Live Nation Entertainment has confirmed what everyone has been speculating on for the last week: Ticketmaster has suffered a data breach.

In a filing with the SEC, Live Nation said on May 20th it identified “unauthorized activity within a third-party cloud database environment containing Company data (primarily from its Ticketmaster L.L.C. subsidiary)” and launched an investigation.

The third party it refers to is likely Snowflake, a cloud company used by thousands of companies to store, manage, and analyze large volumes of data. Yesterday, May 31st, Snowflake said it had “recently observed and are investigating an increase in cyber threat activity” targeting some of its customers’ accounts. It didn’t mention which customers.

In the SEC filing, Live Nation also said:

On May 27, 2024, a criminal threat actor offered what it alleged to be Company user data for sale via the dark web. We are working to mitigate risk to our users and the Company, and have notified and are cooperating with law enforcement. As appropriate, we are also notifying regulatory authorities and users with respect to unauthorized access to personal information.

The user data likely refers to the sales ad for 560 million customers’ data that was posted online earlier this week by a group calling themselves ShinyHunters. The data was advertised for $500,000 and says it includes customer names, addresses, emails, credit card details, order information, and more.

Bleeping Computer says it spoke to ShinyHunters who said they already had interested buyers, and believed one of the buyers that approached them was Ticketmaster itself.

Ticketmaster says it has begun notifying its users of the breach. We are likely to hear more in the coming days, and will update you as we do.

For now, Ticketmaster users should keep an eye on their credit and bank accounts for an unauthorized transactions and follow our general data breach tips below.

Protecting yourself after a data breach

There are some actions you can take if you are, or suspect you may have been, the victim of a data breach.

• Check the vendor’s advice. Every breach is different, so check with the vendor to find out what’s happened, and follow any specific advice they offer.
• Change your password. You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you.
• Enable two-factor authentication (2FA). If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.
• Watch out for fake vendors. The thieves may contact you posing as the vendor. Check the vendor website to see if they are contacting victims, and verify the identity of anyone who contacts you using a different communication channel.
• Take your time. Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.
• Consider not storing your card details. It’s definitely more convenient to get sites to remember your card details for you, but we highly recommend not storing that information on websites.
• Set up identity monitoring. Identity monitoring alerts you if your personal information is found being traded illegally online, and helps you recover after.

Scan for your exposed personal data

While the Ticketmaster data is yet to be published in full, it’s likely you’ve had other personal information exposed online in previous data breaches. You can check what personal information of yours has been exposed with our Digital Footprint portal. Just enter your email address (it’s best to submit the one you most frequently use) to our free Digital Footprint scan and we’ll give you a report.

A threat actor has reportedly taken responsibility for recent data breaches involving Ticketmaster and Santander Bank, claiming they stole data after hacking an employee account at Snowflake, a third-party cloud storage company. Snowflake, however, has shot down these breach claims, attributing the breaches to poor credential hygiene in customer accounts instead.

"To date, we do not believe this activity is caused by any vulnerability, misconfiguration, or malicious activity within the Snowflake product," the cloud storage giant said in a statement today.

Snowflake's AI Data Cloud platform serves more than 9,000 customers, including major companies such as Adobe, AT&T, Capital One, DoorDash, HP, JetBlue, Mastercard, Micron, NBC Universal, Nielsen, Novartis, Okta, PepsiCo, Siemens, US Foods, Western Union, and Yamaha, among others.

Alleged Snowflake Breach Details

According to cybersecurity firm Hudson Rock, the threat actor claims to have accessed data from additional high-profile companies using Snowflake's services, including Anheuser-Busch, State Farm, Mitsubishi, Progressive, Neiman Marcus, Allstate, and Advance Auto Parts. The method described involved bypassing Okta's authentication by using stolen credentials to log into a Snowflake employee's ServiceNow account. From there, they allegedly generated session tokens to extract data from Snowflake customers. Hudson Rock reported that the threat actor claimed the breach affected up to 400 companies, showing evidence of access to over 2,000 customer instances related to Snowflake's Europe servers.

Extortion Attempt and Malware Involvement

The threat actor claimed to have attempted to extort Snowflake for $20 million to buy back the stolen data, but Snowflake did not respond. Hudson Rock noted that a Snowflake employee was infected with a Lumma-type Infostealer in October, which stole their corporate credentials. The malware infection was supported by screenshots shared by the threat actor.

Snowflake Responds

Snowflake has confirmed breaches of customer accounts but denied that any vulnerability or misconfiguration in its products was exploited. The cloud storage company stated that they observed unauthorized access to certain customer accounts , which they said is likely unrelated to any flaws in Snowflake's infrastructure.

"We believe this is the result of ongoing industry-wide, identity-based attacks with the intent to obtain customer data. Research indicates that these types of attacks are performed with our customers’ user credentials that were exposed through unrelated cyber threat activity.

Snowflake has notified the "limited" number of customers about these attacks and urged them to enhance their account security by enabling multi-factor authentication (MFA).

Tools and Indicators of Compromise

The company published a security bulletin containing Indicators of Compromise (IoCs), investigative queries, and guidance for securing affected accounts. One IoC indicates that the threat actors used a custom tool named "RapeFlake" to exfiltrate data from Snowflake's databases. Another showed the use of "DBeaver Ultimate" data management tools, with logs indicating connections from the "DBeaver_DBeaverUltimate" user agent. Snowflake also shared query to identify access from suspected clients and how to disable a suspected user. But this might not be enough. A very important step here is: "If you have enabled the ALLOW_ID_TOKEN parameter on your account, the user must be left in the disabled state for 6 hours to fully invalidate any possible unauthorized access via this ID token feature.  If the user is re-enabled before this time the attacker may be able to generate a new session using an existing ID token, even after the password has been reset or MFA has been enabled." While a threat actor claims to have breached Snowflake and accessed data from numerous high-profile companies, Snowflake maintains that these breaches resulted from compromised customer accounts rather than any inherent vulnerabilities in their systems. Snowflake continues to investigate the incidents and has taken steps to improve customer account security.

Hawk Eye, a popular citizen-friendly crime reporting app of Telangana State Police in India, appears to have been hit by a massive data breach, a claim that sources have unofficially confirmed for The Cyber Express. The Hawk Eye app data breach was reportedly masterminded by a threat actor who goes by the name "Adm1nFr1end." The claim that the Hawk Eye app had been hacked emerged May 29 on the data leak site BreachForums. The threat actor claimed that they were revealing the stolen database, which consists of the Personally Identifiable Information (PII) of users, including the names, email addresses, phone numbers, physical addresses, IMEI numbers, and their location coordinates. To substantiate the data breach claim, the threat actor attached sample records, with the latest timestamp of May 2024, while disclosing that the database includes 130,000 SOS records, 70,000 incident reports, and 20,000 travel detail records (screenshot below).

Login Data Exposes Hawk Eye App Data Breach

The Hawk Eye App was launched by the Telangana Police in December 2014 for both Android and iPhone users as part of its initiative to become a citizen-friendly and responsive police force. Denizens were encouraged to use the app to report on a wide range of activities, including traffic violations, passing on information about criminals, violations by police, and crime against women, and also to pass on suggestions to the lawmen for improved policing and to credit the good work done by them. A key feature of the app is the SOS button for accessing help in case of emergencies. While logging into the App, users are required to share their personal details, including name, email ID, mobile number and password for registration. The app currently has a 4.4 rating on the Google Play Store, with more than 500,000 downloads on Android alone. [caption id="attachment_73712" align="alignnone" width="720"] Source: Hawk Eye App on Android[/caption]

Hawk Eye App Data Breach Samples

A few of the samples exposed by the threat actor revealed that one woman had filed a complaint on the Hawk Eye App to share that a man had initially promised to marry her and is now facing threats from him and his family. Alarmingly, the data leak revealed her name, mobile number, location, date, and time of complaint, potentially putting her at risk. In several other cases, citizens had filed complaints of traffic violations, and their data used initially to login to the App, including name, email address, and phone numbers, were revealed in the data breach. What is noteworthy about the above examples is that all these users had filed complaints only in May 2024, which suggests that the data from the Hawk Eye App was hacked this month.

Cops Wary of Hawk Eye App Data Breach

When The Cyber Express downloaded the “Hawk Eye -Telangana Police” app on Android on May 31, the app remained non-functional after the tester entered the primary details. Surprisingly, the app did not appear when the user tried to download it from the Apple Store. Sources in the Telangana Police have confirmed to The Cyber Express that there was a failure to upgrade the app and the process for updating a patch is an ongoing exercise. Police sources in the Telangana IT wing shared that they were working with vendors to install an updated patch. This, the police officials shared, could be a reason for the app details being breached. Additional Director General of Police (Technical Services) VV Srinivasa Rao of the Telangana Police shared that the task of upgrading Hawk Eye has been given to developers and that it should be available for the latest Android versions shortly. DGP Shikha Goel, who is also the director of the Telangana State Cyber Security Bureau, was unavailable for comment. We update this story as we get more information. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

The ShinyHunters hacking group has claimed the theft of 560 million Ticketmaster users’ data on a fresh BreachForums portal.

The post Hackers Boast Ticketmaster Breach on Relaunched BreachForums appeared first on SecurityWeek.

The BBC has disclosed a data breach impacting over 25,000 current and former employees, but the incident did not involve ransomware.

The post BBC Data Breach Impacts 25,000 Employees appeared first on SecurityWeek.

Toshiba America Business Solutions reached out to customers to inform them of a potential data security incident in which their personal information may have been compromised. Toshiba America Business Solutions is an American subsidiary of the Toshiba TEC Corporation. The company said that it was committed to protecting the confidentiality and security of personal data, and offered credit monitoring services to affected individuals.

Toshiba America Data Breach

After conducting a preliminary investigation, Toshiba reported that an attacker may have compromised its email environment. The attacker may have obtained unauthorized access to sensitive personally identifiable information such as names and Social Security numbers from the email compromise. The investigation confirmed that the breach could have impacted numerous individuals, leading Toshiba to contact affected individuals, as legally required. Toshiba America Business Solutions advised customers to remain cautious over the incident. The firm advised customers to regularly review their credit reports, financial account statements, and payment card statements for any unauthorized activity. Any suspicious activity could be reported to Toshiba or law enforcement agencies. Toshiba apologized to the affected individuals for any inconvenience stemming from the incident and said that additional measures had been implemented since then to enhance the security of its email environment and prevent similar occurrences in the future. To assist the affected individuals in safeguarding their personal information, Toshiba has arranged for a complimentary, two-year membership of identity monitoring services offered through Kroll. This membership offering includes triple bureau credit monitoring, fraud consultation, and identity theft restoration. The fraud consultation option allows affected individuals  to reach out to Kroll fraud specialists for advice and assistance relating to identity protection, legal rights, and detection of suspicious activity. The identity theft restoration option lets affected individuals work with a licensed Kroll investigator to resolve potential identity theft issues. Toshiba stated that these services would be provided for free to the affected individuals and would not negatively impact their credit scores. Affected individuals were encouraged to use the services as well as to contact Toshiba or Kroll for additional assistance.

Law Firm Announces Investigation

Strauss Borrelli PLLC, a data breach law firm, announced on its website that it would be investigating Toshiba American Business Solutions, Inc. with regard to the recent data breach that exposed sensitive personally identifiable information. While the full extent of the data breach is unknown, the Toshiba America Business Solutions division operates offices across the U.S. and Latin America. The law firm encouraged customers who received a breach notification letter from Toshiba American Business Solutions to contact Strauss Borrelli PLLC to discuss their rights and potential legal remedies in response to the incident. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Pharmaceutical giant Johnson & Johnson recently announced a data breach that may stem from a larger data breach affecting Lash Group, a division of Cencora. In February, Cencora reported a data breach incident to the U.S. Securities and Exchange Commission (SEC) after learning that data had been exfiltrated from its information systems, some of which contained personal information. The breach may have compromised some sensitive information of patients registered with Johnson & Johnson Patient Assistance Foundation, Inc.

