Category: data breach

T-Mobile suffered a data breach last year and tried to buy its data back from hackers after paying an amount of $200,000 against the demanded 6 BTC. But it seems the negotiations failed and the cyber crooks continued their activity of selling the data in a freshly breached hack of the firm named Company 3.

Well, the information was accessed from the court documents related to RaidForums domain seizure conducted by the FBI and DoJ in coordination with Europol. And was first revealed by the technology resource Motherboard.

BTW, the Chief Administration Officer and founder Diego Santos Coelho of Portugal, was arrested in the united kingdom on January 31st,202,2 and was extradited to the United States in connection with a lawsuit.

Motherboard has clearly specified in its media revelation that the court documents never mentioned the name of T-Mobile company. But it was referred to as Company 3, which holds the number one position in the Telecom sector of the United States.

The most interesting part of this story is the negotiations that took place between the mobile company and the hacker. A third party was hired to strike a deal with the hacking group and $50,000 was paid in Bitcoins to buy a sample of stolen data. And then an amount of $150,000 was forwarded to a cryptocurrency wallet.

However, the hacker/s did not stand by their word and instead sold the stolen data for more money.

 

The post T-Mobile pays $200,000 to buy its customer data from hackers appeared first on Cybersecurity Insiders.

Ericsson, the Sweden-based Telecom Company that was involved in the 2019 money laundering case with a terrorist organization, seems to be serious about some of the internal documents being leaking to Swedish and international news outlets.

According to a highly placed source the senior level management of the company is miffed with the reports claiming that the company was involved in channelizing money to the Islamic State (IS) Terrorist Group in Iraq making millions during suspicious transactions that took place between 2011 and 2019.

Some of the investigated documents that act as evidence have now leaked to the Swedish media firms and so the company is looking to launch another serious investigation on how third party firms could gain access to such classical information.

To those unaware of the involvement of Ericsson in the money laundering case, here’s a gist of it.

On March 2nd 2021, Ericsson broke an agreement with the US DoJ by hiding evidence about alleged corruption of its officials in Iraq. Evidence is out that the company was involved in some kind of money swindling activities with companies that were funding ISIS. Later, its internal investigations revealed that some of its employees were involved in corruption and misconduct by engaging in unlawful activities, which the company took a note of later.

Ericsson paid $1 billion to the US Department of Justice for deferring the agreement and for hiding the activity.

Now, Ericsson found the documents prepared after the investigations have leaked to some Swedish media resources and suspects an internal hand in the whole drama.

More details on this story are awaited!

 

The post Ericsson serious about the data breach and data leak to media appeared first on Cybersecurity Insiders.

SuperCare Health, a California based healthcare firm that deals with patients suffering from respiratory ailments, has posted a data breach notice on its website. And the notice says that a security incident hit the company on July 27th, 2021 when hackers fraudulently accessed its system for 5 complete days, i.e. from July 23rd to July 27th last year.

After making several data audits, the company concluded on February 4th this year; the hackers accessed sensitive patient info such as medical record numbers, names, DoBs, addresses, hospital or medical group info, patient account number, health related details and claims data, social security numbers, driving license details.

SuperCare started notifying all the affected individuals since March 25th this year and posted on the website that it has taken all additional cybersecurity measures to protect the digital data of its patients in the future. The incident was also reported to the Federal Bureau of Investigation as per the latest federal rule of incident sharing and response procedure.

Currently, there is no evidence that the stolen details were used/being used in any of the identity theft campaigns. But what if the criminals use the details after going through a pause over usage hibernation?

After stealing the details, such criminals often sell the information on the dark web to make quick money. And those who purchase such info will start using the details in their phishing campaigns (In case of email address steal), brute force attacks (In password steal) and identity theft (In case of personal data steal).

 

The post About 300,000 patient data leaked in data breach of SuperCare Health appeared first on Cybersecurity Insiders.

There's monkey business involving cryptocurrency thieves and MailChimp, a stalker exploits his ex-partner's CCTV cameras, and what are the naughty words Amazon doesn't want its staff using? All this and much more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Zoë Rose.