CYBER SECURITY NEWS – WEEK OF JUNE 10, 2024
The Snowflake Attack May Be Turning Into One of the Largest Data Breaches Ever
- A recent data breach at Snowflake, a cloud storage company, has the potential to become one of the largest data breaches ever.
- The breach began when hackers attempted to access Snowflake customer accounts using stolen login details. Initially, Snowflake reported that a “limited number” of accounts were accessed, but since then, cybercriminals have claimed to be selling stolen data from two major firms, allegedly taken from Snowflake accounts.
- Hundreds of Snowflake customer passwords have been found online and are accessible to hackers.
- The scope and scale of the attack are still unclear, but it has been linked to data breaches at Ticketmaster and Santander.
- Two additional companies, Advance Auto Parts and LendingTree, have been implicated in the breach, with claims of 380 million and 190 million customer details being stolen, respectively.
Collection agency FBCS ups data breach tally to 3.2 million people
- Collection agency Financial Business and Consumer Solutions (FBCS) has updated the number of people affected by a data breach that occurred in February.
- Initially, the agency reported that approximately 1.9 million people were impacted, but it has now been confirmed that over 3.2 million individuals have been compromised.
- The stolen data includes full names, Social Security Numbers, dates of birth, account information, and driver’s license numbers or ID cards.
Corse GSM Data Breach: 200,000 Customer Details of French Telecom Giant Allegedly Compromised
- Corse GSM, a major French telecommunications company, has allegedly suffered a data breach that compromised the personal details of around 200,000 customers.
- The breach was attributed to a hacker known as ‘ShopifyGUY’ who claimed to have infiltrated Corse GSM’s systems.
- The exposed customer data is believed to include sensitive information like names, addresses, phone numbers, and other personal details.
- The incident has raised serious concerns about data security practices in the telecom industry and the need for companies to prioritize cybersecurity investments.
Major ransomware attack strikes busy hospital system, prompting canceled operations and appointments
- A major ransomware attack has struck a busy hospital system, causing significant disruptions to operations and appointments.
- The attack targeted Synnovis, a leading provider of lab services, which resulted in interruptions to numerous services and a ripple effect on the delivery of healthcare services.
- The impact was felt at several London hospitals, including Guy’s and St Thomas’, King’s College Hospital NHS Foundation Trusts, and primary care services in south east London.
- The attack led to blood transfusions being particularly affected, and patients were informed that operations and appointments were being canceled due to the incident.
- These attacks are the costliest and most disruptive form of cybercrime, affecting local governments, court systems, hospitals, schools, and businesses worldwide
PandaBuy Allegedly Hacked: 17 Million Users’ Data Exposed, Hackers Demand $40,000
- PandaBuy, a UK-based e-commerce platform known for selling counterfeit products, has suffered a data breach affecting over 17 million user records.
- The breach was claimed by a threat actor named Sanggiero, who operates on BreachForums and posted an advertisement offering the stolen data for sale.
- The compromised data includes sensitive information such as first names, last names, user IDs, email addresses, order data, order IDs, login IP addresses, countries, employee names, and hashed passwords. Sanggiero shared a screenshot of the compromised JSON file and the total number of records to prove the authenticity of the breach.
- The threat actor claims to have obtained the data by exploiting critical vulnerabilities in PandaBuy’s platform and plans to publicly disclose these weaknesses on their blog soon.
Australian mining company discloses breach after BianLian leaks data
- Australian mining company Northern Minerals disclosed a cybersecurity breach after the BianLian ransomware group leaked some of the stolen data on the dark web.
- The company, which focuses on the exploration and development of heavy rare earth elements like dysprosium and terbium, was targeted in late March 2024.
- The leaked data included corporate, operational, financial information, and details related to current and former personnel, as well as some shareholder information.
- Northern Minerals notified the Australian Cyber Security Centre, the Office of the Australian Information Commissioner, and impacted individuals about the incident.
Google collected children’s voices, license plate numbers and car pool routes, privacy breach leak reveals: report
- A recent report by 404 Media has revealed several alarming privacy breaches by Google between 2013 and 2018.
- These incidents include the collection of children’s voice data, logging of car pool routes with home addresses, and the exposure of email addresses, geolocation information, and IP addresses of one million users.
- The first reported incident involved the speech command function of the YouTube Kids app, which logged approximately 1,000 children’s voice utterances. Google claimed it was a bug within the Google Assistant feature that was soon rectified. The leaked report stated that the logged speech data was deleted from the affected time period.
- children, after acquiring the company Socratic.org.