Last week, breaches and cyberattacks occurred across several industries from the legal, information technology, telecommunications to the healthcare industry. Devastating consequences have been uncovered from earlier data breaches and attacks, with millions of individual's personal data compromised, services still remain disrupted, and core systems and networks being completely wiped out causing millions without an internet connection. Additionally, 23andMe are under hot waters for victim blaming and hackers are increasingly targeting government and business profiles on X for crypto scam.
Read on to receive a quick summary of what happened this week in the space of cybersecurity. 23andMe deflects: Tells data breach victims that they are at fault for the breach. According to a letter sent to a group of victims, 23andMe is blaming victims in an attempt to absolve itself from any responsibility. 23andMe stated that “users negligently recycled and failed to update their passwords following these past security incidents, which are unrelated to 23andMe.” Hence, this breach “was not a result of 23andMe’s alleged failure to maintain reasonable security measures”. As stated by Hassan Zavareei, one of the lawyers representing the victims, 23andMe are “downplaying the seriousness of these events”. Hackers were able to break into the first set of victims (14,000 of them) via credential stuffing, whereby they brute-force into accounts with passwords used by victims before. However, the hackers were then able to access the personal data of another 6.9 million victims from this initial set of victims, as they had opted-in to 23andMe’s DNA Relatives feature. In short, the hackers were able to scrape the personal data of another 6.9 million customers whose accounts were not directly hacked. As Zavareei stated the breach “impacted millions of customers whose data was exposed through the DNA Relatives feature on 23andMe’s platform, not because they used recycled passwords.” HealthEC LLC, a healthcare tech firm data breach impacts 4.5 million patients. HealthEC LLC, a provider of healthcare management solutions, suffered a data breach that impacted 4,452,782 individuals who received care through one of the company’s customers. On 22 December, the company disclosed that they suffered a data breach between 14-23 July 2023, which resulted in unauthorised access to some of their systems. Stolen personal information includes affected individuals’ name, address, birthdate, social security number, taxpayer identification number, medical record number, medical information (e.g. diagnosis, diagnosis code, mental/physical condition, prescription information, and provider’s name and location), health insurance information (e.g. Medicaid/Medicare identification, beneficiary number, subscriber number), and billing and claims information (e.g. patient account number, patient identification number, and treatment cost information). In total, there are 17 healthcare service providers and state-level health systems that were impacted by the cyberattack on HealthEC. The company has also recommended impacted individuals to remain vigilant, and to report any suspicious activities to relevant parties such as financial institutions, the healthcare provider, and insurance company. Orrick Herrington & Sutcliffe, a law firm that handles data breaches, was hit by a data breach. Orrick Herrington & Sutcliffe, a law firm that works with companies affected by security incidents, suffered a cyberattack whereby hackers stole the personal information and sensitive health data of more than 637,000 data breach victims. The law firm stated the sensitive information was stolen from a file share on their network during an intrusion in March 2023. In a series of data breach notification letters sent to affected individuals, the law firm states that the breach of its systems involved its clients’ data, including individuals who had vision plans with insurance giant EyeMed Vision Care and those who had dental plans with Delta Dental. The firm also notified health insurance company MultiPlan, behavioural health giant Beacon Health Options and the U.S. Small Business Administration. The stolen data includes affected individuals’ names, birth dates, postal addresses, email addresses, and government-issued identification numbers (e.g. social security numbers, passport numbers, driver licence numbers, tax identification numbers). Stolen data also includes medical treatment and diagnosis information, insurance claims information, healthcare insurance numbers, and provider details. Furthermore, the law firm also states that the breach includes online account credentials and credit or debit card numbers. Xerox confirms subsidiary XBS U.S. was data breach following ransomware attack. Over the weekend, Xerox, a printing solutions giant, confirmed that their US-based subsidiary Xerox Business Solutions (XBS) experienced a data breach. The company states that this breach was limited to XBS U.S. and was contained by their cybersecurity team. In an incident notice published on their website, it was stated that based on their preliminary investigation, “limited personal information in the XBS environment may have been affected.” As per their policy, they will be notifying all affected individuals. Although Xerox did not share on the type of cybersecurity incident XBS U.S. fell victim to, Inc Ransom, a ransomware gang, claimed responsibility for the attack. On 30 December, Inc Ransom listed Xerox on its Tor-based leak site, and as proof of the attack, posted screenshots of documents that they allegedly stole from the company. However, since then, the entry has been taken down. This could suggest that Xerox may have engaged in communication with the ransomware group to prevent the stolen data from