact for Academic Excellence in Higher Education.”

That proposal, which several universities declined to sign, sought to impose federal funding conditions that included banning affirmative action in admissions and hiring, freezing tuition for five years, capping international enrollment, and enforcing policies that critics say would marginalize LGBTQ+ and gender-nonconforming students. In response, Penn President J. Larry Jameson had stated that such conditions “conflict with the viewpoint diversity and freedom of expression central to higher education.”

The university has advised all recipients to disregard the fake messages and avoid clicking on any embedded links or attachments. Anyone concerned about personal information exposure has been urged to monitor their accounts and report suspicious activity. Penn has promised to issue direct notifications if any verified data exposure is confirmed.

The growing risk of reputational and data threats faced by universities, which hold vast troves of academic and financial records cannot be more critical. As investigations take place, cybersecurity experts stress that academic institutions must adopt continuous monitoring, strict credential management, and transparent communication with affected communities when such attacks occur.




Read more »
Ravin Academy
Data Breach Iranian hackers MOIS Private Data Ravin Academy

Iranian Intelligence-Linked Ravin Academy Suffers Data Breach

 

Ravin Academy, a cybersecurity training center closely linked to Iran's Ministry of Intelligence and Security (MOIS), has suffered a significant data breach that exposed the personal information of over 1,000 individuals enrolled in its technical programs.

The academy, established in 2019, has been described as a recruitment pipeline for Iran's cyber operations and has previously been sanctioned by the U.S., UK, and EU for aiding the country's intelligence activities.

Details of the breach

The breach involved the compromise of personal data, including names, phone numbers, Telegram usernames, and, in some cases, national ID numbers of students and associates. The information was reportedly leaked on an online platform managed by the academy and subsequently made public by UK-based Iranian activist Nariman Gharib, who obtained a copy of the stolen dataset. 

The breach occurred just before Ravin Academy's annual Tech Olympics event, leading the institution to claim the attack was orchestrated to undermine its reputation and harm Iran's cybersecurity ambitions. Ravin Academy has been widely recognized for providing both offensive and defensive cyber training to Iranian intelligence personnel, including courses in red-teaming, malware reverse-engineering, and vulnerability analysis. 

The academy’s founders, Farzin Karimi Mazlganchai and Seyed Mojtaba Mostafavi, are themselves sanctioned by Western governments for their ties to state-sponsored cyber operations. The organization is thought to play a critical role in Iran’s cyber capabilities, contributing to projects that have targeted domestic protests and international adversaries.

Global implications

The breach not only highlights vulnerabilities within Iran’s cyber training infrastructure but also raises concerns over the privacy and security of individuals involved in state-linked cyber programs. Analysts suggest the incident underscores the risks faced by institutions central to national cyber development and the growing sophistication of cyber operations targeting such entities. 

With the leaked data potentially useful for intelligence and counterintelligence purposes, the breach has significant ramifications for both individual privacy and the broader landscape of cyber conflict. This incident serves as a stark reminder of the exposure faced by state-affiliated cyber training programs and the far-reaching consequences of cyber breaches in the realm of international security.
Read more »
Western Sydney University
Cyber Attacks Data Leak Private Data User Security Western Sydney University

Western Sydney University Hit by Major Cyberattack

 

Western Sydney University has suffered a significant cyberattack, marking the latest in a series of incidents targeting the institution since 2023. Sensitive data belonging to students, staff, and alumni—including tax file numbers, bank account details, passport and driver license information, visa and health data, contact information, and even ethnicities—was compromised when threat actors gained access to the university’s Student Management System hosted on a cloud-based platform by a third-party provider. 


The breach was discovered after two instances of unusual activity on August 6 and August 11, 2025. Investigations revealed that unauthorised access occurred through a chain involving external systems linked to the university’s infrastructure between June 19 and September 3, 2025. The attackers subsequently used this stolen data to send out fraudulent emails to students and graduates on October 6, 2025. 

These emails falsely claimed recipients had been excluded from the university or had their degrees revoked, causing widespread concern. Some scam emails appeared especially credible as they included legitimate student numbers and exploited ongoing web vulnerabilities.

The university responded by immediately initiating investigations, directing its third-party supplier to shut down access, and cooperating closely with the NSW Police Cybercrime Squad’s Strike Force Docker. Notably, in June 2025, police arrested a former student, Birdie Kingston, alleged to have played a role in earlier hacks, although officials stopped short of directly connecting this individual to the latest attack.

In recent statements, Vice-Chancellor Professor George Williams apologised for the disruption and emphasised the institution’s ongoing efforts to rectify the issue and bolster cybersecurity. The attack forms part of a troubling pattern of breaches, including incidents involving Microsoft Office 365 and other IT environments exposed since 2023. Data from previous attacks has surfaced on both the dark web and clear web, affecting thousands of current and former students.

