Search the Community
Showing results for tags 'data breach'.
-
Adidas warns of data breach after customer service provider hack
Karlston posted a news in Security & Privacy News
German sportswear giant Adidas disclosed a data breach after attackers hacked a customer service provider and stole some customers' data. "adidas recently became aware that an unauthorized external party obtained certain consumer data through a third-party customer service provider," the company said on Friday. "We immediately took steps to contain the incident and launched a comprehensive investigation, collaborating with leading information security experts." Adidas added that the stolen information did not include the affected customers' payment-related information or passwords, as the threat actors behind the breach only gained access to contact. The company has also notified the relevant authorities regarding this security incident and will alert those affected by the data breach. "adidas is in the process of informing potentially affected consumers as well as appropriate data protection and law enforcement authorities consistent with applicable law," it added. "We remain fully committed to protecting the privacy and security of our consumers, and sincerely regret any inconvenience or concern caused by this incident." Adidas has yet to reveal further details regarding this incident, including the name of the impacted service provider, when the incident was detected, how many individuals were affected, and if its own network was compromised during the attack. When BleepingComputer reached out to Adidas with questions about the incident, a spokesperson said the company had "no further update" and "the statement from Friday is still valid." Earlier this month, Adidas disclosed data breaches impacting customers in Turkey and South Korea who contacted the company's customer service center in 2024 or earlier. The stolen information in these breaches includes names, email addresses, phone numbers, birthdates, and addresses. In June 2018, Adidas disclosed another breach after unknown attackers stole contact information, usernames, and encrypted passwords of "a few million" shoppers who used the sportswear company's U.S. website. Update May 27, 11:18 EDT: Added Adidas statement. Source Hope you enjoyed this news post. Thank you for appreciating my time and effort posting news every day for many years. News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of April): 1,811 RIP Matrix | Farewell my friend -
Coinbase says recent data breach impacts 69,461 customers
Karlston posted a news in Security & Privacy News
Coinbase, a cryptocurrency exchange with over 100 million customers, revealed that a recent data breach in which cybercriminals stole customer and corporate data affected 69,461 individuals. In data breach notifications filed with the Office of Maine's Attorney General, Coinbase said, "a small number of individuals, performing services for Coinbase at our overseas retail support locations, improperly accessed customer information." While the exposed data did not include the impacted people's passwords, seed phrases, private keys, or other information that could be used to access their funds or accounts, it did include a combination of personal identifiers such as name, date of birth, last four digits of social security numbers, masked bank account numbers and some bank account identifiers, addresses, phone number, and email address. Depending on the affected customer, the stolen information can also contain images of government identification information (e.g., driver's license number, passport number, national identity card number) and account information (including transaction history, balance, transfers, account opening date). "Attackers seek out this information because they want to conduct social engineering attacks, using this information to appear credible to try and convince victims to move their funds," Coinbase warned. The disclosure comes after many have voiced their concern that this incident could lead to serious consequences, including physical harm, after cybercriminals gain access to the account balances and addresses of impacted Coinbase customers affected by this data breach. Losses could reach up to $400 million On Thursday, Coinbase disclosed the data breach in a filing with the U.S. Securities and Exchange Commission that the threat actors behind this attack obtained customer data of up to 1% of Coinbase's customer base with the help of support staff or contractors outside the United States. The attackers also sent an email on May 11 attempting to extort a $20 million ransom payment in exchange for not releasing the stolen information online. However, the crypto exchange said it would not pay the ransom but would establish a $20 million reward fund for tips that could help find the attackers who coordinated this attack and bring them to justice. While Coinbase is still assessing the breach's financial impact and the number of customers who were tricked into sending funds to the attackers in follow-up social engineering attacks is still unknown, the company said the resulting expenses will likely be "within the range of approximately $180 million to $400 million" for remediation and customer refunds. "Coinbase will voluntarily reimburse retail customers who mistakenly sent funds to the scammer as a direct result of this incident prior to the date of this post, following a review to confirm the facts," the company said. Coinbase advises customers to be cautious of scammers impersonating their employees, who may try to obtain funds or sensitive information like passwords or 2FA codes. If approached, hang up, as Coinbase will never ask for account details over the phone. To further boost security and defend against such attacks, activate withdrawal allow-listing and enable two-factor authentication. Source Hope you enjoyed this news post. Thank you for appreciating my time and effort posting news every day for many years. News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of April): 1,811 RIP Matrix | Farewell my friend -
Cyber criminals breach Coinbase's system to steal customer data
Karlston posted a news in Security & Privacy News
Coinbase, the world's third-largest cryptocurrency exchange, has confirmed that its systems were breached and hackers were able to steal data belonging to approximately 1% of its customers. This data includes customers' personal details, masked Social Security numbers, masked bank account numbers, and images of the uploaded government IDs. The cyber criminals were also able to steal information related to Coinbase customers’ crypto balances, as well as various internal details about the company. According to Coinbase, the hackers obtained this information with the help of several support agents who were working outside the United States. They bribed these employees to gather the data and hand it over to them. All the employees involved have reportedly been identified and fired from the company. Legal action is also being taken against them. By stealing Coinbase customer data, the hackers aimed to contact the customers while pretending to be Coinbase and trick them into transferring all their crypto assets. Brian Armstrong, the CEO of Coinbase, posted a video on X stating that the hackers demanded $20 million in Bitcoin in exchange for not leaking the stolen data. Instead of giving in to the demand, the exchange has offered to pay $20 million to anyone who helps catch the hackers. Some customers have reportedly already transferred their crypto to the hackers. However, Coinbase has stated that it will reimburse those customers, as they were deceived into making the transfers. Following the breach, the exchange has strengthened its security. Customers will now be required to go through additional ID verification steps when they try to withdraw a large amount from the exchange. Additionally, a new support hub has been established in the U.S., and more investments will reportedly be made in internal threat detection to help prevent similar breaches in the future. Coinbase has also sent notifications to all customers affected by the data breach. This isn’t the first time a crypto exchange has been targeted by hackers. Just a few months ago, in February 2025, hackers managed to steal around $1.4 billion worth of Ethereum from ByBit, the second-largest crypto exchange. In 2024, approximately $230 million in various cryptocurrencies was stolen from WazirX, one of the top cryptocurrency exchanges in India. In total, about $2.2 billion in crypto was stolen throughout 2024. These ongoing crypto-related crimes are ultimately making it more difficult for countries to adopt cryptocurrencies and invest in them with confidence. Source Hope you enjoyed this news post. Thank you for appreciating my time and effort posting news every day for many years. News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of April): 1,811 RIP Matrix | Farewell my friend -
