Category Archives: Cyber Attacks

March 2024 Data Breach Round Up

March 2024 Data Breaches

A few months into 2024, and data breaches are on the rise. This surge highlights the need for improved security measures and greater awareness. These instances of unauthorized access to confidential data expose vulnerabilities in our interconnected systems. A deeper look into these breaches uncovers broader cybersecurity issues that necessitate immediate, coordinated efforts for digital information protection. In a time when data breaches are becoming more advanced, traditional security measures are no longer adequate.

This is where comprehensive security assessments and compliance become invaluable. Evaluating your company’s security posture and aligning it with industry standards can help identify vulnerabilities before exploitation. Compliance isn’t just about ticking boxes—it’s about creating a robust framework that bolsters security measures and instills trust in clients.

However, the real game-changer in the fight against cyber threats is the integration of AI  into your security strategies. AI can analyze vast amounts of data at an unprecedented speed, identifying potential threats and anomalies that might go unnoticed by human eyes. It can also predict potential vulnerabilities, allowing companies to fortify their defenses proactively.

Let’s jump into the data breaches that shook the industry in March 2024, a stark reminder of the ever-evolving challenge of maintaining digital security. 

AT&T

AT&T has initiated a mass reset of customer account passcodes following a leak that exposed millions of records online, including sensitive information such as names, addresses, and Social Security numbers. The leaked data, dating back to 2019 or earlier, affects about 7.6 million current and 65.4 million former AT&T account holders. Despite the leak, AT&T has stated there’s no evidence of unauthorized system access. The leak, including encrypted passwords easily decryptable, was first identified when a security researcher shared their findings with TechCrunch. AT&T is contacting affected current and former customers to inform them about the breach and the steps being taken to secure their accounts.

Fujitsu

Fujitsu, a leading global IT services provider, recently announced a significant security breach where malware infected its systems, leading to the theft of customer data. The company, ranking as the sixth largest in its sector with a workforce of 124,000 and revenues of $23.9 billion, plays a pivotal role in technology, offering a wide array of products and services, including cloud solutions and IT consulting. The breach, affecting systems holding sensitive customer information, prompted immediate action from Fujitsu to isolate infected computers and enhance monitoring. Despite no reports of the data’s misuse, Fujitsu has notified relevant authorities and is in the process of alerting affected customers. This incident follows a 2021 security breach involving Fujitsu’s ProjectWEB tool, which compromised government agencies and led to significant data theft, underscoring ongoing cybersecurity challenges.

MarineMax

MarineMax, a leading yacht retailer, reported a cyberattack in March, revealing that hackers, identified by the Rhysida ransomware gang, compromised its systems and stole data including employee and customer personal information. Despite initial claims of not storing sensitive data on the breached systems, a subsequent investigation uncovered that the cybercrime group accessed and extracted data, which is now being offered for sale on the dark web for 15 Bitcoin (over $1 million). MarineMax, with operations spanning 130 locations globally and reporting $2.39 billion in revenue last year, has engaged external cybersecurity experts to mitigate the breach’s impact, notified law enforcement, and is in the process of notifying affected individuals and regulatory bodies. The Rhysida gang, known for its ransomware-as-a-service operations since May 2023, has targeted various organizations, including the British Library and healthcare entities, marking this incident as part of a broader pattern of cyberattacks by the group.

PandaBuy

PandaBuy, an online shopping platform facilitating purchases from Chinese e-commerce sites, experienced a data breach affecting over 1.3 million users. The breach, executed by threat actors ‘Sanggiero’ and ‘IntelBoker’ through exploiting critical API vulnerabilities, exposed comprehensive user data including names, contact details, order information, and addresses. The compromised data was offered on a forum for a nominal cryptocurrency fee, with a sample provided to validate its authenticity. Despite attempts to downplay the incident, evidenced by moderated discussions on Discord and Reddit, the breach’s reality was confirmed by data breach aggregator Have I Been Pwned (HIBP), advising impacted users to change their passwords and be cautious of potential scams. PandaBuy has yet to officially address the breach publicly, as concerns over user privacy and platform security escalate.

France Travail

France Travail, the national unemployment agency in France, has reported a significant data breach affecting approximately 43 million individuals, stemming from a cyberattack between February 6 and March 5. The agency, which aids in job placement and financial support, acknowledged that personal details of job seekers over the past two decades, including sensitive information like social security numbers and contact details, were compromised. While bank details and passwords remain unaffected, the exposed data raises serious concerns for identity theft and phishing risks. France Travail has notified the National Commission of Informatique and Liberties (CNIL) and is advising those potentially impacted to exercise caution with their communications. This incident, surpassing the scale of previous breaches including a 10 million person breach last August and the recent Viamedis and Almerys breach, marks a record for cybersecurity incidents in France.

Prioritizing Compliance & Cybersecurity in the Wake of Rising Data Breaches:

Digital security is a complex tapestry, with challenges increasing in both frequency and severity. This complexity calls for action. We must strengthen our defenses, both as organizations and individuals. At Findings we understand the pivotal role of security assessments, compliance, and AI in safeguarding your digital assets. Our suite of services is designed to provide a comprehensive security solution that not only helps prevent data breaches but also ensures that your company is equipped to handle any cyber threats that come its way. From detailed security assessments that highlight your strengths and weaknesses to AI-driven insights that keep you one step ahead of cybercriminals, we are your partner in establishing a resilient and compliant security posture.

As we reflect on the lessons from the top breaches in March 2024, let us use them as a stepping stone towards a more secure and trustworthy digital future. 

February 2024 Data Breach Round Up

February 2024 data breaches

From Healthcare to Finance: The Shocking Cybersecurity Wake-Up Call of February 2024

Lately, it feels like we’ve been hit by a wave of cybersecurity incidents that have really shaken things up. It’s not just a bunch of breaches we’re talking about here; we’re seeing huge, flashing signs telling companies it’s high time to beef up their cybersecurity defenses and get smarter about how they handle incidents when they happen. In this blog, I’ll dive into the chaos of these cyber incidents, break down their effects, and tease out the valuable lessons they’re teaching us. So, come along for the ride and read up about the top breaches of February! 


  1. Change Healthcare


Change Healthcare, a subsidiary of UnitedHealth Group, experienced a cybersecurity incident on February 21, 2024, that has led to significant disruptions across the U.S. healthcare sector, affecting hospitals, pharmacies, and millions of patients. This breach, described by government and industry officials as one of the most severe attacks on the health-care system in U.S. history, has highlighted critical vulnerabilities within the U.S. healthcare infrastructure. Change Healthcare, crucial for processing 15 billion claims amounting to over $1.5 trillion annually, acts as an intermediary between healthcare providers and insurers. The attack has not only compromised patient data but has also strained the financial operations of healthcare organizations reliant on Change’s services for billing and reimbursement.


The ramifications of this incident are widespread, with some hospitals unable to discharge patients due to medication access issues and others facing severe financial strains. Senate Majority Leader Charles E. Schumer has called for expedited payments to affected healthcare providers to mitigate the financial impact. Despite efforts to manage the situation, including temporary assistance from Optum and manual claims processing, the industry faces “very, very imperfec t workarounds,” according to Molly Smith from the American Hospital Association. The attack underscores the urgent need for enhanced cybersecurity measures across the healthcare ecosystem to prevent future disruptions and safeguard patient information.


In a company update, they confirm that they are “experiencing a cybersecurity issue perpetrated by a cybercrime threat actor who has represented itself to us as ALPHV/Blackcat.”


  1. Unlocking the Impact: Fidelity’s Third-Party Vendor Vulnerability Exposed


On February 13, 2024, Fidelity Investments Life Insurance Company and Empire Fidelity Life Insurance Company discovered a cybersecurity incident involving their third-party vendor, Infosys McCamish Systems (IMS), which may have impacted the security of personal information belonging to approximately 28,268 people. IMS, responsible for administering certain life insurance policies for a limited number of customers, experienced a cybersecurity event when an unauthorized third party gained access to IMS systems between October 29, 2023, and November 2, 2023, potentially compromising data including names, Social Security Numbers, dates of birth, and bank account details used for premium payments. 