WSU has advised affected community members to change passwords, enable multi-factor authentication, and avoid using the same password across multiple online accounts. Victims are encouraged to follow university guidance and make use of support services available. The institution continues to work with law enforcement and remains on high alert for further attacks.
Read more »
Private Data
Android Apps Android Spyware Data Breach data security Data Theft Lookout Malicious Apps Private Data

Italian Spyware Firm SIO Linked to Malicious Android Apps Targeting WhatsApp Users

 

SIO, an Italian spyware company known for selling surveillance tools to government agencies, has been linked to a series of malicious Android apps designed to mimic WhatsApp and other popular services while secretly stealing private data, TechCrunch has revealed. Late last year, a security researcher provided TechCrunch with three Android apps, alleging they were government spyware used in Italy. 

Upon investigation, Google and cybersecurity firm Lookout confirmed that these apps were indeed spyware. This discovery highlights the expanding landscape of government surveillance, with numerous companies employing varied methods to target individuals. Italy is already embroiled in a separate spyware scandal involving Israeli firm Paragon, whose sophisticated surveillance tool allegedly targeted journalists and NGO founders. 

In contrast, the SIO-linked spyware campaign relied on a more straightforward approach—disguising malicious Android apps as well-known communication and customer service applications. Lookout researchers identified the malware as Spyrtacus, a spyware capable of stealing text messages, chats from WhatsApp, Signal, and Facebook Messenger, recording calls, capturing ambient audio and camera images, and extracting contact information. 

Their analysis confirmed that SIO was responsible for creating and distributing Spyrtacus, with samples dating back to 2019. Some variants impersonated apps from Italian telecom providers TIM, Vodafone, and WINDTRE. Google stated that none of the infected apps were available on the Play Store, asserting that Android security measures have protected users from this malware since 2022. 

However, a 2024 Kaspersky report suggested that earlier versions of Spyrtacus were distributed via Google Play in 2018 before shifting to fake websites mimicking major Italian internet providers. Italy has a long history of government spyware development, with companies such as Hacking Team, Cy4Gate, and RCS Lab selling surveillance tools to international law enforcement agencies. Spyrtacus is the latest example of this trend, with Lookout identifying command-and-control servers registered to ASIGINT, an SIO subsidiary specializing in wiretapping software. 

The SIO, Italian government and the Ministry of Justice have reportedly declined to comment. Lookout has also discovered references to Naples in the malware’s source code, suggesting a possible connection to developers from the region. 
Read more »
Private Data
Data Breach Data Leak Elasticsearch Georgia Private Data

Private Data of Millions of Georgians Exposed in Massive Data Leak

 

A ghost database comprising millions of records on Georgian people appeared in the cloud before inexplicably vanishing. The alarming leak could make sensitive personal information available to malicious actors.

Bob Dyachenko, a cybersecurity expert and the founder of SecurityDiscovery.com, and the Cybernews research team uncovered an unprotected Elasticsearch index. Elasticsearch is a data analytics and search platform that operates in near real time. The instance was hosted on a server controlled by a German cloud service company.

The data contains a wide range of sensitive personal information regarding citizens of the Republic of Georgia. One of the exposed indices held approximately five million personal data records, while another contained more than seven million phone records with related private data. Georgia, by comparison, has a population of about four million. The data may include duplicate entries as well as records of deceased people. 

The millions of files contained data such as ID numbers, full names, birth dates, and gender, they reported. The leaked data most likely also included insurance numbers and phone numbers ‘with descriptive information about the owner’. 

The data was apparently linked with 1.45 million car owner details and 7.2 million citizen phone numbers and identities, however some of the data seems to be linked to a 2020 leak. There is no clear indication of who is in charge of overseeing the Elasticsearch index.

The server was taken offline shortly after the discovery, and the public's access to the exposed data was discontinued. But there are still millions of individuals who could be in danger. 

Given the current geopolitical environment of high tensions, polarisation, and Russian influence, the exposure of millions of Georgian citizens could have severe consequences. 

“Threat actors can weaponize personal data for both political or criminal activities. State-sponsored hackers can exploit the leak for political manipulation, disinformation campaigns, or targeted harassment. Meanwhile, profit-seeking hackers can exploit the data for various malicious activities,” Dyachenko stated.

He warns Georgians to be wary of potential identity theft and fraud efforts, as cybercriminals may attempt to mimic individuals or use other social engineering techniques to hijack accounts and carry out financial crimes.
Read more »
Telefónica
Data Breach Infostealer Private Data Telecom Firm Telefónica

Hackers Breach Telefónica's internal Ticketing System, Stealing 2.3GB of Sensitive Data

 

The hackers employed information stealer malware to steal the credentials of several Telefonica employees and gain access to the company's internal ticketing system.

