Category Archives: Cyber Attacks

November Security Breach Round Up

November security breach round up

From grocery stores, to banks, and everything in between – November saw it all when it came to breaches. As I mentioned in September, hackers are not picky. Let’s just say, when an opportunity arises, they will swoop right in and overtake your systems and access any data they can get their e-hands on.

 

Be careful, and keep staying informed – our goal is to make sure no company ends up on this list next month. 

 

Let’s dive in. 

 

  1. WhatsApp


Whatsapp with this?! The app that we all know, love, and use, WhatsApp, has supposedly fallen victim to a massive data leak. And by massive, I mean nearly 500 million user records have been leaked online. So… what happened? On November 16, 2022, an ad on a well-known hacking community forum was posted by someone claiming to be selling a 2022 database of WhatsApp user mobile numbers. It is also claimed that 32 million users from the United States have been included. Although only phone numbers were leaked, it is important to note that leaked phone numbers are typically used for marketing purposes, phishing, impersonation, and fraud. 

 

  1. Bed Bath & Beyond

Ah, phishing at its finest. While almost anyone who enters Bed Bath & Beyond can get lost for hours browsing, no one likes hearing about breached data. The United States retail giant confirmed that unauthorized access to company data was accessed after an employee was phished. In an 8-K filing to the U.S Securities and Exchange Commission, Bed Bath & Beyond explained that data of the employee’s hard drive and other shared drives that the employee had access to were accessed. The company is still investigating whether the drives have any sensitive or personally identifiable information.

 

  1. DropBox


File hosting service, DropBox, also fell victim to a phishing incident. In a statement from the company, they explained the situation saying “We were recently the target of a phishing campaign that successfully accessed some of the code we store in GitHub. No one’s content, passwords, or payment information was accessed, and the issue was quickly resolved. Our core apps and infrastructure were also unaffected, as access to this code is even more limited and strictly controlled. We believe the risk to customers is minimal. Because we take our commitment to security, privacy, and transparency seriously, we have notified those affected.” The company goes on to explain that on October 14, GitHub alerted them that suspicious behavior was going on. DropBox found that a threat actor was pretending to be CircleCI and was able to access one of DropBox’s GitHub accounts. To date, their investigation has found that the code accessed by the threat actor contained some credentials, primarily, API keys used by Dropbox developers.

 

  1. TransUnion


Isn’t it ironic how an agency who determines your credit score, is the one that could be ruining your credit? There are three main credit bureaus in America – Experian, Equifax and TransUnion. Unfortunately, the consumer credit reporting agency, TransUnion, experienced a breach and began notifying individuals about the incident on November 7,2022. The company collects and assembles information on over 1 billion consumers worldwide, 200 million of those being Americans. The type of information that was exposed includes names, social security numbers, driver’s license numbers, and account numbers. 

 

  1. AirAsia


AirAsia, the largest airline in Malaysia with approximately 22,000 employees and worldwide operations, has unfortunately fallen victim to a supposed ransomware attack. The group behind this attack is known as the Daixin Ransomware Gang and they have supposedly stolen data of 5 million AirAsia passengers and employees. The Daixin team is known for disrupting operations with ransomware and stealing personally identifiable information. With this data, the cyber threat group threatens to release the stolen information unless a ransom is paid. In a tweet shared by Soufiane Tahiri, screenshots from the group can be seen that were posted on the dark web. The information applies to both employees and passengers. In these documents, information such as date of birth, country of birth, where the person is from, start of employment for employees and their secret question and answer used to secure their accounts could be found. 

 

  1. Sonder


In a company security update, Sonder, a hospitality company, notified the public that they became aware of unauthorized access to one of its systems that included guest records. Information that was accessed includes: 

  • Sonder.com username and encrypted password

  • Full name, phone number, date of birth, address, and email address

  • Certain guest transaction receipts, including the last 4 digits of credit card numbers and transaction amounts

  • Dates booked for stays at a Sonder property

  • Government issued identification such as driver’s licenses or passports

 

  1. Sobeys

This incident shows that ANY business can get breached. Even a supermarket. Incase you aren’t familiar, Sobeys is one of the two national grocery retailers in Canada. On November 7, 2022, Sobeys’ parent company wrote in a notice that the grocery stores were impacted by an IT systems issue. While the company hasn’t publicly confirmed a cyber attack on its systems, a local media outlet reported that “two provincial privacy watchdogs said they had received data breach reports from Sobeys. Both Quebec’s access to information commission and Alberta’s privacy commission have both been notified by the grocer about a “confidentiality incident.” 

