CYBER SECURITY NEWS – WEEK OF OCTOBER 25, 2022
Cyberattack on Optus potentially exposes millions of customer accounts
- Australian telecoms company says mass breach could have exposed birth dates, phone numbers and other personal data.
- A cyberattack on one of Australia’s largest telecoms companies could have accessed the personal information of as many as 9.8 million customers, in what one lawmaker called the most significant data breach in recent years.
- Kelly Bayer Rosmarin, Optus’s chief executive, said the access of 9.8 million customer accounts is a worst-case scenario as investigators seek to define the extent of the breach, which has been referred to the Australian Federal Police.
Wholesale giant METRO hit by IT outage after cyberattack
- International wholesale giant METRO is experiencing infrastructure outages and store payment issues following a recent cyberattack.
- The company’s IT team is currently investigating the incident with the help of external experts to discover the cause of this ongoing outage.
- IT outages have been affecting stores in Austria, Germany, and France since at least October 17, according to a report from Günter Born.
- Even though its stores are still operating, METRO says that it was forced to set up offline payment systems and that online orders are delayed.
EyeMed’s $4.5 million cyber fine shows ramped-up regulation of financial firms
- EyeMed Vision Care LLC’s $4.5 million settlement last week over a New York cybersecurity probe is the latest signal regulators are turning up the heat on financial-services firms.
- The New York State Department of Financial Services last week said its investigation found the insurance firm broke state rules by failing to implement multifactor authentication for its email system and allowing nine employees to share login credentials to the affected mailbox.
- The penalty is the second the vision-insurance company drew in New York state this year over the incident, in which a hacker breached its email system and accessed data from more than 2 million customers, including children.
Medibank reveals hack could affect all of its 3.9m customers.
- Medibank says it is in communication with the hacker, but declined to say whether it would pay any demands made.
- Earlier this month Medibank said it believed that only customers of its subsidiary ahm and those who were international students might have been affected by the hack of its systems. But now the company has said it has received files from the hackers that include main brand customers – widening the range of those potentially affected to 3.9m.
- Medibank described the revelation as a “distressing development” and apologized to customers.
Health system data breach due to Meta Pixel hits 3 million patients
- The incident was caused by the improper use of Meta Pixel on AAH’s websites, where patients log in and enter sensitive personal and medical information.
- This privacy breach has taken the U.S. by storm, as Meta Pixel is used by many hospitals in the country, exposing millions of people to third parties and sparking class action lawsuits against the responsible organizations.
- In August 2022, U.S. healthcare provider Novant Health disclosed its improper use of Meta Pixel in its implementation of the ‘MyChart’ portal, exposing 1.3 million patients.
Iran’s nuclear agency says email server hacked
- Iran’s Atomic Energy Organization said Sunday an email server of its subsidiary was hacked in a “foreign” attack aimed at drawing “attention” amid protests over the death of Mahsa Amini.
- The Islamic republic has been gripped by weeks-long demonstrations sparked by the death of 22-year-old Amini on September 16 after her arrest for allegedly violating the country’s strict dress code for women.
- A group called Black Reward on Friday issued an ultimatum on Twitter, threatening to release documents on Tehran’s nuclear program unless all “political prisoners, prisoners of conscience and people arrested in the recent protests” were released within 24 hours.
- The nuclear agency acknowledged in a statement that a hack had targeted its subsidiary, the Atomic Energy Production and Development Company, but downplayed the importance of the documents.