The data breach was revealed last week when members of the Hellcat ransomware group (which had previously claimed responsibility for the Schneider Electric attack) boasted on the BreachForums cybercrime website about stealing customer data, ticket data, and hundreds of files from the Spain-based telecom provider.

According to cybersecurity firm Hudson Rock, the attack was "facilitated by a combination of infostealer malware and sophisticated social engineering techniques". 

The attackers told Hudson Rock that they utilised custom infostealer malware to breach the credentials of over 15 Telefonica employees and get access to the firm's Jira platform. After getting access to the platform, the attackers apparently targeted two employees with administrator credentials, "tricking them into revealing the correct server for brute-forcing SSH access".

The perpetrators stole a list of 24,000 Telefonica staff emails and identities, 500,000 summaries of internal Jira issues, and 5,000 internal documents, which included internal email chats and other contents. The stolen data could expose Telefonica personnel to phishing and other forms of social engineering attacks, as well as operational details, security flaws in the company's infrastructure, strategic goals, and other sensitive internal information. 

Hudson Rock claims that last year, 531 employee PCs connected to Telefonica's network were infected with infostealers, possibly exposing company credentials on each machine. Additionally, it seems that the company did not implement corporate infrastructure password policies that were robust. 

“For the URL linked to the initial access, the passwords were even weaker, indicating that it wouldn’t have taken an infostealer infection for hackers to brute force their way in,” the cybersecurity firm noted.

In other cases of infostealer infections, Telefonica employees' credentials to third-party services such as Fortinet, Office 365, and Salesforce were stolen.

“These infections provide hackers with the necessary credentials to infiltrate systems and, as demonstrated in this case, can be leveraged to expand access further through sophisticated social engineering tactics. Infostealers serve as a stepping stone for more advanced attacks, making them a significant concern for organizations worldwide,” Hudson Rock added.

In response to a local media outlet's request, Telefonica confirmed the incident but declined to provide any other details on the potentially compromised data.

“We have become aware of an unauthorized access to an internal ticketing system which we use at Telefónica. We continue to investigate the extent of the incident but can confirm that Telefónica´s residential customers have not been affected. From the very beginning, we have taken the necessary steps to block any unauthorized access to the system,” Telefonica stated. 

Telefonica, a multinational telecommunications firm headquartered in Madrid, Spain, operates in a dozen countries worldwide under various brands such as Movistar, O2, Telefonica, Telxius, and Vivo.
Read more »
User Privacy
Cyber Security Data Brokers Data Sale Private Data User Privacy

Here's How to Safeguard Your Data From Data Brokers

 

Privacy concerns have grown as more of our private data is being gathered online. We share intimate details with just a few clicks. The majority of people, however, are ignorant of how extensively their data is shared. 

Behind the scenes, there is a whole data broker industry that makes money off of our digital traces. Businesses or individuals known as data brokers gather and resell personal data, such as phone numbers and online surfing behaviour. In this piece, we'll look at how data brokers work and some important steps we can take to safeguard our personal data. 

Data collection 

Data brokers collect data from a variety of public and commercial sources. They can simply gather data from websites and applications without your knowledge by paying app developers to embed SDKs (software development kits) in their apps. The data broker's SDKs can then record the various rights provided to apps, such as access to contacts and location. They can even pay app owners directly for the information rather than installing the software kits. 

Another source of data include public records, such as voter registration, birth certificates, marriage licenses, census data, and divorce records. The Internet is also a valuable source of information. The Internet is also a valuable source of information. Data brokers can acquire personal information from things like social media postings or interactions, online quizzes, virtual contests, or websites browsed. 

Data usage 

Customer data is utilised in a variety of ways, including targeting online adverts based on purchase history to make them more relevant. Data brokers may tell advertisers what brands a person has purchased and when they may require more, enabling timed adverts. Customer data is also used to detect fraud, such as cross-referencing loan applications with background information obtained from data brokers. 

This allows lenders to validate facts such as income and debts mentioned. Loan and insurance businesses purchase data to view a person's debts, loans, payments, income, employment history, and assets. People search sites also rely on data brokers to display names, addresses, ages, and other information when consumers search for someone. 

Privacy tips 

Numerous reputable firms can assist you in removing your information from data broker websites. They search the internet for your information on sites such as data brokers and search engines, and then make requests to have it removed. Make sure you select the correct service provider and read through user reviews. Reliable organisations, such as DeleteMe, are supported by real testimonials; you can read DeleteMe reviews here.

You should also limit what you post online. Share only the essential information, and avoid disclosing sensitive information such as your address and phone number. You can also use VPNs and encrypted browsers. A VPN conceals your IP address and encrypts your connection, avoiding internet tracking that brokers rely on. Secure browsers disable trackers and fingerprints, ensuring that your activity is not traced to you.