Johnson & Johnson Data Breach Notice

On May 29, Johnson & Johnson filed a notice of data breach with the Attorney General of Texas, indicating that an unauthorized party accessed confidential patient information. The breach affected approximately 175,000 Texans, but the total number of victims nationwide could be much higher. The breach affects two Johnson & Johnson entities: Johnson & Johnson Patient Assistance Foundation, Inc., and Johnson & Johnson Services, Inc. The following data was compromised in the attack: Name of individual, Address, Medical Information, and Date of Birth. Data breach notification letters have been sent to all the affected individuals, while limited information is available on the Texas Attorney General's data breach reports page. The incident is potentially linked to a much larger breach involving Cencora, which has affected over a dozen major pharmaceutical companies so far.

Link to Cencora Data Breach

The Johnson & Johnson data breach bears several similarities to other large third-party pharmaceutical company data breaches affected by the Cencora/Lash Group data breach, which was first discovered on February 21. Cencora’s Lash Group division aids pharmaceutical companies in running patient support programs that try to ensure that costly medication is available to disadvantaged patients, regardless of their ability to pay for them. At least 15 clients of Cencora/Lash Group have notified state authorities of data breach incidents, with databreaches.net listing the following victims:

• AbbVie: 54,344 Texans affected
• Acadia Pharmaceuticals: 753 Texans affected
• Bayer: 8,822 Texans affected
• Bristol Myers Squibb and/or the Bristol Myers Squibb Patient Assistance Foundation: 256,237 Texans and 11,503 New Hampshire residents affected
• Dendreon: 2,923 Texans affected
• Endo: no numbers provided
• Genentech: 5,805 Texans affected
• GlaxoSmithKline Group of Companies and/or the GlaxoSmithKline Patient Access Programs Foundation: no numbers provided
• Incyte Corporation: 2,592 Texans affected
• Marathon Pharmaceuticals, LLC/PTC Therapeutics, Inc.: 466 Texans and 27 New Hampshire residents affected
• Novartis Pharmaceuticals: 12,134 Texans affected
• Pharming Healthcare, Inc.: 314 Texans and 9 New Hampshire residents affected
• Regeneron Pharmaceuticals: 91,514 Texans affected
• Sumitomo Pharma America, Inc.: 24,102 Texans affected
• Tolmar: 1 New Hampshire resident

Data breach notices have also been filed with California officials too. While the full extent of the damage has yet to be determined, it has affected over 540,000 patients so far. Cencora stated in its notification to the Securities and Exchange Commission that it had not yet been able to determine if the incident had a material impact on its operations. In in a notice on its website, the Leash Group indicated that personal information as well as personal health information had been potentially affected, including first name, last name, date of birth, health diagnosis, and/or medications and prescriptions. The Leash Group said in a statement that no personal data appears to have been exposed because of the incident:

“There is no evidence that any of this information has been or will be publicly disclosed, or that any information was or will be misused for fraudulent purposes as a result of this incident, but we are communicating this so that affected individuals can take the steps outlined below to protect yourself.”

The Leash Group is offering free credit monitoring and remediation services to affected individuals, and additional guidance on dealing with suspected breaches of personal information. No perpetrator has been identified or named as being responsible for the attack, and the potential impact of the breach is still being assessed. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

The data breach at debt collection agency Financial Business and Consumer Solutions (FBCS) impacts 3.2 million individuals.

The post FBCS Data Breach Impact Grows to 3.2 Million Individuals appeared first on SecurityWeek.

Earlier this week, a cybercriminal group posted an alleged database up for sale online which, it says, contains customer and card details of 560 million Live Nation/Ticketmaster users.

The data was offered for sale on one forum under the name “Shiny Hunters”. ShinyHunters is the online handle for a group of notorious cybercriminals associated with numerous data breaches, including the recent AT&T breach.

The post says:

“Live Nation / Ticketmaster

Data includes

560 million customer full details (name, address, email, phone)

Ticket sales, event information, order details

CC detail – customer last 4 of card, expiration date

Customer fraud details

Much more

Price is $500k USD. One time sale.”

The same data set was offered for sale in an almost identical post on another forum by someone using the handle SpidermanData. This could be the same person or a member of the ShinyHunters group.

According to news outlet ABC, the Australian Department of Home Affairs said it is aware of a cyber incident impacting Ticketmaster customers and is “working with Ticketmaster to understand the incident.”

Some researchers expressed their doubts about the validity of the data set:

Thoughts on the alleged Ticketmaster Data Breach

TLDR: Alert not Alarmed

The Ticketmaster data breach claim has provided BreachForums with the quick attention they need to boost their user numbers and reputation.

The claim has possibly been over-stated to boost… pic.twitter.com/WJsFkBfQbw

— CyberKnow (@Cyberknow20) May 29, 2024

While others judged it looks legitimate based on conversations with involved individuals, and studying samples of the data set:

Today we spoke with multiple individuals privy to and involved in the alleged TicketMaster breach.

Sometime in April an unidentified Threat Group was able to get access to TicketMaster AWS instances by pivoting from a Managed Service Provider. The TicketMaster breach was not…

— vx-underground (@vxunderground) May 30, 2024

Whether or not the data is real remains to be seen. However, there’s no doubt that scammers will use this opportunity to make a quick profit.

Ticketmaster users will need to be on their guard. Read our tips below for some helpful advice on what to do in the event of a data breach.

You can also check what personal information of yours has already been exposed online with our Digital Footprint portal. Just enter your email address (it’s best to submit the one you most frequently use) to our free Digital Footprint scan and we’ll give you a report.

All parties involved have refrained from any further comments. We’ll keep you posted.

Protecting yourself after a data breach

There are some actions you can take if you are, or suspect you may have been, the victim of a data breach.

• Check the vendor’s advice. Every breach is different, so check with the vendor to find out what’s happened, and follow any specific advice they offer.
• Change your password. You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you.
• Enable two-factor authentication (2FA). If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.
• Watch out for fake vendors. The thieves may contact you posing as the vendor. Check the vendor website to see if they are contacting victims, and verify the identity of anyone who contacts you using a different communication channel.
• Take your time. Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.
• Consider not storing your card details. It’s definitely more convenient to get sites to remember your card details for you, but we highly recommend not storing that information on websites.
• Set up identity monitoring. Identity monitoring alerts you if your personal information is found being traded illegally online, and helps you recover after.

---

We don’t just report on threats – we help safeguard your entire digital identity

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

The notorious Akira ransomware group has added another victim to its growing list of targeted organizations, striking at Western Dovetail, a prominent woodworking company founded in 1993 by Maxfield Hunter, its president, and CEO, along with support from his father, George Hunter, and brother, Josh Hunter. The family-owned business, known for its dedication to woodworking craftsmanship, has become the latest casualty of cybercrime. The Akira ransomware group took to online forums to announce their latest Western Dovetail data breach, proclaiming the availability of "a few GB of their data" for public access. The compromised data reportedly includes sensitive employee information such as addresses, emails, phone numbers, and even details of relatives, along with tax and payment information, and a snippet of medical records.

Western Dovetail Cyberattack: Verification Efforts and Official Response

Despite this disclosure, Akira has remained tight-lipped about their motives behind targeting Western Dovetail. Upon investigating Western Dovetail's official website, no signs of foul play were immediately evident, as the website appeared to be fully functional. To corroborate further, The Cyber Express Team reached out to Western Dovetail officials for comment. However, at the time of compiling this report, no official response had been received, leaving the claim of the Western Dovetail data breach unverified. [caption id="attachment_72947" align="aligncenter" width="850"] Source: X[/caption]

Akira Ransomware Trail of Cyber Destruction

The latest cyberattack on Western Dovetail adds to a growing list of cyber onslaughts orchestrated by the Akira ransomware group. In April 2024, the group was identified as the mastermind behind a series of devastating cyberattacks targeting businesses and critical infrastructure entities across North America, Europe, and Australia. According to the U.S. Federal Bureau of Investigation (FBI), Akira has breached over 250 organizations since March 2023, raking in a staggering $42 million in ransom payments. Initially focusing on Windows systems, Akira has expanded its tactics to include Linux variants, raising alarm bells among global cybersecurity agencies. Before targeting Western Dovetail, the ransomware group had set its sights on prominent entities such as DENHAM the Jeanmaker, a renowned denim brand based in Amsterdam, and TeraGo, a Canada-based provider of secure cloud services and business-grade internet solutions.

Conclusion and Awaited Response

In the wake of the Western Dovetail cyberattack, the cybersecurity landscape remains fraught with uncertainty. While the company's official response is eagerly awaited, the incident serves as a reminder of the ever-present threat posed by cybercriminals. As organizations strive to protect themselves against such cyberattacks, collaboration between cybersecurity experts, law enforcement agencies, and affected entities becomes increasingly crucial in combating the pervasive menace of ransomware. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

The LockBit ransomware group has targeted Heras UK, a prominent European provider of end-to-end perimeter protection solutions. The threat actor claimed the Heras cyberattack and shared a website status displaying the downtime alongside a countdown, ticking away the time until the data breach is potentially exploited. Heras, operating across 24 countries with a workforce of over 1100 skilled professionals, reportedly faces a data breach.  The Cyber Express, in pursuit of clarity on the attack, reached out to the organization for comments. However, at the time of writing this, no official statement has been issued, leaving the alleged Heras data breach unconfirmed. Despite the claims, Heras' website remains functional, showing no immediate signs of the cyber attack. It's plausible that the attackers targeted the website's backend, opting for stealth over a frontal assault like DDoS or defacement.

Alleged Heras Cyberattack Surfaces on Dark Web

[caption id="attachment_72935" align="alignnone" width="422"] Source: Dark Web[/caption] The cyberattack on Heras comes amidst a spree of cyber attacks orchestrated by the LockBit ransomware group. Notably, the group targeted Allied Telesis, Inc., a leading American telecommunication equipment supplier. While the Heras data breach purportedly occurred on May 27, 2024, the authenticity of the claims and the leaked data remains unverified.  In a bold move earlier this year, the United States imposed sanctions on affiliates of the Russia-based LockBit ransomware group. This decisive action, led by the U.S. Department of Justice and the Federal Bureau of Investigation, signals a unified stance against cyber threats. LockBit, notorious for its Ransomware-as-a-Service (RaaS) model, employs double extortion tactics to extort hefty ransoms from its victims.

Who is the LockBit Ransomware Group?

The LockBit ransomware group is a sophisticated cybercrime organization that targets enterprises and government organizations. Formerly known as "ABCD" ransomware, LockBit operates as a crypto-virus, demanding financial payment in exchange for the decryption of encrypted files. Unlike some ransomware that targets individuals, LockBit primarily focuses on large entities, seeking hefty sums from viable targets. Since its inception in September 2019, LockBit has targeted organizations globally, including those in the United States, China, India, Indonesia, Ukraine, France, the UK, and Germany. It strategically selects targets likely to have both the financial means and the urgency to resolve the disruption caused by the attack. Notably, LockBit avoids attacking systems within Russia and the Commonwealth of Independent States, possibly to evade prosecution. As for the Heras data breach, this is an ongoing story and The Cyber Express will be closely monitoring the situation and we'll update this post once we have more information on the attack or any official confirmation from the organization.  Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

The British Broadcasting Corporation (BBC) is investigating a data breach that exposed sensitive information belonging to over 25,000 present and past employees. The BBC data breach, which occurred within the corporation's pension scheme, has triggered a reaction from authorities regarding cybersecurity protocols. The pension scheme, in an email dispatched to its members, highlighted the gravity of the BBC employee data breach, emphasizing that the incident is being treated with the utmost seriousness. Approximately 25,290 individuals have been impacted by this breach, according to statements made by scheme representatives. Talking about this cybersecurity incident and its legal repercussions with The Cyber Express, Lauren Wills-Dixon, data privacy expert at law firm Gordons, stated that data breaches that lead to "unauthorised access to personal data is classed as a personal data breach under data protection laws".

