While a new year is supposed to bring in new and exciting opportunities, quite the opposite happened to these companies after they had their resolutions spoiled by hackers. Let’s review some of the most interesting data breaches that happened in January..
PayPal:
Yes, even massive financial companies like PayPal fall victim to breaches. On January 18, 2023, PayPal informed customers that unauthorized parties were able to access PayPal customer accounts using their login credentials. In the company notice, PayPal writes, “the personal information that was exposed could have included your name, address, Social Security number, individual tax identification number, and/or date of birth.” After an incident like this, it is extremely important that users change their passwords for other online accounts as well as activate two-factor authentication, which can prevent hackers from accessing their other accounts.
T-Mobile:
Another breach? This time, 37 million people were apparently affected. On January 19th, 2023, T-Mobile released a statement writing, “We are currently in the process of informing impacted customers that after a thorough investigation we have determined that a bad actor used a single Application Programming Interface (or API) to obtain limited types of information on their accounts.” Obtained information includes name, billing address, email, phone number, date of birth, account number, and information such as the number of lines on the account and service plan features. T-Mobile further writes, “While we, like any other company, are unfortunately not immune to this type of criminal activity, we plan to continue to make substantial, multi-year investments in strengthening our cybersecurity program.” While we hope that T-Mobile does indeed strengthen their cybersecurity program, we’d like to note that the telecommunications giant has suffered several security incidents in the past few years.
Google Fi:
Think of a domino effect here. When one goes down, so can the next. It is alleged that Google Fi’s security incident is connected to the T-Mobile incident right above this one. Google Fi is a mobile virtual network operator that uses T-Mobile’s network for the majority of its connections. It is believed that hackers may have accessed customer information such as phone numbers, SIM card serial numbers, account status, and mobile service plan data. To explain the aftermath of this, BleepingComputer explained that, “the exposed technical SIM data allowed threat actors to conduct SIM swap attacks on some Google Fi customers, with one customer reporting that the hackers gaining access to their Authy MFA account. SIM swapping attacks are when threat actors convince mobile carriers to port a customer’s phone number to a mobile SIM card under the attacker’s control.” After the SIM swapping attacks, hackers can access a person’s email, accounts registered with the phone number, and authentication apps.
Mailchimp:
Don’t be that person – always think twice before opening links from people you don’t know. On January 11, 2023, Mailchimp discovered that an unauthorized actor conducted a social engineering attack on Mailchimp employees and contractors. By doing so, the hacker was able to obtain access to select Mailchimp accounts using employee credentials compromised in that attack. The hacker accessed a tool used by Mailchimp customer-facing teams for customer support and account administration. In a company notice explaining the situation, Mailchimp confirms, “this targeted incident has been limited to 133 Mailchimp accounts.”
JDSports:
JDSports, a British sports-fashion retail company based in England also unfortunately fell victim to an attack in January. JDSports notified customers via email explaining the situation, pictured below.
The sports company warns that the attack resulted in unauthorized access to a system containing customer information for orders placed between November 2018 and October 2020. Information such as full names, billing details, delivery addresses, email addresses, phone numbers, order details, and final four digits of payment cards were accessed.
Before wrapping up for the month, did you hear about SwiftSlicer, a new data wiping malware that aims to overwrite crucial files used by the Windows operating system? BleepingComputer explains that it allows “domain admins to execute scripts and commands throughout all of the devices in the Windows network. SwiftSlicer was deployed to delete shadow copies and to overwrite critical files in the Windows system directory, specifically drivers and the Active Directory database.” Researchers at a cybersecurity company, ESET, say that SwiftSlicer has the ability to overwrite data using 4096 bytes blocks and then the malware can reboot the system. Since this is a new discovery, it’s important that companies continue using the most up-to-date antivirus softwares.
Learn About Our Continuous Monitoring Solution