 

  1. Whoosh

Russian scooter sharing company known as Whoosh has confirmed that it too was breached. Hackers started to sell a database containing the details of 7.2 million customers on a hacking forum. Alleged stolen data on the hacking forum allegedly contains promotion codes that would allow someone to access the service for free, as well as partial user identification and payment card data. Included were email addresses, phone numbers, and first names. A russian news outlet, RIA Novosti was told by Whoosh that, “The leak of some of the personal data of customers of the Russian scooter rental service Whoosh at the beginning of November did indeed occur, but did not affect sensitive user data, such as access to accounts, transaction information or travel details” 

 

  1. Coinsquare:


Cryptocurrency is a sexy industry to talk about, but this incident is a little less appealing. To round up the month, a Canadian cryptocurrency exchange, Coinsquare has become the latest victim of a security breach. Data such as customer names, email addresses, residential addresses, phone numbers, dates of birth, device IDs, public wallet addresses, transaction history, and account balances were compromised. According to customer reports, Coinsquare allegedly contacted them via email and let them know that it had identified an intrusion and a database containing personal information accessed by an unintended third party. In a Tweet responding to an account sharing about the hack, Coinsquare wrote, “We have no evidence any of this information was viewed by the bad actor, but in an abundance of caution, we wanted to make our users aware. We notified all clients, but only identified 3 clients whose accounts were accessed.” 



Companies can get careless when it comes to securing their systems, their employees, and their customers. And while we are here to help you, the first step begins with you staying informed. Which we see you are since you made it this far! 


We’re here to help you. Contact us today

October Security Breach Round Up

October was Cyber Security Awareness Month, and yet, another month, another breach. In a month that is geared towards helping organizations protect themselves, large companies have yet again fallen victim to these heinous attacks. One after the other, many companies and their consumers are now wondering when these breaches will stop. 

 

Here are our top October 2022 know-worthy incidents:

 

Toyota:

    • Toyota is no stranger to data breaches. And by the looks of it, it seems as though the company hasn’t learned from past mistakes (remember the 2019 breach that affected over 3 million of Toyota’s customers?). On October 7, 2022, Toyota issued an apology after nearly 300,000 people who used T-Connect, a telematics service that connects vehicles via a network, were exposed. The Japanese car giant explained that personal data was leaked when an access key was publicly made available on GitHub for almost five years. Email addresses and customer control numbers may have been exposed since 2017.


Microsoft:

    • Another tech giant hit yet again. On October 19, 2022, Microsoft addressed the public after security researchers at SOCRadar informed Microsoft of a misconfigured Microsoft endpoint. After the discovery, Microsoft explained that the researchers exaggerated the entire situation. This misconfiguration resulted in the potential for unauthenticated access to some business transaction data corresponding to interactions between Microsoft and prospective customers. Information about planning or potential implementation and provisioning of Microsoft services was involved. In addition, the data that was potentially compromised includes names, email addresses, email content, company name, and phone numbers, and may have included attached files relating to business between a customer and Microsoft or an authorized Microsoft partner. 


Verizon:

    • In a notice, the company confirms, “we determined that between October 6 and October 10, 2022, a third party actor accessed the last four digits of the credit card used to make automatic payments on your account. Using the last four digits of that credit card, the third party was able to gain access to your Verizon account and may have processed an unauthorized SIM card change on the prepaid line that received the SMS linking to this notice.” 


Carousell:

    • On October 14, Carousell Singapore disclosed that it experienced a breach. And this wasn’t a small breach either – almost 2 million accounts were compromised. The company explains, “it is unlikely that this incident will result in an identity theft as it does not include information like your NRIC number,” but it is believed that emails were compromised. 


Medibank:

    • Bad news for Medibank, one of the largest Australian private health insurance providers. On October 12, 2022 the company discovered that customer information may have been compromised after a hack on their systems. It was thought that the original hack only affected certain customers, but after this week, the company is assuming that all 3.9 million customers were affected. The company said it had received a series of files from the alleged hacker, and they found the files included 100 ahm policy records, which include personal and health claims data, plus another 1,000 policy records from ahm, and files which contain some Medibank, ahm and international student customer data. The records provided to the company include names, addresses, dates of birth, Medicare numbers, phone numbers and medical claims data, including information about diagnosis, procedures and location of medical services.


Twilio:

    • Sometimes companies just can’t catch a break. Cloud communications company, Twilio, disclosed a new data breach stemming from a June 2022 security incident. After a lengthy investigation, the company concluded that 209 customers and 93 Authy end users had accounts that were impacted by the incident. 

 

Don’t let your company end up on this list. See how findings can help you here.

September Security Breach Round Up

September Security Breach Round Up. An iPhone with a broken lock - signifying a breach.