BBC Data Breach Impacts Current and Former Employees

According to Birmingham Live, the security incident is being taken "extremely seriously” by the BBC and there is “no evidence of a ransomware attack.” Despite speculation of a possible ransomware attack, the British public service broadcaster has dispelled any conjecture, asserting that there is currently no evidence supporting this theory. The BBC clarified that the breach stemmed from private records being illicitly accessed from an online data storage service. Catherine Claydon, Chair of the BBC Pension Trust, assured employees that swift action had been taken to address the breach and secure the affected data source, The Guardian reported.  In an email sent to the staff, Claydon reassured the employees that “BBC have taken immediate steps to assess and contain the incident.” Talking about the mitigation strategies, the organization stated “We are working at pace with specialist teams internally and externally to understand how this happened and take appropriate action. As a precaution, we have also put in place additional security measures and continue to monitor the situation.”  The legal obligation of this data breach are far reaching and in cases where the incident impacts individual rights and freedoms, "this comes with a regulatory obligation to notify the Information Commissioner, and where people are at "high risk" the affected organisation must notify those individuals too without undue delay", said Lauren.

BBC Employee Data Breach and Ongoing Investigation

Despite assurances from the BBC, concerns linger regarding the potential misuse of the compromised information. Employees have been advised to remain vigilant and report any suspicious activity promptly. The breach, though attributed to a third party cloud storage provider, threatens the security of the impacted individuals, and "BBC - and any ‘data controller’ under data protection laws - remains primarily responsible for the security measures it adopts and external providers it engages to store and protect its personal data", added Lauren. Moreover, no passwords or bank details "appear to have been compromised, but the advice for those individuals involved is to be vigilant of any unusual activity or requests". Acknowledging the severity of the breach, a spokesperson for the BBC pension scheme issued a sincere apology to affected members. Reassurances were offered regarding the swift response and containment of the breach, coupled with ongoing efforts to upgrade security measures and monitor the situation closely. Inquiries into the incident are ongoing, with external cybersecurity experts collaborating with internal teams to dissect the breach and its implications thoroughly. However, as of now, no official statement has been issued regarding the involvement of ransomware groups in the breach. This is an ongoing story and The Cyber Express will be closely monitoring the situation. We’ll update this post once we have more information on the BBC employee data breach or any official response from the organization.

Views: 2Source: www.bitdefender.com – Author: Graham Cluley The world-renowned auction house Christie’s has confirmed that it has fallen victim to a ransomware attack, seemingly orchestrated by a Russia-linked cybercriminal gang. Two weeks ago the CEO of the world’s wealthiest auction house posted on LinkedIn blamed a “technology security incident” after the Christie’s website went unexpectedly […]

La entrada Going going gone! Ransomware attack grabs Christie’s client data for a steal – Source: www.bitdefender.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Views: 0Source: securityaffairs.com – Author: Pierluigi Paganini ABN Amro discloses data breach following an attack on a third-party provider Dutch bank ABN Amro discloses data breach following a ransomware attack hit the third-party services provider AddComm. Dutch bank ABN Amro disclosed a data breach after third-party services provider AddComm suffered a ransomware attack. AddComm distributes […]

La entrada ABN Amro discloses data breach following an attack on a third-party provider – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Views: 0Source: securityaffairs.com – Author: Pierluigi Paganini Christie disclosed a data breach after a RansomHub attack Auction house Christie disclosed a data breach following a RansomHub cyber attack that occurred this month. Auction house Christie’s disclosed a data breach after the ransomware group RansomHub threatened to leak stolen data. The security breach occurred earlier this month. The website […]

La entrada Christie disclosed a data breach after a RansomHub attack – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Bharat Sanchar Nigam Limited (BSNL), a prominent Indian telecommunications company, has once again found itself at the center of a massive data security breach. The BSNL data breach, orchestrated by a threat actor known as kiberphant0m, shares sensitive data about the organization, highlighting the vulnerability of sensitive information. The claim for the BSNL data leak emerged on May 27, 2024, revealing that kiberphant0m was offering unauthorized access to databases stolen from BSNL, along with data from undisclosed Asian telecom organizations. Among the compromised data are IMSI records, SIM details, home location register (HLR) data, DP security key data, and a snapshot of the Oracle Solaris server.  Additionally, the threat actor claimed to possess login credentials for various digital infrastructures and applications of BSNL.

A Massive BSNL Data Breach Surfaces on Dark Web

The BSNL data leak poses a severe threat to the privacy and security of BSNL customers and highlights the potential risks associated with cyberattacks on telecom infrastructure. The stolen data, advertised for sale on underground forums like XSS and Telegram, could fetch significant sums on the black market, highlighting the lucrative nature of cybercrime. [caption id="attachment_72569" align="alignnone" width="1080"] Source: Dark Web[/caption] The major concern for this BSNL data leak is the inclusion of sensitive customer information, which, if exploited, could lead to identity theft, financial fraud, and other malicious activities. The urgency of the situation is further emphasized by kiberphant0m's warning to potential buyers and Indian authorities, suggesting that the data could be sold to other parties if not addressed promptly. “India if you want to secure your data and do not want it to be sold you must buy it first, contact me BEFORE someone purchases this data. It could be 3 hours to 24 hours, who knows”, says the hacker. 

Big Threats, Yet No Response 

Despite the gravity of the situation, BSNL has yet to issue an official statement or response regarding the breach, leaving the claims unverified. This lack of transparency further compounds the uncertainty surrounding the extent of the breach and the measures being taken to mitigate its impact. Talking about the BSNL data breach, the threat actor says, “This is not the same data as the previous telecom post! we have breached over 15 Asian telecoms! Information is worth several million dollars but I'm selling for pretty cheap. Negotiate a deal on telegram. State Threat Actors are also welcome to buy this data, I will sell to anyone who wants it.” Moreover, this incident is not the first time BSNL has faced cybersecurity challenges. In 2023, the company experienced a massive data breach affecting over 2.9 million lines, with leaked data of landline users being sold on the dark web by a hacker known as 'Perell.' The recurrence of such breaches highlights the rise of cyberattacks on telecom companies, especially those located in Asia.  Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

The notorious hacker group 888 has claimed responsibility for a Shell data breach targeting the British multinational oil and gas company. According to their claims, approximately 80,000 individuals could be affected by this breach across several countries, including the United States, United Kingdom, Australia, France, India, Singapore, the Philippines, the Netherlands, Malaysia, and Canada. The compromised data, shared by the threat actor on a hacking forum, includes a range of sensitive information related to Australian users. The sample data contained information about shopper codes, first and last names, email addresses, contact mobile numbers, postcodes, Nectar information, site addresses, and transaction details. Notably, these transactions appear to be associated with Reddy Express (Formerly Coles Express) locations in Australia.

An Alleged Claim of Shell Data Breach Surfaces

[caption id="attachment_72512" align="alignnone" width="1080"] Source: Dark Web[/caption] The claims of this Shell data leak were shared on a popular hacking forum by the user Kingpin and shared glimpses into sample data allegedly related to the organization. The Cyber Express has reached out to the oil and gas company to learn more about this Shell data breach and the authenticity of the hackers over the claimed data.  However, at the time of writing this, no official statement or response has been received. This lack of confirmation leaves the claims regarding the Shell data breach unverified, although the potential implications are threatening for the customers and stakeholders associated with the organization.  Talking about the cyberattack on Shell, the hacker Kingpin states that the organization suffered a data breach in May 2024 and this data breach allegedly contained "Shopper Code, First Name, Last Name, Status, Shopper Email, Contact Mobile, Postcode, Nectar, Suburb, State, Site Address, Suburb 1, Country, Site Name, Last Login, Pay and Association Number".

A Similar Incident from the Past

This purported breach is not the first time Shell has been targeted by cyberattacks. In the past, the company has faced similar security incidents, including a ransomware attack and a data security incident involving Accellion’s File Transfer Appliance. These incidents highlight the persistent threat posed by cybercriminals to organizations, particularly those in the energy sector. In response to previous incidents, Shell had emphasized its commitment to cybersecurity and data privacy. The company has initiated investigations into the recent breaches and is working to address any potential risks to affected individuals and stakeholders. Additionally, Shell had previously contacted relevant regulators and authorities to ensure compliance with data protection regulations and to mitigate the impact of the previous breach. The current Shell data leak is an ongoing story and The Cyber Express will be closely monitoring the situation. We’ll update this post once we have more information on this alleged Shell data breach or any official confirmation from the organization. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

First American will notify 44,000 individuals that their personal information may have been stolen in a December 2023 ransomware attack.

The post Personal Information of 44,000 Compromised in First American Cyberattack appeared first on SecurityWeek.

A cybersecurity threat has surfaced targeting DU Emirates Integrated Telecommunications Corporation, a major telecom provider in the UAE. On the XSS Forum, a cybercriminal known as "Ddarknotevil" has claimed to have stolen over 360 GB of data from DU. The alleged DU Emirates data breach reportedly includes sensitive information such as employee email addresses, network logs, details of 371,000 customers' devices, IP addresses, and proprietary telecommunication software. To substantiate these claims, Ddarknotevil shared sample records, including customers' device details and excerpts from email content purportedly obtained from an employee's mailbox. The threat actor is offering this entire database as a one-time purchase for USD 3,200. This development follows previous activity on May 19, 2024, where Ddarknotevil was seen privately offering unauthorized FTP access to DU's systems. Despite the claims of DU Emirates data breach, a visit to DU's official website revealed no signs of disruption; the website was fully operational. The Cyber Express team has reached out to DU officials for verification, but as of this report, no official response has been received, leaving the DU Emirates data breach claim unverified.

Context of Recent Cyber Threats in the Telecom Sector

The alleged data breach of DU Emirates comes on the heels of several high-profile cyberattacks within the telecommunications sector. In February 2024, ETISALAT, the state-owned Emirates Telecommunications Group Company PJSC in the UAE, reportedly suffered a ransomware attack attributed to the infamous LockBit ransomware faction. LockBit claimed to have successfully breached ETISALAT's systems and demanded $100,000 for the return of the stolen data, setting a deadline of April 17th. This claim, too, remains unverified. Adding to the urgency of these developments, Spain-based mobile telephony company Llamaya, a subsidiary of the MASMOVIL Group, reported a significant data breach just days before the purported ETISALAT attack. A threat actor known as “DNI” claimed to have accessed sensitive customer information, including phone numbers, passwords, and personal details, affecting approximately 16,825 customers. These incidents highlight a disturbing trend of cyber threats targeting the telecommunications sector globally. Mobile operators are increasingly vulnerable to sophisticated cyberattacks, as evidenced by recent incidents involving Monobank in Ukraine and a popular mobile banking app with over 10 million users. These alleged cyberattacks highlight the critical need for robust cybersecurity measures to protect digital infrastructure.

