Tag Archives: drop box hack

November Security Breach Round Up

November Security Breaches

Welcome to this month’s edition of our data breach round up, where we unravel the recent cyber threats that have sent shockwaves across industries. In a digital landscape fraught with challenges, our commitment at Findings is to equip you with the knowledge and tools necessary to navigate these turbulent waters.

This month’s featured breaches spotlight the vulnerabilities that transcend sectors, from the technology giant Samsung to the healthcare domain with McLaren Health Care, and even reaching into the retail space with Dollar Tree. Each incident reveals not only the compromise of personal and sensitive data but also the profound implications for privacy, security, and trust in our increasingly interconnected world.

  1. Samsung:

    Samsung has acknowledged a significant data breach affecting its U.K. customer base. The breach, which spanned a year, was first brought to light in a statement to TechCrunch by Chelsea Simpson, a spokesperson for Samsung via a third-party agency. According to Simpson, the breach led to unauthorized access to contact details of some Samsung U.K. e-store customers. The specifics of the breach, including the number of affected customers and the method used by hackers, remain undisclosed.

    In communications with affected customers, Samsung revealed that the breach stemmed from a vulnerability in an unspecified third-party business application. This vulnerability exposed the personal data of customers who made purchases on the Samsung U.K. store from July 2019 to June 2020. The company only discovered the breach on November 13, 2023, over three years after the fact, as detailed in a letter to customers that was shared on X (formerly Twitter).

    The compromised data includes names, phone numbers, postal and email addresses, but Samsung assures that no financial information or passwords were affected. The company has reported the breach to the U.K.’s Information Commissioner’s Office (ICO), where spokesperson Adele Burns confirmed that the regulator is conducting enquiries into the incident.

    This breach marks the third such incident disclosed by Samsung in the past two years. Previous breaches include a September 2022 attack on Samsung’s U.S. systems, with undisclosed customer impact, and a March 2022 breach where Lapsus$ hackers allegedly leaked around 200 gigabytes of Samsung’s confidential data, including source codes and biometric unlock algorithms.

  2. KidSecurity:

    KidSecurity, a popular parental control app, inadvertently exposed user data due to a security oversight. The app, with over a million downloads, tracks children’s locations and activities. Researchers discovered that the app failed to secure its Elasticsearch and Logstash databases, leaving over 300 million records publicly accessible for over a month. This exposed data included 21,000 phone numbers, 31,000 email addresses, and partial credit card information.

    The unprotected data became a target for malicious actors, with indications of a compromise by the ‘Readme’ bot. Cybersecurity expert Bob Diachenko highlighted the severity of this breach, especially considering the app’s focus on children’s safety. The exposure of sensitive information such as contact details and payment information poses serious risks, including identity theft and fraud. KidSecurity had yet to comment on the breach at the time of the report.

  3. McLaren Health Care:

    McLaren Health Care recently informed its patients of a cybersecurity incident affecting its computer systems. The healthcare provider noticed suspicious activity around August 22, 2023, and immediately commenced an investigation with third-party forensic specialists. This inquiry revealed unauthorized access to McLaren’s network between July 28 and August 23, 2023, with potential data acquisition by the unauthorized party.

    A thorough review, completed by October 10, 2023, indicated that sensitive information might have been compromised. The data at risk includes names, Social Security numbers, health insurance details, medical information like diagnoses, physician details, medical records, and Medicare/Medicaid data.

    In response, McLaren has taken steps to secure its network and is reviewing and reinforcing its data protection policies and procedures. They are also offering affected individuals identity theft protection services through IDX, including credit monitoring and a $1,000,000 insurance policy, valid until February 9, 2024.

    McLaren urges individuals to stay vigilant, monitor their financial statements, and report any suspicious activity. For further assistance, IDX is available for inquiries, with representatives knowledgeable about the incident. McLaren emphasizes that, as of now, there is no evidence of misuse of the compromised information.