Additionally, consider deleting unused and online apps. Be aware of the privacy settings on your devices, apps, and social media profiles, and make sure they are set to maximum privacy. Avoid consenting to privacy policies or terms of service without thoroughly reading them, particularly the fine print.
Read more »
User Security
Cyber Attacks Data Leak Private Data Rhode Island User Security

Rhode Island Residents Warned of Cyberattack Targeting State Government

 

Rhode Island officials have issued an urgent advisory for residents to take immediate precautions following a significant cyberattack on the state government. Authorities are warning that private data, including Social Security and bank account details, may soon be exposed due to the breach.

Governor Dan McKee and other state officials held a press conference earlier this week to address the situation and provide guidance. “We know this situation is alarming, and it’s stressful,” McKee stated. He encouraged residents to bookmark the official website where updates on the incident will be posted.

Details of the Cyberattack

The breach occurred on December 5, when officials discovered that an international cybercriminal gang might have hacked into RIBridges, the state system previously known as UHIP. This platform supports various health and benefits programs. Concerns escalated after hackers shared a screenshot of file folders from RIBridges, suggesting that malware had been installed on the system.

Preliminary investigations indicate that the hackers may have accessed sensitive information from hundreds of thousands of residents who have used state programs over the past eight years. Impacted individuals will receive a notification letter from the state.

Affected State Programs

The affected programs include:

  • Medicaid
  • Supplemental Nutrition Assistance Program (SNAP)
  • Temporary Assistance for Needy Families (TANF)
  • Child Care Assistance Program (CCAP)
  • HealthSource RI health insurance
  • Rhode Island Works
  • Long-Term Services and Supports (LTSS)
  • General Public Assistance (GPA)
  • AT HOME cost-sharing

As a precaution, these programs will transition to paper applications starting next week, as the HealthyRhode online portal remains offline during the investigation.

Matt Weldon, director of the Rhode Island Department of Labor and Training, assured residents that the state’s separate system for unemployment insurance and other out-of-work benefits has not been affected by the cyberattack.

Steps for Residents to Protect Themselves

Michael Tetreault, a cybersecurity advisor with the U.S. Department of Homeland Security, provided the following recommendations for Rhode Islanders who believe they may be impacted:

  • Strengthen your passwords and avoid using the same password across multiple accounts.
  • Enable multi-factor authentication (MFA) on all online accounts.
  • Contact the three major credit-monitoring bureaus to freeze your credit as a precaution.

While the investigation continues, officials are urging residents to remain vigilant and take necessary measures to safeguard their personal information. Regular updates will be provided on the state’s official website, ensuring transparency and assistance for affected individuals.

Read more »
User Privacy
Data Breach Data Leak Kiosks Private Data Redbox User Privacy

Old Redbox Kiosks Hacked to Expose Customers’ Private Details

 

DVD Rental Service Redbox may be a thing of the past, but the data privacy issues it created for users may persist for some time. Redbox allows users to rent DVDs from its 24,000 autonomous kiosks throughout the United States. Its parent company, Chicken Soup for the Soul, declared bankruptcy in July 2024, after the emergence of streaming platforms such as Netflix and Prime Video decimated the DVD rental market. 

According to Ars Technica, one programmer reverse-engineered the hard drive of an old Redbox Kiosk and recovered users' names, emails, and rental histories from about a decade ago. In certain cases, Foone Turing, a California-based programmer, discovered parts of users' credit card data stored on hard drives, such as the first six and last four numbers of the credit card used, as well as transaction history. 

Turing stated in a social media post that she tracked down a film fan from Morganton, North Carolina, who supposedly rented The Giver and The Maze Runner in 2015. According to her, "anyone with basic hacking skills could easily pull data manually out of the files with a hex editor," completing: "This is the kind of code you get when you hire 20 new grads who technically know C# but none of them have written any software before.”

The programmer claims she didn't even need to utilise a physical kiosk to retrieve the old data; instead, she employed an uploaded hard drive she discovered on the social network Discord. The announcement comes as old Redbox kiosks are becoming rarities in some circles. According to the Wall Street Journal, a 19-year-old North Carolina resident acquired one after speaking with a contractor hired to dispose of one. 

Unfortunately, any victims impacted may have limited legal options, since "it may be difficult to hold a bankrupt company accountable," according to The Electronic Frontier Foundation. However, as Lowpass points out, Redbox kiosks may have only saved identifiable personal data locally if an internet or power outage prevented it from being sent to the cloud.
Read more »
Transport Firm
Data Breach Data Leak Private Data Ransomware attack Transport Firm

Rider Data Compromised in Ransomware Attack on TheBus, Handi-Van

 

Private data of TheBus and Handi-Van customers appears to have been hacked in an alleged ransomware attack on the company that operates the transportation services. The websites for TheBus and Handi-Van have been down for four days as the alleged attack continues. 