  1. Medical Management Resource Group: Eyes Wide Open

American Vision Partners, a company specializing in providing administrative support to ophthalmology practices, has recently addressed a significant cybersecurity breach affecting patient information. On February 15, 2024, the company sent out notification letters explaining that on November 14, 2023, the organization detected unauthorized access within its network infrastructure. Immediate action was taken to mitigate the breach by isolating the affected systems, initiating a thorough investigation with the help of leading cybersecurity experts, and notifying law enforcement authorities. Despite these efforts, it was confirmed by December 6, 2023, that the breach led to unauthorized access to personal data of patients linked to the practices serviced by American Vision Partners. The compromised data encompasses a range of sensitive information, including names, contact details, dates of birth, Social Security numbers, and specific medical and insurance details. 


It has also come to light that not only patients but also employees of the affected organization were victims of a data breach. The compromised information varies among individuals but could include a range of personal details such as names, contact information, dates of birth, Social Security numbers, driver’s license and passport details, and even bank account numbers. While not every piece of information was accessed for each individual, the breach’s potential impact is taken with utmost seriousness. In response, the organization is proactively offering identity protection and credit monitoring services to all impacted employees for two years at no charge, demonstrating a commitment to the security and welfare of its personnel. 


About 2,264,157 individuals were impacted by this incident. 


  1. Spark Driver: A Rough Road for Walmart’s Workforce

On February 23, 2024, Walmart Inc. notified employees about a recent security incident that has impacted Spark Driver™ accounts. This breach, discovered in late January, allowed unauthorized access to employees’ driver profiles, potentially compromising sensitive information, including Social Security Numbers, drivers licenses, dates of birth, names, and contact details. The breach provided the intruder with the ability to view details about earnings, tax information, driver verification documents, and background checks.


  1. LoanDepot: A Flood of Personal Data at Risk


LoanDepot issued a notice on February 23, 2024, regarding a data breach that potentially compromised sensitive personal information of almost 17 million people due to unauthorized access to its systems. This security incident was first identified on January 4, 2024, prompting immediate actions to contain and address the breach, including contacting law enforcement and initiating a thorough investigation with external cybersecurity experts. The breach, occurring between January 3 and January 5, 2024, may have exposed personal details such as names, addresses, email addresses, financial account numbers, Social Security numbers, phone numbers, and dates of birth.


In response to this incident, LoanDepot has taken significant measures to secure its systems and mitigate any potential impact on affected individuals. Although there is currently no evidence to suggest that the accessed information has been used maliciously, LoanDepot is offering 24 months of complimentary identity protection and credit monitoring services through Experian. This service is designed to assist in detecting and resolving identity theft and fraud. Affected individuals are encouraged to follow the provided instructions to enroll in these protection services to safeguard their personal information.


  1. UNITE HERE: A Union Under Siege


UNITE HERE, representing a substantial workforce across the U.S. and Canada, has formally reported a data breach to the Maine Attorney General on February 23, 2024, following the detection of unauthorized access to its IT network. The breach was discovered on October 20, 2023, when it was found that an unauthorized entity had gained access to their systems, impacting about 791,273 individuals. The potentially compromised information includes a wide array of personal data such as names, Social Security numbers, driver’s licenses, state ID numbers, alien registration numbers, tribal identification numbers, passport numbers, birth certificates, dates of birth, marriage licenses, signatures, financial account information, and medical data. 


Although there is no current evidence to suggest that this breach has led to identity theft or fraud, UNITE HERE is proactively informing affected individuals and has implemented several security measures. These measures include resetting system passwords, enhancing security protocols, and cooperating with law enforcement to prevent future incidents.


  1. Xerox Corporation: Copying Catastroph


On February 20, 2024, Xerox issued an alert regarding a security breach within its subsidiary, Xerox Business Services (XBS), emphasizing that safeguarding the data privacy and protection of its clients, partners, and employees remains a paramount concern. In early December 2023, an unauthorized entity managed to infiltrate a segment of the XBS network. Despite the swift detection and containment efforts by Xerox personnel, the investigation revealed that on December 10, 2023, the intruder succeeded in extracting a limited set of data from XBS’s systems.


The compromised information primarily includes names, contact details, and Social Security numbers of those affected. Xerox is actively conducting a comprehensive investigation into the breach and has already involved law enforcement agencies. Despite the ongoing legal probe, Xerox has chosen to promptly inform all impacted parties, underscoring its commitment to transparency and the importance of immediate action to address the security incident.


  1. PJ&A: Confidentiality on the Line


Perry Johnson & Associates, Inc. (PJ&A), a provider of medical transcription services for healthcare organizations including Concentra Health Services, Inc. (Concentra), has reported February 8th, a security incident affecting certain patient information. This incident, which did not affect Concentra’s systems directly, resulted from unauthorized access to PJ&A’s systems between March 27, 2023, and May 2, 2023. Notably, on April 7 and April 19, 2023, an unauthorized actor accessed a system containing Concentra patients’ information.


Upon detecting suspicious activity, PJ&A promptly initiated an investigation with cybersecurity experts to assess the incident’s scope and impact. The investigation identified that personal information, such as names and addresses, of almost 13 million Concentra patients was potentially compromised. Following the investigation, PJ&A informed Concentra, which then undertook efforts to verify affected patients and expedite notification.


To mitigate potential risks and support affected individuals, PJ&A is offering credit monitoring services through IDX for a specified period at no cost. Individuals are advised to remain vigilant by monitoring their account statements and credit reports for any suspicious activity and to consider enrolling in the provided credit monitoring service. Detailed instructions for enrollment and additional protective measures are included in PJ&A’s communication to the impacted parties.


  1. Verizon: An Inside Job


Verizon, one of the largest telecommunications service providers in the US has issued a notification concerning unauthorized access to certain personal information of its employees by one of its employees, in breach of company policies. This incident, identified around September 21, 2023, but addressed in February to the Maine Attorney General, involved unauthorized acquisition of a file containing employee data such as names, addresses, Social Security numbers or other national identifiers, gender, union affiliations, dates of birth, and compensation details. Currently, there is no indication that this information has been misused or disseminated outside of Verizon.


In response to this incident, Verizon undertook an immediate review to ascertain the nature of the compromised information and has taken steps to enhance its technical controls to prevent similar incidents in the future. The company has also informed relevant regulatory bodies about the breach.




From the major upset at Change Healthcare to the breach in Verizon’s backyard, it’s pretty obvious we’re standing at a major fork in the road. These incidents aren’t just cautionary tales; they’re wake-up calls, highlighting just how crafty and relentless cyber threats have become, and just how tough our defenses need to be.  Each month, we compile a summary of the most significant breaches from the preceding period. Be sure to explore our latest round-up! At Findings, we streamline the process of cybersecurity compliance assessments, ensuring your systems adhere to pertinent regulations while safeguarding your infrastructure.




Automate Your Cybersecurity Compliance Journey

* indicates required
Your work email please

Vendor Breach Reporting in the Modern Market

Vendor Breach Reporting guidelines findings 2024

We’ve hit a point in time where data breaches are becoming more common and the repercussions more severe. This highlights that the importance of effective vendor breach reporting cannot be overlooked. As companies are relying more and more on third-party vendors for a variety of services — from cloud storage solutions to customer relationship management systems, the potential for data breaches originating from these vendors escalates. This blog will explore the current landscape of vendor breach reporting, highlighting the challenges, best practices, and the evolving regulatory environment that shapes how businesses respond to and report breaches.

Understanding the Landscape

The modern market is interconnected, with businesses routinely sharing sensitive information with vendors. This symbiotic relationship, however, introduces vulnerabilities. A breach at a vendor can have cascading effects, compromising the data integrity of all connected businesses. The 2023 Verizon Data Breach Investigations Report underscores this point, noting an uptick in incidents originating from third-party vendors.

Challenges in Vendor Breach Reporting

One of the primary challenges in vendor breach reporting is the detection and attribution of breaches. Identifying that a breach has occurred, and tracing it back to a specific vendor, requires sophisticated monitoring tools and a high degree of coordination between parties. Moreover, the variability in reporting requirements across jurisdictions adds a layer of complexity, making compliance a moving target for global businesses.

Best Practices for Effective Reporting

To navigate these challenges, businesses must adopt a proactive and comprehensive approach to vendor management and breach reporting. Key strategies include:

  • Due Diligence: Before entering into agreements with vendors, assess their security policies and incident response capabilities. Regular audits can ensure ongoing compliance with agreed-upon standards.

