WEEK OF MAY 23, 2022
Pharmacy giant hit by data breach affecting 3.6 million customers
- Pharmacy retailer Dis-Chem recently announced that it had been hit by a data breach affecting the personal details of 3.6 million customers.
- In a statement, Dis-Chem said it was contracted with a third-party service provider and operator for certain managed services that developed a database for Dis-Chem. The database contained “certain categories of personal information necessary for the services offered by Dis-Chem,” it added.
- A subsequent investigation revealed that the incident affected a total of 3,687,881 data subjects and that the following personal information was accessed: first name and surname; email addresses; and cell phone numbers.
- However, Dis-Chem went on to say that the unauthorized party might use any of the impacted personal information: “Based on the categories of personal information impacted, there is a possibility that any impacted personal information may be used by the unauthorized party to commit further criminal activities, such as phishing attacks, emails compromises, social engineering and/or impersonation attempts.
Texas exposed 1.8 million residents’ data for almost 3 years
- The personal information of 1.8 million Texas residents who filed insurance claims with the Texas Department of Insurance was exposed and publicly accessible for almost three years, according to a recently published state audit.
- The department said that it became aware of a security issue with the web application that manages workers’ compensation information and took the site offline to fix, and said it was notifying residents who filed claims between March 2019 and January 2022 that their names, addresses, dates of birth, phone numbers, Social Security numbers and details of their claims were affected by the exposure.
- The state did not provide details of the security incident. But a state audit published this month revealed that residents’ personal information was inadvertently exposed to the internet because of “programming code that allowed internet access to a protected area of the application.
Hacker steals ₹7.3 crore from payment gateway company Razorpay in Bengaluru
- The hacker stole ₹7.3 crore over three months by manipulating the authorisation process of the payment gateway company to authenticate 831 failed transactions.
- The theft came to light when officials of Razorpay Software Private Limited were auditing the transactions. They were unable to reconcile receipt of ₹7,38,36,192 against 831 transactions.
- The police are trying to track down the hacker based on online transactions. An internal probe carried out by Razorpay Software Private Limited found that some person, or persons, had tampered, altered and manipulated the ‘authorisation and authentication process’. As a result, false ‘approvals’ were sent to Razorpay against the 831 failed transactions, resulting in a loss amounting to ₹7,38,36,192.
Ransomware attack exposed data of half-million Chicago students, staff
- The data included students’ names, schools, dates of birth, gender, CPS identification numbers, state student identification numbers, class schedule information.
- A server used to store student and staff information was breached and four years’ worth of records were accessed, CPS said.
- In total, 495,448 student and 56,138 employee records were accessed from 2015-16 through 2018-2019 school years, CPS said.
- The data included students’ names, schools, dates of birth, gender, CPS identification numbers, state student identification numbers, class schedule information and scores on course-specific assessments used for teacher evaluations.
Cyber security: Global food supply chain at risk from malicious hackers
- Modern “smart” farm machinery is vulnerable to malicious hackers, leaving global supply chains exposed to risk, experts are warning.
- Agricultural manufacturing giant John Deere says it is now working to fix any weak spots in its software.
- A recent University of Cambridge report said automatic crop sprayers, drones and robotic harvesters could be hacked.
- John Deere said protecting customers, their machines and their data was a “top priority”.
Amazon’s ‘astronomical’ misuse of customer data could ruin company
- A shareholder is suing Jeff Bezos, Andy Jassy, and 17 other Amazon executives for intentionally allowing the business to violate state laws, in a novel strategy to draw attention to how Amazon utilizes individuals’ data.
- Amazon has already been chastised for its usage of biometric data, such as fingerprints and face photos. It has been accused of collecting and utilizing people’s photos without their permission, as well as breaking state laws that restrict firms from profiting from people’s biometric data.
- Typically, legal steps are taken against the firm. This time, shareholder Stephen Nelson is suing on behalf of the company against Amazon’s top executives.