This is the second hack of Oahu Transit Services in three years, and the FBI and Hawaii Police Department are investigating. Meanwhile, the city's Department of Transportation Services said that the breach began around 1 a.m. Saturday. 

“Our phones went down, our OTS system went down and it became pretty obvious that it was an outside intrusion into the system,” stated Roger Morton, director of the city Department of Transportation Services. “What OTS did was immediately severed all the connections to other systems that they have.” 

The bus and the handi-van continue to run their routes. However, the city claims that websites, GPS, and the Holo card were purposely shut down to safeguard people's data. It might be too late, though. 

Falcon Feeds, an India-based cybersecurity company that monitors "threat actors," shared a screenshot on its X social media account claiming that "Oahu Transit Services Falls Victim to DragonForce Ransomware.” DragonForce claims to have 800,000 pieces of data and has given OTS 10 days from Tuesday to pay the ransom.

“That’s from the DragonForces dark platform, where they shame most of these victims,” noted Nandakishore Harikumar, Falcon Feeds CEO and founder. “Every data breach, even if it’s leaking one line of data, we believe it’s serious.” 

DragonForces is based in Malaysia, but Harikumar is unsure whether the firm that posted the ransom is legitimate or an imposter. Falcon Feeds published screenshots of the data, which included names, addresses, and bus or Handi-Van card ID types. Hawaii News Now masked the private data. 

“We have not paid any ransom,” stated Morton, who added it’s against policy to pay ransoms. “They’re methodically putting the system back. Part of that is disinfecting hundreds of work stations on the chance that they might hold some kind of virus on them.” 

DTS won't confirm a ransomware incident and claims it is being investigated. Meanwhile, Oahu Transit Services has responded to media requests through a Gmail account. According to Morton, OTS expects all online systems to be operational again Wednesday.
Read more »
User Privacy
Canada Cyber Attacks Private Data Ransomware User Privacy

Ransomware Attackers Target Canada’s Largest School Board

 

The Toronto District School Board (TDSB) has issued a warning following a ransomware attack on its software testing environment and is currently investigating whether any personal data was compromised. 

TDSB is Canada's largest school board and the fourth largest in North America, overseeing and managing 473 elementary, 110 secondary, and five adult education institutions. The group has an annual budget of around $2.5 billion. 

An announcement posted on the board's website earlier this week informs parents, guardians, and carers about a ransomware attack that may have exposed personal information.

"TDSB recently became aware that an unauthorized third party gained access to TDSB's technology testing environment, which is a separate environment used by TDSB IT Services to test programs before they are run live on TDSB systems," reads the announcement. 

"We are conducting a thorough investigation to understand the nature of the incident, any impact on our network, and if any personal information may have been affected by the incident," adds TDSB further down in the announcement. 

TDSB claims that all of its systems are operational, with no disruptions, indicating that the attack was contained in the testing environment. The organisation has contacted the Toronto Police Service and the Information and Privacy Commissioner of Ontario, and it is working with third-party cybersecurity specialists to evaluate the extent of the incident. 

TDSB serves roughly 247,000 students and employs 40,000 employees, therefore this incident could impact a large number of people. The Toronto District School Board agreed to notify affected persons if the ongoing investigation reveals that a data breach happened, but for the time being, it has chosen not to provide too much information

Individuals who may have been impacted and are looking for answers may contact the organisation at 'cyberincident@tdsb.on.ca.’ At the time of writing, none of the major ransomware gangs claimed responsibility for the attack on TDSB.
Read more »
User Privacy
Data Leak Data Privacy Private Data Search Engines Technology User Privacy

How to Erase The Personal Details Google Knows About You

 

One can get a sense of the volume of data they are giving away to Google every day by considering all the things they do on Chrome, Gmail, YouTube, Google Maps, and other Google services. That is... a lot for most of us. 

Google at least offers a thorough web dashboard that you can use to view some of the data being acquired, regardless of whether you believe the targeted advertising and data collecting are worth the free apps you receive in return.

It allows you to eliminate all of the data that Google has already gathered, prevent it from collecting further, or have your data automatically deleted after a predetermined amount of time (such as three months). If you intend to delete your Google account, you can also utilise these tools to clean the records; however, doing so should also remove all of the data linked to your account.

Here's how to use the options that are accessible to you.

Locate your data 

Getting started is really simple: Open your Google account page in your preferred web browser, and sign in if necessary. This screen displays your Google subscriptions, the devices to which you are signed in with your Google account, and any passwords that you may have saved, among other details. 