Implications of the Alleged DU Emirates Data Breach

If the claims by Ddarknotevil are confirmed, the implications for DU Emirates Integrated Telecommunications Corporation and its customers could be severe. The compromised data includes not only customer information but also critical network logs and proprietary software, potentially exposing the company to various risks:

1. Customer Data Exposure: The breach of 371,000 customers' device details, including IP addresses, could lead to significant privacy violations. Customers may face increased risks of identity theft, phishing attacks, and other forms of cyber fraud.
2. Operational Disruptions: Access to network logs and proprietary software could allow cybercriminals to exploit vulnerabilities within DU’s systems, potentially disrupting services and causing widespread operational issues.
3. Reputation Damage: A confirmed breach of this magnitude would severely damage DU’s reputation, leading to a loss of customer trust and potentially impacting the company’s market position.
4. Financial Losses: Beyond the immediate costs of responding to the breach, DU could face significant financial losses from potential lawsuits, regulatory fines, and a decline in customer base.
5. National Security Concerns: Given DU's prominence in the UAE’s telecommunications landscape, a breach could have broader national security implications, especially if critical communication infrastructure is affected.

Broader Industry Implications

The surge in cyberattacks on telecom operators signals a pressing need for the industry to enhance its cybersecurity defenses. The trend underlines the vulnerabilities inherent in the digital infrastructure that supports critical communication services. Telecommunications companies must invest in advanced security technologies, conduct regular security audits, and foster a culture of cybersecurity awareness among employees to mitigate these threats. Moreover, collaboration with government agencies and international cybersecurity organizations can help telecom operators stay ahead of emerging threats. Sharing intelligence and best practices can enhance the overall resilience of the telecommunications sector. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Within a mere two-day period, two major companies have allegedly fallen victim to cyberattacks. The first incident came to light on May 27, 2024, when an individual known by the alias "SpidermanData" claimed to have infiltrated Ticketmaster Entertainment, LLC, potentially exposing sensitive data of approximately 560 million users, including their card details. Hot on the heels of this breach, another hacker group, Shiny Hunters, disclosed on May 29 that they had targeted Live Nation Entertainment, Inc., the parent company of Ticketmaster. In their recent announcement, Shiny Hunters claimed to have obtained a substantial cache of data, which includes comprehensive customer profiles, details of ticket sales, and partial credit card information. They reportedly have 1.3 terabytes of this stolen data, which they are offering for sale at a price of $500,000. Notably, their disclosure also mentioned a massive database breach involving "560M Users + Card Details." This figure matches an earlier claim by "SpidermanData," who reported a similar breach at Ticketmaster Entertainment, LLC. The claims by Shiny Hunters and SpidermanData concerning the breach affecting 560 million users highlight significant security issues at Ticketmaster and Live Nation. The fact that both reports involve identical data figures raises the possibility that this could either stem from a common vulnerability in the companies’ cybersecurity frameworks or represent the same incident claimed by two different hackers.. [caption id="attachment_72309" align="aligncenter" width="1024"] Source: X[/caption] Despite these troubling claims, a review of Live Nation's official website revealed no apparent signs of disruption. The Cyber Express team contacted Live Nation for confirmation, but has not received an official response at the time of this report. Until the company confirms, the accuracy of these breach claims remains uncertain.

Alleged Live Nation Entertainment Data Breach Details

• Customer Information: Full details including names, addresses, emails, and phone numbers.
• Ticket Sales and Event Data: Information about ticket purchases and event specifics.
• Credit Card Information: Last four digits, expiration dates, and associated customer details.
• Customer Fraud Details: Comprehensive data points including fraud-related information.

The timing of this alleged Live Nation Entertainment data breach is particularly troubling for Ticketmaster, coinciding with a series of major music festivals scheduled between May 2024 and January 2025. Among the most anticipated events is the FOREIGNER concert tour, starting on June 11, 2024, in the United States and concluding on November 9, 2024. Other notable acts include HEART, Allison Russell, Hozier, Ian Munsick, Prateek Kuhad, and Kathleen Hanna, each set to perform across North America during the same period. The supposed breach not only threatens the security of millions of users but also casts a shadow over the festive atmosphere of these upcoming events. The cybercriminals have allegedly divided the compromised data into 15 parts, offering samples from two segments. One dataset reportedly from the ‘PATRON’ database includes extensive personal information, while the other encompasses customer sales data, detailing event IDs and payment methods.

Unconfirmed Live Nation Data Breach Adds to Worry

Adding to the turmoil, Ticketmaster is currently embroiled in a lawsuit filed by the U.S. Department of Justice. The lawsuit accuses the company of anti-competitive practices, including limiting venue options and threatening financial repercussions. This legal battle follows public outrage over ticketing issues during Taylor Swift’s tour, where high prices and post-pandemic demand intensified scrutiny. Live Nation denies monopolistic behavior, but the lawsuit contends their dominance drives up prices. The alleged Ticketmaster data breach poses another threat to the organization, as databases of this caliber are highly sought after on the dark web. The recent string of alleged breaches raises questions about the motives behind these cyberattacks. Whether they are tactics to gain attention or have other underlying motives, the truth will only be known once official statements are released. For now, Ticketmaster customers are advised to remain vigilant. Regular monitoring of financial accounts and immediate reporting of suspicious activities are crucial steps in mitigating potential damage. Furthermore, customers should be wary of phishing attempts and other forms of cyber fraud that often follow such breaches. As the situation unfolds, the focus remains on ensuring the security and trust of Ticketmaster’s extensive user base. The company’s response to these allegations and their ongoing legal challenges will be critical in determining its future standing in the highly competitive entertainment industry. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Strauss Borrelli PLLC, a leading law firm known for handling data breach litigation, has launched an investigation into the recent WD & Associates data breach. WDA, based in Rhode Island, is an employee benefits brokerage firm specializing in healthcare consulting. The company assists clients in making well-informed decisions about financial planning and employee benefits. The incident may have exposed sensitive personally identifiable information and protected health information for an undetermined number of patients and other affected individuals.

WD & Associates Data Breach

WD & Associates provide a wide range of services including Employee Benefits, Safe Money Management, HR Consulting, Retirement Planning, IRA Rollovers, Actuarial Consulting, Risk Management, Business Consulting, Organizational Development. However, information from these services may be potentially compromised after a recent data breach. The security incident occurred between February 1 and February 9, 2023, when an unauthorized actor accessed sensitive information stored on WDA systems. WD stated that it had taken immediate action to secure its network and launched an investigation to determine the nature and scope of the breach. WDA began notifying potentially impacted individuals of the incident on May 24, 2024. The potentially exposed information includes:

• Name
• Social Security number
• Date of birth
• Driver’s license number
• Passport number
• Financial account information
• Medical information
• Health insurance information

WD is offering 24 months of complimentary credit monitoring services through Experian to enrolled individuals. The company also stated that it would implement additional cybersecurity tools and review existing policies and procedures to prevent similar incidents from occurring in the future. WD also stated that it had notified details about the investigation to relevant federal law enforcement and would notify relevant regulators, as legally required.

Strauss Borrelli PLLC Investigation Into Data Breach

The Strauss Borrelli PPLC Law firm announced on it's site that it would be interested in discussing further rights and potential legal remedies with the individuals who received the recent data breach notification letter from WD & Associates, Inc. Individuals can contact the law firm through their number 872.263.1100 or e-mail address sam@straussborrelli.com. Individuals should also remain vigilant against identity theft and fraud by regularly reviewing account statements, explanation of benefits, and monitoring free credit reports for suspicious activity. Additionally, U.S. consumers are legally entitled to one free credit report annually from each of the three major credit reporting bureaus(Equifax, Experian, and TransUnion). To request a free credit report, visit www.annualcreditreport.com or call 1-877-322-8228. Consumers also have the option to place a fraud alert or implement credit freeze on their credit file at no cost. Suspicious activity should be reported promptly to relevant parties, including insurance companies, healthcare providers, and financial institutions. WD & Associates affirmed its commitment to protecting the privacy and security of its clients' information and that the company would continue to provide updates and further information as soon as they become available. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

The First American Financial Corporation, one of the largest title insurance companies in the United States, revealed that a cyberattack in December 2023 exposed the personal information of around 44,000 people. The First American data breach disclosure was made in a filing with the U.S. Securities and Exchange Commission (SEC) on May 28, 2024, raising serious concerns about data security at the company. The filing disclosed that attackers had breached some of First American's systems and accessed sensitive data without authorization. "As of the date of this filing, the Company’s investigation of the incident has concluded. Based upon our investigation and findings, the Company has determined that personal information pertaining to approximately 44,000 individuals may have been accessed without authorization as a result of the incident," the company stated. In response to the First American data breach, the company committed to notifying the affected individuals and providing them with credit monitoring and identity protection services at no cost. This proactive measure aims to mitigate the potential fallout for those whose data was compromised. "The Company will provide appropriate notifications to potentially affected individuals and offer those individuals credit monitoring and identity protection services at no cost to them," the company stated in filing. [caption id="attachment_72061" align="aligncenter" width="1603"] Source: SEC[/caption]

First American Cyberattack: A Troubled History

The December 2023 data breach occurred just a month after First American settled a significant cybersecurity incident from 2019. On November 29, 2023, the company agreed to pay a $1 million penalty to New York State for violating cybersecurity regulations. This penalty stemmed from a May 2019 breach where the company's proprietary EaglePro application exposed personal and financial data. The breach allowed unauthorized access to documents without proper authentication, exposing sensitive information from hundreds of thousands of individuals. The New York Department of Financial Services (DFS) criticized First American's security practices, noting that the company's senior management had been aware of the vulnerability in EaglePro. The DFS's findings underscored the importance of robust cybersecurity measures, especially for companies handling large volumes of personal and financial data.

Industry-Wide Challenges

First American is not alone in facing cybersecurity threats. In November 2023, Fidelity National Financial, another major American title insurance provider, experienced a cybersecurity incident. The cyberattack forced Fidelity to take down some of its systems to contain the breach, causing disruptions to its business operations. In January 2024, Fidelity confirmed in an SEC filing that the attackers had stolen data from approximately 1.3 million customers using non-self-propagating malware. These cybersecurity reflect a broader trend of increasing cyberattacks targeting financial institutions, emphasizing the need for enhanced cybersecurity frameworks across the industry. Title insurance companies, which handle vast amounts of sensitive information, are particularly attractive targets for cybercriminals.

The Road Ahead for First American Data Breach

The latest Frist American data breach marks another challenge for the company as it strives to regain trust and enhance its cybersecurity posture. The company must address both immediate and long-term security concerns to protect against future incidents. This includes investing in advanced security technologies, conducting regular security audits, and fostering a culture of cybersecurity awareness among employees. Moreover, regulatory scrutiny is likely to intensify. Financial institutions are expected to adhere to stringent cybersecurity standards, and any lapses can result in substantial penalties and reputational damage. First American's recent history indicates a pressing need for the company to strengthen its defenses and ensure compliance with all regulatory requirements.

Customer Impact and Response

For the 44,000 individuals affected by the December 2023 Frist American data breach, offer of free credit monitoring and identity protection services is a critical step. These services can help detect and prevent potential misuse of their personal information. However, the emotional and psychological impact of knowing their data has been compromised cannot be understated. Customers should remain vigilant, monitoring their financial accounts for any suspicious activity and taking advantage of the protection services offered by First American. Additionally, they should be aware of phishing attempts and other forms of cyber fraud that often follow such breaches. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

TRC Staffing is at the center of a concerning data breach, leaving personal information vulnerable to cybercriminals. Murphy Law Firm has taken action on behalf of the victims, investigating legal avenues for those affected by this security incident. The TRC Staffing data breach was discovered on April 12, 2024, and exposed a security flaw within TRC's network.  Cybercriminals exploited this vulnerability between March 25, 2024, and April 12, 2024, gaining unauthorized access to sensitive data belonging to approximately 158,593 individuals. Names and Social Security numbers were among the compromised information, heightening concerns about potential identity theft and fraud. Explaining the lawsuit to interested parties, Murphy Law Firm, stated that they are "evaluating legal options, including a potential class action lawsuit, to recover damages for individuals who were affected by the data breach.

