CYBER SECURITY NEWS – WEEK OF APRIL 15, 2024
Boat Investigating Data Breach That Reportedly Leaked Personal Information Of 7.5 Million Customers
- A data breach at Boat, a wearable technology company, has exposed sensitive information of 7.5 million customers, including names, addresses, contact numbers, and email IDs
- Around 2GB of customer data including personally identifiable information (PII) was reportedly posted to a hacking forum
- The breach was reported by cybersecurity firm Periculo, which mentioned that the data was being sold on the dark web.
Roku Reports Over Half a Million Accounts Compromised in Credential Stuffing Attacks
- Roku, a streaming platform with over 80 million active accounts, has reported two data breaches affecting more than 591,000 user accounts.
- The first breach involved 15,000 accounts, while the second breach affected 576,000 accounts. The breaches were caused by credential stuffing attacks, where hackers used login details stolen from other platforms.
- Roku has implemented two-factor authentication (2FA) for all accounts and has automatically reset the passwords of affected users.
- The company has advised users to create unique passwords and be aware of internet scams, phishing emails, and suspicious requests for login or financial information.
300,000 UK and I Data Records Exposed in Taxi Software Leak
- A UK-based taxi software company, iCabbi, exposed personal details of around 300,000 customers in the UK and Ireland due to a non-password protected database.
- The exposed data included names, email addresses, mobile numbers, and user IDs.
- This data exposure highlights the potential risk of cybercriminals knowing the file paths of where documents are stored, which could allow targeted brute force attacks against the wider network or identifying individual misconfigured documents.
Personal information of thousands, including SINs and bank info, likely exposed in cyberattack: U of Winnipeg
- The University of Winnipeg has confirmed that personal information of students and staff was stolen in a cyberattack.
- The stolen data includes names, social insurance numbers (SINs), birth dates, addresses, phone numbers, compensation information, tuition amounts, and gender and marital status information.
- The leak potentially affects all graduate and undergraduate students enrolled since the fall of 2018, those enrolled in professional, applied and continued education and English-language programs since September 2019, as well as students who were issued T4A forms by the U of W since 2016, the university said.
- All current employees and all former employees since 2003 are also likely affected.
Daixin ransomware group claims data breach at omni hotels, threatens leaks
- The DAIXIN Team ransomware group has claimed responsibility for a cyberattack on Omni Hotels & Resorts.
- The group allegedly exfiltrated sensitive data, including records of all visitors dating back to 2017, and has threatened to release the information.
- Omni Hotels & Resorts is collaborating with leading cybersecurity experts to assess the full extent of the breach, and no official response has been provided regarding the ransomware claim.
AT&T Data Breach Fallout: Latest Figures Show Over 51 Million Customers Impacted
- AT&T, the telecommunications giant, initially reported a data breach affecting 73 million accounts, but subsequent revelations have reduced the number of impacted customers to 51,226,382. The breach, discovered on March 26, 2024, was linked to a dataset released on the dark web on March 17, 2024.
- Personal information compromised in the breach includes full names, email addresses, mailing addresses, phone numbers, social security numbers, dates of birth, AT&T account numbers, and passcodes.
- Financial information and call history were reportedly not part of the exposed data. Despite the scale of the breach, AT&T has not disclosed how the data was obtained, leading to questions about its security measures and response protocols.