  • On the left, click "Data and privacy."
  • Look for the history settings. It is divided into three major categories: Web and apps, location, and YouTube.
  • To get a complete list of this data, click the My Activity icon at the bottom of the section. You'll see everything you've done that has been recorded in Google products, beginning with the most recent.
  • Select filter by date & product to narrow the results to certain date ranges or apps.
  • To delete a filter you've applied, click the X at the top of the list. 
  • If additional information is available, click on any entry in the list to view it. You can open YouTube videos or websites that you've visited.

Delete your data

  • When it comes to data that Google has already acquired and logged, you can delete it in a number of ways. 
  • If you are viewing the entire activity list, click Delete (to the right of the filter). 
  • You can delete records from the last hour, day, or a custom range. You can also select Always to erase everything.
  • If you filtered the list by date or product, click Delete results to remove everything that matched the filter.
  • Whether or not the list is filtered, clicking the X next to any single entry deletes it. 

It's useful to have a central repository for all of your data accessible via a single online site, but some sorts of data can also be found elsewhere. You can remove your web activity from within Chrome as long as you are signed in to Google, for example, or access your YouTube view history via the YouTube website.
Read more »
User Privacy
Data Breach Data Leak Identity Theft Private Data User Privacy

AT&T User Discusses Safety Measures Following Data Breach

 

AT&T has periodically tried to downplay the gravity of its recent data breach, but the US telecoms company has now sought to reassure worried consumers with a slew of new security features. 

In the most recent development in the ongoing story of the AT&T data hack, the firm has announced that all of its users—affected or not—can now take advantage of a number of complimentary security and identity protection offerings. 

These include a free identity theft insurance policy that offers up to $1 million in coverage, which seems to indicate that the company is now beginning to take the data leak seriously. 

AT&T new announcements

AT&T has announced numerous additional security measures in response to the March disclosure that data belonging to up to 73 million of its customers had been exposed on an online hacker forum.

In addition to the previously mentioned $1 million identity protection insurance, these also come with access to an identity restoration team and "one year of complimentary credit monitoring, identity theft detection, and resolution services.” 

According to KPRC-TV, AT&T appears to have hired the assistance of Experian's IdentityWorks protection arm to help reassure the more than seven million current AT&T customers who have been affected by the hack. 

How many AT&T customers were affected by the data breach?

Most estimates suggest that as a result of the historic data breach, the personal information of around 71 million AT&T customers was exposed online. 

However, AT&T has attempted to dispute this number on several occasions, having first denied culpability for the breach completely. It has instead stated that it believes approximately 51 million consumers were affected, the majority of whom are former customers.

That is perhaps predictable, given that many individuals would leave a provider who had disclosed their information. As previously stated, the number of current AT&T users believed to be affected is approximately 7 million. 

To make it easier to secure your online accounts with hard, unique passphrases, experts advise setting up a password manager.
Read more »
User Privacy
Dark Web Data Breach Data Leak Private Data Tech Firm User Privacy

Private Data of 7.5 million BoAt Users Leaked in Massive Data Breach

 

More than 7.5 million boAt customers' customer information has surfaced on the dark web. It is possible to purchase personally identifiable information (PII) such as a name, address, contact number, email ID, customer ID, and more. The threat actor leaked around 2GB of data on the forum. 

On April 5, a hacker dubbed ShopifyGUY claimed to have accessed the data of audio products and smartwatch maker boAt Lifestyle. The threat actor leaked data breach files comprising 75,50,000 entries of personally identifiable information (PII) from consumers. Forbes India validated the report by speaking with a number of the consumers who have recently purchased boAt items. 

These data breaches have implications that extend beyond the immediate loss of private data. People are more susceptible to monetary fraud, phishing scams, and identity theft. Threat Intelligence Researcher Saumay Srivastava notes that sophisticated social engineering assaults could be carried out by threat actors who employ users' personal information to get access to bank accounts, carry out transactions, and fraudulently use credit cards.

“The consequences for companies include a loss of customer confidence, legal consequences and reputational harm. The major implications make it even more essential to implement adequate security practices,” Saumya added. 

The leaker's profile (ShopifyGUY) is rather new, with only this leak under his belt. Because the data is genuine, the hacker will establish a good reputation among the forum community, increasing future data purchases, explains Rakesh Krishnan, senior threat analyst at NetEnrich. 

"Considering the timeline, we can assume that the hackers gained access to the boAt customer database at least one month ago and put the data on the forum yesterday.”

Ideally, the company should notify all users, conduct a thorough investigation into how the attackers gained access and what else they could access, and then overhaul their security measures to ensure this does not happen again, but realistically, it will deny and move on, explains Yash Kadakia, founder of Security Brigade. 

The data is available for eight credits on several forums, thus it practically costs two euros to purchase it. It will most likely be available for free on Telegram within a few days. Many scammers will use this information to carry out various phone and email scams, Kadakia noted. 

