CYBER SECURITY NEWS – WEEK OF JUNE 26, 2023
iOttie discloses data breach after site hacked to steal credit cards
- Car mount and mobile accessory maker iOttie warns that its site was compromised for almost two months to steal online shoppers’ credit cards and personal information.
- In a new data breach notification issued yesterday, iOttie says they discovered on June 13th that its online store was compromised between April 12th, 2023, and June 2nd with malicious scripts.
- iOttie has not shared how many customers were impacted but said that names, personal information, and payment information could have been stolen, including financial account numbers, credit and debit card numbers, security codes, access codes, passwords, and PINs.
American Airlines, Southwest Airlines disclose data breaches affecting pilots
- American Airlines and Southwest Airlines, two of the largest airlines in the world, disclosed data breaches on Friday caused by the hack of Pilot Credentials, a third-party vendor that manages multiple airlines’ pilot applications and recruitment portals.
- Both airlines were informed of the Pilot Credentials incident on May 3, which was limited solely to the systems of the third-party vendor, with no compromise or impact on the airlines’ own networks or systems.
- An unauthorized individual gained access to Pilot Credentials’ systems on April 30 and stole documents containing information provided by certain applicants in the pilot and cadet hiring process.
University of Manchester confirms data theft in recent cyberattack
- The University of Manchester finally confirmed that attackers behind a cyberattack disclosed in early June had stolen data belonging to alums and current students.
- The university first disclosed the attack on June 9, warning that data was likely stolen but said the incident was unrelated to the MOVEit Transfer data theft attacks.
- BleepingComputer first reported that the hackers behind the attack were emailing students claiming to have stolen 7 TB of confidential data belonging to students and staff.
Almost 16,000 state job applicants informed of possible data breach
- An ‘administrative error’ led to 15,471 candidates receiving a message that contained another person’s name and the list of roles that they wished to be notified about.
- Some 529 candidates had already opened the message before a recall could be actioned by publicjobs.ie, the website of the Public Appointments Service (PAS).
- PAS has notified the Data Protection Commission about the possible breach.
Data Breach at New BreachForums: 4,000 members’ data leaked
- BreachForums disclosed that the data breach was carried out by a rival hacker forum, which exploited a zero-day vulnerability in MyBB, the free and open source forum software.
- In a recent exclusive report by Hackread.com, it was revealed that BreachForums has made a comeback under the control of the notorious ShinyHunters hackers, who are collaborating with the original moderator team from the original BreachForums.
- Now, the revived forum has fallen victim to data breach, resulting in the exposure of personal information belonging to more than 4,000 registered members. Initially, the identity and motives of the hackers behind this breach were unclear, given the complex dynamics involving security agencies and the past and current administrations of BreachForums.
Iowa’s largest school district confirms ransomware attack, data theft
- Des Moines Public Schools, Iowa’s largest school district, confirmed today that a ransomware attack was behind an incident that forced it to take all networked systems offline on January 9, 2023.
- While the school district also received a ransom demand following the attack from an unnamed ransomware group, the ransom has not been paid.
- Almost 6,700 individuals whose data was affected in the resulting data breach will be contacted this week with details regarding what personal information was exposed.