Category: data breach

Japan government has pressed a pause button on all its future deals with Fujitsu Cloud as the latter has failed to curb network misconfigurations that could have led to data leaks.
 
Going by the details, Fujitsu operates a cloud named FENICS that is used by government agen-cies and large corporate clients for storing sensitive data. In February 2023, the cloud service provider admitted that some of the data from FENICS could have reached the hands of hackers and investigations was being conducted to estimate the impact.

The Japanese tech giant issued a statement that it will submit a detailed report to Ministry of Internal Affairs and Communications on the issue and it did as it said in April 2022.

Since, the government lost trust in FENICS, as it couldn’t justify its data protection and reme-diation practices, the government of the island country of East Asia decided to suspend its data storage agreements at an immediate effect on all new deals.

NEXT is the news related to Nickelodeon, a pay TV online channel that targets mostly chil-dren as its audiences. The Paramount owned company has suddenly hit the news headlines for a data breach that appears to be of decades old info accounting to 500GB of docs and media files.

According to a reddit post made by an ethical hacker, the data leak of Nickelodeon appears to be the data stolen in January this year. It is unclear why the hacker who siphoned the data then, has released it on to the web now.

The TV channel spokesperson assured that the leaked data doesn’t contain any sensitive info of employees and is only related to program resources that have been archived long back.

The post Fujitsu Cloud Security rebuked by Japan and Nickelodeon Data Breach appeared first on Cybersecurity Insiders.

A cyber attack on Aon Insurance provider has led to the data breach of about 2000 staff members working for Dublin Airport. Prima Facie revealed that the attack was more intense and is more related to Moveit software that could have given access details of the airport staff members.

News is out that Clop Ransomware gang that hacked into the servers of MoveIT gained sensi-tive details of salary and benefits from the servers of the infected computers. After threatening to post the details, the cyber criminals chose to disclose the information to the media as they were more interested in tarnishing the details of Aon Insurance provider.

Since, Dublin Airport staff were function under Aon insurance coverage their details were also leaked onto the dark web, along with the other customers of the London based insurance service provider.

Stealing classical details of employees can lead to identity thefts and phishing attacks. Criminals can also use the data to threaten the victims and such.

Financial details can fetch hackers a handsome amount on the dark web as such data often sells like hot cakes in the dark world. The price of data might go from $50 to $1200 per 1000 accounts depending on its freshness and sensitivity.

Banking companies are nowadays showing a lot of interest in raising the security bar of the way their customer info is being stored and process. Encryption, multi factor authentication, not storing all details on one server are some of the practices that can mitigate risks associated with data leaks.

NOTE- DAA that manages global airport retailing of DA hasn’t reacted to the news yet!

The post Dublin Airport staff details leaked in Cyber Attack appeared first on Cybersecurity Insiders.

A ransomware attack on University of Manchester (UoM) has led to the data breach of over a million patients related to NHS and the data includes NHS numbers of those who took treat-ment, the first three letters of their postal codes, patients suffering from terror attacks and those seeking treatment for major trauma.

The gathered data set was being used for research purposes by some students of the University and unfortunately hackers accessed information from the data set causing embarrassment to the staff of the educational institution.

It is unclear on how the stolen information being stored on the backup servers remained unen-crypted.

However, some sources from the Manchester University claim that the data stored on the ma-chines was encrypted. But the hackers managed to break into the algorithm and read & copy the data.

Prima Facie says that the cyber crooks managed to siphon about 250 gigabytes of data and the stolen data includes info related to GP services as well.

UoM is not interested in revealing more details about the incident. But has contacted ICO, NCSC and the National Crime Agency to investigate the incident to the core.

Cyber Crooks seem to be super interested in information related to finance, education and healthcare. As such data often sells like hot cakes on the dark web, provided its raw and abides by the laws of data freshness.

NOTE- For the past two years, NHS has been constantly hitting news headlines for data breaches and its callousness in protecting information of its patients and staff. Though the not-for-profit organization claims to have taken all proactive measures to safeguard information of its users, it still seems to lack that seriousness in practical.

The post NHS data breach after ransomware attack on University of Manchester appeared first on Cybersecurity Insiders.

UPS delivers some smishing advice (but have they kept something under wraps?), we ask ChatGPT to take a long hard look at itself, and we debate what the penalty should be for taking national secrets home with you. All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Host Unknown’s sole founder Thom Langford.

A Mayor candidate of Australia is suing Latitude for not protecting customer details from hackers. As the unsuccessful mayoral candidate was one victim of the data breach, the person is claiming $1 million as damages in the federal court.

Shahriar Sean Saffari is the person who launched a legal appeal against the financial services firm of Australia in the court and is seeking a financial compensation for the distress caused to him after the incident.

To those uninitiated, Latitude experienced a cyber-attack in March, leading to data steal of its 7.9 million customers. The incident took place when the suspected group of hackers took control of the servers of the company via a compromised employee account.

The company failed to protect its customers’ data, resulting in a lawsuit..

Since Saffari lost his Master Credit Card details in the attack, he was worried that the attack could lead to serious consequences like identity theft led to siphoning of funds from personal account/s.

Justice Melissa Perry has been assigned the case to resolve and is busy overseeing the developments.

Meanwhile, Latitude Financial Services has already kept aside a sum of $46 million related to the data breach for such customer remediation costs and will apparently allot the fund to the claimant after the case gets resolved.

Parallelly, a joint investigation is being held by the New Zealand Office of the Privacy Commissioner and Office of Australian Information Commissioner (OAIC) and the investigation might conclude by September this year.

If serious breaches are found, OAIC has the right to penalize the service provider with a hefty penalty that would be later equally distributed among the affected customers in the form of a discount given at the time of loan pay services.

NOTE- Latitude data breach made hackers access details such as driving license details, names, addresses, contact numbers, DoBs, income information of over 900,000 applicants who applied for loans including credit and debit card details. The hackers accessed no card expiry or CVC, as the company stored such details on an encrypted server.

 

The post Mayor candidate slaps Latitude with $1 million lawsuit for data breach appeared first on Cybersecurity Insiders.