  • Transparent Communication: Establish clear lines of communication for reporting potential security incidents. This includes setting up contractual obligations for vendors to notify you immediately in the event of a breach.

  • Incident Response Planning: Develop a coordinated incident response plan that includes vendors. This plan should outline steps for breach investigation, notification, and mitigation, ensuring a swift and unified response.

  • Regulatory Compliance: Stay informed about the evolving regulatory landscape. Many regulations have set stringent requirements for data breach notification, including specific timelines and conditions under which breaches must be reported. Failure to comply can result in significant fines, legal fees, and damage to a company’s reputation.

The Evolving Regulatory Environment

Governments around the world are tightening regulations around data protection and breach notification. The trend is towards more stringent reporting requirements, with an emphasis on consumer protection. For instance, amendments to the GDPR and CCPA are pushing for shorter notification windows and greater transparency in the event of a breach. More recently, in 2024, The Federal Communications Commission (FCC) has finalized new breach reporting rules that significantly tighten the requirements for telecommunications carriers in the US. Now, these carriers have only seven days to disclose data breaches. The rules have expanded the definition of breaches to include inadvertent access or disclosure of customer information, which now encompasses not only Customer Proprietary Network Information (CPNI) but also personally identifiable information (PII) such as names, government ID numbers, biometric data, and email addresses/passwords. This change aims to cover a broader range of data and ensure customers are notified of breaches unless the carrier determines no harm is reasonably likely to occur. The updated rules now require that, in addition to the FBI and U.S. Secret Service, the FCC must also be notified of breaches.

Lastly, The Federal Trade Commission (FTC) has introduced an amendment to its Safeguards Rule, imposing a 30-day deadline for non-banking financial organizations to report incidents involving 500 consumers or more. This amendment aims to bolster consumer data security by demanding comprehensive incident reports, driving stronger security practices in the financial sector.

Closing Thoughts:

In the modern market, effective vendor breach reporting is not just a regulatory requirement; it’s a critical component of a company’s overall cybersecurity strategy. By implementing best practices for vendor management and staying abreast of regulatory changes, businesses can better protect themselves and their customers from the fallout of data breaches. As the digital landscape continues to evolve, so too must the strategies for safeguarding against and responding to security incidents. The key to resilience in the face of these challenges lies in preparation, partnership, and proactive engagement with the issue of vendor breach reporting.

 

Findings Can Help

January 2024 Data Breach Round Up

January 2024 data breaches findings.co

Enhancing Cybersecurity in the Face of Growing Threats

U.S. SEC’s X Account Compromise

The U.S. Securities and Exchange Commission’s (SEC) X account was hacked to falsely announce the approval of Bitcoin ETFs, causing a temporary spike in Bitcoin prices. The false claim was quickly addressed by SEC Chairperson Gary Gensler, who clarified that the SEC had not approved Bitcoin ETFs and that the tweet was unauthorized. This hacking incident is part of a broader wave of cyberattacks on verified X accounts aimed at promoting cryptocurrency scams. Notably, companies like Netgear, Hyundai MEA, and cybersecurity firms such as CertiK and Mandiant have also been targeted. The SEC has terminated the unauthorized access and is collaborating with law enforcement to investigate the breach and its implications. The incident underscores the growing concern over cybersecurity in the digital finance space.

VF Corporation Data Breach

On January 18, 2024, VF Corporation, the parent company of popular brands such as Vans, Timberland, The North Face, Dickies, and Supreme, reported a ransomware attack it experienced in December that compromised the personal information of over 35 million customers. Fortunately, sensitive information like social security numbers, bank account, or payment card details were not stolen as the company does not store these details on its systems. Despite no evidence of stolen consumer passwords, the breach disrupted business operations, leading to the temporary shutdown of IT systems, inventory replenishment issues, and delayed order fulfillments. VF Corp has since managed to restore the affected IT systems and reported minimal operational issues in its retail stores, e-commerce sites, and distribution centers as of the latest update.

Trello API Misuse

An exposed Trello API vulnerability was exploited to link private email addresses to 15 million Trello accounts, leading to a significant data leak. The issue came to light when a user named ’emo’ attempted to sell the data on a hacking forum, which included emails, usernames, full names, and other account information. Trello, owned by Atlassian, attributed the leak to public data scraping and not unauthorized system access. However, further investigation revealed that a publicly accessible API allowed the association of email addresses with Trello profiles without requiring authentication. Trello has since modified the API to prevent unauthenticated queries, aiming to balance user convenience with security. The data breach underscores the potential for abuse in public APIs and highlights the importance of securing such interfaces against unauthorized access. This incident also raises concerns about the use of public data in targeted phishing campaigns, prompting users to be vigilant.

Capital Health Ransomware Attack

The LockBit ransomware group has taken responsibility for a cyberattack on Capital Health, a key healthcare provider in New Jersey and Pennsylvania, in November 2023. On their data leak site, the group wrote, “We purposely didn’t encrypt this hospital so as not to interfere with patient care. We just stole over 10 million files.” They have threatened to release seven terabytes of sensitive data and negotiation communications if their ransom demands are not met. Although LockBit typically forbids affiliates from encrypting hospital network files to avoid disrupting patient care, they claim to have stolen data without encryption in this instance. Capital Health has restored its systems and enhanced security measures but is still assessing the extent of the data breach. This incident is part of a disturbing trend where healthcare organizations, despite guidelines advising against such attacks for ethical reasons, are increasingly targeted by ransomware gangs. LockBit’s actions, including previous attacks on healthcare institutions globally, challenge the notion of “harmless” cyberattacks by highlighting the potential for significant operational disruptions and data breaches within the healthcare sector.

loanDepot Cyberattack

loanDepot, a leading U.S. mortgage lender, experienced a cyberattack that disrupted its IT systems and online payment portal, affecting customers’ ability to make loan payments and contact the company via phone. In company notice, it is now revealed that, “Although its investigation is ongoing, the Company has determined that an unauthorized third party gained access to sensitive personal information of approximately 16.6 million individuals in its systems. The Company will notify these individuals and offer credit monitoring and identity protection services at no cost to them.” The incident led loanDepot to take certain systems offline as they work with law enforcement and forensic experts to investigate and resolve the issue. In an 8-K filing, the company reported that the unauthorized actor gained access to certain company systems and the encryption of data. This attack raises concerns about potential data theft, including sensitive customer information, which could lead to phishing attacks or identity theft. This event marks another significant cyber challenge for loanDepot, following a data breach disclosed in May from an August 2022 cyberattack, highlighting ongoing security threats in the financial services sector.

Trezor Support Site Breach

Trezor, a leading hardware cryptocurrency wallet provider, announced a security breach affecting its third-party support ticketing portal, exposing personal data of 66,000 customers. The breach, detected on January 17, led to unauthorized access but did not compromise users’ digital assets. Trezor reassured customers that their funds remain secure and their devices are unaffected. However, the breach exposed names or usernames and email addresses of users who interacted with Trezor Support since December 2021. Although other personal information like postal addresses and phone numbers were stored, there’s no evidence they were accessed. The company confirmed 41 instances of data exploitation, with attackers phishing for users’ recovery seeds via email, posing as Trezor Support. Trezor has alerted potentially affected users, emphasizing that wallet recovery seeds should never be shared, as disclosing them could lead to irreversible cryptocurrency theft. The unauthorized access has been terminated, and the risk mitigated.

Veolia North America Ransomware Attack

Veolia North America, part of the global Veolia group, was hit by a ransomware attack affecting its Municipal Water division’s systems and disrupting online bill payment services. Veolia responded by taking certain systems offline and is collaborating with law enforcement and forensic experts to understand the attack’s full impact. The company reassured customers that payments made during the disruption have been processed and no late fees or interest charges will apply. Importantly, Veolia’s water treatment and wastewater services remained uninterrupted, indicating the attack was limited to internal back-end systems. A small number of individuals’ personal information may have been compromised, and Veolia is assessing the extent of this breach. This incident underscores the growing cybersecurity threats facing critical water infrastructure, highlighting recent attacks on other water services and CISA’s efforts to bolster security within the sector.