UnitedHealth now says 190 million impacted by 2024 data breach
Karlston posted a news in Security & Privacy News
UnitedHealth has revealed that 190 million Americans had their personal and healthcare data stolen in the Change Healthcare ransomware attack, nearly doubling the previously disclosed figure. In October, UnitedHealth reported to the US Department of Health and Human Services Office for Civil Rights that the attack affected 100 million people. However, as first reported by TechCrunch, UnitedHealth confirmed on Friday that the figure has nearly doubled to 190 million. "Change Healthcare has determined the estimated total number of individuals impacted by the Change Healthcare cyberattack is approximately 190 million," UnitedHealth Group told TechCrunch. "The vast majority of those people have already been provided individual or substitute notice. The final number will be confirmed and filed with the Office for Civil Rights at a later date." While UnitedHealth says that there are no indications that the threat actors have misused the stolen data, the sheer quantity of sensitive information stolen in the attack is massive. This stolen data includes patients' health insurance information, medical records, billing and payment information, and sensitive personal information, such as phone numbers, addresses, and, in some cases, Social Security Numbers and government ID numbers. The ransomware attack on UnitedHealth's subsidiary, Change Healthcare, is the largest healthcare data breach in US history. The Change Healthcare ransomware attack In February 2024, UnitedHealth subsidiary Change Healthcare suffered a massive ransomware attack, leading to widespread disruption to the United States healthcare system. This disruption prevented doctors and pharmacies from filing claims and pharmacies from accepting discount prescription cards, causing patients to pay full price for medications. It was later learned that the BlackCat ransomware gang, aka ALPHV, was behind the attack. The threat actors used stolen credentials to breach the company's Citrix remote access service, which did not have multi-factor authentication enabled. After breaching the network, the threat actors stole 6 TB of data and encrypted computers, causing the company to shut down IT systems and its online platforms for billing, claims, and prescription fulfillment. The UnitedHealth Group later confirmed it paid a ransom to receive a decryptor and to prevent the threat actors from publicly releasing the stolen data. This ransom payment was allegedly $22 million, according to the BlackCat ransomware affiliate who conducted the attack. This ransom payment was supposed to be split between the affiliate and the ransomware operators, but the BlackCat suddenly shut down in an exit scam, stealing the entire payment for themselves. ALPHV affiliate claiming they were scammed by BlackCat source: Dmitry Smilyanets This is where it got worse for UnitedHealth, as the threat actor behind the attack stated that they did not delete the stolen data as promised. The attacker then partnered with a new ransomware operation named RansomHub and began leaking some of the stolen data, demanding an additional payment for the data not to be released. A few days later, the Change Healthcare entry on RansomHub's data leak site mysteriously disappeared, indicating that United Health likely paid a second ransom demand. UnitedHealth said in April that the Change Healthcare ransomware attack caused $872 million in losses, which increased as part of the Q3 2024 earnings to an expected $2.45 billion for the nine months to September 30, 2024, Source Hope you enjoyed this news post. Thank you for appreciating my time and effort posting news every day for many years. News posts... 2023: 5,800+ | 2024: 5,700+ RIP Matrix | Farewell my friend -
Free, ’s second largest ISP, confirms data breach after leak
Karlston posted a news in Security & Privacy News
Free, a major internet service provider (ISP) in , confirmed over the weekend that hackers breached its systems and stole customer personal information. The company, which says it had over 22.9 million mobile and fixed subscribers at the end of June, is the second-largest telecommunications company in and a subsidiary of the Iliad Group, Europe's sixth-largest mobile operator by number of subscribers. Free has since filed a criminal complaint with the public prosecutor and notified the French National Commission for Information Technology and Civil Liberties (CNIL) and the National Agency for the Security of Information Systems (ANSSI) of the incident. "The affected subscribers have been or will be informed by email shortly," a Free spokesperson told BleepingComputer, adding that "no operational impact was observed on our activities and services" and "all necessary measures were taken immediately to put an end to this attack and strengthen the protection of our information systems." Free added that the attack targeted a management tool that exposed subscribers' data. However, the attackers failed to access customer passwords, bank card information, and communications content (including "emails, SMS, voice messages, etc."). The data stolen in the attack is now being auctioned on BreachForums to the highest bidder, with the threat actor—known as "drussellx"—claiming that the breach impacts almost a third of 's population. Allegedly stolen data up for sale (BleepingComputer) "The data breach affects 19.2 million customers and contains over 5.11 million IBAN numbers. It affects all Free Mobile and Freebox customers, and includes the IBANs of all 5.11 million Freebox subscribers," the threat actor says. They also provided an archive containing some of the allegedly stolen data, screenshots, and database headers as proof that the data being auctioned is legitimate. As further proof, the threat actor said they're also willing to let potential customers search the stolen database to ensure that "the entire database that has been recovered" is for sale. Regarding the stolen IBANs (International Bank Account Numbers), Free says the attackers could only steal those of certain fixed subscribers and that they're "not enough to make a direct debit from a bank." "If subscribers nevertheless notice an unusual direct debit, not corresponding to any date and no known invoice amount, their bank is obliged to reimburse them. They have 13 months to report the fraudulent direct debit," Free said, "We also invite them to be vigilant against phishing attempts. Never communicate your access codes or bank card whether by email, SMS or during a call." A Free spokesperson has yet to provide more information about when the incident was detected and how many customers were impacted by the breach after being contacted by BleepingComputer for more details earlier today. Source Hope you enjoyed this news post. Thank you for appreciating my time and effort posting news every day for many years. 2023: Over 5,800 news posts | 2024 (till end of September): 4,292 news posts RIP Matrix | Farewell my friend-
- free
- (and 1 more)
Tagged with:
-
UnitedHealth says data of 100 million stolen in Change Healthcare breach
Karlston posted a news in Security & Privacy News
UnitedHealth has confirmed for the first time that over 100 million people had their personal information and healthcare data stolen in the Change Healthcare ransomware attack, marking this as the largest healthcare data breach in recent years. In May, UnitedHealth CEO Andrew Witty warned during a congressional hearing that "maybe a third" of all American's health data was exposed in the attack. A month later, Change Healthcare published a data breach notification warning that the February ransomware attack on Change Healthcare exposed a "substantial quantity of data" for a "substantial proportion of people in America." Today, the U.S. Department of Health and Human Services Office for Civil Rights data breach portal updated the total number of impacted people to 100 million, making it the first time UnitedHealth, the parent company of Change Healthcare, put an official number to the breach. "On October 22, 2024, Change Healthcare notified OCR that approximately 100 million individual notices have been sent regarding this breach," reads an updated FAQ on the OCR website. Updated number of people impacted by the Change Healthcare data breach Source: HHS Data breach notifications sent by Change Healthcare since June state that a massive amount of sensitive information was stolen during the February ransomware attack, including: Health insurance information (such as primary, secondary or other health plans/policies, insurance companies, member/group ID numbers, and Medicaid-Medicare-government payor ID numbers); Health information (such as medical record