CYBERSECURITY NEWS – WEEK OF OCTOBER 03, 2022
Shangri-La hotels customer database hacked
- The Shangri-La hotel group has said a database containing the personal information of customers at eight of its Asian properties between May and July has been hacked.
- The breach covered hotels in Hong Kong, Singapore, Chiang Mai, Taipei and Tokyo but the company said it had not yet been able to determine what data had been stolen.
- It said in a statement on its website dated September 30 that it had “recently discovered unauthorized activities” on its IT network.
- A “sophisticated threat actor managed to bypass Shangri-La’s IT security monitoring systems undetected, and illegally accessed the guest databases”, the firm said.
Swachh City Platform suffers data breach
- A threat actor by the name of LeakBase has shared a database containing personal information allegedly affecting 16 million users of Swachh City, an Indian complaint redressal platform.
- Leaked details include usernames, email addresses, password hashes, mobile numbers, one-time passwords, last logged-in times, and IP addresses, among others, according to a report.
- The website is currently inaccessible.
Hacker breaches Fast Company Apple News account
- A threat actor breached the company’s content management system (CMS) and used this access to send two “obscene and racist” push notifications to Apple News subscribers.
- “The messages are vile and are not in line with the content and ethos of Fast Company,” the firm wrote in a press statement.
- “We are investigating the situation and have shut down FastCompany.com until the situation has been resolved.
Health data theft at Physician’s Business Office
- Physician’s Business Office notified 196,573 patients that their personal data and protected health information was likely stolen during a hack of its network five months ago.
- PBO discovered unusual activity in its network environment in April 2022 and took steps to secure the network.
- An outside digital forensics and incident response firm was brought on to assist, which found data stored on the network was accessed “and potentially acquired without authorization” during the hack.
- The stolen data could include patient names, Social Security numbers, dates of birth, driver’s licenses, treatments, diagnoses, contact details, disability codes, prescription information, and health insurance account details. Patients will receive free credit monitoring and identity theft protection services.
Hackers use Telegram and Signal to assist protestors in Iran
- Multiple hacker groups are using Telegram, Signal and dark web tools to aid anti–government protestors in Iran to bypass regime restrictions.
- The news comes from security experts at Check Point Research (CPR), weeks after the death of Mahsa Amini, a protestor who was arrested for violating laws requiring women to wear a headscarf and died allegedly in police custody.
- Hacker groups have been witnessed by CPR, allowing people in Iran to communicate with each other despite the government’s censorship attempts.
TikTok facing £27m UK regulatory fine
- The UK’s privacy regulator has announced its intention to fine TikTok £27m over breaches of the country’s data protection laws.
- The Information Commissioner’s Office (ICO) issued the Chinese social networking giant with a “notice of intent” that explains it believes TikTok broke the law between 2018 and 2020.
- The ICO’s provisional findings indicate that TikTok may have:
- Processed the data of children under the age of 13 without “appropriate” parental consent.
- Failed to provide information to users “in a concise, transparent and easily understood way”.
- Processed special category data – which includes ethnic and racial origin, genetic, health and biometric data, and more – without legal grounds to do so.