being published online. Australia Victoria Court recordings exposed after suffering a cybersecurity incident in December. Australia’s Court Services Victoria (CSV) warned that video recordings of court hearings were exposed after a December cybersecurity incident. In a statement, CSV stated that the cybersecurity incident led to unauthorised access that caused disruption of the audio visual in-court technology network, impacting video recording, audio recordings and transcription services. Recording of some hearings in courts between 1 November and 21 December 2023 may have been accessed. It is also possible that some hearing before 1 November 2023 may also be accessed. CSV also stated that they immediately took action to isolate and disable the affected network, and put in place arrangements to ensure continued operations across the courts. CSV has notified the relevant authorities, and are working with authorities and cybersecurity experts to investigate this incident. Although CSV did not specify who is behind the attack, based on sources speaking to ABC news, it was reported that the Qilin ransomware group is behind the hack. Five Guys to pay $700,000 to settle a proposed class-action lawsuit over 2022 data breach. Five Guys Enterprises LLC will pay $700,000 to settle a proposed class-action alleging that they failed to protect the personal information of nearly 38,000 employees and others that was exposed in a September 2022 data breach. The settlement fund will cover benefits to class members, up to $251,000 in attorneys’ fees and costs, service awards of $2500 to 4 class representatives and the cost of administering the settlement. Class members could receive up to $400 for ordinary out-of-pocket losses and lost time related to the breach. Those with extraordinary losses would be eligible for up to $6500 in additional payments. The deal also provides for an alternative cash payment of $150 in lieu of other claims, a payment of $100 for California class members, and 2 years of identity theft protection and credit monitoring services. A final approval hearing has been set for 12 July. All systems on KyivStar, Ukraine’s largest telecommunications service provider, were wiped by Russian hackers. KyivStar had all their systems on the telecom operator’s core network wiped in a December breach. After the incident, Kyivstar’s mobile and data services were down, leaving most of their 25 million mobile and home internet subscribers without an internet connection. Illia Vitiuk, head of the Security Service of Ukraine’s cybersecurity department, told Reuters that the threat actors breached Kyivstars’ network in May 2023. However, only launched the attack months later which “completely” destroyed “the core” of the telecoms operator, and wiped thousands of virtual servers and computers. Following the incident, Kyivstar’s CEO and the SSU suggested that Russian hackers may have been involved. A day later, the attack was claimed by Russian hackers from the Solntsepek group (believed to be linked to the Sandworm Russian military hacking group). They claimed that they wiped 10,000 computers, thousands of servers on Kyivstar’s network, and all cloud storage and backup servers. Memorial University continues to deal with cyberattack aftereffects - delays semester starts. The Memorial University of Newfoundland (MUN), the largest public university in Atlantic Canada, continues to deal with the effects of a December cyberattack and had to postpone the start of classes in one campus. On 29 December, the university detected a cyberattack and activated security protocols to isolate impacted systems and launched an investigation. The university announced on 2 January that the services at the Marine Institute campus have been restored. For the Grenfell campus, the start to the semester was postponed until 4-8 January. Additional specialists from other campuses are supporting Grenfell’s IT team to expedite the system restoration process. In a 4 January update, the university announced that the internet and WiFi for resident students are still not operational. Furthermore, payment terminals for credit and debit card transactions are also not working. According to the university, there is no indication that the cyberattack has impacted systems or data on other campuses. Hackers increasingly target government and business profiles on X for crypto scam. Hackers are increasingly targeting verified accounts on X that belong to government and business profiles on X that are marked with ‘gold’ and ‘grey’ checkmarks to promote crypto scams, phishing sites, and sites with crypto drainers. A recent high-profile case is that Mandiant’s, a cybersecurity firm and a Google subsidiary, X account was hijacked to distribute a fake airdrop that emptied cryptocurrency wallets. MalwareHunterTeam has been tracking this type of activity on X and reported several notable examples of compromised “gold” and “grey” accounts. For instance, the account of Amina Gerba, a Canadian senator, has been renamed and is being used to spread a scam. A recent report from CloudSEK, a digital risk monitoring platform, highlights the growing of a new black market whereby hackers sell compromised gold and grey X accounts for prices between $1,200 and $2,200. CloudSEK says they observed 6 sales of such accounts in a month. One of them, dormant since 2016 and had 28,000 followers, was advertised for $2500. Researchers recommend companies to close dormant accounts that are inactive for a long period, review their security settings, and activate 2-factor authentication. That is all! Enjoy the rest of the week and don't forget to update your devices and systems to the latest patches! Comments are closed.
|
Archives
June 2024
Categories
All
|
© 2021, TAFA HOLDINGS (S) PTE LTD. ALL RIGHTS RESERVED
|