numbers, providers, diagnoses, medicines, test results, images, care and treatment); Billing, claims and payment information (such as claim numbers, account numbers, billing codes, payment cards, financial and banking information, payments made, and balance due); and/or Other personal information such as Social Security numbers, driver’s licenses or state ID numbers, or passport numbers. The information may be different for each individual, and not everyone's medical history was exposed. The Change Healthcare ransomware attack This data breach was caused by a February ransomware attack on UnitedHealth subsidiary Change Healthcare, which led to widespread outages in the U.S. healthcare system. The disruption to the company's IT systems prevented doctors and pharmacies from filing claims and prevented pharmacies from accepting discount prescription cards, causing patients to pay full price for medications. The BlackCat ransomware gang, aka ALPHV, conducted the attack, using stolen credentials to breach the company's Citrix remote access service, which did not have multi-factor authentication enabled. During the attack, the threat actors stole 6 TB of data and ultimately encrypted computers on the network, causing the company to shut down IT systems to prevent the spread of the attack. The UnitedHealth Group admitted to paying a ransom demand to receive a decryptor and for the threat actors to delete the stolen data. The ransom payment was allegedly $22 million, according to the BlackCat ransomware affiliate who conducted the attack. This ransom payment was supposed to be split between the affiliate and the ransomware operation, but the BlackCat suddenly shut down, stealing the entire payment for themselves and pulling an exit scam. ALPHV affiliate claiming they were scammed by BlackCat source: Dmitry Smilyanets However, this wasn't the end of Change Healthcare's problems, as the affiliate claimed they still had the company's data and did not delete it as promised. The affiliate partnered with a new ransomware operation named RansomHub and began leaking some of the stolen data, demanding an additional payment for the data not to be released. The entry for Change Healthcare entry on RansomHub's data leak site mysteriously disappeared a few days later, possibly indicating that United Health paid a second ransom demand. UnitedHealth said in April that the Change Healthcare ransomware attack caused $872 million in losses, which increased as part of the Q3 2024 earnings to an expected $2.45 billion for the nine months to September 30, 2024, Source Hope you enjoyed this news post. Thank you for appreciating my time and effort posting news every day for many years. 2023: Over 5,800 news posts | 2024 (till end of September): 4,292 news posts RIP Matrix | Farewell my friend -
Internet Archive hacked, data breach impacts 31 million users
Karlston posted a news in Security & Privacy News
Internet Archive's "The Wayback Machine" has suffered a data breach after a threat actor compromised the website and stole a user authentication database containing 31 million unique records. News of the breach began circulating Wednesday afternoon after visitors to archive.org began seeing a JavaScript alert created by the hacker, stating that the Internet Archive was breached. "Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!," reads a JavaScript alert shown on the compromised archive.org site. JavaScript alert shown on Archive.org Source: BleepingComputer The text "HIBP" refers to is the Have I Been Pwned data breach notification service created by Troy Hunt, with whom threat actors commonly share stolen data to be added to the service. Hunt told BleepingComputer that the threat actor shared the Internet Archive's authentication database nine days ago and it is a 6.4GB SQL file named "ia_users.sql." The database contains authentication information for registered members, including their email addresses, screen names, password change timestamps, Bcrypt-hashed passwords, and other internal data. The most recent timestamp on the stolen records was ta is September 28th, 2024, likely when the database was stolen. Hunt says there are 31 million unique email addresses in the database, with many subscribed to the HIBP data breach notification service. The data will soon be added to HIBP, allowing users to enter their email and confirm if their data was exposed in this breach. The data was confirmed to be real after Hunt contacted users listed in the databases, including cybersecurity researcher Scott Helme, who permitted BleepingComputer to share his exposed record. 9887370, [email protected],$2a$10$Bho2e2ptPnFRJyJKIn5BiehIDiEwhjfMZFVRM9fRCarKXkemA3PxuScottHelme,2020-06-25,2020-06-25,[email protected],2020-06-25 13:22:52.7608520,\N0\N\N@scotthelme\N\N\N Helme confirmed that the bcrypt-hashed password in the data record matched the brcrypt-hashed password stored in his password manager. He also confirmed that the timestamp in the database record matched the date when he last changed the password in his password manager. Password manager entry for archive.org Source: Scott Helme Hunt says he contacted the Internet Archive three days ago and began a disclosure process, stating that the data would be loaded into the service in 72 hours, but he has not heard back since. It is not known how the threat actors breached the Internet Archive and if any other data was stolen. Earlier today, the Internet Archive suffered a DDoS attack, which has now been claimed by the BlackMeta hacktivist group, who says they will be conducting additional attacks. BleepingComputer contacted the Internet Archive with questions about the attack, but no response was immediately available. Source RIP Matrix | Farewell my friend Hope you enjoyed this news post. Thank you for appreciating my time and effort posting news every day for many years. 2023: Over 5,800 news posts | 2024 (till end of September): 4,292 news posts -
Verizon insider data breach hits over 63,000 employees
Karlston posted a news in Security & Privacy News
Verizon Communications is warning that an insider data breach impacts almost half its workforce, exposing sensitive employee information. Verizon is an American telecommunications and mass media company providing cable TV, telecommunications, and internet services to over 150 million subscribers across the U.S. The company has more than 117,000 workers and has an annual revenue of 136.8 billion (2022). A data breach notification shared with the Office of the Maine Attorney General reveals that a Verizon employee gained unauthorized access to a file containing sensitive employee information on September 21, 2023. Verizon discovered the breach on December 12, 2023, nearly three months later, and determined it contained sensitive information of 63,206 employees. The data that was exposed varies per employee but could include: Full name Physical address Social Security number (SSN) National ID Gender Union affiliation Date of birth Compensation information However, this incident does not appear to impact customer information. Verizon says it is actively working towards strengthening its internal security to prevent similar incidents from occurring again in the future and noted that at this time, there are no signs of malicious exploitation or evidence of the data having been widely leaked. "At this time, we have no evidence that this information has been misused or shared outside of Verizon as a result of this issue," reads the Verizon data breach notification. "We are working to ensure our technical controls are enhanced to help prevent this type of situation from reoccurring and are notifying applicable regulators about the matter." To protect exposed individuals from the risks posed by the security incident, Verizon has enclosed instructions on enrolling in a two-year identity theft protection and credit monitoring service in the notices sent to impacted employees. BleepingComputer contacted Verizon to learn if the incident has been referred to law enforcement and we received the following reply: Verizon has had a relatively calm period regarding cybersecurity incidents in the past few years. The firm's last major incident was announced in October 2022, when hackers attempted to perform SIM swaps to hijack customer accounts. Although Verizon says it blocked the activity and reversed unauthorized changes, sensitive customer information such as partial credit card data, names, telephone numbers, billing addresses, and other service-related info was exposed. Update 2/6 - Added Verizon statement Source -
Bank of America warns customers of data breach after vendor hack
Karlston posted a news in Security & Privacy News
