Tag: data breach
Teenage super-hackers attack airlines
The US Federal Bureau of Investigation (FBI) last week issued a warning on X that the cybercriminals responsible for the recent devastating cyber-attacks on the UK retail sector are now targeting the airline sector on both sides of the Atlantic. Hard on the heels of the FBI’s warning came the news that the Qantas airline has suffered a major cyber-attack, affecting more than six million customers and likely resulting in the “significant” theft of personal information. Qantas confirmed the data breach Wednesday morning, alerting customers to a cyber incident affecting a third-party platform used by an airline contact center.
Honeywell kicks off AI tools to accelerate industrial autonomy – June 10th
Honeywell has debuted a series of AI-powered tools that intend to boost industrial autonomy, introducing a suite of AI cybersecurity solutions designed to ramp up Operation Technology defenses against the ever-evolving cyberthreat landscape.
Sperm Bank Heist
Another cyber breach as potentially damaging as that of the infamous hook-up site for married users, Ashley Madison, 15 years ago has recently come to light that could have equally serious consequences. According to a notification filed this month with the California Department of Justice, the sperm bank California Cryobank reports a breach that occurred last April. Stolen files include the names, social security numbers, driver's license numbers, financial accounts, and health insurance information of many of the sperm bank donors and their recipients.
Three million Google Chrome users hacked
Over three million Google Chrome users have been issued a warning concerning 16 browser extensions that have been compromised by hackers. This alarming news comes hard on the heels of reports earlier this month that cybercriminals are also leveraging search engine giant Google’s new Gemini 2.0 (artificial intelligence) AI assistant. The list of Google’s hacked browser extensions includes: Emojis, Video Effects for YouTube, Audio Enhancer, Blipshot, Color Changer for YouTube, Themes for Chrome, and YouTube Picture in Pictures. Adblocker for Chrome, Adblock for You, Adblock for Chrome, Nimble Capture, KProxy and Page Refresh, Wistia Video Downloader have also been compromised.
Employment Screening Provider Data Breach Affects 3.3M Individuals – February 28th
DISA Global Solutions, Inc., a provider of employment screening services, confirmed a data breach impacting over 3.3 million individuals. The breach, which occurred between February 9 and April 22, 2024, granted an unauthorized third party access to names, Social Security numbers, driver’s license details, financial account information, and other sensitive data. While forensics could not confirm the exact extent of the stolen data, the exposure raises concerns over identity theft risks for affected individuals.
Healthcare Attacks will not Slow Down in 2025 – January 22nd
According to a report by Netwrix, 84% of organizations in the healthcare sector faced a cyber attack in 2024 and predicts this will not slow down in 2025. The report also found that nearly 70% of healthcare organizations have dealt with financial damages brought about by cyber incidents. Additionally, 21% reported a change in leadership due to the attacks last year.
China ramps up cyber-attacks on the US
The latest US security breach attributed to systematic attempts by China to compromise US institutions and critical infrastructure has impacted the US Treasury. The intrusion is being billed as “a major cybersecurity incident”. According to a letter from the US Department of the Treasury: “The threat actor was able to override the service’s security, remotely access certain Treasury Departmental Office user workstations, and access certain unclassified documents maintained by those users… Based on available indicators, the incident has been attributed to a China state-sponsored Advanced Persistent Threat (APT) actor.”
US Puts $10M Bounty on Chinese Hacker
A Chinese national, Guan Tianfeng, has been accused of involvement in the hacking of 81,000 firewall devices all over the world in 2020. Some of the compromised devices were protecting systems running US critical infrastructure and, had the attacks gone undetected, they could have had potentially deadly consequences. The US Department of State’s Rewards for Justice (RFJ) program has since announced a reward of up to $10 million for information leading to the arrest of Guan and his alleged co-conspirators. “The defendant and his conspirators compromised tens of thousands of firewalls and then continued to hold at risk these devices, which protect computers in the United States and around the world,” said Assistant Attorney General for National Security Matthew G. Olsen.
Russian cyber gangs escalate attacks on US
Two Russian groups, the People’s Cyber Army and Z-Pentest, claim to have taken attacks on critical infrastructure in the US to a new and more dangerous level. Dark web researchers at threat intelligence firm Cyble have discovered Telegram videos detailing attacks on US energy and water facilities far beyond the previously supposed capabilities of such groups. Cyble believes that the two groups may be working in cooperation with one another. Previously, the People’s Cyber Army, which also goes by the name of the Cyber Army of Russia Reborn, and lesser-known groups such as Z-Pentest, have largely confined their attacks on US critical infrastructure to simple and easy-to-repel distributed denial of service (DDoS) attacks.
Marriott to pay $52m fine for 300m customer data breaches
Marriott International has agreed to pay a $52 million fine for cyber-negligence resulting in data breaches affecting over 300 million of its customers worldwide, representing a fine of less than two cents per customer. The US Federal Trade Commission and attorney generals from 49 states ran parallel investigations into three data breaches which took place between 2014 and 2020. Cybercriminals were able to steal the passport information, payment card numbers, loyalty numbers, dates of birth, email addresses plus personal information from hundreds of millions of customers.
Sharp rise in blindside cyber-attacks
More than one in five cybersecurity professionals report having had a cyber hit requiring immediate attention despite having threat-based detection and response security measures in place. According to a survey conducted by cybersecurity firm Criticalstart, 2024 Cyber Risk Landscape Peer Report, 2023’s figure of 83 percent represents a 21 percent increase from 2023. Criticalstart also reports a sharp rise in the cost of data breaches. The average cost of a data breach reached an all-time high of $4.45 million in 2023 - a 15 percent increase over the past three years. Organizations with under 500 employees reported an average breach-impact increase from $2.92 million to $3.31 million—a rise of 13.4%.
Levi’s breach exposes 72k customer details
Over 72,000 US consumers may have had their account details compromised following a cyber-attack on denim clothing giant Levi Strauss & Co. Almost two weeks ago, on June 13, Levi’s spotted an unusual spike in activity on its consumer-facing website and immediately realized its users were under threat. “Our investigation showed characteristics associated with a “credential stuffing” attack where bad actor(s) who have obtained compromised account credentials from another source (such as a third-party data breach) then use a bot attack to test these credentials against another website – in this case www.levis.com,” said Levi’s in a published notice detailing the data breach.