data breaches Archives - Cyber Security Minute

DOJ-Collected Information Exposed in Data Breach Affecting 340,000

Issued by: SecurityWeek

The incident was detected on May 30, 2023, but it took the firm roughly eight months to investigate and determine what type of information was compromised and to identify the impacted individuals. According to GMA’s notification letter to the affected individuals, a copy of which was submitted to the Maine Attorney General’s Office, both personal…

Malware & Threats

US Navy Ship Builder Says No Classified Info Leaked in Cyberattack

Issued by: Dark Reading

The US leg of an Australia-based shipbuilding company, Austal, which is a contractor for the US Department of Defense and the Department of Homeland Security, recently alerted the FBI and the Naval Criminal Investigative Service (NCIS) of a cyberattack. The cyberattack was claimed by the Hunters International ransomware group, which leaked stolen information as proof…

News

Canadian government impacted by data breaches of two of its contractors

Issued by: Security Affairs

The Canadian government declared that two of its contractors, Brookfield Global Relocation Services (BGRS) and SIRVA Worldwide Relocation & Moving Services, have been hacked, resulting in the exposure of sensitive information belonging to an undisclosed number of government employees. Data belonging to current and former Government of Canada employees, members of the Canadian Armed Forces…

News

Victims Sue Financial Firms Over MOVEit Data Breaches

Issued by: DataBreach Today

Financial services firms affected by the mass attack on MOVEit file-sharing software are among the latest to face lawsuits from affected individuals. One such lawsuit, filed against Prudential, wants the firm to pay for 10 years of identity theft monitoring service since stolen Social Security numbers cannot be replaced. So far 998 organizations are known…

News

Breach Roundup: US CFPB, NCR and Rheinmetall

Issued by: DataBreach Today

Not every data breach needs a hacker; sometimes just a careless employee will do. The U.S. Consumer Financial Protection Bureau said a now-ex-employee sent records containing Americans’ private data to a personal email account. Over the course of 14 emails, the employee sent records including two spreadsheets containing names and transaction-specific account numbers related to…

News

BlackCat Leaking Patient Data and Photos Stolen in Attack

Issued by: DataBreach Today

Russian-speaking ransomware gang BlackCat is leaking data stolen from a Pennsylvania-based healthcare group, including photos of breast cancer patients. On Saturday, the ransomware group posted on its dark leak site a message taunting Lehigh Valley Health Network. “We have been in your network a long time and have had time to study your business,” the…

Vulnerabilities

Hacked home computer of engineer led to second LastPass data breach

Issued by: CSO Online

Password management company LastPass, which was hit by two data breaches last year, has revealed that data exfiltrated during the first intrusion, discovered in August, was used to target the personal home computer of one of its devops engineers and launch a second successful cyberatttack, detected in November. The threat actor involved in the breaches…

News

GoDaddy Says Recent Hack Part of Multi-Year Campaign

Issued by: Security Week

In a statement published last week on its website, the hosting giant said a small number of customers complained in early December 2022 about their websites being intermittently redirected. An analysis showed the redirects occurring on apparently random sites hosted on GoDaddy’s cPanel shared hosting services. The redirects were difficult to reproduce. Further analysis revealed…

Network Security

The Future of Endpoint Management

Issued by: Security Week

Media coverage of data breaches (e.g., Cisco, Flagstar Bank, South Denver Cardiology Associates) often puts a spotlight on the tail end of the cyberattack life cycle, focusing on the exfiltration points rather than how the threat actor got there. Post-mortem analysis has repeatedly found that the most common source of a hack is compromised credentials…

Software Security

Using real customer data in testing environments creates unnecessary risk

Issued by: Help Net Security

A new study polling 1,000 software developers and startup employees found 29% of companies use unprotected production data (real customer data) in testing environments when testing and troubleshooting their company’s software — increasing the risk of exposure in the event of a data breach. Unprotected production data is defined as data that is not de-identified…