Jason’s Deli Credential Stuffing Attack

Jason’s Deli has reported a data breach due to a credential stuffing attack, impacting customers of its online platform. Hackers obtained login credentials from other breaches and tested them on Jason’s Deli’s website on December 21, 2023. This type of attack exploits the common practice of using the same password across multiple services, posing a risk to accounts with reused credentials. The breach potentially exposed personal data including names, addresses, phone numbers, birthdays, preferred locations, account numbers, Deli Dollar points, and the last four digits of credit card and gift card numbers. The exact number of affected accounts is unknown, but all potentially impacted customers, estimated at 344,034, have been notified and advised to reset their passwords. Jason’s Deli is also restoring any unauthorized use of Deli Dollars to ensure customers do not face losses.

A Call to Action for Cybersecurity Leaders

These incidents collectively highlight the multifaceted nature of cyber threats and the critical need for advanced security measures, employee training, and regulatory compliance. CISOs, cybersecurity experts, and risk managers must remain vigilant, adopting a proactive approach to cybersecurity that anticipates and mitigates potential threats. Collaboration, innovation in security technologies, and adherence to best practices are essential in safeguarding against the evolving cyber threat landscape, ensuring the integrity and resilience of organizational operations in an increasingly digital world.

2024 Trends Unveiled: Cybersecurity as a Key Business Enabler

As 2024 unfolds, we are witnessing a revolutionary transformation in the cybersecurity landscape. No longer a mere aspect of IT, cybersecurity is now a pivotal driver in reshaping business operations on a global scale. This blog post delves into the forefront of cybersecurity, compliance, highlighting pivotal regulations such as the ASEAN Guidelines on Consumer Impact Assessment (CIA), CMMC, PCI DSS 4.0, DORA, and SEC incident disclosure regulations. These emerging trends are rapidly becoming the gold standard in global business cybersecurity practices.

 

CMMC: Evolving from Defense to a Universal Cybersecurity Benchmark

  • The Cybersecurity Maturity Model Certification (CMMC) is evolving from its U.S. defense sector roots to a worldwide cybersecurity standard. Now applicable across various industries, CMMC’s layered cybersecurity approach is garnering universal acceptance. Its comprehensive framework, focused on continuous improvement, is especially vital for entities managing sensitive or critical data, signifying a move towards standardized cybersecurity excellence.

PCI DSS 4.0: Revolutionizing Payment Security Standards

  • PCI DSS 4.0 is revolutionizing payment security standards globally in 2024. This updated version introduces an adaptive, risk-based approach, essential for any business involved in digital transactions. Its flexibility and focus on tailored security measures are vital for e-commerce, financial institutions, and others in the payment ecosystem, making PCI DSS 4.0 compliance synonymous with secure and trustworthy payment processing.

DORA: Spearheading Digital Resilience in the Financial Sector

  • The Digital Operational Resilience Act (DORA) is a groundbreaking EU regulation shaping the financial sector’s approach to digital risks in 2024. Its influence extends globally, affecting financial entities interacting with the EU market. DORA emphasizes operational resilience, highlighting the need for robust digital risk management in today’s interconnected digital finance landscape.

SEC Incident Disclosure: Championing Transparency in Corporate Cybersecurity

  • The SEC’s incident disclosure regulations are leading a worldwide movement towards transparency in corporate cybersecurity. These mandates, which require prompt and detailed disclosure of cybersecurity incidents, are becoming critical for publicly traded companies globally. This shift towards transparency and accountability in cybersecurity reflects an increasing demand from investors and consumers for trustworthiness and integrity in corporate practices.

ASEAN CIA: Redefining Cybersecurity with a Consumer-Centric Approach

  • The ASEAN Guidelines on Consumer Impact Assessment, originating from Southeast Asia, are now setting a global precedent. These guidelines shift the focus towards assessing cybersecurity’s impact on consumers, prioritizing their rights and data privacy. This consumer-centric approach, especially critical for businesses in or targeting the ASEAN market, is now a global best practice. It underscores the imperative of balancing robust security with consumer rights, a notion gaining traction across various industries.

Other Regulatory Developments Shaping the Cybersecurity Domain

Additional global regulations also predict significant cybersecurity trends:

  • GDPR: Continues to influence data privacy and protection globally, impacting businesses handling EU citizens’ data.

  • ISO/IEC 27001: Gaining traction as a comprehensive framework for managing information security, key for organizations striving for global best practices.

  • NIST Framework: Increasingly adopted worldwide, indicating a move towards unified approaches in cybersecurity risk management.

Cybersecurity Compliance: A Strategic Business Advantage

In 2024, adherence to these emerging cybersecurity regulations offers businesses a strategic advantage. It transcends legal compliance, fostering trust, enhancing brand reputation, and providing a competitive edge. The integration of AI in cybersecurity is another emerging practice, offering efficient and effective solutions for meeting these standards.

  • Increased Focus on Supply Chain Attacks: Modern supply chains are interconnected and complex, making them susceptible to cyberattacks. A breach in one part can have a cascading effect, impacting multiple businesses. This emphasizes the need for rigorous cybersecurity measures across the entire supply chain.

  • Collaborative Risk Management: The trend towards collaborative defense strategies is based on the principle that sharing threat intelligence and best practices can strengthen the security posture of all involved parties. By learning from each other’s experiences, industries can develop more effective defenses against common threats.

State-Sponsored Cyber Attacks: An Escalating Concern

  • Global Ramifications: State-sponsored cyberattacks are particularly concerning due to their scale and impact. These attacks target critical infrastructure, such as energy grids or financial systems, and can compromise national security. The global nature of these threats requires an international response and cooperation.

  • Advanced Countermeasures: To combat these sophisticated threats, organizations need to implement advanced threat detection systems that can identify and neutralize attacks quickly. A zero-trust security model, where trust is never assumed and verification is required from everyone, can be crucial in mitigating these risks. Continuous monitoring ensures that any suspicious activity is detected and addressed promptly.

AI in Cybersecurity: A Complex Role

  • Enhanced Detection and Response: AI can significantly improve threat detection by analyzing vast amounts of data to identify patterns that may indicate a cyberattack. However, this technology can also be used by attackers to create more sophisticated threats, such as deepfakes or AI-driven phishing attacks.

  • Proactive Mitigation Strategies: Organizations must not only invest in AI-based defense systems but also ensure that their workforce is trained to recognize and respond to AI-generated threats. This includes understanding the limitations of AI and being able to identify when a human response is required.

Ransomware Evolution: The Changing Landscape of Cyber Extortion

  • Sophisticated Tactics: Modern ransomware attacks are more than just data encryption; attackers are now threatening to leak sensitive data if the ransom isn’t paid, adding an extra layer of coercion. This dual-threat approach makes it even more challenging for victims to decide whether to pay the ransom or risk public exposure of their data.

  • Comprehensive Defense Strategies: To protect against these evolving ransomware threats, organizations must have robust backup systems that can restore data with minimal loss. Employee training is crucial to help staff recognize and avoid potential ransomware attacks. Additionally, a well-prepared incident response plan can ensure quick action to mitigate damage if an attack occurs.

The Metaverse and Cloud Security: New Frontiers, New Risks

  • Expanded Attack Vectors: As businesses venture into new digital domains like the metaverse and cloud platforms, they face new cybersecurity challenges. These platforms can provide attackers with novel ways to exploit security vulnerabilities.

  • Proactive Security Measures: Ensuring security in these new environments involves a comprehensive approach that includes strong encryption to protect data, robust identity management to verify users, and regular security audits to identify and address vulnerabilities.

The Human Element: Bolstering the Frontlines of Cyber Defense

  • Empowering Through Training and Awareness: Regular and comprehensive training programs are essential in equipping employees with the necessary skills to recognize and prevent security breaches. This training should cover the latest cybersecurity threats and best practices.

  • Cultivating a Security-First Mindset: Creating a culture of security within the organization is crucial. This involves fostering an environment where employees are aware of the importance of cybersecurity and are motivated to take proactive steps to protect the organization’s digital assets.

As 2024 progresses, it’s clear that these cybersecurity trends and regulations are not just shaping, but redefining business strategies. From the consumer-centric ASEAN CIA guidelines to CMMC’s comprehensive security model, and the transparency demanded by SEC disclosure regulations, these developments are crucial in enabling businesses to thrive in the digital era. By staying ahead of these trends, companies can harness cybersecurity not only as a compliance requirement but as a cornerstone for growth and success. Understanding evolving regulations, embracing innovative technologies, and reinforcing human-centric defenses remain key to ensuring business resilience and triumph in an increasingly digitized world.