  4. Staples:

    Staples, a prominent American office supply retailer, recently confirmed a cyberattack that led to significant service disruptions and delivery issues. The company, operating 994 stores across the US and Canada and 40 fulfillment centers, took immediate action to contain the breach and safeguard customer data. The incident came to light following multiple Reddit posts from earlier in the week, reporting issues with Staples’ internal operations. Employees noted problems accessing various systems, including Zendesk, VPN employee portals, and email services. Comments on Reddit from Staples employees expressed surprise and concern, with one stating, “I’ve never seen anything like this in my 20 years with Staples.”

    Unconfirmed reports also suggested that employees were advised against using Microsoft 365’s single sign-on and that call center staff were sent home. Staples confirmed to BleepingComputer that they had to take protective measures against a “cybersecurity risk,” which disrupted their backend processing, product delivery, and customer service communications. Although Staples stores remain open, the company’s online operations, including staples.com, continue to face challenges. A company spokesperson stated that systems are gradually coming back online, but some delays in processing orders are expected. Staples has assured a swift return to normal operations and has posted a similar notice on their website.

    BleepingComputer reported that no ransomware or file encryption was involved in the attack. Staples’ rapid response, including shutting down networks and VPNs, may have prevented the attack from reaching its full potential. The extent of any data theft and the potential consequences, such as ransom demands, remain to be seen. This cyberattack is not Staples’ first brush with cybersecurity issues. In March 2023, Essendant, a Staples-owned distributor, faced a multi-day outage impacting online orders. Furthermore, in September 2020, a data breach at Staples exposed customer and order information due to an unpatched VPN vulnerability.

  5. Dollar Tree:

    Dollar Tree, a notable discount retail chain with stores across the United States and Canada, has been affected by a data breach involving a third-party service provider, Zeroed-In Technologies. This breach has impacted nearly 2 million individuals, specifically targeting Dollar Tree and Family Dollar employees.

    The breach, occurring between August 7 and 8, 2023, was disclosed in a notification to the Maine Attorney General. While the intrusion into Zeroed-In’s systems was confirmed, the exact details of accessed or stolen files remained unclear. Consequently, Zeroed-In conducted a thorough review to identify the compromised information, which included names, dates of birth, and Social Security numbers (SSNs).

    Affected individuals have been notified and offered a twelve-month identity protection and credit monitoring service. In response to inquiries from BleepingComputer, a Family Dollar spokesperson stated, “Zeroed-In is a vendor that we and other companies use. They informed us that they identified a security incident, and they provided notice of the incident to current and former employees.”

    The breach’s impact may extend beyond Dollar Tree and Family Dollar, potentially affecting other Zeroed-In customers, although this has not been confirmed. Zeroed-In has not responded to inquiries about the incident.

    The breach’s magnitude has prompted law firms to investigate the possibility of a class-action lawsuit against Zeroed-In.

  6. General Electric:

    General Electric (GE), a prominent American multinational involved in various industries, is investigating a possible cyberattack and data theft. A hacker known as IntelBroker allegedly breached GE’s development environment, initially attempting to sell access on a hacking forum for $500. After failing to attract buyers, the threat actor claimed to offer both network access and stolen data, including sensitive military and DARPA-related information.

    IntelBroker, recognized for previous high-profile cyberattacks, provided screenshots as evidence of the breach, showing data from GE Aviation’s database on military projects. GE confirmed to BleepingComputer their awareness of these allegations and their ongoing investigation.

    IntelBroker’s past exploits include a breach of the Weee! grocery service and a significant data theft from D.C. Health Link, a healthcare marketplace used by White House and House staff. The D.C. Health Link breach, which led to a congressional hearing, revealed that a misconfigured server had exposed sensitive data online.

  7. HSE:

    Holding Slovenske Elektrarne (HSE), Slovenia’s largest electricity provider, was recently hit by a ransomware attack. Despite this, the company’s power generation remained unaffected. HSE, which accounts for about 60% of Slovenia’s domestic power production, managed to contain the attack within a few days.

    The company’s IT systems and files were encrypted, but operational functions continued normally. HSE informed national cybersecurity authorities and the police, and engaged external experts for mitigation. While no ransom demand has been received yet, the company remains cautious during the cleanup process.

    Unofficial sources attribute the attack to the Rhysida ransomware gang, known for high-profile attacks without immediate ransom demands. The breach might have occurred through stolen passwords from unprotected cloud storage, although this has not been confirmed. Rhysida has been active since May 2023 and is notorious for targeting various organizations internationally. HSE is yet to issue a formal response to these allegations.