According to an IDC report, boAt, which was founded in 2016 by Aman Gupta, a judge on Shark Tank, and Sameer Mehta, is now the second most popular wearable brand as of the third quarter of 2023. The Gurugram-based business is well-regarded by Indian customers and is renowned for its affordable headphones and other audio equipment. In addition, it produces speakers and smartwatches.
Read more »
system spread
AI Worms Cyber Security Data Safety Data Theft Private Data Researchers Security system spread

Researchers Develop AI "Worms" Capable of Inter-System Spread, Enabling Data Theft Along the Way

 

A team of researchers has developed a self-replicating computer worm designed to target AI-powered applications like Gemini Pro, ChatGPT 4.0, and LLaVA. The aim of this project was to showcase the vulnerabilities in AI-enabled systems, particularly how interconnections between generative-AI platforms can facilitate the spread of malware.

The researchers, consisting of Stav Cohen from the Israel Institute of Technology, Ben Nassi from Cornell Tech, and Ron Bitton from Intuit, dubbed their creation 'Morris II', drawing inspiration from the infamous 1988 internet worm.

Their worm was designed with three main objectives. Firstly, it was engineered to replicate itself using adversarial self-replicating prompts, which exploit the AI applications' tendency to output the original prompt, thereby perpetuating the worm. 

Secondly, it aimed to carry out various malicious activities, ranging from data theft to the creation of inflammatory emails for propagandistic purposes. Lastly, it needed the capability to traverse hosts and AI applications to proliferate within the AI ecosystem.

The worm utilizes two primary methods for propagation. The first method targets AI-assisted email applications employing retrieval-augmented generation (RAG), where a poisoned email triggers the generation of a reply containing the worm, subsequently spreading it to other hosts. The second method involves inputs to generative-AI models, prompting them to create outputs that further disseminate the worm to new hosts.

During testing, the worm successfully pilfered sensitive information such as social security numbers and credit card details.

To raise awareness about the potential risks posed by such worms, the researchers shared their findings with Google and OpenAI. While Google declined to comment, an OpenAI spokesperson acknowledged the potential exploitability of prompt-injection vulnerabilities resulting from unchecked or unfiltered user inputs.

Instances like these underscore the imperative for increased research, testing, and regulation in the deployment of generative-AI applications.
Read more »
User Privacy
Consumer Report Data Breach Private Data Social Media App User Privacy

Meta is Collecting Consumers Data from Thousands of Firms

 

Consumer Reports conducted an experiment which revealed that Instagram and Facebook collect your private data from thousands of firms. The company is also the largest reporter of potentially child sexual abuse materials (CSAM), yet many of these reports are sent in a fashion that raises legal concerns.

To find out where parent firm Meta gets its personal data from for targeted advertising, Consumer Reports sought the assistance of over 700 volunteers.

The Markup, an American nonprofit news publication, says the study found that Meta collected data from an average of 2,230 companies. Markup assisted Consumer Reports in finding study participants. The last three years' worth of participant data were retrieved from Facebook settings and sent to Consumer Reports in an archive. 

A total of 186,892 companies shared data concerning them to the social network, according to Consumer Reports. 2,230 companies on average shared the data of each study participant to Facebook. This figure varied widely, with the data from some participants suggesting that over 7,000 companies submitted their data. 

Undoubtedly, data brokers were the most common source of private information that the social media giant collected, but Amazon and Home Depot were also in the top 10. 

The websites you visit are the most frequently acquired sort of data, either through cookies or tracking pixels that allow for the creation of an interest and activity profile. 

If you search for bathroom fittings on Amazon, for instance, adverts for that particular product category or more general ones like home renovations may appear. Similarly, if you visit a lot of tech websites, you may be served gadget ads. 

Meta states that it provides consumers with choices and is open about the data it collects and uses: “We offer a number of transparency tools to help people understand the information that businesses choose to share with us, and manage how it’s used.” 

However, the Electronic Privacy Information Centre argues that suggesting that customers understand the extent and nature of this tracking is foolish. 

“This type of tracking which occurs entirely outside of the user’s view is just so far outside of what people expect when they use the internet […] they don’t expect Meta to know what stores they walk into or what news articles they’re reading or every site they visit online,” the centre stated.
Read more »
Technology
AI Tool Data Safety Generative AI LLM Private Data Technology

Anthropic Pledges to Not Use Private Data to Train Its AI

 

Anthropic, a leading generative AI startup, has announced that it would not employ its clients' data to train its Large Language Model (LLM) and will step in to safeguard clients facing copyright claims.

Anthropic, which was established by former OpenAI researchers, revised its terms of service to better express its goals and values. The startup is setting itself apart from competitors like OpenAI, Amazon, and Meta, which do employ user material to enhance their algorithms, by severing the private data of its own clients. 