Bank of America is warning customers of a data breach exposing their personal information after one of its service providers was hacked last year. Customer personally identifiable information (PII) exposed in the security breach includes the affected individuals' names, addresses, social security numbers, dates of birth, and financial information, including account and credit card numbers, according to details shared with the Attorney General of Texas. While Bank of America has yet to disclose how many customers were impacted by the data breach, Infosys McCamish Systems (IMS), the vendor that had its systems compromised, revealed in a recent filing with the Attorney General of Maine that 57,028 had their data exposed in the incident. Infosys, IMS' parent company, is a multinational IT consulting giant with over 300,000 employees and clients in over 56 countries. Bank of America serves approximately 69 million clients at over 3,800 retail financial centers and through approximately 15,000 ATMs in the United States, its territories, and more than 35 countries. "Or around November 3, 2023, IMS was impacted by a cybersecurity event when an unauthorized third party accessed IMS systems, resulting in the non-availability of certain IMS applications," IMS said. "On November 24, 2023, IMS told Bank of America that data concerning deferred compensation plans serviced by Bank of America may have been compromised. Bank of America's systems were not compromised." "It is unlikely that we will be able to determine with certainty what personal information was accessed as a result of this incident at IMS." LockBit claims ransomware attack on IMS IMS said the security breach led to a "non-availability of certain applications and systems in IMS" when it first disclosed the incident in a filing with the U.S. Securities and Exchange Commission On November 4th, the LockBit ransomware gang claimed responsibility for the IMS attack, saying that its operators encrypted over 2,000 systems during the breach. Infosys entry on LockBit's leak site (Dark Web Informer) The LockBit ransomware-as-a-service (RaaS) operation came to light in September 2019 and has since targeted many high-profile organizations, including the UK Royal Mail, the Continental automotive giant, the City of Oakland, and the Italian Internal Revenue Service. In June, cybersecurity authorities in the United States and partners worldwide released a joint advisory estimating that the LockBit gang has extorted at least $91 million from U.S. organizations following roughly 1,700 attacks since 2020. A Bank of America spokesperson was not immediately available for comment when contacted by BleepingComputer earlier today. Source -
AT&T: Data breach affects 73 million or 51 million customers. No, we won’t explain.
Karlston posted a news in Security & Privacy News
When the data was published in 2021, the company said it didn't belong to its customers. AT&T is notifying millions of current or former customers that their account data has been compromised and published last month on the dark web. Just how many millions, the company isn't saying. In a mandatory filing with the Maine Attorney General’s office, the telecommunications company said 51.2 million account holders were affected. On its corporate website, AT&T put the number at 73 million. In either event, compromised data included one or more of the following: full names, email addresses, mailing addresses, phone numbers, social security numbers, dates of birth, AT&T account numbers, and AT&T passcodes. Personal financial information and call history didn’t appear to be included, AT&T said, and data appeared to be from June 2019 or earlier. The disclosure on the AT&T site said the 73 million affected customers comprised 7.6 million current customers and 65.4 million former customers. The notification said AT&T has reset the account PINs of all current customers and is notifying current and former customers by mail. AT&T representatives haven’t explained why the letter filed with the Maine AG lists 51.2 million affected and the disclosure on its site lists 73 million. According to a March 30 article published by TechCrunch, a security researcher said the passcodes were stored in an encrypted format that could easily be decrypted. Bleeping Computer reported in 2021 that more than 70 million records containing AT&T customer data was put up for sale that year for $1 million. AT&T, at the time, told the news site that the amassed data didn’t belong to its customers and that the company's systems had not been breached. Last month, after the same data reappeared online, Bleeping Computer and TechCrunch confirmed that the data belonged to AT&T customers, and the company finally acknowledged the connection. AT&T has yet to say how the information was breached or why it took more than two years from the original date of publication to confirm that it belonged to its customers. Given the length of time the data has been available, the damage that’s likely to result from the most recent publication is likely to be minimal. That said, anyone who is or was an AT&T customer should be on the lookout for scams that attempt to capitalize on the leaked data. AT&T is offering one year of free identity theft protection. Source -
Home Depot confirms third-party data breach exposed employee info
Karlston posted a news in Security & Privacy News
Home Depot has confirmed that it suffered a data breach after one of its SaaS vendors mistakenly exposed a small sample of limited employee data, which could potentially be used in targeted phishing attacks. Home Depot is the largest home improvement retailer, with more than 2,300 stores in North America and over 475,000 employees. On Thursday, a threat actor known as IntelBroker leaked limited data for approximately 10,000 Home Depot employees on a hacking forum. "In April 2024, Home Depot suffered a data breach that exposed the corporate information belonging to 10K employees of the company," reads the forum post. The Home Depot data leaked on a hacking forumSource: BleepingComputer After BleepingComputer contacted Home Depot, the company confirmed that one of its third-party SaaS vendors mistakenly exposed sample employee data. "A third-party Software-as-a-Service (SaaS) vendor inadvertently made public a small sample of Home Depot associates' names, work email addresses and User IDs during testing of their systems," Home Depot told BleepingComputer. While this data is not highly sensitive, exposing only corporate IDs, names, and email addresses, it could be used by threat actors to conduct targeted phishing attacks against Home Depot employees. These phishing attacks could be designed to gather more sensitive information, such as Home Depot credentials, which could then be sold to other threat actors or used to breach the company's network to steal corporate data or deploy ransomware. For this reason, all Home Depot employees should be wary of any emails containing links to pages that request corporate credentials or other information. If one of these emails is received, it should be reported to the company's IT staff, who can verify whether it is legitimate. IntelBroker is a well-known threat actor who first gained notoriety by breaching DC Health Link, an organization that administers the health care plans of U.S. House members, their staff, and their families. The incident resulted in widespread media attention and a congressional hearing after the data for 170,000 affected individuals, including members and staff of the U.S. House of Representatives, was leaked. Other cybersecurity incidents linked to IntelBroker are the breaches of PandaBuy, Acuity, Hewlett Packard Enterprise (HPE) and the Weee! grocery service, as well as an alleged breach of General Electric Aviation. Source -
AT&T confirms data breach affecting more than 70 million customers
Karlston posted a news in Security & Privacy News
AT&T, one of the largest mobile carriers in the United States, has confirmed a massive data breach affecting millions of its customers. The breach affects around 7.6 million current AT&T account holders and 65.4 million former account holders. For those affected, the carrier company says that users will receive an email or letter explaining the incident, what information was compromised, and what it is doing in response to it. The data breach includes fields such as full name, email address, mailing address, phone number, social security number, date of birth, AT&T account number, and passcode. For now, the company is resetting users' passcodes and also advises users to change them as a precaution. AT&T says that it has determined company-specific fields in the dataset that was leaked on the dark web. However, where the data originated from still remains unknown. AT&T says that it hasn't found any "evidence of unauthorized access to its systems resulting in the theft of the data set." The dataset appears to have data from 2019 or earlier. The company has previously denied being affected by a data breach, citing that "the information that appeared in an internet chat room does not appear to have come from our systems." The dataset from this breach, which happened in 2021, was being sold by threat actors ShinyHunters, who confirmed that the breach indeed happened from AT&T's internal systems. All AT&T customers have been advised to remain vigilant by monitoring their account activity and credit reports. The company, in its FAQ, suggests users set up free fraud alerts on credit bureaus like Equifax, Experian, and TransUnion. Users can go through AT&T's FAQ page to know more details about the data breach. We recommend users be careful about any SMS or phishing emails impersonating AT&T and contact the company to confirm whether they attempted to make the contact. Source -