The array of cyberattacks faced by the companies above demonstrate the complexity and severity of the cybersecurity landscape. These incidents serve as stark reminders of the persistent threats in the digital domain, urging organizations to fortify their defenses and adopt more robust data protection measures. As the aftermath of these breaches unfolds, it is imperative for companies to not only address the immediate security gaps but also to engage in proactive measures to safeguard against future threats. Furthermore, these events underscore the need for ongoing vigilance, transparency, and collaboration among businesses, regulatory bodies, and cybersecurity experts to enhance the resilience of our digital ecosystem against such pervasive and evolving threats.

November Security Breach Round Up

November Security Breaches

From grocery stores, to banks, and everything in between – November saw it all when it came to breaches. As I mentioned in September, hackers are not picky. Let’s just say, when an opportunity arises, they will swoop right in and overtake your systems and access any data they can get their e-hands on.

 

Be careful, and keep staying informed – our goal is to make sure no company ends up on this list next month. 

 

Let’s dive in. 

 

  1. WhatsApp


Whatsapp with this?! The app that we all know, love, and use, WhatsApp, has supposedly fallen victim to a massive data leak. And by massive, I mean nearly 500 million user records have been leaked online. So… what happened? On November 16, 2022, an ad on a well-known hacking community forum was posted by someone claiming to be selling a 2022 database of WhatsApp user mobile numbers. It is also claimed that 32 million users from the United States have been included. Although only phone numbers were leaked, it is important to note that leaked phone numbers are typically used for marketing purposes, phishing, impersonation, and fraud. 

 

  1. Bed Bath & Beyond

Ah, phishing at its finest. While almost anyone who enters Bed Bath & Beyond can get lost for hours browsing, no one likes hearing about breached data. The United States retail giant confirmed that unauthorized access to company data was accessed after an employee was phished. In an 8-K filing to the U.S Securities and Exchange Commission, Bed Bath & Beyond explained that data of the employee’s hard drive and other shared drives that the employee had access to were accessed. The company is still investigating whether the drives have any sensitive or personally identifiable information.

 

  1. DropBox


File hosting service, DropBox, also fell victim to a phishing incident. In a statement from the company, they explained the situation saying “We were recently the target of a phishing campaign that successfully accessed some of the code we store in GitHub. No one’s content, passwords, or payment information was accessed, and the issue was quickly resolved. Our core apps and infrastructure were also unaffected, as access to this code is even more limited and strictly controlled. We believe the risk to customers is minimal. Because we take our commitment to security, privacy, and transparency seriously, we have notified those affected.” The company goes on to explain that on October 14, GitHub alerted them that suspicious behavior was going on. DropBox found that a threat actor was pretending to be CircleCI and was able to access one of DropBox’s GitHub accounts. To date, their investigation has found that the code accessed by the threat actor contained some credentials, primarily, API keys used by Dropbox developers.

 

  1. TransUnion


Isn’t it ironic how an agency who determines your credit score, is the one that could be ruining your credit? There are three main credit bureaus in America – Experian, Equifax and TransUnion. Unfortunately, the consumer credit reporting agency, TransUnion, experienced a breach and began notifying individuals about the incident on November 7,2022. The company collects and assembles information on over 1 billion consumers worldwide, 200 million of those being Americans. The type of information that was exposed includes names, social security numbers, driver’s license numbers, and account numbers. 

 

  1. AirAsia


AirAsia, the largest airline in Malaysia with approximately 22,000 employees and worldwide operations, has unfortunately fallen victim to a supposed ransomware attack. The group behind this attack is known as the Daixin Ransomware Gang and they have supposedly stolen data of 5 million AirAsia passengers and employees. The Daixin team is known for disrupting operations with ransomware and stealing personally identifiable information. With this data, the cyber threat group threatens to release the stolen information unless a ransom is paid. In a tweet shared by Soufiane Tahiri, screenshots from the group can be seen that were posted on the dark web. The information applies to both employees and passengers. In these documents, information such as date of birth, country of birth, where the person is from, start of employment for employees and their secret question and answer used to secure their accounts could be found. 

