Staff at the BBC have been warned that their personal data may now be in the hands of cybercriminals, following the exploitation of a vulnerability in a software tool used by the company that manages their payroll.
Category: data breach
Hackers somehow managed to exploit a vulnerability in Moveit file transfer software and ac-cessed information from the servers of Zellis, a payroll service provider in Britain. Unfortu-nately, British Airways (BA) and Boots are two among the list of companies that were impact-ed by the security incident.
MOVEit produced by Progress Software is taking all precautions to mitigate the risks associat-ed with the incident and has informed the staff of Zellis on how to neutralize the effects of the cyber-attack.
Unconfirmed sources confirmed that details of about 50k staff members from Boots and 34k staff members from British Airways could have impacted in the digital attack.
It is unclear who is behind the incident. But according to Daily Telegraph, a Russian hackers group linked to the GRU named CLOP are suspected to be behind the attack exploit.
CLOP Ransomware hasn’t reacted to the news yet, nor did it publish any stolen details onto the dark web.
However, compromised data includes names, addresses and national insurance numbers of em-ployees in British Airways, Boots, Jaguar Land Rover (JLR) and such.
Coincidentally, Play Ransomware group affiliated to CLOP also managed to take down the servers of a Swiss IT company named Xplain at the end of last week.
Xplain is yet to ascertain the data theft caused by Play Ransomware group.
Swiss Federal Office of Customers and Border Security is investigating the attack deeply and will issue a statement after the play gang sends it a ransom note, digitally.
The post Zellis Cybersecurity Incident causes BA and Boots employee info data breach appeared first on Cybersecurity Insiders.
RaidForums, the notorious hacking and data leak forum seized and shut down by the authorities back in April 2022, is - perhaps surprisingly - at the centre of another cybersecurity breach.
Personal details of more than 100,000 pension holders may have been stolen by the hackers.
And that's just the tip of the iceberg...
A joint alert has been issued by US government agencies, advising organisations of the steps they should take to mitigate the threat posed by BianLian ransomware attacks.
Personal information is going for a song, and the banks want social media sites to pay when their users get scammed.
All this and much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault.
es, you should be worried about the threat posed by external hackers. But also consider the internal threat posed by insiders and rogue employees - the people you have entrusted to act responsibly with the data of your company and your customers.
Read more in my article on the Hot for Security blog.
Akira is a new family of ransomware, first used in cybercrime attacks in March 2023.
Read more about the threat in my article on the Tripwire State of Security blog.
After covering up a data breach that impacted the personal records of 57 million Uber passengers and drivers, the company's former Chief Security Officer has been found guilty and sentenced by a US federal judge.
Read more in my article on the Hot for Security blog.
Joe Sullivan, the former Chief Security Officer (CSO) of Uber, has been sentenced to three years’ imprisonment and 200 hours of community service for covering up a cyber attack on the company’s servers in 2016, which led to a data breach affecting over 50 million riders and drivers.
This is believed to be the first case in the history of cyber attacks where a CSO has faced criminal charges and imprisonment for covering up a data breach and obstructing a federal investigation.
The attack was severe, and the company’s CSO reportedly paid $100,000 to the hackers to prevent them from releasing the siphoned details and keeping the breach a secret. Surprisingly, the payment was routed to the cybercriminals through Uber’s bug bounty program and was uncovered in 2017 when the new CEO, Dara Khosrowshahi, took the helm.
Sullivan’s decision to conceal the data breach was in violation of federal and business laws, resulting in his termination from the position of CSO almost five years ago. He later joined CloudFlare and retained the same position until July 2022, after which he submitted his resignation to prepare for the trial, which started in October 2022.
NOTE: A few months ago, the White House endorsed a law presented by Congress to penalize companies that do not disclose data breaches promptly. The law also allows for the punishment of company heads and those holding the positions of CSOs and CISOs if the company is found guilty of failing to protect the information of its customers and clients.
The post CSO sentenced to 3 years imprisonment for Uber Data Breach cover up appeared first on Cybersecurity Insiders.