Year-End Cyber Alert: December 2023’s Data Breaches

december 2023 data breaches

Welcome to 2024, a year promising advancements and challenges in the digital world. Each month, we embark on a detailed journey through the world of cybersecurity, scrutinizing key incidents that have affected prominent global corporations. Our monthly analyses not only provide unique perspectives on the complexities of digital security in an ever-changing tech landscape, but also shed light on the vulnerabilities within our digital infrastructures. By highlighting the essential need for robust cybersecurity measures, we aim to enhance your understanding of how even the strongest organizations can face significant challenges in this digital era. Join us as we navigate through these captivating episodes of digital drama and learn how even the mightiest can be vulnerable.

EasyPark:

EasyPark, a Swedish app developer, recently reported a data breach impacting an unspecified number of its users, detected on December 10, 2023. The breach potentially exposed users’ names, phone numbers, physical addresses, email addresses, and partial credit/debit card or IBAN details. This incident raises concerns about potential phishing attacks targeting affected users. The company’s widely used apps, including EasyPark, RingGo, and ParkMobile, span across multiple countries. EasyPark is advising all users to change their account passwords and is contacting affected individuals directly.

National Amusements:

National Amusements, the parent company of media giants Paramount and CBS, has confirmed a data breach impacting 82,128 people. The breach, which occurred in December 2022, was only disclosed a year later following notifications to those affected. The compromised data includes personal and financial information, potentially involving employee details as the notification was filed by the company’s HR chief. The nature of the cyberattack and whether customer information was also compromised remains unclear, and the company has not commented further on the incident. Additionally, Paramount reported a separate security breach in August, affecting an unspecified number of customers, where personal details like names, birth dates, and government-issued identification numbers were stolen.

Mr. Cooper:

Nationstar Mortgage LLC, doing business as Mr. Cooper, notified 14,690,284 customers on December 15, 2023 of a data security incident that may have compromised their personal information. This incident, detected on October 31, 2023, involved unauthorized access to the company’s network systems between October 30 and November 1, 2023. The breach resulted in the acquisition of files containing personal details such as names, addresses, phone numbers, Social Security numbers, dates of birth, and bank account numbers. While there’s no evidence yet of identity theft or fraud resulting from this incident, Mr. Cooper is reaching out to potentially affected individuals to explain the situation and offer assistance in protecting their information.

Comcast Cable Communications LLC:

Xfinity has issued a notice about a data security incident that compromised personal information of 35,879,455 customers. The incident stemmed from a vulnerability in a software product by Citrix, used by Xfinity and numerous other companies. Although Citrix released a patch and additional guidance by October 23, 2023, unauthorized access to Xfinity’s internal systems occurred between October 16 and 19, 2023. The compromised data includes usernames, hashed passwords, and for some customers, names, contact details, the last four digits of social security numbers, dates of birth, and secret questions and answers. Xfinity has proactively asked customers to reset their passwords and encourages the use of two-factor or multi-factor authentication. Customers who use the same login information on other accounts are advised to change it there as well. Further protective measures are detailed in Xfinity’s additional information section.

Panasonic:

Panasonic Avionics Corporation, a key provider of in-flight communications and entertainment systems, announced a data breach following a cyberattack on its corporate network in December 2022. This breach, just recently discovered, was disclosed in a notification to California’s Attorney General, and involved unauthorized access to a subset of network devices and impacted personal and health information of an unspecified number of individuals and their employers. The compromised data includes names, contact information, dates of birth, medical and health insurance details, financial account numbers, employment status, and government identifiers like Social Security numbers. Panasonic has found no evidence of misuse of this data since the attack. Over 200 airlines use Panasonic’s services on approximately 70% of the global in-flight entertainment-equipped fleet.

Mint Mobile:

Mint Mobile recently disclosed a data breach that compromised its customers’ personal information, potentially facilitating SIM swap attacks. As a mobile virtual network operator offering prepaid mobile plans, Mint Mobile started informing customers of this security incident on December 22, 2023. The breach exposed customer names, telephone numbers, email addresses, SIM serial numbers, IMEI numbers (device identifiers), and details of service plans. However, credit card numbers and passwords, which are secured with strong cryptographic technology, were not compromised.

The carrier did not announce the breach on its social channels but notified affected customers through email. One of these emails was shared by a customer on Reddit. This breach poses a significant risk for SIM swapping attacks, where attackers can port a victim’s phone number to their device, potentially accessing online accounts and bypassing multi-factor authentication. This technique is often used to compromise cryptocurrency exchange accounts.

The company has not yet disclosed how the breach occurred, but a previous incident in July 2023 involved an attempted sale of data allegedly from Mint Mobile on a hacking forum, including partial credit card details. Mint Mobile experienced a similar breach in 2021.

Nissan Australia:

Nissan Oceania, covering Australia and New Zealand, announced it is currently managing a significant cyber incident involving unauthorized network access. The Akira ransomware gang has claimed responsibility for this attack, stating they stole approximately 100GB of data from Nissan Australia’s systems. This data reportedly includes sensitive corporate and client information, personal details of employees, and other confidential documents.

Despite ransom negotiations, Nissan has either refused to engage or pay the demanded ransom, leading Akira to threaten the release of the stolen data. Akira, emerging in March 2023, is known for targeting various industries, including deploying a Linux variant of their ransomware in June 2023, specifically aimed at VMware ESXi virtual machines.

Nissan has been working with global incident response teams and cybersecurity experts to assess the impact and restore affected systems. While the company has confirmed the breach, it is still investigating whether personal information was accessed. Nissan has notified cybersecurity agencies, privacy regulators, and law enforcement in Australia and New Zealand. Customers have been advised to remain vigilant for any unusual or suspicious online activity. Nissan is yet to provide additional information or comment on the incident.

MongoDB:

MongoDB, a prominent database platform, has recently disclosed that its corporate systems were compromised in a cyberattack, leading to the exposure of customer data. The breach was detected on the evening of December 13, 2023. MongoDB’s Chief Information Security Officer, Lena Smart, informed customers via email that the incident involved unauthorized access to certain MongoDB corporate systems, exposing customer account metadata and contact information. However, there is no indication that customer data stored in MongoDB Atlas was accessed.

The company believes the threat actors had access to its systems for an extended period before detection, raising concerns about potential data theft. MongoDB is actively investigating the incident and has advised customers to enable multi-factor authentication, change passwords, and remain vigilant against targeted phishing and social engineering attacks.

MongoDB has stated they are still investigating the breach and will provide updates on the MongoDB Alerts web page, used for notifying about outages and other incidents. This situation is ongoing, and further details are expected as the investigation progresses.

Reflecting on December’s Data Breaches:

The series of data breaches discussed in this blog underscores a crucial aspect: the importance of cybersecurity vigilance and preparedness. Organizations, irrespective of their size or industry, are potential targets for cybercriminals. The varied nature of these breaches – from ransomware attacks to phishing expeditions – demonstrates the need for comprehensive security protocols and rapid response plans. As customers and stakeholders, staying informed and adopting preventive measures is imperative. This compilation of incidents serves as a reminder that in the digital world, security is not just a necessity but a continuous commitment to safeguarding data and preserving trust.

Want to learn more about SEC reporting requirements for data breaches?

November Security Breach Round Up

November Security Breaches

Welcome to this month’s edition of our data breach round up, where we unravel the recent cyber threats that have sent shockwaves across industries. In a digital landscape fraught with challenges, our commitment at Findings is to equip you with the knowledge and tools necessary to navigate these turbulent waters.

This month’s featured breaches spotlight the vulnerabilities that transcend sectors, from the technology giant Samsung to the healthcare domain with McLaren Health Care, and even reaching into the retail space with Dollar Tree. Each incident reveals not only the compromise of personal and sensitive data but also the profound implications for privacy, security, and trust in our increasingly interconnected world.

  1. Samsung:

    Samsung has acknowledged a significant data breach affecting its U.K. customer base. The breach, which spanned a year, was first brought to light in a statement to TechCrunch by Chelsea Simpson, a spokesperson for Samsung via a third-party agency. According to Simpson, the breach led to unauthorized access to contact details of some Samsung U.K. e-store customers. The specifics of the breach, including the number of affected customers and the method used by hackers, remain undisclosed.