Roku discovers second data breach affecting over half a million accounts
Karlston posted a news in Security & Privacy News
Roku announced a new data breach affecting hundreds of thousands of accounts on its streaming platform. The company recently announced that it had found evidence of unauthorized access to 576,000 Roku user accounts. This is in addition to the 15,000 accounts compromised in an earlier incident last month. According to Roku, the attacks used a technique known as "credential stuffing," in which hackers use credentials obtained from other breaches to systematically try to access accounts on different services. The compromised credentials likely came from previous data breaches at unrelated sites where people reused passwords. In its advisory published today, Roku writes: While Roku's systems were not directly hacked in this incident, malicious actors were able to exploit weak or stolen credentials to take over accounts via credential stuffing. In less than 400 cases, attackers made fraudulent purchases of streaming subscriptions and Roku hardware using payment methods stored in the compromised profiles. As a precaution, Roku has reset passwords for all affected accounts. The company is also refunding customers who incurred unauthorized charges. Roku has also enabled two-factor authentication (2FA) by default for all accounts, whether affected by the recent incidents or not. When users next attempt to log in to their Roku account, a verification link will be sent to the registered email addresses. Source -
Samsung hit by new data breach impacting UK store customers
Karlston posted a news in Security & Privacy News
Samsung Electronics is notifying some of its customers of a data breach that exposed their personal information to an unauthorized individual. The company says that the cyberattack impacted only customers who made purchases from the Samsung UK online store between July 1, 2019, and June 30, 2020. Hacker exploits bug in third-party app Samsung discovered the data breach two days ago, on November 13, and determined that it was the result of a hacker exploiting a vulnerability in a third-party application the company used. No details have been provided about the security issue leveraged in the attack or the vulnerable application that enabled the attacker to access Samsung customer's personal information. The notification to customers says that exposed data may include names, phone numbers, postal and email addresses. The company underlines that credentials or financial information remains unaffected by the incident. Samsung alerts customers of a new data breach source: Michael Valentine A Samsung spokesperson told BleepingComputer that the company was recently alerted of a cybersecurity incident that is limited to the UK region and does not affect data belonging to customers in the U.S., employees, or retailers. The company has taken all necessary steps to address the security issue, the representative told BleepingComputer, adding that the incident has also been reported to the UK’s Information Commissioner’s Office. This is the third data breach Samsung has suffered in two years. The previous one occurred in late July, 2023 - discovered on August 4, when hackers accessed and stole Samsung customers' names, contacts and demographic information, dates of birth, and product registration data. In March 2023, the data extortion group Lapsus$ breached Samsung’s network and stole confidential information, including source code for Galaxy smartphones. Samsung confirmed that “certain internal data” had fallen into the hands of an unauthorized party after Lapsus$ leaked about 190GB of archived files along with a description of the contents. Source -
LastPass breach linked to theft of $4.4 million in crypto
Karlston posted a news in Security & Privacy News
Hackers have stolen $4.4 million in cryptocurrency on October 25th using private keys and passphrases stored in stolen LastPass databases, according to research by crypto fraud researchers who have been researching similar incidents. The news comes from ZachXBT and MetaMask developer Taylor Monahan, who have been tracking these crypto thefts. "We regularly have people reach out via DM who have had their crypto assets stolen. We also approach victims we discover on-chain," ZachXBT told BleepingComputer. "We ask potential LastPass victims multiple questions and typically have found one commonality between them all being LastPass." According to a tweet by ZachXBT on X, the threat actors stole $4.4 million from 25+ victims due to a LastPass breach in 2022. The LastPass breach In 2022, LastPass suffered two breaches that ultimately allowed threat actors to steal source code, customer data, and production backups stored in cloud services that included encrypted password vaults. At the time, LastPass CEO Karim Toubba said that while the encrypted vaults were stolen, only customers knew the master password required to decrypt them. Therefore, if you were following password best practices recommended by LastPass, your vaults should be safe. However, LastPass warned that for those using weaker passwords, it was advised to reset the master password. "Depending on the length and complexity of your master password and iteration count setting, you may want to reset your master password," reads a LastPass support bulletin about the cyberattack. This suggestion was given because a weaker password can more easily be cracked using specialized programs that utilize a GPU to brute force easy-to-crack passwords. According to research conducted by Monahan and ZachXBT, it is believed that the threat actors are cracking these stolen password vaults to gain access to stored cryptocurrency wallet passphrases, credentials, and private keys. Once they gain access to this information, they can load the wallets onto their own devices and drain them of all funds. According to a report by Brian Krebs on this research, Monahan and other researchers have generated a unique signature that links the theft of over $35 million to the same threat actors. "At this point I'm also confident in saying that, in most of these cases, the compromised keys were stolen from LastPass," tweeted Monahan in August. "The number of victims who only had the specific group of seeds/keys that were drained stored in LastPass is simply too much to ignore." It is becoming increasingly clear that the threat actors behind the LastPass attack have successfully cracked the passwords for vaults and are using the stolen information to fuel their own attacks. Therefore, if you are a LastPass user who had an account during the August and December 2022 breaches, it is strongly suggested that you reset all of your passwords, including your password. Source -
Pizza Hut Australia warns 193,000 customers of a data breach
Karlston posted a news in Security & Privacy News
Pizza Hut Australia is sending data breach notifications to customers, warning that a cyberattack allowed hackers to access their personal information. The notification warns that the hacker gained unauthorized access to Pizza Hut Australia systems storing sensitive info for customers who made online orders, as well as partial financial data and encrypted account passwords. "We became aware in early September of a cyber security incident where an unauthorized third party accessed some of the company's data," reads the notice sent to customers. "We have confirmed that the data impacted relates to customer record details and online order transactions held on our Pizza Hut Australia customer database." Notice sent to customers (@seamus_polsci) The information that has been exposed to the network intruders includes the following: Full name Delivery address Delivery instructions Email address Phone number Masked credit card data Encrypted passwords for online accounts The restaurant chain, which operates in 260 locations in Australia, says recipients of its notices "may wish to consider" updating their password despite being "one-way encrypted" in the database. Moreover, the notice urges customers to stay vigilant for phishing attacks and suspicious links sent to them via unsolicited communications. Ultimately, Pizza Hut says the incident only impacts a small number of its customers, and the Office of the Australian Information Commissioner (OAIC) has been fully informed about the situation. The exact number of impacted customers was disclosed via a statement from a Pizza Hut spokesperson to The Guardian, stating that the incident affected 193,000 people. Past incidents At the start of September 2023, DataBreaches reported that the notorious data broker 'ShinyHunters' made claims about stealing the data of 1 million customers of Pizza Hut Australia. The threat actor alleged they gained access via an unprotected Amazon Web Services (AWS) endpoint between July and August 2023, accessing a database with 30 million orders. Pizza Hut Australia never responded to these allegations, so it is unclear whether the two incidents are in any way related. Earlier this year, in January 2023, the owner of Pizza Hut, Yum! Brands, was targeted by a ransomware attack that forced the closure of three hundred locations in the United Kingdom. In April 2023, the firm confirmed that the threat actors had stolen employee information from its networks, albeit it found no evidence that customers were affected by the data breach. Source -
