CYBER SECURITY NEWS – WEEK OF MAY 01, 2023
T-Mobile discloses second data breach since the start of 2023
- T-Mobile disclosed the second data breach of 2023 after discovering that attackers had access to the personal information of hundreds of customers for more than a month, starting late February 2023.
- Compared to previous data breaches reported by T-Mobile, the latest of which impacted 37 million people, this incident affected only 836 customers.
- Still, the amount of exposed information is highly extensive and exposes affected individuals to identity theft and phishing attacks.
- T-Mobile said the threat actors didn’t gain access to call records or affected individuals’ personal financial account info, but the exposed personally identifiable information contains more than enough data for identity theft.
Sensitive data is being leaked from servers running Salesforce software
- Servers running software sold by Salesforce are leaking sensitive data managed by government agencies, banks, and other organizations, according to a post published Friday by KrebsOnSecurity.
- At least five separate sites run by the state of Vermont permitted access to sensitive data to anyone, Brian Krebs reported. The state’s Pandemic Unemployment Assistance program was among those affected.
- It exposed applicants’ full names, Social Security numbers, addresses, phone numbers, email addresses, and bank account numbers. Like the other organizations providing public access to private data, Vermont used Salesforce Community, a cloud-based software product designed to make it easy for organizations to quickly create websites.
Air Force unit in document leaks case loses Intel mission
- The Air Force is investigating how a lone airman could access and distribute possibly hundreds of highly classified documents, and in the meantime has taken away the intelligence mission from the unit where the leaks took place.
- Air Force Secretary Frank Kendall told Congress he has directed the Air Force inspector general to go look at the Air National Guard 102nd Intelligence Wing based in Cape Cod, Massachusetts, where Airman 1st Class Jack Teixeira served and look at “anything associated with this leak that could have gone wrong.”
- The leaks have raised questions as to how a single airman could have removed so many documents without being detected, why there were not safety checks in place and how the documents could have lingered online undetected for months.
Court records online include private information for thousands of Missouri residents
- Documents containing Social Security numbers and other private information for thousands of Missourians are accessible to anyone using the Casenet website, the state’s judicial records system, the Post-Dispatch recently discovered.
- Missouri Supreme Court officials have acknowledged the issue after being alerted by the Post-Dispatch, and they fixed one vulnerability on Casenet.
- But thousands more documents with sensitive information remain online because they are considered open records. Those documents were filed by one state agency over several years, but it’s unclear if other records may also expose private information.
- The discovery comes at a challenging time for the court, as it prepares to broaden electronic access to documents this summer. It is the culmination of a yearlong effort requiring officials to balance access and transparency against the need to protect personal information.
Cold storage giant Americold outage caused by network breach
- The company said it contained the attack and is now investigating the incident that also affected operations per customer and employee reports.
- It also estimated that its systems will be down until at least next week, according to a memo seen by BleepingComputer and sent to customers earlier this week.
- “Americold is continuing to assess the intrusion that occurred Tues night / Wed morning. We contained the intrusion and shut down our network to ensure there is no risk to non-contained areas or customers. We are still in the discovery process on the path to rebuild the impacted systems,” the cold storage giant said.
Yellow Pages Canada confirms cyber attack as Black Basta leaks data
- Black Basta ransomware and extortion gang claims responsibility for the attack and has posted sensitive documents and data over the weekend.
- Granted, directory services like Yellow Pages largely collect and provide public data, that does not imply they possess no personal or private corporate data.
- BleepingComputer analyzed Black Basta’s online post and can confirm the ransomware group has leaked a sample of sensitive documents exposing personal information.