    In communications with affected customers, Samsung revealed that the breach stemmed from a vulnerability in an unspecified third-party business application. This vulnerability exposed the personal data of customers who made purchases on the Samsung U.K. store from July 2019 to June 2020. The company only discovered the breach on November 13, 2023, over three years after the fact, as detailed in a letter to customers that was shared on X (formerly Twitter).

    The compromised data includes names, phone numbers, postal and email addresses, but Samsung assures that no financial information or passwords were affected. The company has reported the breach to the U.K.’s Information Commissioner’s Office (ICO), where spokesperson Adele Burns confirmed that the regulator is conducting enquiries into the incident.

    This breach marks the third such incident disclosed by Samsung in the past two years. Previous breaches include a September 2022 attack on Samsung’s U.S. systems, with undisclosed customer impact, and a March 2022 breach where Lapsus$ hackers allegedly leaked around 200 gigabytes of Samsung’s confidential data, including source codes and biometric unlock algorithms.

  2. KidSecurity:

    KidSecurity, a popular parental control app, inadvertently exposed user data due to a security oversight. The app, with over a million downloads, tracks children’s locations and activities. Researchers discovered that the app failed to secure its Elasticsearch and Logstash databases, leaving over 300 million records publicly accessible for over a month. This exposed data included 21,000 phone numbers, 31,000 email addresses, and partial credit card information.

    The unprotected data became a target for malicious actors, with indications of a compromise by the ‘Readme’ bot. Cybersecurity expert Bob Diachenko highlighted the severity of this breach, especially considering the app’s focus on children’s safety. The exposure of sensitive information such as contact details and payment information poses serious risks, including identity theft and fraud. KidSecurity had yet to comment on the breach at the time of the report.

  3. McLaren Health Care:

    McLaren Health Care recently informed its patients of a cybersecurity incident affecting its computer systems. The healthcare provider noticed suspicious activity around August 22, 2023, and immediately commenced an investigation with third-party forensic specialists. This inquiry revealed unauthorized access to McLaren’s network between July 28 and August 23, 2023, with potential data acquisition by the unauthorized party.

    A thorough review, completed by October 10, 2023, indicated that sensitive information might have been compromised. The data at risk includes names, Social Security numbers, health insurance details, medical information like diagnoses, physician details, medical records, and Medicare/Medicaid data.

    In response, McLaren has taken steps to secure its network and is reviewing and reinforcing its data protection policies and procedures. They are also offering affected individuals identity theft protection services through IDX, including credit monitoring and a $1,000,000 insurance policy, valid until February 9, 2024.

    McLaren urges individuals to stay vigilant, monitor their financial statements, and report any suspicious activity. For further assistance, IDX is available for inquiries, with representatives knowledgeable about the incident. McLaren emphasizes that, as of now, there is no evidence of misuse of the compromised information.

  4. Staples:

    Staples, a prominent American office supply retailer, recently confirmed a cyberattack that led to significant service disruptions and delivery issues. The company, operating 994 stores across the US and Canada and 40 fulfillment centers, took immediate action to contain the breach and safeguard customer data. The incident came to light following multiple Reddit posts from earlier in the week, reporting issues with Staples’ internal operations. Employees noted problems accessing various systems, including Zendesk, VPN employee portals, and email services. Comments on Reddit from Staples employees expressed surprise and concern, with one stating, “I’ve never seen anything like this in my 20 years with Staples.”

    Unconfirmed reports also suggested that employees were advised against using Microsoft 365’s single sign-on and that call center staff were sent home. Staples confirmed to BleepingComputer that they had to take protective measures against a “cybersecurity risk,” which disrupted their backend processing, product delivery, and customer service communications. Although Staples stores remain open, the company’s online operations, including staples.com, continue to face challenges. A company spokesperson stated that systems are gradually coming back online, but some delays in processing orders are expected. Staples has assured a swift return to normal operations and has posted a similar notice on their website.

    BleepingComputer reported that no ransomware or file encryption was involved in the attack. Staples’ rapid response, including shutting down networks and VPNs, may have prevented the attack from reaching its full potential. The extent of any data theft and the potential consequences, such as ransom demands, remain to be seen. This cyberattack is not Staples’ first brush with cybersecurity issues. In March 2023, Essendant, a Staples-owned distributor, faced a multi-day outage impacting online orders. Furthermore, in September 2020, a data breach at Staples exposed customer and order information due to an unpatched VPN vulnerability.

  5. Dollar Tree:

    Dollar Tree, a notable discount retail chain with stores across the United States and Canada, has been affected by a data breach involving a third-party service provider, Zeroed-In Technologies. This breach has impacted nearly 2 million individuals, specifically targeting Dollar Tree and Family Dollar employees.

    The breach, occurring between August 7 and 8, 2023, was disclosed in a notification to the Maine Attorney General. While the intrusion into Zeroed-In’s systems was confirmed, the exact details of accessed or stolen files remained unclear. Consequently, Zeroed-In conducted a thorough review to identify the compromised information, which included names, dates of birth, and Social Security numbers (SSNs).

    Affected individuals have been notified and offered a twelve-month identity protection and credit monitoring service. In response to inquiries from BleepingComputer, a Family Dollar spokesperson stated, “Zeroed-In is a vendor that we and other companies use. They informed us that they identified a security incident, and they provided notice of the incident to current and former employees.”

    The breach’s impact may extend beyond Dollar Tree and Family Dollar, potentially affecting other Zeroed-In customers, although this has not been confirmed. Zeroed-In has not responded to inquiries about the incident.

    The breach’s magnitude has prompted law firms to investigate the possibility of a class-action lawsuit against Zeroed-In.

  6. General Electric:

    General Electric (GE), a prominent American multinational involved in various industries, is investigating a possible cyberattack and data theft. A hacker known as IntelBroker allegedly breached GE’s development environment, initially attempting to sell access on a hacking forum for $500. After failing to attract buyers, the threat actor claimed to offer both network access and stolen data, including sensitive military and DARPA-related information.

    IntelBroker, recognized for previous high-profile cyberattacks, provided screenshots as evidence of the breach, showing data from GE Aviation’s database on military projects. GE confirmed to BleepingComputer their awareness of these allegations and their ongoing investigation.

    IntelBroker’s past exploits include a breach of the Weee! grocery service and a significant data theft from D.C. Health Link, a healthcare marketplace used by White House and House staff. The D.C. Health Link breach, which led to a congressional hearing, revealed that a misconfigured server had exposed sensitive data online.

  7. HSE:

    Holding Slovenske Elektrarne (HSE), Slovenia’s largest electricity provider, was recently hit by a ransomware attack. Despite this, the company’s power generation remained unaffected. HSE, which accounts for about 60% of Slovenia’s domestic power production, managed to contain the attack within a few days.

    The company’s IT systems and files were encrypted, but operational functions continued normally. HSE informed national cybersecurity authorities and the police, and engaged external experts for mitigation. While no ransom demand has been received yet, the company remains cautious during the cleanup process.

    Unofficial sources attribute the attack to the Rhysida ransomware gang, known for high-profile attacks without immediate ransom demands. The breach might have occurred through stolen passwords from unprotected cloud storage, although this has not been confirmed. Rhysida has been active since May 2023 and is notorious for targeting various organizations internationally. HSE is yet to issue a formal response to these allegations.

The array of cyberattacks faced by the companies above demonstrate the complexity and severity of the cybersecurity landscape. These incidents serve as stark reminders of the persistent threats in the digital domain, urging organizations to fortify their defenses and adopt more robust data protection measures. As the aftermath of these breaches unfolds, it is imperative for companies to not only address the immediate security gaps but also to engage in proactive measures to safeguard against future threats. Furthermore, these events underscore the need for ongoing vigilance, transparency, and collaboration among businesses, regulatory bodies, and cybersecurity experts to enhance the resilience of our digital ecosystem against such pervasive and evolving threats.

The Evolving Landscape of Cybersecurity Laws and Regulations: What Businesses Need to Know

Supply Chain Cyber Security with Findings

In an era where digital threats are rapidly evolving, the regulatory landscape governing cybersecurity is becoming increasingly complex. Businesses across the globe face the daunting task of navigating this ever-changing terrain. Understanding the latest developments in cybersecurity laws and regulations is not just a matter of legal compliance; it’s a strategic imperative.