Discord.io shuts down after the data breach incident
Karlston posted a news in Security & Privacy News
Discord.io has temporarily shut down its operations after the data breach that affected 760k users. Currently, you can't reach the website, and it welcomes you with a message that mainly talks about the reasons behind the closure. On Tuesday, Discord.io acknowledged that it had experienced a "major data breach," which led to a hacker obtaining the whole database. Discord.io released a statement saying, "We were made aware of the breach later in the day, and after verifying the content of the breach, we decided to shut down all services and operations." "This information is not private and can be obtained by anyone sharing a server with you. Its inclusion in the breach does, however, mean that other people might be able to link your Discord account to a given email address," said Discord.io. Here is the message What happened to Discord.io? Recently, someone using the name "Akhirah" advertised the sale of the Discord.io database on the newly established Breached hacking forums. Four user profiles from the stolen database were supplied as proof of the acquisition. For those who are unfamiliar with Breached, it replaces a well-known cybercrime site that was well-known for sharing and selling data stolen in prior breaches. Both sensitive and nonsensitive data, including usernames, Discord IDs, emails, billing addresses, passwords, coin balances, API keys, registration dates, internal user IDs, and more, were exposed in the incident. No payment information is kept on the website's servers. 'Akhirah' claims that the hacked collection contains information on 760,000 Discord.io users, emphasizing the following information: "userid","icon","icon_stored","userdiscrim","auth","auth_id","admin","moderator","email","name","username","password","tokens","tokens_free","faucet_timer","faucet_streak","address","date","api","favorites","ads","active","banned","public","domain","media","splash_opt","splash","auth_key","last_payment","expiration" Data on 760,000 Discord.io members, according to the hacker who goes by the name "Akhirah," is said to have been stolen. According to Akhirah, the attack was partially driven by Discord.io's purported ties to child sex abuse content. If Discord.io removes those connections, the hacker informs Bleeping Computer that they are willing to keep the stolen data private, but the information is now being sold on a hacking site. Discord.io is "still investigating the breach, but we believe that the breach was caused by a vulnerability in our website's code, which allowed an attacker to gain access to our database." Source -
Sony confirms data breach impacting thousands in the U.S.
Karlston posted a news in Security & Privacy News
Sony Interactive Entertainment (Sony) has notified current and former employees and their family members about a cybersecurity breach that exposed personal information. The company sent the data breach notification to about 6,800 individuals, confirming that the intrusion occurred after an unauthorized party exploited a zero-day vulnerability in the MOVEit Transfer platform. The zero-day is CVE-2023-34362, a critical-severity SQL injection flaw that leads to remote code execution, leveraged by the Clop ransomware in large-scale attacks that compromised numerous organizations across the world. Clop ransomware gang added Sony Group to its list of victims in late June. However, the firm did not provide a public statement until now. According to the data breach notification, the compromise happened on May 28, three days before Sony learned from Progress Software (the MOVEit vendor) about the flaw, but it was discovered in early June. “On June 2, 2023, [we] discovered the unauthorized downloads, immediately took the platform offline, and remediated the vulnerability,” reads the notice. “An investigation was then launched with assistance from external cybersecurity experts. We also notified law enforcement,” Sony says in the data breach notification. Sony says the incident was limited to the particular software platform and had no impact on any of its other systems. Still, sensitive information belonging to 6,791 people in the U.S. was compromised. The firm has individually determined the exposed details and listed them in each individual letter, but it is censored in the notification sample submitted to the Office of the Maine Attorney General. The notification recipients are now offered credit monitoring and identity restoration services through Equifax, which they can access by using their unique code until February 29, 2024. Sony’s more recent breach Late last month, following allegations on hacking forums that Sony had been breached again and 3.14 GB of data had been stolen from the company’s systems, the firm responded by saying it was investigating the claims. The leaked dataset that at least two separate threat actors held, contained details for the SonarQube platform, certificates, Creators Cloud, incident response policies, a device emulator for generating licenses, and more. A Sony spokesperson shared with BleepingComputer the statement below, which confirms a limited security breach: Sony has been investigating recent public claims of a security incident at Sony. We are working with third-party forensics experts and have identified activity on a single server located in Japan used for internal testing for the Entertainment, Technology and Services (ET&S) business. Sony has taken this server offline while the investigation is ongoing. There is currently no indication that customer or business partner data was stored on the affected server or that any other Sony systems were affected. There has been no adverse impact on Sony's operations. This confirms that Sony has suffered two security breaches in the past four months. Source -
Toyota warns customers of data breach exposing personal, financial info
Karlston posted a news in Security & Privacy News
Toyota Financial Services (TFS) is warning customers it suffered a data breach, stating that sensitive personal and financial data was exposed in the attack. Toyota Financial Services, a subsidiary of Toyota Motor Corporation, is a global entity with a presence in 90% of the markets where Toyota sells its cars, providing auto financing to its customers. Last month, the company confirmed that it detected unauthorized access on some of its systems in Europe and Africa, following a claim from Medusa ransomware about successfully compromising the Japanese automaker's division. The threat actors demanded a payment of $8,000,000 to delete the stolen data and gave Toyota 10 days to respond to their blackmail. At the time, a Toyota spokesperson told BleepingComputer that the company had detected unauthorized access on some of its systems in Europe and Africa. The company took certain systems offline to contain the breach, which impacted customer services. Presumably, Toyota has not negotiated a ransom payment with the cybercriminals, and currently, all data has been leaked on Medusa's extortion portal on the dark web. Stolen data available for download via Medusa's extortion portal (BleepingComputer) Earlier this month, Toyota Kreditbank GmbH in was identified as one of the impacted divisions, admitting that hackers gained access to customers' personal data. German news outlet Heise received a sample of the notices sent by Toyota to German customers, informing that the following data has been compromised: Full name Residence address Contract information Lease-purchase details IBAN (International Bank Account Number) This type of data can be used in phishing, social engineering, scams, financial fraud, and even identity theft attempts. Notice sent to impacted customers (Heise) The notification verifies the above data as compromised based on the ongoing investigation. However, the internal investigation isn't complete yet, and there remains a possibility that attackers accessed additional information. Toyota promises to promptly update affected customers should the internal investigation reveal further data exposure. BleepingComputer has contacted Toyota for additional information, like the exact number of exposed customers, but we have not heard back by publication time. Source -
