Tag: sensitive data
Employment Screening Provider Data Breach Affects 3.3M Individuals – February 28th
DISA Global Solutions, Inc., a provider of employment screening services, confirmed a data breach impacting over 3.3 million individuals. The breach, which occurred between February 9 and April 22, 2024, granted an unauthorized third party access to names, Social Security numbers, driver’s license details, financial account information, and other sensitive data. While forensics could not confirm the exact extent of the stolen data, the exposure raises concerns over identity theft risks for affected individuals.
Ransomware gangs target law and accountancy firms
In what is bad news for law and accounting firms, the professional and technical services sector has now overtaken the manufacturing sector as the prime target for ransomware attacks of Q3 2024. According to cybersecurity company Nuspire: “These firms handle highly sensitive client data, such as financial records, legal documents, and business strategies, making them prime targets for ransomware operators.” Nuspire predicts that, with ransom demands averaging around $2.5 million a hit for law firms, ransomware operators will continue to target this sector as long as the potential rewards outweigh the effort. The situation is particularly dire for smaller practices, which may lack the resources to protect against today’s increasingly ruthless and sophisticated cyber-attacks.
Cybercriminals pose as law enforcement agencies
The US Federal Bureau of Investigation (FBI) has issued an urgent warning to business and law enforcement agencies that cybercriminals are using genuine stolen US and foreign government email addresses to hack into companies. As of August this year, the FBI has observed an increase in posts on criminal forums relating to fraudulent emergency data requests. In August 2024, a cyber-criminal known to the FBI offered for sale, “High Quality .gov emails for espionage/social engineering/data extortion requests, etc”, that included official US credentials. The cyber-criminals also offered to guide buyers through emergency data requests and to sell real stolen subpoena documents to allow the buyer(s) to pose as law enforcement officers.
US Department of Health and Human Services Falls Victim to Social Engineered Scam – April 11th
The US Department of Health and Human Services (HHS) reported that they fell victim to a social engineering scam over the phone, imitating HHS' financial department, convincing them to hand over ID verification details. The threat actors, aside from imitating HHS' financial department, pulled the attack off by using local area codes and AI voice-changing technology to disguise themselves. The surrendered information could lead to threat actors bypassing multifactor authentication (MFA) security.
Millions of AT&T Data at Risk from Data Breach – April 1st
AT&T sent out a mass announcement to its customers, informing them that a dataset containing sensitive data from 7.6M current users and 65.4M former users is for sale on the dark web. To mitigate the breach, AT&T reset the passcodes of all its current users and will constantly communicate with customers to further protect accounts.
US blocks sales of citizens’ data to hostile powers
In what is being seen by some on the Hill as a case of too little too late, Washington has this week finally blocked the sale of US citizens’ personal sensitive data to four hostile foreign powers: North Korea, China, Russia, and Iran. Sensitive data includes ordinary people’s social security numbers, financial account numbers, biometric information, genetic information, precise geolocation information, and most of their private communications. Washington’s Energy and Commerce Committee top Democrat, Congressman Frank Pallone Jr, simultaneously issued a statement highlighting the massive threat foreign data sales present to ordinary people.
FNF hack exposes 1.3m customer details
US real estate financial services fat cat, Fidelity National Financial (FNF), has revealed details of a cybersecurity breach that occurred in November, exposing the details of 1.3 million customers. An updated filing to the US Securities and Exchange Commission (SEC) claims the attack, which occurred on November 19, 2023, was detected early on and successfully contained. But despite FNF’s best efforts, over a million customers will wonder if the threat actors behind the breach also believe that their attack has been successfully “contained.” The nature of their target suggests otherwise. A Fortune 500 company, FNF is one of the largest companies of its kind in the US, with an annual revenue of over $10 billion, a market capitalization of $13.3 billion, and a staff of over 23,000 people.
Mr. Cooper breach exposes 14m victims’ data
US mortgage service provider Mr. Cooper has disclosed a breach to the U.S. Securities and Exchange Commission (SEC) affecting over 14.5 million people. Breached data includes names, addresses, phone numbers, social security numbers, dates of birth, and bank account numbers. The Mr Cooper breach is indicative of several trends likely to shape the cybersecurity industry in 2024. The new obligation to report material cyber breaches within four days that came into effect last week on December 15 is widely expected to reveal a huge iceberg of what might have previously been unreported and, therefore, uncounted cyber breaches. The obligation to detail the loss and those affected also puts a big onus on organizations in all sectors to implement systems capable of identifying and tracking any intrusions into their network.