The Global Picture: Diverse Regulatory Frameworks

EU’s GDPR and NIS Directive

The European Union has been at the forefront with the General Data Protection Regulation (GDPR) and the Network and Information Systems (NIS) Directive. GDPR, known for its stringent data protection rules and hefty fines, has set a global benchmark. The NIS Directive, meanwhile, focuses on the security of network and information systems.

US’s Sector-Specific Approach

In the US, there’s no single federal-level cybersecurity law. Instead, regulations vary by sector, like HIPAA for healthcare and FISMA for government agencies. The recent Cyber Incident Reporting for Critical Infrastructure Act of 2022 marks a shift towards more comprehensive federal oversight.

Asian Perspectives: Emerging Frameworks

Countries in Asia are ramping up their cybersecurity laws. Japan’s Cybersecurity Basic Act and China’s Cybersecurity Law are just two examples of the regional commitment to tackling cyber threats.

Compliance Challenges and Business Impacts

Navigating these diverse regulations can be challenging. Businesses operating internationally must comply with multiple, sometimes conflicting, regulations. Non-compliance can lead to penalties, but the greater risk lies in reputational damage and loss of customer trust.

Case Study: Cross-Border Data Transfers

A key challenge is managing cross-border data transfers, especially given the differing regulations on data sovereignty and privacy. For instance, the Schrems II decision by the European Court of Justice disrupted the EU-US Privacy Shield, creating uncertainty for businesses reliant on transatlantic data flows.

Steps to Ensuring Compliance

Conducting Regular Risk Assessments

Regularly assessing cybersecurity risks and aligning them with the regulatory requirements is crucial. It’s not just about IT infrastructure, but also about policies, training, and incident response strategies.

Implementing Robust Data Governance

Effective data governance policies ensure data is handled correctly – a vital step in compliance, especially with regulations like GDPR.

Leveraging Technology for Compliance

Automation and AI can streamline compliance processes. Tools like compliance management software can keep track of regulatory changes and help ensure ongoing adherence.

Looking Ahead: Staying Informed and Agile

Keeping Abreast of Changes

Regulatory landscapes are dynamic. Staying informed through reliable sources, industry groups, and legal advisories is key to navigating these changes.

The Role of Cybersecurity Insurance

As risks evolve, so does the role of cybersecurity insurance. It’s becoming an essential part of the risk management strategy, not just for mitigating financial losses but also for accessing expertise in the aftermath of a breach.

Conclusion

In the digital age, a robust cybersecurity strategy that aligns with the global regulatory environment is a cornerstone of business resilience and success. The key lies in staying informed, agile, and proactive in compliance efforts. By embracing these challenges, businesses can not only safeguard themselves against cyber threats but also gain a competitive advantage in the trust they build with their customers and partners.

Cybersecurity Under Fire: Top October 2023 Breaches

October security breach round up - findings.co

The digital world is full of cyber threats that can affect any industry, and recent incidents have shown that even the most secure systems can be vulnerable. For example, Okta recently admitted to a security breach. Below you will also read about a sophisticated campaign called Magecart that stole credit card details by exploiting webpages. The impact of these breaches can be seen in various industries. For instance, five Canadian hospitals experienced disruptions in their services, and genetic testing company 23andMe had their data compromised. Even businesses in the hospitality and retail sectors are not safe, as shown by the data breach at Marina Bay Sands and Casio’s apology to its users. October’s breaches emphasize the importance of taking swift action and being transparent. As companies navigate through these challenges, it is crucial to strengthen cybersecurity measures and ensure the integrity of customer data.

  1. Okta

Okta has expressed regret to its customers for a recent security breach, emphasizing its dedication to maintaining transparent communication with them. On October 19, Okta notified its customers about a security breach that occurred between September 28 and October 17, wherein unauthorized access was gained to the support system affecting files related to 134 customers, which is under 1% of Okta’s customer base. HAR files containing session tokens were accessed, which led to session hijacking for 5 customers, with 3 customers openly discussing their experiences. The breach was enabled through the misuse of a service account within the customer support system. This service account had been inadvertently synced with an employee’s personal Google account, potentially through the compromise of the employee’s personal Google account or device.

Okta faced challenges in detecting the breach due to the difference in log events when files were accessed directly rather than through case files, which was the method used by the threat actor. Upon receiving a suspicious IP address from BeyondTrust on October 13, Okta could trace and shut down the unauthorized access, revoke the stolen session tokens, and notify affected customers.

  1. 23andMe

23andMe, a genetic testing company, has reported unauthorized access to customer data. The incident did not result from a system breach, but from attackers who managed to guess user login details and subsequently scrape information from the “DNA Relatives” feature. This feature allows users to voluntarily share their genetic information to connect with relatives. A sample of the compromised data, affecting at least one million data points related to Ashkenazi Jewish ancestry and hundreds of thousands concerning individuals of Chinese descent, was put up for sale online. The available data includes personal identifiers and ancestry details, though not the raw genetic data.

The company has advised users to secure their accounts with strong, unique passwords and to enable two-factor authentication. They are still in the process of validating the leaked data, which includes profiles of public figures like Mark Zuckerberg, Elon Musk, and Sergey Brin. However, the legitimacy of this particular data remains unconfirmed, as there are inconsistencies, such as Musk and Brin having identical profile information in the leaked dataset.

The situation underscores the dangers of data breaches, especially with sensitive genetic information, and highlights the continuing issue of “credential stuffing”—where hackers use leaked login details from one breach to access accounts on other platforms. The motive behind targeting data related to Ashkenazi Jews and the extent of additional compromised data are yet to be fully understood. This breach raises significant concerns about the privacy and security risks associated with DNA databases and similar platforms that facilitate the sharing of personal data.

  1. Marina Bay Sands

Marina Bay Sands has reported a data breach affecting approximately 665,000 members of its non-casino rewards program. The breach, which occurred on October 19-20, 2023, involved unauthorized access to customer data, including names, email addresses, phone numbers, countries of residence, and membership details. There is no indication that the casino rewards program was compromised or that the data has been misused. The company has apologized, initiated an investigation with cybersecurity experts, and is contacting affected customers. Authorities have been notified, and measures are being taken to enhance data security.

  1. Casio

Casio Computer Co., Ltd. has recently extended an apology to its users following a security breach that compromised personal data on its educational web application, ClassPad.net on October 11. The breach came to light when a database malfunction was noticed within the development environment for ClassPad.net. Further investigation revealed that this issue was not isolated but part of a larger intrusion that occurred the following evening, leading to the compromise of data belonging to users from various countries.

It was determined that the breach occurred due to deactivated network security protocols within the development system, compounded by a lack of rigorous operational oversight. To address the breach, Casio has temporarily disabled the affected development databases to block any further unauthorized access and has been proactive in contacting the appropriate Japanese data protection authorities. The company is currently consulting with cybersecurity and legal experts to conduct an in-depth investigation and take appropriate measures, as well as cooperating with the police in their investigation.

The types of personal information accessed included customer names, email addresses, countries of residence, purchasing history, and usage details for the service. Casio has confirmed that credit card information was not retained in the database and therefore not at risk. The incident impacted data related to 91,921 Japanese customers, including individuals and educational institutions, along with 35,049 international customers spanning 148 countries.

Casio reiterates its deep regret for the breach and the resulting impact on its customers, pledging a steadfast effort to bolster its security systems to prevent such occurrences in the future.

  1. D-Link

D-Link Corporation faced an alleged data breach after an unauthorized third party claimed on an online forum that they had stolen data. D-Link responded quickly, initiating an investigation and implementing precautionary measures. Their findings, supported by external experts from Trend Micro, indicated that the claim was largely exaggerated and misleading. The data in question was traced back to an obsolete D-View 6 system, decommissioned since 2015, and used for product registration. It did not include user IDs or financial details but contained some low-sensitivity information like contact names and office email addresses.

The breach is thought to have originated from a phishing attack that an employee inadvertently fell victim to, which led to the exposure of the outdated data. D-Link has reviewed its security measures and shut down the servers suspected to be involved, as well as disconnected the test lab from their network. The company reassures that the security systems meet the standards of the time and that they are committed to enhancing their security to prevent future incidents.

In summary, D-Link’s prompt response to the alleged data breach led to findings that contradicted the severity of the online claim. Measures have been taken to safeguard against similar occurrences, and customers have been advised on how to protect their information.

