January 2024 data breaches findings.co

January 2024 Data Breach Round Up

Enhancing Cybersecurity in the Face of Growing Threats

U.S. SEC’s X Account Compromise

The U.S. Securities and Exchange Commission’s (SEC) X account was hacked to falsely announce the approval of Bitcoin ETFs, causing a temporary spike in Bitcoin prices. The false claim was quickly addressed by SEC Chairperson Gary Gensler, who clarified that the SEC had not approved Bitcoin ETFs and that the tweet was unauthorized. This hacking incident is part of a broader wave of cyberattacks on verified X accounts aimed at promoting cryptocurrency scams. Notably, companies like Netgear, Hyundai MEA, and cybersecurity firms such as CertiK and Mandiant have also been targeted. The SEC has terminated the unauthorized access and is collaborating with law enforcement to investigate the breach and its implications. The incident underscores the growing concern over cybersecurity in the digital finance space.

VF Corporation Data Breach

On January 18, 2024, VF Corporation, the parent company of popular brands such as Vans, Timberland, The North Face, Dickies, and Supreme, reported a ransomware attack it experienced in December that compromised the personal information of over 35 million customers. Fortunately, sensitive information like social security numbers, bank account, or payment card details were not stolen as the company does not store these details on its systems. Despite no evidence of stolen consumer passwords, the breach disrupted business operations, leading to the temporary shutdown of IT systems, inventory replenishment issues, and delayed order fulfillments. VF Corp has since managed to restore the affected IT systems and reported minimal operational issues in its retail stores, e-commerce sites, and distribution centers as of the latest update.

Trello API Misuse

An exposed Trello API vulnerability was exploited to link private email addresses to 15 million Trello accounts, leading to a significant data leak. The issue came to light when a user named ’emo’ attempted to sell the data on a hacking forum, which included emails, usernames, full names, and other account information. Trello, owned by Atlassian, attributed the leak to public data scraping and not unauthorized system access. However, further investigation revealed that a publicly accessible API allowed the association of email addresses with Trello profiles without requiring authentication. Trello has since modified the API to prevent unauthenticated queries, aiming to balance user convenience with security. The data breach underscores the potential for abuse in public APIs and highlights the importance of securing such interfaces against unauthorized access. This incident also raises concerns about the use of public data in targeted phishing campaigns, prompting users to be vigilant.

Capital Health Ransomware Attack

The LockBit ransomware group has taken responsibility for a cyberattack on Capital Health, a key healthcare provider in New Jersey and Pennsylvania, in November 2023. On their data leak site, the group wrote, “We purposely didn’t encrypt this hospital so as not to interfere with patient care. We just stole over 10 million files.” They have threatened to release seven terabytes of sensitive data and negotiation communications if their ransom demands are not met. Although LockBit typically forbids affiliates from encrypting hospital network files to avoid disrupting patient care, they claim to have stolen data without encryption in this instance. Capital Health has restored its systems and enhanced security measures but is still assessing the extent of the data breach. This incident is part of a disturbing trend where healthcare organizations, despite guidelines advising against such attacks for ethical reasons, are increasingly targeted by ransomware gangs. LockBit’s actions, including previous attacks on healthcare institutions globally, challenge the notion of “harmless” cyberattacks by highlighting the potential for significant operational disruptions and data breaches within the healthcare sector.

loanDepot Cyberattack

loanDepot, a leading U.S. mortgage lender, experienced a cyberattack that disrupted its IT systems and online payment portal, affecting customers’ ability to make loan payments and contact the company via phone. In company notice, it is now revealed that, “Although its investigation is ongoing, the Company has determined that an unauthorized third party gained access to sensitive personal information of approximately 16.6 million individuals in its systems. The Company will notify these individuals and offer credit monitoring and identity protection services at no cost to them.” The incident led loanDepot to take certain systems offline as they work with law enforcement and forensic experts to investigate and resolve the issue. In an 8-K filing, the company reported that the unauthorized actor gained access to certain company systems and the encryption of data. This attack raises concerns about potential data theft, including sensitive customer information, which could lead to phishing attacks or identity theft. This event marks another significant cyber challenge for loanDepot, following a data breach disclosed in May from an August 2022 cyberattack, highlighting ongoing security threats in the financial services sector.