 

  1. Sonder


In a company security update, Sonder, a hospitality company, notified the public that they became aware of unauthorized access to one of its systems that included guest records. Information that was accessed includes: 

  • Sonder.com username and encrypted password

  • Full name, phone number, date of birth, address, and email address

  • Certain guest transaction receipts, including the last 4 digits of credit card numbers and transaction amounts

  • Dates booked for stays at a Sonder property

  • Government issued identification such as driver’s licenses or passports

 

  1. Sobeys

This incident shows that ANY business can get breached. Even a supermarket. Incase you aren’t familiar, Sobeys is one of the two national grocery retailers in Canada. On November 7, 2022, Sobeys’ parent company wrote in a notice that the grocery stores were impacted by an IT systems issue. While the company hasn’t publicly confirmed a cyber attack on its systems, a local media outlet reported that “two provincial privacy watchdogs said they had received data breach reports from Sobeys. Both Quebec’s access to information commission and Alberta’s privacy commission have both been notified by the grocer about a “confidentiality incident.” 

 

  1. Whoosh

Russian scooter sharing company known as Whoosh has confirmed that it too was breached. Hackers started to sell a database containing the details of 7.2 million customers on a hacking forum. Alleged stolen data on the hacking forum allegedly contains promotion codes that would allow someone to access the service for free, as well as partial user identification and payment card data. Included were email addresses, phone numbers, and first names. A russian news outlet, RIA Novosti was told by Whoosh that, “The leak of some of the personal data of customers of the Russian scooter rental service Whoosh at the beginning of November did indeed occur, but did not affect sensitive user data, such as access to accounts, transaction information or travel details” 

 

  1. Coinsquare:


Cryptocurrency is a sexy industry to talk about, but this incident is a little less appealing. To round up the month, a Canadian cryptocurrency exchange, Coinsquare has become the latest victim of a security breach. Data such as customer names, email addresses, residential addresses, phone numbers, dates of birth, device IDs, public wallet addresses, transaction history, and account balances were compromised. According to customer reports, Coinsquare allegedly contacted them via email and let them know that it had identified an intrusion and a database containing personal information accessed by an unintended third party. In a Tweet responding to an account sharing about the hack, Coinsquare wrote, “We have no evidence any of this information was viewed by the bad actor, but in an abundance of caution, we wanted to make our users aware. We notified all clients, but only identified 3 clients whose accounts were accessed.” 



Companies can get careless when it comes to securing their systems, their employees, and their customers. And while we are here to help you, the first step begins with you staying informed. Which we see you are since you made it this far! 


We’re here to help you. Contact us today

Supply Chain Risk Monitoring as a Service
Join us today
Supply Chain Risk Monitoring as a Service
Join us today
Waitlist signup

Welcome to Findings

Let's go over some details to setup your tailor-made account


Please fill your details below and click "Next" to create your account:

Payment

Feature
Startup
Business
Enterprise
Price
$10 / Month
$10 / Month
$25 / Month
VDPaaS
Alerts
Assessments
Integrated Apps
API
Join today and scan ALL YOUR VENDORS for FREE*
* FREE VENDOR SCAN for all of your vendors during your first month.
Feature
Startup
Business
Enterprise
Price
$25 / Month
$200 / Month*
Contact Us
Free vendors scan for 1 month
Findings search engine
Rapid security and compliance profile
Profile/showcase engagements per year
5
40
Unlimited
Multi/unlimited showcase use cases
Showcase compliance badge for your website
Best practice self-assessment
1 Findings or 1 BYOC
Assessment response automation
Personalizable, branded security & compliance showcase page
File/evidence repository
OKTA
DKIM
Out-of-the-box TPRM
20 vendors +
20 rating scans
50 vendors +
50 rating scans
Support
Email
Priority via Phone / Email
Internal Workflows (SO/BO)
Onboarding and customization account setup
*Price for every 40 engagements
Automate assessment response and showcase your cybersecurity posture
Supply Chain Risk Monitoring as a Service
Join us today
.
.
.
.

Thank you for signing up!

Supply Chain Risk Monitoring as a Service
Join us today
.
.
.
.

Thank you for signing up!