Cybersecurity threats have become an integrated part of every company’s lifecycle. They are occurring now more than ever, and hackers are not selective – ultimately putting any company at risk for an attack. 

 

To keep your company safe and your cybersecurity team up to date with the latest trends, it’s important to learn from recent incidents to avoid the same mistakes that left even the world’s largest corporations exposed. 

 

Here are our top 5 September 2022 read-worthy incidents:

 

Uber:

Sneaking out of the house isn’t the only thing teens are getting good at and a recent breach proves this. On September 15, 2022, Uber fell victim to an attack. In this case, a suspected teen hacker, who Uber believes is a part of Lapsus$, was able to access Uber’s systems. In a company notice, Uber explains that the hacker likely purchased an Uber EXT contractor’s password off the dark web, and after many attempts, was successfully able to access this worker’s account. Several internal systems, internal slack messages, information from an internal tool the company uses to manage invoices, and their dashboard at HackerOne were all accessed. 


Samsung:

Most would think that one of the world’s biggest tech companies is heavily secure, right? Well… On September 2, 2022, Samsung confirmed a cybersecurity incident that affected customer data. Information such as name, contact and demographic information, date of birth, and product registration information may have been compromised. After further investigation, Samsung discovered that this incident stemmed from an unauthorized third party acquiring information from some of Samsung’s U.S. systems. 


Optus:

Optus, one of Australia’s largest telecommunication companies, suffered a cyberattack and confirmed it on September 22, 2022, through a company announcement. Customer names, dates of birth, phone numbers, email addresses, street addresses, medicare cards, and ID document numbers such as driver’s license and passport numbers of over 9 million people were potentially exposed.


American Airlines (Again?! Really?!):

On September 16, 2022, American Airlines informed customers that they experienced a security incident in July 2022. The notice explains the discovery of an unauthorized actor who compromised the email accounts of a limited number of American Airlines employees. Upon further investigation, they found that personal information such as name, date of birth, mailing address, phone number, email address, driver’s license number, passport number, and/or certain medical information were accessible through  the email accounts. 


Tap Air Portugal:

As aviation becomes a hot target, TAP Air Portugal released an important notice to customers on September 21, 2022, regarding a cyber attack discovered back in August. The notice reads, “Regretfully, we want to inform that the following categories of personal data from some customers of TAP have been disclosed: name, nationality, gender, date of birth, address, email, telephone contact, customer registration date and frequent flyer number. The information for each affected customer may vary. We are releasing this notice to make customers aware of this matter. There is no indication that payment data was exfiltrated from TAP’s network.” While the company did not disclose how many people were affected, it is believed that over 1.5 million TAP customers had their data stolen. 


While we’ve only listed 5 of the many incidents that occurred in September, it’s important to mention that breaches occur all the time, and hackers are getting more and more creative and sophisticated. 


As businesses, it’s even more important for you to find ways to prevent, detect, and respond to these attacks in a quick and effective manner. 


Keeping your supply chain secure is vital to keeping it functioning properly and that’s why we’ve put together a supply chain security enhancement checklist for companies to reference. 

 

 

                                                                      At Findings, we help secure your digital supply chain. Discover how we can benefit your business here.

Supply Chain Risk Monitoring as a Service
Join us today
Supply Chain Risk Monitoring as a Service
Join us today
Waitlist signup

Welcome to Findings

Let's go over some details to setup your tailor-made account


Please fill your details below and click "Next" to create your account:

Payment

Feature
Startup
Business
Enterprise
Price
$10 / Month
$10 / Month
$25 / Month
VDPaaS
Alerts
Assessments
Integrated Apps
API
Join today and scan ALL YOUR VENDORS for FREE*
* FREE VENDOR SCAN for all of your vendors during your first month.
Feature
Startup
Business
Enterprise
Price
$25 / Month
$200 / Month*
Contact Us
Free vendors scan for 1 month
Findings search engine
Rapid security and compliance profile
Profile/showcase engagements per year
5
40
Unlimited
Multi/unlimited showcase use cases
Showcase compliance badge for your website
Best practice self-assessment
1 Findings or 1 BYOC
Assessment response automation
Personalizable, branded security & compliance showcase page
File/evidence repository
OKTA
DKIM
Out-of-the-box TPRM
20 vendors +
20 rating scans
50 vendors +
50 rating scans
Support
Email
Priority via Phone / Email
Internal Workflows (SO/BO)
Onboarding and customization account setup
*Price for every 40 engagements
Automate assessment response and showcase your cybersecurity posture
Supply Chain Risk Monitoring as a Service
Join us today
.
.
.
.

Thank you for signing up!

Supply Chain Risk Monitoring as a Service
Join us today
.
.
.
.

Thank you for signing up!