Razer investigates data breach claims, resets user sessions
Karlston posted a news in Security & Privacy News
Gaming gear company Razer reacted to recent rumors of a massive data breach with a short statement on Twitter, letting users know that they started an investigation into the matter. Razer is a popular American-Singaporean tech firm focusing on gaming hardware, selling high-quality peripherals, powerful laptops, and apparel. The company also sells services that give registered account holders access to extensive game collections, special in-game item offers, exclusive rewards, and more through its Razer Gold payment system. Information about a potential data breach at the company emerged on Saturday, when someone posted on a hacker forum that they had stolen the source code, database, encryption keys, and backend access logins for Razer.com, the company's main website. Sale of data allegedly stolen from Razer (BleepingComputer) The user offered to sell that data for $100,000 worth of Monero (XMR) cryptocurrency and urged interested individuals to contact him directly to close the deal. The publisher of the post has not set any limitations or exclusivity, meaning anyone willing to pay the requested amount would get the entire data set. The screenshots posted as proof of the breach show file lists and trees, email addresses, source code allegedly for anti-cheat and reward systems, API details, Razer Gold balances, and more. Cybersecurity analysts at FalconFeedsio spotted the announcement on the hacker forum and shared with the public. Replying to the tweet, Razer said that it was looking into the potential incident by starting an investigation. BleepingComputer has contacted Razer to ask about the validity of the data samples the posted on the hacker forum but we have not received a response at publishing time. However, we have been able to confirm that the leaked accounts are valid and belong to legitimate users on the website. Also, BleepingComputer has found that Razer has reset all member accounts, invalidating their active sessions and requesting them to reset their passwords. Session expiration message (BleepingComputer) Researcher Bob Diachenko discovered in 2020 an unprotected Razer database containing full names, email addresses, phone numbers, customer IDs, order details, and billing and shipping addresses of 100,000 customers. The database was exposed between August 18, 2020 and September 9, 2020, but it is unclear if anyone apart from the researcher ever accessed or copied Razer’s data. From the data samples leaked this time it appears that the information is more recent, dating to at least December 2022, so the two incidents are most likely unrelated.. Source -
Microsoft denies data breach, theft of 30 million customer accounts
Karlston posted a news in Security & Privacy News
Microsoft has denied the claims of the so-called hacktivists “Anonymous Sudan” that they breached the company's servers and stole credentials for 30 million customer accounts. Anonymous Sudan is known for debilitating distributed denial-of-service (DDoS) attacks against Western entities in recent months. The group has confirmed their affiliation with pro-Russian hacktivists like Killnet. Last month, Microsoft admitted that Anonymous Sudan was responsible for service disruptions and outages at the beginning of June that impacting several of its services, including Azure, Outlook, and OneDrive. Yesterday, the hacktivists alleged that they had “successfully hacked Microsoft” and “accessed a large database containing more than 30 million Microsoft accounts, emails, and passwords.” Anonymous Sudan offered to sell this database to interested parties for $50,000 and urged interested buyers to engage in contact with their Telegram bot to arrange the purchase of the data. AS post on Telegram(BleepingComputer) The post even includes a sample of the data they offered (allegedly stolen from Microsoft) as proof of the breach and warned that Microsoft would deny those claims. The group provided 100 credential pairs but their origin could not be verified (old data, the result of a breach at third-party service provider, stolen from Microsoft’s systems). BleepingComputer has contacted Microsoft to request a comment on the validity of Anonymous Sudan's saying and a company spokesperson flatly denied any data breach claims. “At this time, our analysis of the data shows that this is not a legitimate claim and an aggregation of data,” a company representative told BleepingComputer. “We have seen no evidence that our customer data has been accessed or compromised” - Microsoft spokesperson It is unclear at the moment if Microsoft's investigation is complete or it's ongoing. Also, the company's reaction to the potential public release of the data remains to be seen. Source -
Acer confirms data breach after threat actor sells 160GB of its data online
Karlston posted a news in Security & Privacy News
Taiwanese hardware and electronics company Acer has recently confirmed that it suffered a data breach after a threat actor infiltrated one of its document servers that were being used by its repair technicians. "While our investigation is ongoing, there is currently no indication that any consumer data was stored on that server," an Acer spokesperson told The Register. Acer's announcement comes after a cybercriminal who goes by the name "Kernelware" started selling what appears to be 160GB of data stolen from Acer, including 655 directories and 2,869 files. According to the threat actor, the stolen data included the following: Confidential slides and presentations Staff technical manuals Windows Imaging Format files Binaries Backend infrastructure data Confidential product documents Replacement Digital Product Keys ISO files Windows System Deployment Image files BIOS components ROM files To prove that the data is legitimate, Kernelware shared screenshots of technical schematics for the Acer V206HQL display, documents, BIOS definitions, and confidential documents. The threat actor said that they will only sell via a middleman and accept the cryptocurrency Monero, potentially a move to ensure that the transaction will not be easily traced. There's no apparent public price set as the cybercriminal wants interested buyers to privately message them. This is not the first time that Acer suffered a security incident. Back in March of 2021, the computer maker suffered a ransomware attack wherein the cybercriminals demanded a $50,000,000 ransom. Seven months later, it confirmed that its after-sales systems in India had been breached by a hacking group, resulting in over 60GB of data stolen. Source: The Register Acer confirms data breach after threat actor sells 160GB of its data online -
Kodi, maker of the popular entertainment center app, confirmed a data breach of its user forum software earlier this week. The development team became aware of the hack after a dump of the Kodi user forum was offered for sale on the darknet. Note: Kodi software, the latest release is Kodi 20, was not affected by the breach in any way. Initial investigation into the matter revealed that the attacker breached a forum admin account of an inactive, but trusted, member, and managed to access the admin console twice. This happened in mid-February of 2023. The admin account was used to create backups of the databases, which were then downloaded. Kodi disabled the account in question to prevent future access to the systems, once it became aware of the incident. It also "conducted an initial review of team infrastructure the team member had access to", reported the incident to the UK police and notified the UK Information Commissioner's Office. The downloaded database backups "expose all public forum posts, all team forum posts, all messages sent through the user-to-user messaging system, and user data including forum username, email address used for notifications, and an encrypted (hashed and salted) password generated by the MyBB (v1.8.27) software". Users of the forum should assume that their "Kodi forum credentials and any private data shared with other users through the user-to-user messaging system is compromised". While passwords are encrypted, Kodi considers them compromised and thus burned. Kodi announced the following plans to deal with the breach: All exposed email data will be shared with Have I Been Pwned, a site to check, whether an email address has been part of a breach. Kodi plans to perform a global password reset. This resets all passwords and prevents further compromise or access to personal data. Kodi forum users need to change passwords at other services, if they re-used the password. The latest version of the forum software is redeployed currently. Since this means comparison with the old version, the forum will remain offline for a few days at least. Access to the admin console will be further restricted and hardened. The global password reset will likely happen once the forums go back online. Users will be informed by email about the reset, and they need to set a new password on the first visit to the forum. Now You: are you a Kodi user? Kodi confirms user forum data breach