  1. Online stores’ 404 pages stolen

The Akamai Security Intelligence Group has uncovered a novel Magecart web skimming campaign that’s infiltrating a broad range of websites, including those belonging to major players in the food and retail sectors. This particular campaign is notable for its innovative use of three advanced techniques to hide its malicious code, one of which involves exploiting the default 404 error pages of websites—a method previously unseen.

The campaign’s method of operation begins with the injection of a small piece of obfuscated JavaScript, known as a loader, into the website. This loader is responsible for setting up the full malicious attack by initiating a WebSocket channel for communication with the attackers’ command and control server. The attackers then deploy the main skimming code that targets sensitive pages, such as checkout pages, to steal personal and credit card information from unsuspecting users.

Three variations of the campaign have been identified, each showcasing the evolution of the attackers’ methods to evade detection. The first variation uses an image tag with a malformed source attribute to execute JavaScript, while the second mimics legitimate services like Facebook’s Meta Pixel to blend in. The third and most sophisticated variation involves inserting the skimmer within the HTML of the website’s 404 error page, making it extremely difficult to detect and remove. This third variation also employs a different tactic for data exfiltration, using a fake form that overlays the legitimate payment form. This technique captures the user’s data twice—once through the fake form and then again when the user is prompted to re-enter the information on the real form.

The Akamai team tested their Client-Side Protection & Compliance solution against this skimmer and found that it successfully detected and alerted them to the high-severity threat. This case serves as a critical reminder of the importance of advanced security measures to combat the increasingly sophisticated techniques used in web skimming attacks. This emphasizes the importance of vigilance and the adoption of advanced security measures for organizations to protect against these evolving threats. Additionally, it’s a call to action for companies to monitor their websites actively and to consider client-side protection solutions that can detect and mitigate such attacks in real time.

  1. Air Europa

Air Europa, a Spanish airline headquartered in Madrid, is currently in the process of being acquired by International Consolidated Airlines Group, which owns British Airways. The airline has experienced a cyberattack targeting its online payment system, which resulted in some customers’ credit card details being compromised, as reported by the company. The airline has responded by contacting those customers whose information was potentially exposed and has informed the appropriate financial entities about the breach. The exact number of customers impacted and the financial repercussions of the incident have not been disclosed by Air Europa, and they stated that no other personal information was at risk. 

In a previous incident in 2018, which affected 489,000 customers, Air Europa faced penalties for not reporting the breach within the mandated 72-hour period, taking 41 days instead. This past breach was highlighted by the OCU, emphasizing the airline’s obligation to timely report such incidents.


  1. TransForm

A cyberattack on TransForm, a shared service provider, has disrupted operations across five hospitals in the Erie St. Clair region of Ontario, Canada. This attack led to system outages, affecting patient care and resulting in the rescheduling of appointments. TransForm, established by these hospitals to handle IT, supply chain, and accounts payable, acknowledged the cyberattack in a statement and indicated an ongoing investigation to ascertain the attack’s cause and reach. It is currently unclear whether patient information has been compromised.

The affected hospitals include:

  • Windsor Regional Hospital: A major healthcare facility with 642 beds.

  • Hotel Dieu Grace: Specializes in complex care, mental health, and rehabilitation with 313 beds.

  • Erie Shores Healthcare: A significant provider with 72 beds.

  • Hospice of Windsor-Essex: Offers end-of-life care with 23 beds.

  • Chatham-Kent Health Alliance: A community hospital with a 200-bed capacity.

Patients with upcoming appointments at these hospitals are being contacted for rescheduling. Meanwhile, the hospitals have advised individuals not requiring emergency care to seek alternatives such as primary care providers or local clinics to lessen the burden on hospital resources during this period.

As the specifics of the cyberattack are still under review, past patients of these institutions are encouraged to be vigilant, particularly regarding unsolicited communications that may be suspicious.

It’s clear that no entity, regardless of size or industry, is immune to the threat of digital incursions. The essential lesson here is not found in the recounting of breaches but in understanding the dynamic and persistent nature of cyber risks. To navigate this complex landscape, companies must adopt a posture of continuous monitoring and regular security assessments to stay ahead of threats. Utilizing automated tools for real-time analysis and proactive threat intelligence is no longer optional but a critical component of modern cybersecurity strategies. These practices, combined with a culture of security awareness and training, can form a robust defense against a tide of evolving digital dangers. As businesses forge ahead, the integration of advanced cybersecurity measures will be the beacon that guides them through the murky waters of potential cyberattacks, ensuring resilience and trust in the digital era.



Harnessing AI and Machine Learning for Robust Cyber Security

Harnessing AI and Machine Learning for Robust Cyber Security

In a digital era where data breaches and cyber threats loom large, the integration of Artificial Intelligence (AI) and Machine Learning (ML) in cyber security isn’t just an innovation, it’s a necessity. These technological behemoths bolster the fortification of digital realms, ensuring a secure interface for users and a tougher nut to crack for malicious entities.

 

Evolution of Threat Detection

 Traditionally, cyber security measures revolved around predefined algorithms which, although effective to a certain extent, lacked the adaptability to evolving threats. Enter AI and ML. These technologies thrive on learning from data patterns and user behavior, thus, constantly enhancing their threat detection algorithms. Over time, this self-learning mechanism has proven to be a formidable foe against a wide array of cyber-attacks.

Real-Time Response and Mitigation

The prowess of AI and ML extends to real-time threat detection and mitigation. By constantly analyzing data traffic and user behavior, these technologies swiftly identify anomalies. The speed and precision of this real-time response significantly cut down potential damage, saving both time and resources for organizations.

 

Predictive Analysis for Proactive Defense

With the aid of AI and ML, cyber security is transitioning from a reactive to a proactive stance. Predictive analytics, powered by these technologies, foresee potential threats before they manifest. This foresight enables organizations to fortify their defenses in anticipation, thus, staying a step ahead of cyber adversaries.


Automated Routine Checks

 
Automation, facilitated by AI and ML, is another cornerstone in modern-day cyber security. Routine checks for vulnerabilities, often a tedious task, are now conducted with ease and precision. This not only frees up valuable human resources but also ensures a tighter security framework.

 

Training and Simulation

AI and ML are not just about algorithms doing all the work. They are instrumental in training personnel through simulations that mimic real-life cyber-attacks. This practical exposure equips them with a better understanding and an enhanced skill set to tackle real-world cyber threats.

 

 

Enhanced User Authentication

 
The adoption of AI and ML has also ushered in a new era of user authentication. Biometric recognitions such as facial and fingerprint scans are becoming commonplace, thanks to the accuracy and efficiency of these technologies. This has considerably amped up the level of security in various digital platforms.
 
The amalgamation of AI and Machine Learning in cyber security is not a fleeting trend, but a substantial upgrade in the way we approach and handle digital security. Their capability to learn, adapt and react not only bolsters our defense mechanisms but also prepares us for the unforeseeable cyber challenges of the future.
 
Supply Chain Risk Monitoring as a Service
Join us today
Supply Chain Risk Monitoring as a Service
Join us today

Let's Tackle Compliance Together

Waitlist signup

Welcome to Findings

Let's go over some details to setup your tailor-made account


Please fill your details below and click "Next" to create your account:

Payment

Feature
Startup
Business
Enterprise
Price
$10 / Month
$10 / Month
$25 / Month
VDPaaS
Alerts
Assessments
Integrated Apps
API
Join today and scan ALL YOUR VENDORS for FREE*
* FREE VENDOR SCAN for all of your vendors during your first month.
Feature
Startup
Business
Enterprise
Price
$25 / Month
$200 / Month*
Contact Us
Free vendors scan for 1 month
Findings search engine
Rapid security and compliance profile
Profile/showcase engagements per year
5
40
Unlimited
Multi/unlimited showcase use cases
Showcase compliance badge for your website
Best practice self-assessment
1 Findings or 1 BYOC
Assessment response automation
Personalizable, branded security & compliance showcase page
File/evidence repository
OKTA
DKIM
Out-of-the-box TPRM
20 vendors +
20 rating scans
50 vendors +
50 rating scans
Support
Email
Priority via Phone / Email
Internal Workflows (SO/BO)
Onboarding and customization account setup
*Price for every 40 engagements
Automate assessment response and showcase your cybersecurity posture
Supply Chain Risk Monitoring as a Service
Join us today
.
.
.
.

Thank you for signing up!

Supply Chain Risk Monitoring as a Service
Join us today
.
.
.
.

Thank you for signing up!