Understanding the Full Extent of the TRC Staffing Data Breach

In response to this TRC Staffing breach, Murphy Law Firm is actively engaging on behalf of those impacted. Their investigation aims to uncover the full extent of damages and explore avenues for legal recourse, including the possibility of a class action lawsuit. Individuals who have received notifications of the breach or suspect their information may have been compromised are urged to take action. By visiting the dedicated page at https://murphylegalfirm.com/cases/trc-data-breach/, affected parties can access information regarding their rights and legal options. The repercussions of this breach extend beyond mere inconvenience. With personal and highly confidential information potentially circulating on the dark web, the identity of users is at risk. Murphy Law Firm recognizes the urgency of addressing these concerns and is advocating for the rights of those affected.

How Can Victims Join the TRC Staffing Lawsuit?

To join the lawsuit and seek potential compensation, individuals can fill out a contact form provided by Murphy Law Firm. This form requires essential details such as name, contact information, and whether a breach notification letter was received. Additionally, users can provide any relevant information regarding fraud or suspicious activity they may have experienced. For those seeking guidance or further assistance, Murphy Law Firm can be reached directly via email at abm@murphylegalfirm.com or by phone at (405) 389-4989. Protecting the rights and interests of individuals affected by the TRC Staffing data breach is important, and Murphy Law Firm represents the victims with a legal process.  Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

ABN Amro discloses data breach after third-party services provider AddComm suffers a ransomware attack.

The post ABN Amro Client Data Possibly Stolen in AddComm Ransomware Attack appeared first on SecurityWeek.

A cybercriminal going by the alias "SpidermanData" has claimed to breach and advertise a massive database purportedly linked to Ticketmaster Entertainment, LLC. The claim of the Ticketmaster data breach, dated May 27, 2024, was posted on the cybercrime forum Exploit and shares threatening information about the organization, including database of “560M Users + Card Details”. The threat actor has also claimed to have access to 1.3TB of stolen data and is currently selling it for $500k. The post, accompanied by sample data, suggests that the data indeed belongs to Ticketmaster Entertainment. However, the American ticket sales and distribution company has yet to share any information about this alleged Ticketmaster data breach.  Additionally, apart from the Ticketmaster data breach, the company is also facing a lawsuit from The Justice Department for anti-competitive practices, limiting venue options, and threatening financial consequences. The lawsuit follows public outcry, including ticketing issues during Taylor Swift's tour. High prices, fueled by post-pandemic demand, have intensified scrutiny. Live Nation denies monopolistic behavior, but the lawsuit contends their dominance drives up prices. The Ticketmaster data breach poses another threat to the organization since databases of this caliber are usually the hot-selling items on the dark web. 

Ticketmaster Data Breach: The Worst Time to Have a Cybersecurity Incident

SpidermanData claims to have access to a staggering 560 million records brimming with personally identifiable information (PII) of customers, including sensitive payment card details. This breach couldn't have come at a worse time for Ticketmaster, coinciding with the onset of several major music festivals scheduled between May 2024 and January 2025.  Among these highly anticipated events is the FOREIGNER concert, featuring legendary rock acts led by Mick Jones and Kelly Hansen. The musical act will begin on June 11, 2024, in the United States and will conclude on November 9, 2024. Following suit is the iconic band HEART, set to perform across the United States from July to November 2024, culminating in an international concert in Calgary, AB, Canada. Meanwhile, Allison Russell and Hozier are primed to perform from May to August 2024. Adding to this list of bands performing this year, artists like Ian Munsick, Prateek Kuhad, and Kathleen Hanna will also go on tours across North America between 2024 and 2025. However, the jubilant atmosphere surrounding these events is now overshadowed by the threat of, one of the biggest data breaches, threatening millions of users globally.  The purportedly compromised data, amounting to a staggering 1.3 terabytes, has been divided into 15 parts, with the hacker offering samples from two segments. One dataset, extracted from a 'PATRON' database, contains a plethora of personal information, including names, addresses, emails, and phone numbers. Meanwhile, the other dataset includes information about customer sales, encompassing crucial details like event IDs and payment methods.

The Aftermath and Industry Implications

SpidermanData has listed the entire dataset for sale, quoting a hefty price tag of USD 500,000, and restricting the sale to a single buyer. The gravity of this situation cannot be overstated, with the compromised data posing significant risks of identity theft, financial fraud, and other criminal activities - something we've already seen in previous data breaches like the MOVEit File Transfer incident.  Live Nation Entertainment, the parent company of Ticketmaster, stands as a global juggernaut in the live entertainment domain, organizing and promoting thousands of shows annually across more than 40 countries. Meanwhile, Ticketmaster's pivotal role in facilitating ticket sales for musical and non-musical events highlights its significance within the industry, making it a prime target for cybercriminals seeking to exploit vulnerabilities for personal gain. The current Ticketmaster data breach is not the first time that the organization has faced a cyberattack. In November 2020, the company faced a hefty £1.25 million fine from the Information Commissioner's Office (ICO) following a payment data breach in 2018. The breach, stemming from a vulnerability in a third-party chatbot, compromised the personal and payment details of over nine million customers in Europe, triggering widespread fraud and financial losses. Whether the current data breach represents a resurgence of previously compromised data or the acquisition of freshly stolen data, the premise origin of the information about the databases remains unclear. Nevertheless, The Cyber Express will be closely monitoring the situation and we’ll update this post once we have more information on the Ticketmaster data leak or any official confirmation from the organization.  Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

The impact of the Cencora data breach is far more widespread than earlier thought as more than a dozen pharmaceutical giants including Novartis and GlaxoSmithKline disclose personal and health information data leaks stemming from the February breach incident. Cencora Inc., formerly recognized as AmerisourceBergen, and its Lash Group affiliate announced in a February filing with the Securities and Exchange Commission (SEC) that the company faced a cybersecurity incident where “data from its information systems had been exfiltrated.” Cencora is a major pharmacy company with over 46,000 employees and approximately $262.2 billion in revenue in 2023. Based in Pennsylvania, it operates in around 50 countries globally. The popular American drug wholesaler did not disclose the extent of the data breach in its February SEC filing but did confirm at the time that some of the data exfiltrated in the attack could contain personal information. Last week, however, Cencora and The Lash Group clients began notifying state Attorneys General about a data breach that stemmed from the February cybersecurity incident at Cencora. At least 15 pharmaceutical companies reported that the personal data of hundreds of thousands of individuals were compromised. Notifications identified the following affected companies:

• AbbVie Inc.
• Acadia Pharmaceuticals Inc.
• Bayer Corporation
• Bristol Myers Squibb Company and Bristol Myers Squibb Patient Assistance Foundation
• Dendreon Pharmaceuticals LLC
• Endo Pharmaceuticals Inc.
• Genentech, Inc.
• GlaxoSmithKline Group of Companies and the GlaxoSmithKline Patient Access Programs Foundation
• Incyte Corporation
• Marathon Pharmaceuticals, LLC/PTC Therapeutics, Inc.
• Novartis Pharmaceuticals Corporation
• Pharming Healthcare, Inc.
• Regeneron Pharmaceuticals, Inc.
• Sumitomo Pharma America, Inc. / Sunovion Pharmaceuticals Inc.
• Tolmar

State Attorneys General often announce data breaches without specifying the number of affected people but AG’s office in Texas does disclose the number impacting the state residents. Based on these partial numbers, at least 542,000 individuals seem to be impacted from the Cencora data breach, till date. The Cyber Express reached out to Cencora for confirming the total number of individuals impacted to understand the full extent of the data breach but did not receive any communication till the time of publishing the article.

Cyber Forensic Findings from the Cencora Data Breach

Cencora detected the cyberattack on February 21, and took immediate action to contain and prevent further unauthorized access. Based on the investigation that likely concluded in April, Cencora said personal information including first name, last name, address, date of birth, health diagnosis, and medications and prescriptions was compromised in the attack. AmerisourceBergen Specialty Group (ABSG), a unit of Cencora, said Friday the breach involved data of a prescription supply program run by the now defunct subsidiary, Medical Initiatives Inc. Further details on how the supply program was exploited remain unclear. U.S. has been rocked by a host of cybersecurity breaches linked to the healthcare industry in recent days. While Change Healthcare cyberattack was one of the most notable ones, the Medstar and Ascension breaches have displayed the vulnerability of the healthcare sector to cyberattacks. The latest in the list of healthcare data breaches is the Sav-Rx data breach that compromised the health data of more than 2.8 million people. Cencora’s investigation, however, found no connection with other major healthcare cyberattacks and, in its notifications, said they were unaware of any actual or attempted misuse of the stolen data. The company said it has not seen any public disclosure of the stolen data, till date. The affected individuals have been offered 24 months of credit monitoring and identity theft remediation services at no cost and steps have also been taken to harden defenses to prevent such security breaches in the future. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Auction house Christie’s has confirmed suffering a data breach following a ransomware attack launched earlier this month.

The post Christie’s Confirms Data Breach After Ransomware Group Claims Attack appeared first on SecurityWeek.

A threat actor is asking $50,000 for data allegedly stolen from Australian digital prescription services provider MediSecure.

The post Data Stolen From MediSecure for Sale on Dark Web appeared first on SecurityWeek.

Pharmacy prescription services provider Sav-Rx says the personal information of 2.8 million was stolen in a cyberattack.

The post 2.8 Million Impacted by Data Breach at Prescription Services Firm Sav-Rx appeared first on SecurityWeek.

The notorious LockBit has claimed an alleged cyberattack on Allied Telesis, Inc., a prominent American telecommunication equipment supplier. The purported Allied Telesis data breach incident involves the infiltration of the company's systems by the ransomware group, known for its sophisticated cyber operations. The claimed breach, dated May 27, 2024, suggests that the Allied Telesis data breach exposed sensitive data about the organization. However, the claims have not been verified nor is the sample data posted by the threat actor. 

Alleged Allied Telesis Data Breach Exposes Sensitive Information

The information supposedly exfiltrated includes confidential project details dating back to 2005, passport information, and various product specifications. As a demonstration of their intrusion, the threat actors purportedly disclosed blueprints, passport details, and confidential agreements, issuing a deadline of June 3, 2024, for the full release of the compromised data. [caption id="attachment_71414" align="alignnone" width="748"] Source: Dark Web[/caption] Despite the gravity of the allegations, Allied Telesis has yet to confirm or refute the purported cyberattack. The Cyber Express reached out to the company for clarification, but as of this writing, no official statement has been issued. Consequently, the authenticity of the alleged breach remains unverified, leaving the situation shrouded in uncertainty. Interestingly, the timing of these allegations coincides with significant organizational changes within Allied Telesis. On May 27, 2024, the company reportedly relocated its China branch to a new address. Moreover, the recent re-appointment of Jon Wilner as the Vice President of Customer Success highlights some of the big changes within the organization and possibly deciphering the “why” of the alleged data. 

