Mage Data strengthens its data security posture with the ISO 27001 certification. READ MORE >

About

Team

Partners

Data Privacy

Cross-Border Data Sharing

Data Security

Test Data Management

Database Security

Secure Digital Transformation

Overview

Sensitive Data Discovery

Static Data Masking

Dynamic Data Masking

Privacy Enhancing Technologies

Database Activity Monitoring

Data Subject Access Rights Automation

Datasheets

In the News

Business Use Cases

Whitepapers

Secure FactTM

Guides & E-Books

Blogs

Success Stories

Webinars

FAQ




CYBER SECURITY NEWS – WEEK OF JUNE 17, 2024


Pure Storage confirms data breach after Snowflake account hack

  • Pure Storage, a leading provider of cloud storage systems and services, has confirmed a data breach after an unauthorized third party gained temporary access to one of its Snowflake data analytics workspaces.
  • The exposed workspace contained telemetry information used for customer support, including company names, usernames, email addresses, and software release version numbers.
  • The company emphasizes that no customer data was compromised and that the breach did not include passwords for array access, or any data stored on customer systems.
  • Over 165 organizations have been notified of potential compromise, and the incident highlights the importance of enabling multi-factor authentication to prevent such attacks

*Source

2.  23andMe data breach under investigation in UK and Canada

  • The UK and Canadian privacy authorities have launched a joint investigation into the 23andMe data breach that occurred in October 2023.
  • The breach exposed sensitive customer information, including health reports and raw genotype data, of approximately 7 million individuals.
  • The attackers used credential-stuffing attacks to gain access to 14,000 user accounts, which included data of 4.1 million people in the UK and 1 million Ashkenazi Jews.
  • The investigation will assess the scope of the breach, potential harms to affected individuals, and whether 23andMe had adequate safeguards to protect the sensitive information.

*Source

New York Times warns freelancers of GitHub repo data breach

  • The New York Times recently notified an undisclosed number of freelance contributors that their sensitive personal information was stolen and leaked after a breach of its GitHub repositories in January 2024.
  • The attackers used exposed credentials to gain access to the repositories, which included information such as first and last names, phone numbers, email addresses, mailing addresses, nationality, bio, website URLs, and social media usernames.
  • Additionally, the compromised repositories contained information relevant to assignments, such as diving and drone certifications or access to specialized equipment.
  • The stolen data was leaked on the 4chan message board in the form of a 273GB torrent file, which included source code, IT documentation, infrastructure tools, and other sensitive information.

*Source

Aldi warns customers of data breach involving skimming devices; 2 NJ stores affected

  • A data breach involving skimming devices has affected five Aldi stores, including two locations in New Jersey.
  • The breach occurred between December 2023 and January 2024, and customers who used a card to make a purchase during this period may have been affected.
  • The affected stores in New Jersey are located on St. Georges Avenue in Roselle and Commerce Avenue in Union.
  • The other three affected stores are in California.

*Source

The mystery of an alleged data broker’s data breach

  • A notorious hacker, known as USDoD, has claimed a massive data breach involving approximately 3 billion records, affecting over 300 million individuals, from a U.S.-based data broker, National Public Data.
  • The leaked data, which includes personal information such as names, addresses, Social Security numbers, and email addresses, appears to be authentic, although imperfect.
  • The data broker’s website showcases various databases for sale, including a “People Finder” database and a voter registration database.
  • Malware research group vx-underground confirmed the authenticity of the stolen database, finding accurate and real information for several individuals.
  • TechCrunch attempted to verify the data, discovering matches with public records but also inconsistencies. The hacker did not return data for individuals who gave consent for their data to be checked, and only one person confirmed some of their alleged stolen data was accurate.

*Source

Truist Bank confirms data breach after stolen data appears online

  • Truist Bank has confirmed a data breach that occurred in October 2023, which involved the theft of sensitive information on approximately 65,000 employees.
  • The stolen data includes bank transactions with names, account numbers, balances, and IVR funds transfer source code.
  • The breach was quickly contained, and Truist notified a small number of clients last fall.
  • The data is now being sold on the dark web by the Sp1d3r cybercrime gang for $1 million.
  • The bank has confirmed that there is no connection to Snowflake, a data storage provider, and that the breach was not linked to any incident at Snowflake

*Source

Panera warns of employee data breach after March ransomware attack

  • Panera Bread has notified employees of a data breach following a March ransomware attack.
  • The incident occurred in March 2024, and was detected after a security incident.
  • The company brought in external cybersecurity experts to investigate and notified law enforcement.
  • The breach involved the theft of sensitive employee information, including names and Social Security numbers.
  • While there is no evidence of the stolen data being publicly released, Panera is offering affected employees a one-year membership to CyEx’s Identity Defense Total, which includes credit monitoring and identity theft resolution.

*Source

SECUREFACT ARCHIVE >