CYBER SECURITY NEWS – WEEK OF JULY 01, 2024
IRS apologizes for data breach that leaked taxpayer information
- The Internal Revenue Service (IRS) experienced a significant data breach that resulted in the unauthorized disclosure of tax return information for thousands of taxpayers.
- The IRS has notified over 70,000 taxpayers that their tax return information was compromised in the breach, making it one of the largest IRS data breaches in recent history.
- Prominent figures impacted include former President Donald Trump, billionaire Elon Musk, and Bloomberg co-founder Michael Bloomberg, among others.
- The IRS is taking steps to prevent similar breaches in the future, including implementing additional security controls, restricting access to sensitive data, and enhancing monitoring and logging.
Ticketmaster sends notifications about recent massive data breach
- Ticketmaster has notified customers impacted by a recent data breach where hackers stole the company’s Snowflake database containing personal information of millions of customers.
- The breach exposed names, contact information, and extra details depending on the user. Ticketmaster says the unauthorized activity occurred between April 2 and May 18, 2024.
- The threat actor known as ShinyHunters claimed to have stolen 1.3TB of data for 560 million customers, including ticket sales, events, fraud, and partial credit card information.
Neiman Marcus confirms data breach after Snowflake account hack
- Luxury retailer Neiman Marcus confirmed that it suffered a data breach after hackers gained unauthorized access to a database platform used by the company.
- The breach impacted 64,472 people and exposed personal information such as names, contact details, dates of birth, and Neiman Marcus or Bergdorf Goodman gift card numbers (without PINs).
- The data breach was linked to recent “Snowflake data theft attacks” carried out by a threat actor known as UNC5537.
- This group used stolen customer credentials to target at least 165 organizations that had not enabled multi-factor authentication on their Snowflake accounts
Evolve Bank Confirms Data Breach, Customer Information Exposed
- Evolve Bank & Trust, a U.S. banking-as-a-service provider, has confirmed a data breach that exposed the personal information of its retail bank customers and financial technology partners’ customers (end users).
- The breach was caused by a known cybercriminal organization that illegally obtained and released the data on the dark web.
- The exposed information varies by individual but may include names, Social Security numbers, dates of birth, account information, and other personal details
Credit Suisse Data Breach Allegedly Exposes Info of 19,000 Indian Employees
- Credit Suisse, a major global financial institution, recently suffered a data breach that exposed sensitive information of its Indian clients.
- The breach occurred due to a vulnerability in the bank’s systems, which allowed unauthorized access to customer data
- The compromised information included personal details such as names, addresses, and account numbers of Credit Suisse’s Indian clients.
- Credit Suisse has notified the affected customers and the Indian authorities about the incident. The bank is also offering credit monitoring and identity theft protection services to those impacted.
Indonesia’s Civil Aviation Data Breached? Hacker Claims Access to Employees, Flight Data
- A threat actor operating under the alias “Hacker Mail” has claimed to have breached the database of Indonesia’s Directorate General of Civil Aviation (DGCA), exfiltrating over 3GB of sensitive data.
- The alleged breach includes employee information, passwords, ID card photos, drone pilot certificates, flight data, and other airport activities.
- To substantiate the claim, the hacker provided sample data such as user logs for unmanned aircraft certificates, employee ID card photos, and employee login credentials.
- However, the DGCA website appears to be functioning normally, and the authorities have not yet confirmed or denied the alleged breach
Geisinger Healthcare Data Breach: Former Employee Exposes Over One Million Patient Records
- Geisinger, a major healthcare provider in Pennsylvania, recently experienced a data breach that exposed the personal information of over 3.6 million patients.
- The breach occurred due to a vulnerability in a third-party vendor’s software, which allowed unauthorized access to Geisinger’s systems.
- The exposed data included patient names, dates of birth, addresses, phone numbers, email addresses, and in some cases, Social Security numbers and medical information.