Collaborative Ventures Amid Uncertainty

In the midst of this alleged security breach, Allied Telesis has been actively engaged in strategic partnerships aimed at upgrading its security features. Just last month, the company announced a collaboration with Hanwha Vision America, integrating cutting-edge video surveillance technology with its networking infrastructure. This alliance aims to deliver secure and scalable surveillance solutions to organizations seeking enhanced security measures. Key highlights of this partnership include interoperability, enhanced security features, scalability, and simplified management of surveillance systems. By leveraging Allied Telesis' expertise in secure networking alongside Hanwha Vision America's advanced surveillance technology, customers can expect comprehensive solutions tailored to their security needs. While the motives behind the alleged Allied Telesis cyberattack remain unclear, previous actions against the LockBit ransomware group shed light on the severity of the hacker group. Law enforcement agencies have previously taken down servers associated with LockBit operations, confiscating crucial details such as admin panel credentials, affiliate network information, and cryptocurrency transactions. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

On May 2, 2024, the City of Helsinki announced the data breach targeting its Education Division. However, the breach was discovered on April 30, 2024, and an investigation was promptly carried out. It was found that it has impacted tens of thousands of students, guardians, and personnel, causing considerable concern among the affected parties. They […]

The post City of Helsinki Data Breach: What You Need to Know appeared first on TuxCare.

The post City of Helsinki Data Breach: What You Need to Know appeared first on Security Boulevard.

Optus, one of Australia's largest telecommunications companies, has lost a legal battle in the Federal Court. The Australian Federal Court has ordered the company to release an external review performed by Deloitte to investigate the cause of a significant 2022 cyberattack that led to the release of sensitive customer data. The Optus 2022 data breach resulted in the exposure of the names, dates of birth, phone numbers, and email addresses of over 10 million customers with addresses, driver's licence or passport numbers being exposed for a portion of the affected customers.

Optus Appeal Against Sharing External Deloitte Report

The data breach incident along with 14-hour outage of its telecommunication services, frustrations over the availability of information/credit monitoring services and attempts of attackers to exploit the compromised data for use in SMS phishing attacks, led to intense scrutiny towards the company. [caption id="attachment_70354" align="alignnone" width="2230"] Source: www.optus.com.au/support/cyberresponse[/caption] The company commissioned an independent external forensic review of the cyberattack from Deloitte over its security systems, controls and processes under the advise of the then CEO Kelly Bayer Rosmarin and the approval of its board. Bayer made the following statement over the decision:

“This review will help ensure we understand how it occurred and how we can prevent it from occurring again. It will help inform the response to the incident for Optus. This may also help others in the private and public sector where sensitive data is held and risk of cyberattack exists.

Kelly, later resigned over the incident with Optus now being led by a new CEO, who is working to rebuild trust with customers in a 'challenging' market. Despite the efforts of the company to deal with the data breach, the recent court decision comes after Optus appealed an earlier ruling that it must hand over the report to Slater & Gordon, the law firm pursuing a class action against the company for allegedly failing to protect its customers' personal information. Optus has not yet made a public statement regarding the Federal Court's decision. However, the company had previously argued that the Deloitte report was commissioned to provide legal advice and therefore it was privileged. The court, however, decided that Optus had failed to prove that the dominant purpose of the report was for legal advice.

Class Action Law Suit Against Optus and Implications of Court Ruling

Slater & Gordon, the law firm representing the affected Optus customers, has welcomed the court's decision. The law firm's class actions practice group leader, Ben Hardwick, criticized Optus's efforts to keep the report confidential, stating that it indicates the company's refusal to accept responsibility for its role in the data breach and its impact on millions of its customers. In it's April 2023 press release, the law firm's leader had stated that more than 100,000 of Optus’s current and former customers had registered for the class action, with some notable examples among the group group such as:

• a domestic violence victim who spent money that was intended for counselling for her children on increasing security measures around the house, including installing video cameras and extra locks on doors and windows

• a former Optus customer who had previously been burgled and had his identity stolen who now suffers severe anxiety after learning his personal information had been shared online

• a stalking victim who takes extreme measure to maintain her privacy, especially her address, who fears her life has genuinely been put in danger by the data breach

• a woman who is now too fearful to answer the telephone after noticing an increase in scam phone calls following the Optus cyberattack, and

• a retired police officer concerned that his home address may have been shared with criminals he was involved in the prosecution and incarceration of.

The press release also cited the frustration several customers expressed over alleged delays by Optus in providing details over the data breach, and reported inconsistencies in how the telecommunications giant had been treating affected customers Some Optus registrants claimed to the law firm that they were dismissed when they sought further information from Optus, while others informed that the company refused to pay for credit monitoring services under the basis that they were no longer Optus customers. “There appears to have been a piecemeal response from Optus, rather than a coordinated approach that made sure everyone whose data was compromised is treated the same." The Federal Court's decision sets a significant precedent for companies involved in data breaches. It underscores the importance of transparency and accountability in such situations, and it may encourage other companies to take stronger measures to protect their customers' personal information. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Soon after an independent researcher exposed a vulnerability in the commercial-grade pcTattletale spyware tool that could compromise recordings, the tool’s website was hacked and defaced. The hacker claimed to have accessed at least 17TB of victim screenshots and other sensitive data, viewing the site's hacking as a personal challenge after a researcher's limited disclosure to prevent exploitation of the flaw by bad actors. Amazon promptly placed an official lock on the site's AWS infrastructure following the hacking incident. The pcTattletale spyware's flawed architecture and its discovery demonstrate the inherent vulnerabilities present in common spyware applications, potentially impacting not just individuals but entire organizations and families.

pcTattletale Spyware Vulnerabilities and Poor-Data Handling Practices

The pcTattletale spyware tool offered a live feed of screenshots from the victim's device as its primary feature, alongside typical spyware functionalities like location tracking. However, this extensive monitoring feature backed on poor infrastructure and data-handling practices has also been its downfall, with data breaches exposing private data of targets. First, a 2021 data breach incident demonstrated Individual Directory Override (IDOR) vulnerabilities in the spyware tool's domain infrastructure, potentially allowing access to sensitive data through guessable Amazon S3 URLs. Last week, researcher Eric Daigle uncovered an API bug that also potentially allowed access to sensitive data across registered devices. This vulnerability allowed unauthorized users to access private information in the form of comprehensive screen recordings. A subsequent hack then exposed pcTattletale's backend to the public, revealing an astonishing disregard for secure practices. The hacker discovered that the spyware shipped with hardcoded AWS credentials, accessible via a hidden webshell, potentially enabling years of undetected data exfiltration. This oversight, remarkable for its simplicity and duration, underscores a major failure in the handling of user data.

pcTattletale Spyware Latest Hack

The hacker defaced pcTattletale's official site, replacing it with a writeup of the operation and links to compromised data obtained from the site's AWS infrastructure. The vastness of the data stored by pcTattletale was found to be overwhelming, with the hacker reporting their discovery of over 17 terabytes of victim device screenshots from more than 10,000 devices, some dating back to 2018. Although the released data dump did not include these screenshots, it reportedly contained database dumps, full webroot files for the stalkerware service, and other S3 bucket contents, exposing years of sensitive information.   [caption id="attachment_70264" align="alignnone" width="2230"] Source: archive.org[/caption] The breach also uncovered a simple webshell hidden since at least December 2011 in the spyware's backend code. This backdoor allowed for arbitrary PHP code execution through the use of cookies, raising questions about its origin—whether it was placed by pcTattletale itself as a backdoor or a threat actor. The hacker later updated the defaced site to share a video, claiming it as footage of the pcTattletale's founder attempts to restore the site. It took over 20 hours for the defaced website to be taken down, with the pcTattletale’s service continuing to send screenshots to the S3 bucket until Amazon officially locked down the spyware service's AWS account. [caption id="attachment_70324" align="alignnone" width="1206"] Source: ericdaigle.ca[/caption] Following the official lockdown of the site's AWS infrastucture, security researcher Eric Daigle, expanded his earlier limited disclosure with step-by-step exploit of the stated flaw. He noted that while the site's attacker exploited an unrelated flaw, it was about as equally trivial in it's complexity.

Victims Affected by pcTattletale Spyware Data Leak

The pcTattletale data leak is particularly alarming as several organizations employed the tool to monitor employees and clients, exposing confidential information across various sectors, such as banks, law firms, educational institutes, healthcare providers, and even government agencies. Notable instances of victims affected by the data breach as stated by security researcher maia crimew who explored the incident and shared data in a blog article, include:

• Hotels leaking guest information such as personal data and credit card details.
• Law firms exposing lawyer-client communications and client bank-routing information
• A bank revealing confidential client data
• Educational institutes such as schools and childcare centers monitoring employees or students, revealing personal data.
• Healthcare providers exposing patient information.
• Palestinian government agency employee monitored.
• The HR department of a Boeing supplier revealing personal information of employees .
• Tech companies secretly installing pcTattletale on employee devices suspected of wrongdoing, exposing internal systems and source code.
• A bug bounty hunter who installed the software for pentesting, then immediately tried to uninstall it.

Concerningly, the spyware was also offered as a way for parents and spouses to maintain tabs over their children and partners respectively, potentially exposing this information in the resulting breach. [caption id="attachment_70278" align="alignnone" width="1920"] Source: maia.crimew.gay[/caption] Given the wide range of affected companies and the significant security lapses, security researcher maia crimew noted that pcTattletale could face severe repercussions, possibly leading to a cessation of its operations as the Federal Trade Commission (FTC) had previously ordered other US stalkerware developers to cease operations following breaches, with pcTattletale’s case poised for similar consequences. The widespread misuse and systemic security failures of pcTattletale highlight the dangers inherent in stalkerware software and services, as well as the urgent need for stringent regulatory oversight and robust security measures over these tools to protect the data and privacy of individuals and organizations. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Sav-Rx, a medication benefits management service provider, experienced a data breach incident that potentially exposed the personal and health information of more than 2.8 million individuals in the United States. Sav-Rx, operating under A&A Services, provides medication benefits management services to various health plans, which requires collecting and storing personal data from health plan participants and employees. The incident was first detected on October 8, last year, when the company identified an unauthorized access to its computer network, a breach notification to the Maine Attorney General said. Sav-Rx engaged third-party cybersecurity experts to contain and investigate the breach. The affected IT systems were restored the next business day, ensuring no disruption to patient care or prescription services. The investigation revealed that an unauthorized third party accessed non-clinical systems and obtained files containing personal and health information, such as:

• names,
• dates of birth,
• social security numbers,
• email addresses,
• physical addresses,
• phone numbers,
• eligibility data, and
• insurance identification numbers.

Clinical and financial information remained secure. The breach investigation concluded on April 30, and notifications to impacted individuals were sent out beginning May 24. Sav-Rx confirmed that the unauthorized party destroyed the acquired data and did not further disseminate it. Whether it paid a ransom in exchange of this is unclear as Sav-Rx did not immediately respond to a comment request from The Cyber Express. Although additional details about the attackers and their motive remain under wraps, Conti ransomware group had reportedly, at the time, claimed responsibility for the attack and demanded an undisclosed amount for not publishing the leaked data. To mitigate potential harm, the company offers two years of complimentary credit monitoring and identity theft protection through Equifax. Sav-Rx advises affected individuals to monitor their credit reports and account statements for signs of fraud or identity theft. Affected individuals can contact Sav-Rx's call center at 888-326-0815 for further assistance and information regarding credit monitoring services. Sav-Rx implemented enhanced security measures, including 24/7 security operations, multi-factor authentication, BitLocker encryption, new firewalls, and system hardening protocols, to prevent future incidents. The company promptly notified law enforcement authorities after detecting the breach. For more information about the incident, people can visit the FAQ page on the company’s website.

