Data Breaches

> Keep yourself safe after a data breach.

Not my usual post, but maybe someone will find it useful.

> Reset your clocks: Meta has been hit with yet another privacy penalty in Europe. On Friday, Ireland’s Data Protection Commission (DPC) announced a reprimand and a €91 million fine — around $101.5 million at current exchange rates — after concluding a multiyear investigation into a 2019 security breach by Facebook’s parent company.

> A group of security researchers discovered critical flaws in Kia's dealer portal that could let hackers locate and steal millions of Kia cars made after 2013 using just the targeted vehicle's license plate.

> The world’s second-largest money transfer provider, which filed a data breach notice with U.K. authorities, serves over 50 million people.

> The health insurance giant is investigating an incident that allegedly leaked sensitive customer medical data.

> AutoCanada is warning that employee data may have been exposed in an August cyberattack claimed by the Hunters International ransomware gang.

> The Centers for Medicare & Medicaid Services (CMS) federal agency announced earlier this month that health and personal information of more than three million health plan beneficiaries was exposed in the MOVEit attacks Cl0p ransomware conducted last year.

> Money transfer giant MoneyGram has confirmed it suffered a cyberattack after dealing with system outages and customer complaints about lack of service since Friday.

> Dell has confirmed to BleepingComputer that they are investigating recent claims that it suffered a data breach after a threat actor leaked the data for over 10,000 employees.

> The data is available for free in small portions, while bulk data — amounting to 7.24 terabytes — is being offered for sale, according to a hacker using the alias “xenZen.”

> On Tuesday, Russian anti-malware company Doctor Web (Dr.Web) disclosed a security breach after its systems were targeted in a cyberattack over the weekend.

> Temu denies it was hacked or suffered a data breach after a threat actor claimed to be selling a stolen database containing 87 million records of customer information.

> The Federal Communications Commission (FCC) has reached a $13 million settlement with AT&T to resolve a probe into whether the telecom giant failed to protect customer data after a vendor's cloud environment was breached three years ago.

> Over 1,000 misconfigured ServiceNow enterprise instances were found exposing Knowledge Base (KB) articles that contained sensitive corporate information to external users and potential threat actors.

> The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are alerting the public of false claims that the U.S. voter registration data has been compromised in cyberattacks.

> Port of Seattle, the United States government agency overseeing Seattle's seaport and airport, confirmed on Friday that the Rhysida ransomware operation was behind a cyberattack impacting its systems over the last three weeks.

> Kawasaki Motors Europe has announced that it's recovering from a cyberattack that caused service disruptions as the RansomHub ransomware gang threatens to leak stolen data.

> Cybersecurity giant Fortinet has confirmed it suffered a data breach after a threat actor claimed to steal 440GB of files from the company's Microsoft Sharepoint server.

> Transport for London (TfL) has determined that the cyberattack on September 1 impacts customer data, including names, contact details, email addresses, and home addresses.

> Data breaches affecting millions of users are far too common. Here are some of the biggest, baddest breaches in recent memory.

> The London transport authority removes a claim that said there was no evidence that customer data was compromised during a recent hack.

> Highline Public Schools, a K-12 district in Washington state, has shut down all schools and canceled school activities after its technology systems were compromised in a cyberattack.

> Payment gateway provider Slim CD has disclosed a data breach that compromised credit card and personal data belonging to almost 1.7 million individuals.

>American car rental giant Avis disclosed a data breach after attackers breached one of its business applications last month and stole customer personal information.

> Planned Parenthood has confirmed it suffered a cyberattack affecting its IT systems, forcing it to take parts of its infrastructure offline to contain the damage.

> ​American semiconductor supplier Microchip Technology Incorporated has confirmed that employee information was stolen from systems compromised in an August cyberattack, which was later claimed by the Play ransomware gang.

> The oil and fracking giant says it is "working to identify effects" of the ongoing cyberattack on its oil and fracking operations.

> Hacker ‘HikkI-Chan’ leaks personal data of over 390 million VK users on Breach Forums, including city, country, full names, and profile image URLs. Hackread.com investigates this massive privacy breach.

> Transport for London (TfL), the city's transport authority, is investigating an ongoing cyberattack that has yet to impact its services.

> The Federal Trade Commission (FTC) proposes a $2.95 million penalty on security camera vendor Verkada for multiple security failures that enabled hackers to access live video feeds from 150,000 internet-connected cameras.

> CBIZ Benefits & Insurance Services (CBIZ) has disclosed a data breach that involves unauthorized access of client information stored in specific databases.

> Customer conversation platform Exotel has suffered a data breach that may have compromised details of its clients, sources familiar with the matter told Entrackr.

cross-posted from: https://infosec.pub/post/16863645

> This relatively new ransomware-as-a-service (RaaS) operation extorts victims in exchange for not leaking stolen files and sells the documents to the highest bidder if negotiations fail. The ransomware group focuses on data-theft-based extortion rather than encrypting victims' files, although they were also identified as potential buyers of Knight ransomware source code. > > Since the start of the year, RansomHub has claimed responsibility for breaching American not-for-profit credit union Patelco, the Rite Aid drugstore chain, the Christie's auction house, and U.S. telecom provider Frontier Communications. Frontier Communications later warned over 750,000 customers their personal information was exposed in a data breach.

> Durex India has exposed customers' personal information, including full names, email and postal addresses, and order details.

> DICK'S Sporting Goods, the largest chain of sporting goods retail stores in the United States, disclosed that confidential information was exposed in a cyberattack detected last Wednesday.

> Young Consulting is sending data breach notifications to 954,177 people who had their information exposed in a BlackSuit ransomware attack on April 10, 2024.

> The U.S. Marshals Service (USMS) denies its systems were breached by the Hunters International ransomware gang after being listed as a new victim on the cybercrime group's leak site on Monday.

> Park'N Fly is warning that a data breach exposed the personal and account information of 1 million customers in Canada after hackers breached its network.

> Patelco Credit Union warns customers it suffered a data breach after personal data was stolen in a RansomHub ransomware attack earlier this year.