The amended terms state that Anthropic "may not train models on customer content from paid services" and that Anthropic "as between the parties and to the extent permitted by applicable law, Anthropic agrees that customer owns all outputs, and disclaims any rights it receives to the customer content under these terms.” 

The terms also state that they "do not grant either party any rights to the other's content or intellectual property, by implication or otherwise," and that "Anthropic does not anticipate obtaining any rights in customer content under these terms."

The updated legal document appears to give protections and transparency for Anthropic's commercial clients. Companies own all AI outputs developed, for example, to avoid possible intellectual property conflicts. Anthropic also promises to defend clients against copyright lawsuits for any unauthorised content produced by Claude. 

The policy complies with Anthropic's mission statement, which states that AI should to be honest, safe, and helpful. Given the increasing public concern regarding the ethics of generative AI, the company's dedication to resolving issues like data privacy may offer it a competitive advantage.

Users' Data: Vital Food for LLMs

Large Language Models (LLMs), such as GPT-4, LlaMa, and Anthropic's Claude, are advanced artificial intelligence systems that comprehend and generate human language after being trained on large amounts of text data. 

These models use deep learning and neural networks to anticipate word sequences, interpret context, and grasp linguistic nuances. During training, they constantly refine their predictions, improving their capacity to communicate, write content, and give pertinent information.

The diversity and volume of the data on which LLMs are trained have a significant impact on their performance, making them more accurate and contextually aware as they learn from different language patterns, styles, and new information.

This is why user data is so valuable for training LLMs. For starters, it keeps the models up to date on the newest linguistic trends and user preferences (such as interpreting new slang).

Second, it enables personalisation and increases user engagement by reacting to specific user activities and styles. However, this raises ethical concerns because AI businesses do not compensate users for this vital information, which is used to train models that earn them millions of dollars.
Read more »
User Safety
Data Breach Data Leak Data Privacy Private Data User Safety

1.5 Billion Real Estate Records Leaked, Including Elon Musk and Kylie Jenner

 

Jeremiah Fowler, a cybersecurity researcher, uncovered and notified VPNMentor about an exposed database related to the New York-based online business Real Estate Wealth Network. The compromised database had 1.5 billion records, including real estate ownership data for millions of people. 

The database, which had a total size of 1.16 TB (1,523,776,691 records), had organised folders containing information on property owners, sellers, investors, and internal user tracking data. It included daily logging records from 4/22/23 to 10/23/23 that included internal user search data. 

Cameron Dunlap founded Real Estate Wealth Network in 1993 to provide education and resources for real estate investors. The platform costs a one-time, non-refundable fee of $1,450 for access to a vast collection of data, which includes online courses, training materials, a community, and mentorship/coaching from experienced experts. 

Upon further investigation, Fowler discovered that the exposed database contained the purported property ownership data of celebrities including Kylie Jenner, Blake Shelton, Britney Spears, Floyd Mayweather, Dave Chappelle, Elon Musk & Associates LLC, Dolly Parton, Donald J. Trump, Mark Wahlberg, and Nancy Pelosi. 

The online disclosure of celebrities' addresses could pose a number of threats, including concerns for their safety, invasion of privacy, stalking, and harassment by fans or malicious people. 

"The data was organised in various folders according to property history, motivated sellers, bankruptcy, divorce, tax liens, foreclosure, home owner association (HOA) liens, inheritance, court judgements, obituary (death), vacant properties, and more," VPNMentor’s blog post read. 

Everyone, famous or not, is at risk because real estate tax data, which includes information on property ownership, assessed property values, tax assessment history, and property tax payment history, can be used by criminals to gather personal information on property owners. 

Threat actors can utilise the data to target individuals with social engineering or phishing attacks, with the goal of obtaining financial or other personal information. The disclosure of data revealing whether a person bought their home with cash, without a mortgage loan, or has fully paid off their mortgage may increase the risk of financial fraud.

Property and mortgage fraud remain major issues, with the FBI reporting 11,578 incidents resulting in $350 million in losses in a single year, a 20% rise from 2017. Typically, property fraud entails taking a homeowner's identity and fabricating ownership documentation. 

Although the disclosed database has been locked from public access, a Real Estate Wealth Network representative confirmed ownership. The duration of the exposure and the possibility of unauthorised entry remains unknown. Only a forensic audit conducted internally could determine whether the records were accessed, extracted, or downloaded. 

This incident serves as a clear warning of the possibility of fraudulent activity involving easily accessible information. Property owners should be vigilant when disclosing personal information, especially in response to unsolicited requests for property information. Understanding the risks associated with semi-public data is critical for asset protection.
Read more »
Subscribe to: Posts (Atom)