-
Carnival Cruise hit by data breach, warns of data misuse risk
Karlston posted a news in Security & Privacy News
Carnival Cruise hit by data breach, warns of data misuse risk Carnival Corporation, the world's largest cruise ship operator, has disclosed a data breach after attackers gained access to some of its IT systems and the personal, financial, and health information belonging to customers, employees, and crew. Carnival is included in both S&P 500 and FTSE 100 stock market indices, has more than 150,000 employees in roughly 150 countries, and provides leisure travel to roughly 13 million guests each year. The company operates nine of the world's leading cruise line brands (Carnival Cruise Line, Costa, P&O Australia, P&O Cruises, Princess Cruises, Holland American Line, AIDA, Cunard, and Seabourn) and a travel tour company (Holland America Princess Alaska Tours). Data misuse risk warning "Unauthorized third-party access to a limited number of email accounts was detected on March 19, 2021," the cruise line operator giant says in a data breach notification letter recently sent to affected customers. However, Carnival's SVP & Chief Communications Officer Roger Frizzell told BleepingComputer after the article was published that the attackers gained access to "limited portions of its information technology systems." "It appears that in mid-March, the unauthorized third-party gained access to certain personal information relating to some of our guests, employees, and crew. "The impacted information includes data routinely collected during the guest experience and travel booking process or through the course of employment or providing services to the Company, including COVID or other safety testing." According to Carnival, the accessed information included names, addresses, phone numbers, passport numbers, dates of birth, health information, and, in some limited instances, additional personal information like Social Security or national identification numbers. The cruise line operator also warned impacted customers, employees, as well as Carnival Cruise Line, Holland America Line, Princess Cruises, and medical operations crew that they found evidence indicating "a low likelihood of the data being misused." Hit by ransomware twice in one year BleepingComputer previously reported that a ransomware attack also hit Carnival in August 2020, an incident confirmed by the cruise line operator in an 8-K form filed with the US Securities and Exchange Commission (SEC). Two months later, Carnival said in a separate SEC filling the ransomware gang behind the August attack gained access to the personal information of both customers and employees during the attack. Roughly 37,500 individuals were impacted affected by the August ransomware attack, according to info filed by Carnival with the Office of Maine's Attorney General. The August ransomware attack came after a data breach disclosed in March 2020 that also led to the exposure of customers' personal and financial info after threat actors gained access to Carnival employees' email accounts. In December 2020, Carnival was hit by a second (previously undisclosed) ransomware attack with "investigation and remediation phases" still ongoing, according to a 10-Q form filed with the SEC in April 2021. "There is currently no indication of any misuse of information potentially accessed or acquired and we continue to work with regulators to bring these matters and other reportable incidents to conclusion," Carnival said about the December 2020 ransomware incident. BleepingComputer reported at the time that the German cruise line and Carnival subsidiary AIDA Cruises was dealing with mysterious "IT restrictions" that led to the cancellation of their New Year's Eve cruises. Costa Crociere, another Carnival subsidiary, was also affected by an IT outage around the December ransomware attack that prevented customers from booking trips via the cruise line's online reservation system. AIDA Cruises, Costa Crociere, and Carnival Corporation did not reply to BleepingComputer emails regarding the disruptions and trip cancellations. Update: Added info provided by Roger Frizzell, Carnival's SVP & Chief Communications Officer. Carnival Cruise hit by data breach, warns of data misuse risk -
Largest US propane distributor discloses '8-second' data breach
Karlston posted a news in Security & Privacy News
Largest US propane distributor discloses '8-second' data breach America's largest propane provider, AmeriGas, has disclosed a data breach that lasted ephemerally but impacted 123 employees and one resident. AmeriGas servers over 2 million customers in all 50 U.S. states and has over 2,500 distribution locations. This month's data breach was reported by the propane giant to the Office of the New Hampshire Attorney General. Data breach lasted '8 seconds', impacted 123 employees This month, AmeriGas has issued a data breach notification letter to the New Hampshire Attorney General's Office. The data breach, however, originated at J. J. Keller, a vendor responsible for providing Department of Transportation (DOT) compliance services to AmeriGas. These services include helping AmeriGas with conducting driving record checks, drug and alcohol testing for drivers, and other DOT-imposed regulatory checks. On May 10th, J. J. Keller detected suspicious activity on their systems associated with a company email account. As such, the vendor promptly began investigating their network to discover that a J. J. Keller employee had fallen victim to a phishing email, leading to a compromise of their account. During this brief access window threat actor(s) could view certain files present within the employee's compromised account. After resetting the employee's account credentials, J. J. Keller promptly began their forensic activities to determine the full scope of this breach. By May 21st, J. J. Keller notified AmeriGas that this eight-second breach exposed records of 123 AmeriGas employees present in the files viewable to the attacker. "According to J.J. Keller, during the 8-second breach, the bad actor had access to an internal email with spreadsheet attachments containing 123 AmeriGas employees' information, including Lab IDs, social security numbers, driver's license numbers, and dates of birth." "To date, we are unaware of any actual or attempted misuse of this personal data as a result of this incident," disclosed AmeriGas in a sample data breach notification letter dated June 4th, 2021. Also exposed in the breach, was the information of just one New Hampshire resident, who has since been notified of the incident and been provided with free credit monitoring services. At this time, there is no indication that any employee information was copied or misused. Second security incident concerning AmeriGas this year This incident marks the second data breach incident concerning AmeriGas this year. In March 2021, AmeriGas had disclosed an attempted data breach, in which a company customer service agent was fired for potentially misusing customer credit card information. According to AmeriGas, some customers phoning AmeriGas customer service had verbally disclosed their credit card information to this representative who may have misused this information to make unauthorized purchases. At the time the company had said: "We recently detected that there were unauthorized disclosures of credit card information to one of our customer service agents." "We do not know whether your credit card information was shared but are writing in an abundance of caution. " "We investigated the issue as a precaution to further secure your information." "The agent involved has been terminated and we have already implemented additional safeguards," the company had disclosed at the time. Cyber-attacks and incidents against critical energy companies are continuing to grow, prompting the need for stepping up security controls and awareness training across organizations. Largest US propane distributor discloses '8-second' data breach