Call for Class Action Against Sav-Rx Data Breach

Considering the widespread impact where the personal and health information of 2,812,336 individuals was compromised, Abington Cole + Ellery, an Oklahoma-based law firm has initiated a class action lawsuit investigation in the Sav-Rx data breach. ACE requested victims interested in participating as a class representative in this class action against Sav-Rx to submit their details in an online form.

Ransomware Attacks on Healthcare Bleeding Billions from U.S. Economy

A recent study revealed that over the past several years, more than 500 successful ransomware attacks have impacted nearly 10,000 healthcare providers, exposing over 52 million patient records and costing the US economy $77.5 billion in downtime alone. Another study by Proofpoint and Ponemon found that 68% of respondents reported disrupted patient care due to ransomware attacks, 46% noted increased mortality rates, and 38% saw more complications in medical procedures. Additionally, ransomware attacks were linked to 42 to 67 patient deaths over five years and a 33% monthly increase in deaths among hospitalized Medicare patients. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Source: www.bitdefender.com – Author: Graham Cluley A data breach involving the Dutch city of Eindhoven left the personal information related to almost all of its citizens exposed. As Eindhovens Dagblad reports, two files containing the personal data of 221,511 inhabitants of Eindhoven were accessible to unauthorised parties for a period of time last year. Everyone […]

La entrada Almost all citizens of city of Eindhoven have their personal data exposed – Source: www.bitdefender.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Australian cyber chief announced Friday an “unwelcome development” in the recently disclosed MediSecure data breach. A hacker claimed to possess the patient data likely siphoned during the ransomware attack and listed it for sale on a Russian hacking forum for $50,000.

“We are aware a dataset purporting to be from the MediSecure breach has been advertised for sale on a dark web marketplace, along with a sample of the data,” said Australia’s National Cyber Security Coordinator, Lieutenant General Michelle McGuinness.

She said that all federal agencies involved in the response to the data breach incident “are aware of the advertisement” and “are working with MediSecure to verify the data that has been posted online.” MediSecure, only one of the two providers of electronic prescription services to healthcare professionals in Australia, announced last week that it had fallen victim to a large-scale ransomware attack. Preliminary investigation over the weekend revealed that it was an “isolated” attack and no impact on current e-Prescriptions was observed. However, personal and health data of its customers and providers until November 2023 was likely accessed, the company confirmed. The Australian Federal Police and Australian Signals Directorate are now investigating and responding to the incident under joint standing arrangements of Operation Aquila.

The Hacker Claim and Attempted Sale

A week after the MediSecure data breach incident became public, a Russian hacking forum member claimed to have 6.5 terabytes of data including personal information of thousands of Australians, available for sale. The post on the forum read, “For sale: Database of an Australian medical prescriptions company MedSecure [sic].” It detailed the information available, including citizens' insurance numbers, phone numbers, addresses, full names, supplier and contractor information, emails, username and passwords for the MediSecure website, prescription details and IP addresses of site visitors. The forum member stated they would sell the information to only one buyer. Hacktivist tracker CyberKnow group indicated that their research suggested the forum post was likely legitimate. They noted the threat actor created this Russian hacker forum account on May 15, likely for the sole purpose of selling the stolen MediSecure data. CyberKnow group said the actor’s pivot to the new forum could also be due to the recent seizure of BreachForums. The threat actor has not posted anything else to the forum.

“It appears from the limited information that this is not a traditional ransomware extortion shakedown and it begs to wonder if there was any negotiation or extorting attempt between the threat actor and Medisecure,” CyberKnow group said.

“Australians should recognize that the cyberthreat landscape is diverse, and groups and actors can impact businesses regardless of their capability, organization, or structure,” it added. The cyber chief McGuinness warned Australians against searching for this alleged MediSecure data set. “Accessing stolen sensitive or personal information on the dark web only feeds the business model of cybercriminals,” she said. “While this is an unwelcome development, I want to again assure Australians that if individuals are at risk of serious harm through the publication of their information, then we will work with MediSecure to make sure that individuals are appropriately informed, so they may take steps to protect themselves from any further risk to their personal information.”

Hack Calls for Stricter Legislative Reforms

Earlier this week, Australian Privacy Commissioner Carly Kind accepted there are ongoing challenges in how organizations collect and protect customer data. She said, “any major data breach reinforces the reality of today’s world: there are increasing cyber threats and continual challenges to digital defenses.” Kind advised organizations to prioritize protecting individuals' personal information, review and improve their practices and only collect necessary information. She urged, “Know what information you hold. And if that information is not necessary to your business, delete it.” She also called for urgent legislative reforms to ensure all Australian organizations build the highest levels of security into their operations.

“The coverage of Australia’s privacy legislation lags behind the advancing skills of malicious cyber actors. Reform of the Privacy Act is urgent, to ensure all Australian organizations build the highest levels of security into their operations and the community’s personal information is protected to the maximum extent possible,” Kind said.

The OAIC’s office is additionally investigating whether MediSecure complied with federal laws requiring companies to notify authorities of a data breach. Media Disclaimer: This article is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Australian telco Optus faces legal battle with the country's communications and media watchdog over the 2022 data breach. The Optus data breach resulted in the theft of personal information of over 10 million - about 40% of the population - current and former customers. The Australian Communications and Media Authority (ACMA) has taken action against the country's second-largest telecommunications company, alleging negligence in safeguarding customer data as mandated by the Telecommunications (Interception and Access) Act 1979 (Cth).

Parent company Singtel, Faces Legal Action Following the Optus Data Breach

The Cyber Express has reached out to Optus to learn more about this legal action by the Australian Communications and Media Authority (ACMA). In response, a Optus spokesperson stated that they are aware of the proceedings in the Federal Court of Australia in relation to the cyberattack in September 2022. "At this stage, Optus Mobile is not able to determine the quantum of penalties, if any, that could arise. Optus has previously apologised to its customers and has taken significant steps, including working with the police and other authorities, to protect them. It also reimbursed customers for the cost of replacing identity documents. Optus intends to defend these proceedings. As the matter is now before the courts, Optus is unable to make any further comment", denoted the Optus spokesperson. In the Optus cyberattack, which occurred between September 17 and 20, 2022, hackers infiltrated Optus's security measures, gaining unauthorized access to sensitive customer information. ACMA's move to file Federal Court proceedings signifies a significant step in holding Optus accountable for the breach, highlighting the regulatory emphasis on data protection and privacy. “The ACMA has filed proceedings in the Federal Court against Optus Mobile Pty Ltd (Optus). We allege that during a data breach that occurred between 17 to 20 September 2022, Optus failed to protect the confidentiality of its customers’ personal information from unauthorized interference or unauthorized access as required under the Telecommunications (Interception and Access) Act 1979 (Cth)”, ACMA's statement read.  Optus, owned by Singaporean company Singtel, has expressed its intention to defend itself against the allegations while acknowledging the severity of the incident. “At this stage, Optus Mobile is not able to determine the quantum of penalties, if any, that could arise,” a spokesperson told local media. The company has previously issued apologies to affected customers and taken proactive measures, including collaboration with law enforcement agencies, to mitigate further risks. Moreover, Optus has reimbursed customers for expenses incurred in replacing compromised identity documents, reflecting its commitment to addressing the aftermath of the breach.

Optus on the Road to Recovery but Legal Headache Ensues

Following the cyberattack, Optus disclosed that approximately 2.1 million Australians had their identification numbers compromised, including details from driver's licenses and passports. Additionally, around 10,000 customers had their information exposed on the dark web, exacerbating concerns regarding the extent of the breach's impact on individuals' privacy and security. Financially, the repercussions of the cyberattack have been substantial for Optus and its parent company, Singtel. The latter reported cyberattack-related costs amounting to 142 million Singapore dollars ($159 million) for the fiscal year ending March 31, 2023. These costs encompass various expenses, including regulatory investigations and potential litigation. The telecommunications company even on the back of the challenges faced post the cyberattack, reported stable earnings and mobile growth in FY24. Optus added 116,000 subscribers to its mobile customer base including growth of 108,000 prepaid customers. Interim CEO and CFO Michael Venter said the results demonstrated a solid performance in a difficult environment, as Optus remained focussed on enhancing customer experience. “Optus is working hard to rebuild the trust of customers after a challenging 18 months and these results demonstrate we are on the right track,” Venter said. “We’re listening to our customers and in the year ahead we’ll be continuing to prioritise what we know is important to them – a resilient network that delivers seamless connectivity, great value products and services, and simple, efficient customer service.” This strong performance, however, does not lessen the legal woes for Optus. Legal proceedings have further intensified with the commencement of class action proceedings by law firm Slater and Gordon on behalf of affected individuals. The lawsuit alleges Optus's violation of privacy, telecommunication, and consumer laws, signaling a broader legal battle over accountability and corporate responsibility in safeguarding customer data. In response to escalating cyber threats, the Australian government has ramped up investments in cybersecurity initiatives, imposing stricter penalties for companies failing to address privacy breaches adequately. The Office of the Australian Information Commissioner (OAIC) has been empowered with enhanced authority to expedite breach resolutions and notify affected individuals promptly, signaling a concerted effort to enhance data protection measures nationwide. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

The Association of California School Administrators (ACSA) is informing nearly 55,000 individuals that they have been impacted by a ransomware attack.

The post 55,000 Impacted by Cyberattack on California School Association  appeared first on SecurityWeek.

The personal information of 400,000 individuals was compromised in a data breach at El Centro Del Barrio (CentroMed).

The post 400,000 Impacted by CentroMed Data Breach appeared first on SecurityWeek.

The Police Service of Northern Ireland (PSNI) is bracing for a hefty £750,000 fine following last year’s data breach. The PSNI data breach saw the exposure of approximately 10,000 officers and staff who had their personal information inadvertently exposed online.  The PSNI data breach occurred last August when details, including surnames, initials, ranks, and roles of all serving police personnel, were mistakenly published in response to a Freedom of Information (FOI) request.

PSNI Data Breach and £750,000 Fine

The gravity of the situation became apparent when it was revealed that this sensitive information remained accessible online for two-and-a-half hours before being removed. Worse, it was confirmed that the data had fallen into the hands of dissident republicans, posing what the Information Commissioner's Office (ICO) described as a "tangible threat to life. In response to this PSNI data leak, the ICO has announced its intention to levy a £750,000 fine on the PSNI, citing inadequate internal procedures and sign-off protocols for the safe disclosure of information. However, it's worth noting that this fine has been mitigated by the organization's public sector approach, which aims to avoid undue impact on public services. Had this approach not been applied, the PSNI could have been facing a staggering fine of £5.6 million. John Edwards, the UK Information Commissioner, emphasized the severity of the breach, highlighting the "perfect storm of risk and harm" it created, particularly given the sensitivities in Northern Ireland. Edwards noted that during the investigation, numerous accounts emerged of the distressing consequences faced by those affected, including having to relocate, sever ties with family members, and drastically alter their daily routines due to genuine fears for their safety.

