Mage Data strengthens its data security posture with the ISO 27001 certification. READ MORE >


Medical files of 8M-plus people fall into hands of Clop via MOVEit mega-bug

  • Accounting giant Deloitte, pizza and birthday party chain Chuck E. Cheese, government contractor Maximus, and the Hallmark Channel are among the latest victims that the Russian ransomware crew Clop claims to have compromised via the MOVEit vulnerability.
  • Deloitte confirmed an intrusion but declined to answer The Register’s questions about how much and what type of data was accessed in the incident.
  • The biz now joins PwC and Ernst and Young – all three big accounting firms – among the hundreds of organizations compromised by Clop via a security hole in vulnerable deployments of the file-transfer tool MOVEit.
  • “Immediately upon becoming aware of this zero-day vulnerability, Deloitte applied the vendor’s security updates and performed mitigating actions in accordance with the vendor’s guidance,” a Deloitte Global spokesperson explained.


Colorado Department of Higher Education warns of massive data breach

  • The Colorado Department of Higher Education (CDHE) discloses a massive data breach impacting students, past students, and teachers after suffering a ransomware attack in June.
  • In a ‘Notice of Data Incident’ published on the CDHE website, the Department says they suffered a ransomware attack on June 19th, 2023.
  • “On June 19, 2023, CDHE became aware it was the victim of a cybersecurity ransomware incident that impacted its network systems,” explains the data breach notification.


Mondee security lapse exposed flight itineraries and unencrypted credit card numbers

  • Travel giant Mondee has secured an exposed database that was spilling sensitive customer information, including detailed flight and hotel itineraries and unencrypted credit card numbers.
  • According to Anurag Sen, a security researcher, the database was exposed to the internet without a password, allowing anyone to access the sensitive data inside using a web browser, just with its IP address.
  • Much of the data appears to relate to Mondee subsidiary TripPro, a travel agent platform used by tens of thousands of booking agents and travel startups allowing self-service flight ticketing and hotel booking.
  • The database, hosted on Oracle’s cloud and more than 1.7 terabytes in size at the time it was exposed, contained customer’s personal information, including names, gender, dates of birth, home addresses, flight information and passport numbers. Some of the data seen by TechCrunch includes full customer passenger name records, or PNR, including ticket and booking details.


Burger King forgets to put a password on their systems

  • The fast food giant Burger King put their systems and data at risk by exposing sensitive credentials to the public for a second time.
  • In the hands of malicious actors, the leaked credentials could have served as a tool to craft a cyberattack against the chain’s systems. As the affected website served for job applications, people who sought employment at Burger King in France might have been potentially affected.
  • It’s not the first time Burger King has leaked sensitive data. In 2019, due to a similar misconfiguration, the France branch reportedly leaked personally identifiable information (PII) of children who bought Burger King menus.


B.C. health-care workers’ private information subject to data breach

  • Thousands of health-care workers’ personal information has been compromised in a data breach that’s targeted three websites on servers at the Health Employers Association of BC.
  • Hackers had access to the HEABC system from May 9 to June 10 and the breach wasn’t detected until July 13, according to the association, after staff “identified a potential anomaly” but did not provide further explanation.
  • Health minister Adrian Dix described the information as stolen, but claimed ministry services are not impacted, and that “No patient information, and no information in government systems have been compromised.”


Retail chain Hot Topic discloses wave of credential-stuffing attacks

  • American apparel retailer Hot Topic is notifying customers about multiple cyberattacks between February 7 and June 21 that resulted in exposing sensitive information to hackers.
  • In a data breach notification today, the company explained that hackers used stolen account credentials and accessed the Rewards platform multiple times, potentially stealing customer data, too.
  • The company says that the investigation determined that Hot Topic was not the source of the credentials but it could also not find the source.
  • As part of the security measures implemented after the attacks, Hot Topic added “specific steps to safeguard our website and mobile application from” credential-stuffing attacks.