CYBER SECURITY NEWS – WEEK OF APRIL 03, 2023
Consumer lender TMX discloses data breach
- TMX Finance and its subsidiaries TitleMax, TitleBucks, and InstaLoan have collectively disclosed a data breach that exposed the personal data of 4,822,580 customers.
- In a data breach notification letter sent yesterday to impacted individuals, the Canadian finance giant informs that hackers breached its systems in early December 2022 but did not detect the breach until February 13th, 2023.
- After completing the internal investigation on March 1st, 2023, TMX found that the network intruders had stolen client information between February 3rd and 14th, 2023.
Italy Temporarily Blocks ChatGPT Over Privacy Concerns
- Italy is temporarily blocking the artificial intelligence software ChatGPT in the wake of a data breach as it investigates a possible violation of stringent European Union data protection rules.
- The Italian Data Protection Authority said it was taking provisional action “until ChatGPT respects privacy,” including temporarily limiting the company from processing Italian users’ data.
- U.S.-based OpenAI, which developed the chatbot, said late Friday night it has disabled ChatGPT for Italian users at the government’s request. The company said it believes its practices comply with European privacy laws and hopes to make ChatGPT available again soon.
DISH slapped with multiple lawsuits after ransomware cyber attack
- These class action lawsuits, filed across different states, allege that DISH “overstated” its operational efficiency while having a deficient cybersecurity and IT infrastructure.
- The legal actions aim to recover losses faced by DISH investors who were adversely affected by what has been dubbed a “securities fraud.”
- The civil complaint alleges that DISH Network attempted to conceal the fact that it maintained “deficient” cybersecurity and IT infrastructure while overstating its operational efficiency.
Crown Resorts confirms ransom demand after GoAnywhere breach
- Crown Resorts, Australia’s largest gambling and entertainment company, has confirmed that it suffered a data breach after its GoAnywhere secure file-sharing server was breached using a zero-day vulnerability.
- This data breach was conducted by the Clop ransomware gang, which has shifted over the past year from encrypting files to performing data extortion attacks.
- In February, the threat actors claimed to have stolen data from 130 organizations over ten days utilizing a GoAnywhere zero-day vulnerability.
- While Crown Resorts confirmed that it is being extorted by Clop, who claims to have stolen data from its networks, it says there is no evidence of the data breach impacting customers.
Lumen Technologies Hit by Two Cyberattacks
- Communications and IT solutions provider Lumen Technologies this week revealed that it fell victim to two cyberattacks, including a ransomware attack that crippled some of its systems.
- In a Form 8-K filing with the US Securities and Exchange Commission (SEC) this week, the company revealed that intruders deployed malware on its systems in two separate incidents.
- The first of them was a ransomware attack in which “a limited number of the company’s servers that support a segmented hosting service” were infected.
- Following the incident, a small number of Lumen’s enterprise customers are seeing degraded operations, the company says.
500k Impacted by Data Breach at Debt Buyer NCB
- National accounts receivable management company and debt buyer NCB Management Services has started informing roughly 500,000 individuals that their personal information was compromised in a data breach.
- An unauthorized party compromised some of NCB’s systems on February 1 and gained access to Bank of America credit card accounts information, NCB says. The incident was discovered on February 4, and the data theft was confirmed on March 8.
- Exposed personal information, the company says, includes names, addresses, phone numbers, email addresses, birth dates, driver’s license numbers, Social Security numbers, and employment positions.
- Financial information such as pay amounts, credit card numbers, routing numbers, account numbers and balance, and/or account statuses was also stolen.