Understanding the Depth of the PSNI Data Leak

The proposed fine remains provisional, allowing the PSNI to make representations before a final decision is made. Edwards stressed that while the potential fine could have been significantly higher, discretion was exercised to ensure that public funds were not diverted from essential services. In addition to the fine, the PSNI has been issued a preliminary enforcement notice mandating improvements in personal information security protocols when responding to FOI requests. Edwards pointed out that simple and practical policies could have prevented this incident and urged all organizations to review and enhance their disclosure procedures to safeguard entrusted personal information. A previous independent review concluded that the breach was not an isolated incident but rather the culmination of systemic shortcomings in data security measures within the PSNI. This underscores the need for proactive measures to better secure and protect sensitive data. Despite the financial implications, the PSNI remains committed to addressing the fallout from the breach. Deputy Chief Constable Chris Todd affirmed ongoing efforts to identify and prosecute those responsible for the data loss, with several arrests already made in connection to the investigation. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Source: securityaffairs.com – Author: Pierluigi Paganini OmniVision disclosed a data breach after the 2023 Cactus ransomware attack The digital imaging products manufacturer OmniVision disclosed a data breach after the 2023 ransomware attack. OmniVision Technologies is a company that specializes in developing advanced digital imaging solutions. In 2023, OmniVision employed 2,200 people and had an annual revenue […]

La entrada OmniVision disclosed a data breach after the 2023 Cactus ransomware attack – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

El Centro Del Barrio, operating as CentroMed, an integrated primary care clinic, confirms a recent cyberattack marking its second breach in a year. The earlier breach disclosed in August 2023, involved unauthorized access by the Karakurt threat group but data remained unreleased. The current data breach saw hackers infiltrating their systems and gaining access to the personal data of around 400,000 current and former patients. The CentroMed data breach raised concerns about the security of patient information and prompted the healthcare provider to take immediate action. According to CentroMed's data breach notice, the breach was discovered on May 1, after unusual activity was detected in their information technology (IT) network. Upon this discovery, CentroMed swiftly initiated measures to secure their systems and launched an investigation into the matter.  The preliminary investigation revealed that an unauthorized actor infiltrated their IT network on or around April 30, and accessed files containing sensitive information related to current and former patients.

Decoding the CentroMed Data Breach

The compromised data included patient names, addresses, dates of birth, Social Security numbers, financial account details, medical records, health insurance information, diagnosis and treatment data, as well as claims information. This breach posed significant risks to the privacy and security of individuals whose information was compromised. In response to the CentroMed cyberattack, the healthcare provider took several steps to mitigate the impact on affected individuals. CentroMed began notifying individuals whose information may have been compromised, starting on May 17. Additionally, a dedicated toll-free call center was established to address any questions or concerns from affected individuals. Expressing deep regret for the incident and the resulting concerns it may have caused, CentroMed assured the public that they were taking the matter seriously. To prevent similar incidents in the future, the healthcare provider stated that they had implemented additional safeguards and technical security measures to enhance the protection and monitoring of their systems.

Mitigation Against the Cyberattack on CentroMed

Individuals whose information may have been affected by the CentroMed data breach were advised to take proactive measures to safeguard their personal information. This included reviewing statements from healthcare providers for any unfamiliar services, monitoring financial account statements for suspicious activity, and promptly reporting any suspicious activity to their financial institutions. Furthermore, CentroMed provided additional guidance on steps individuals could take to protect their information, such as obtaining free credit reports and placing fraud alerts or security freezes on their credit files. They also offered specific instructions for parents or guardians concerned about their child's information security in light of the breach. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Western Sydney University (WSU) finds itself grappling with a cybersecurity challenge as a recent data breach affects approximately 7,500 individuals associated with the institution. Situated in the western suburbs of Sydney, WSU boasts multiple campuses, but this Western Sydney University data breach has sent ripples of concern throughout its community. The cyberattack on Western Sydney University, initially identified in January 2024, prompted swift action from WSU, which promptly shut down its IT network and implemented security measures. Subsequent investigations revealed that the breach originated as far back as May 17, 2023, infiltrating WSU's Microsoft Office 365 platform. 

Understanding the Western Sydney University Data Breach

This WSU data breach led to unauthorized access to certain SharePoint files and email accounts. Even more concerning, WSU's Solar Car Laboratory infrastructure was found to have been utilized as part of the breach, indicating a sophisticated intrusion. Despite the breach, WSU has assured its community that there have been no direct threats made regarding the compromised information. In a statement, the university emphasized, "The University has not received any demands in exchange for maintaining privacy." This statement aims to alleviate fears of potential ransom demands or further exploitation of the breached data. In response to the breach, WSU has initiated a collaborative effort with NSW Police and the NSW Information and Privacy Commission to investigate the incident thoroughly. The university's Interim Vice-Chancellor, Professor Clare Pollock, expressed regret over the breach and extended heartfelt apologies to those affected. "On behalf of the University, I unreservedly apologize for this incident and its impact on our community," Professor Pollock stated, acknowledging the disruption and concern caused by the breach.

Supporting Students and Teachers Against Data Breach

To support individuals affected by the breach, WSU has established dedicated communication channels, including a dedicated phone line and website, to address inquiries and provide assistance. This proactive approach demonstrates WSU's commitment to transparency and accountability in addressing the aftermath of the breach. Beyond the immediate impact on WSU's community, the breach underscores broader concerns surrounding cybersecurity and the protection of sensitive data. In response to the severity of the breach, the NSW Supreme Court has granted an injunction to prevent the unauthorized use of the compromised data, signaling the legal ramifications of such breaches. In conclusion, the Western Sydney University data breach serves as a stark reminder of the ever-present cybersecurity risks faced by institutions and individuals alike. Through collaborative efforts and a commitment to transparency, WSU aims to address the breach's impact and strengthen its cybersecurity posture to prevent future incidents. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Semiconductor giant OmniVision Technologies says personal information was stolen in a September 2023 ransomware attack.

The post OmniVision Says Personal Information Stolen in Ransomware Attack appeared first on SecurityWeek.

Threat actors USDoD and SXUL have claimed responsibility for an alleged major prison data breach  compromising of approximately 70 million rows of sensitive data linked to a criminal database, on LeakBase. While no further details were shared about the specific prison(s) involved, the threat actor shared sample data allegedly stemming from the claimed prison data breach.

Prison Data Breach Allegedly Includes Wide Array of Data

The prison data leak reportedly includes unique identification numbers, Social Security Numbers, full names, dates of birth, birth states, physical features, Home and alternate addresses, offense codes, offense dates, offense descriptions, court dispositions, conviction dates and dates of charges. The data had been shared in .csv format and is stated at being 3GB in file size when compressed and 22GB while uncompressed. This data is stated to consist of data from the year 2020 to 2024 and the sample data purporting to be details of at least three convicted individuals were shared. [caption id="attachment_69318" align="alignnone" width="1359"] Source: X.com (@DarkWebInformer)[/caption] While this marks the first time the threat actor USDoD has posted on LeakBase, the threat actor claimed they would use it only until they got their own forum active. USDoD had earlier announced the creation of a new leak forum, choosing to name it 'Breach Nation'. While the details of the attack and their alleged involvement is unknown, USDoD credited the threat actor SXUL for the prison data breach. In a later reply to the thread, he clarified that the breach stemmed from the United States.

USDoD Known to Target Government Related Data

The threat actor has frequently targeted government, defense/law-enforcement contractors and geo-political entities, with most of his operations primarily focused on the United States as noticed during the #RaidAgainstTheUS campaign. The incidents under the two-day release campaign in February 2022 included a a US Strategic Command database, US Defense Technical Information Center database, an Army Special Operations Center of Excellence database, a US Central Command database, a U.S. Special Operations Command database, and a Lockheed Martin database. While believed to harbor Pro-Russian ties or sympathies, he has denied any involvements with governments or political entities. This denial included a statement of him claiming he had refused an offer to sell compromised intel to the Iranian government after being approached by them. Interestingly, the threat actor maintained Russia as among the nations he would refuse to target along with Iran. USDoD is known to rely on social engineering techniques to break into high-profile agencies or entities, and his previous attacks have included the FBI's private partner InfraGard, leak of Airbus data on the 22nd anniversary of the 9/11 attacks, NATO Cyber Center Defense, and CEPOL. USDoD has disclosed that the use of tools such as Zoominfo to identify and research targets as well as their importance within  the military and defense sector. Within the the Airbus post, the threat actor also threatened attacks on Lockheed martin, Raytheon and other entire defense contractors. Recently, the actor claimed attacks on entities such as the unconfirmed Chinese Communist Party data leak and the Bureau Van Dijk(which has since then been refuted), since then the threat actor seems to be working on setting up their own content delivery network to host leak files as well as their own data leak forum. While the prison data breach remains unconfirmed, the threat actor's previous involvement in high-profile social engineering attacks remains a cause of concern for future operations and claims along with potential consequences stemming from the alleged prison member data leak. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Health insurance firm WebTPA says the personal information of 2.4 million individuals was compromised in a data breach.

The post 2.4 Million Impacted by WebTPA Data Breach appeared first on SecurityWeek.

The University of Siena, a distinguished Italian academic institution established in 1240, is currently grappling with a significant cybersecurity incident. The LockBit 3.0 ransomware group has claimed responsibility for the attack that has disrupted multiple university services, leading to the temporary suspension of its systems. As one of Europe's oldest universities, Siena offers extensive programs in sciences, medicine, engineering, economics, and social sciences. In response to the crisis, the university has initiated recovery operations with the support of the Italian National Cybersecurity Agency (Agenzia per la Cybersicurezza Nazionale), although the involvement of LockBit has not yet been officially confirmed.

University of Siena Data Breach and Ransom Demand

According to the new LockBit 3.0 leak site, the group has allegedly exfiltrated 514 GB of sensitive data from the university's systems. Screenshots of the stolen data were shared on both the leak site as well as the group's Telegram channel. The stolen data reportedly includes: Financial Documents including :

• Budgets detailing expenses by month from 2020 to 2024.
• Board-approved documents regarding project and tender financing from 2022 to 2026, including funding amounts.
• Documents related to extraordinary construction works, contractor appointments, and a €1.7 million budget allocation.

Confidential Information including:

• Non-disclosure agreements for the upcoming WineCraft 2024 event.
• Tender design contracts for 2023, including contract budgets.
•  Contractor's investment plan for 2022, encompassing expenses, rents, and the overall financial plan.

[caption id="attachment_69276" align="alignnone" width="803"] Source: LockBit leak site[/caption] [caption id="attachment_69277" align="alignnone" width="323"] Source: LockBit Telegram[/caption] With a looming ransom deadline set for May 28, the university is racing against limited time to deal with the consequences of the digital assault. Earlier on May 10th, the University of Siena acknowledged the cyber attack on its website, informing the public about the suspension of various of its services due to a 'massive cyber attack by an international group of hackers.'

University's Response and Restoration Efforts

The website acknowledged that several of its services including its website for international admissions, ticketing services, and payment management platforms had been affected and were taken down as a preventative measure. The notice assured users that payments made prior to the attack had been registered despite a temporary disconnect between the website's payment confirmation and application processing. [caption id="attachment_69271" align="alignnone" width="2800"] Source: www.apply.unisi.it[/caption] However, the notice also stated that the volume of assistance requests being received from international candidates following the incident was found to be overwhelming to its staff. The notice advised students to refrain from sending multiple inquiries, promising to respond as soon as possible. The notice provided separate advice to both candidates who had already paid university fees but did not submit applications and candidates who submitted admission applications but had not yet paid their application fees. The site stated in bold that students who fall in the above mentioned categories should avoid unnecessary contact with staff, while apologizing for the inconvenience caused by the issue. The attack on the University of Siena is one of the largest attacks claimed by the LockBit group following the recent disruption to its activities after its coordinated takedown by law enforcement groups. The incident underscores the group's persistent efforts to remain active in their efforts despite these operational challenges, while emphasizing their ability to still cause massive disruption to victims. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

MediSecure says data related to prescriptions distributed until November 2023 was compromised in a ransomware attack.

The post MediSecure Data Breach Impacts Patient and Healthcare Provider Information  appeared first on SecurityWeek.

The American Radio Relay League (ARRL) has been targeted in a cyberattack that resulted in disruption and possibly a data breach.

The post American Radio Relay League Hit by Cyberattack appeared first on SecurityWeek.