Trezor Support Site Breach

Trezor, a leading hardware cryptocurrency wallet provider, announced a security breach affecting its third-party support ticketing portal, exposing personal data of 66,000 customers. The breach, detected on January 17, led to unauthorized access but did not compromise users’ digital assets. Trezor reassured customers that their funds remain secure and their devices are unaffected. However, the breach exposed names or usernames and email addresses of users who interacted with Trezor Support since December 2021. Although other personal information like postal addresses and phone numbers were stored, there’s no evidence they were accessed. The company confirmed 41 instances of data exploitation, with attackers phishing for users’ recovery seeds via email, posing as Trezor Support. Trezor has alerted potentially affected users, emphasizing that wallet recovery seeds should never be shared, as disclosing them could lead to irreversible cryptocurrency theft. The unauthorized access has been terminated, and the risk mitigated.

Veolia North America Ransomware Attack

Veolia North America, part of the global Veolia group, was hit by a ransomware attack affecting its Municipal Water division’s systems and disrupting online bill payment services. Veolia responded by taking certain systems offline and is collaborating with law enforcement and forensic experts to understand the attack’s full impact. The company reassured customers that payments made during the disruption have been processed and no late fees or interest charges will apply. Importantly, Veolia’s water treatment and wastewater services remained uninterrupted, indicating the attack was limited to internal back-end systems. A small number of individuals’ personal information may have been compromised, and Veolia is assessing the extent of this breach. This incident underscores the growing cybersecurity threats facing critical water infrastructure, highlighting recent attacks on other water services and CISA’s efforts to bolster security within the sector.

Jason’s Deli Credential Stuffing Attack

Jason’s Deli has reported a data breach due to a credential stuffing attack, impacting customers of its online platform. Hackers obtained login credentials from other breaches and tested them on Jason’s Deli’s website on December 21, 2023. This type of attack exploits the common practice of using the same password across multiple services, posing a risk to accounts with reused credentials. The breach potentially exposed personal data including names, addresses, phone numbers, birthdays, preferred locations, account numbers, Deli Dollar points, and the last four digits of credit card and gift card numbers. The exact number of affected accounts is unknown, but all potentially impacted customers, estimated at 344,034, have been notified and advised to reset their passwords. Jason’s Deli is also restoring any unauthorized use of Deli Dollars to ensure customers do not face losses.

A Call to Action for Cybersecurity Leaders

These incidents collectively highlight the multifaceted nature of cyber threats and the critical need for advanced security measures, employee training, and regulatory compliance. CISOs, cybersecurity experts, and risk managers must remain vigilant, adopting a proactive approach to cybersecurity that anticipates and mitigates potential threats. Collaboration, innovation in security technologies, and adherence to best practices are essential in safeguarding against the evolving cyber threat landscape, ensuring the integrity and resilience of organizational operations in an increasingly digital world.

Supply Chain Risk Monitoring as a Service
Join us today
Supply Chain Risk Monitoring as a Service
Join us today
Waitlist signup

Welcome to Findings

Let's go over some details to setup your tailor-made account


Please fill your details below and click "Next" to create your account:

Payment

Feature
Startup
Business
Enterprise
Price
$10 / Month
$10 / Month
$25 / Month
VDPaaS
Alerts
Assessments
Integrated Apps
API
Join today and scan ALL YOUR VENDORS for FREE*
* FREE VENDOR SCAN for all of your vendors during your first month.
Feature
Startup
Business
Enterprise
Price
$25 / Month
$200 / Month*
Contact Us
Free vendors scan for 1 month
Findings search engine
Rapid security and compliance profile
Profile/showcase engagements per year
5
40
Unlimited
Multi/unlimited showcase use cases
Showcase compliance badge for your website
Best practice self-assessment
1 Findings or 1 BYOC
Assessment response automation
Personalizable, branded security & compliance showcase page
File/evidence repository
OKTA
DKIM
Out-of-the-box TPRM
20 vendors +
20 rating scans
50 vendors +
50 rating scans
Support
Email
Priority via Phone / Email
Internal Workflows (SO/BO)
Onboarding and customization account setup
*Price for every 40 engagements
Automate assessment response and showcase your cybersecurity posture
Supply Chain Risk Monitoring as a Service
Join us today
.
.
.
.

Thank you for signing up!

Supply Chain Risk Monitoring as a Service
Join us today
.
.
.
.

Thank you for signing up!