CYBER SECURITY NEWS – WEEK OF FEBRUARY 12, 2024
‘World’s biggest casino’ app exposed customers’ personal data
- A security researcher discovered an exposed database within WinStar, the mobile app of casino resort giant WinStar, that contained sensitive personal information of customers. None of the data was encrypted, though some sensitive data — such as a person’s date of birth — was redacted and replaced with asterisks.
- Dexiga, the Nevada software startup that developed the app, left one of its logging databases on the internet without a password, allowing anyone with knowledge of its public IP address to access the WinStar customer data stored within using only their web browser. The exposed personal data included full names, phone numbers, email addresses and home addresses, gender and the IP address of the user’s device.
- Dexiga said the incident resulted from a log migration in January, but did not provide a specific date when the database became exposed. Dexiga said it has secured the database but claimed the database contained “publicly available information” and that no sensitive data was exposed.
Hyundai Motor Europe hit by Black Basta ransomware attack
- Car maker Hyundai Motor Europe, the European division of Hyundai Motor Company headquartered in Germany, suffered a Black Basta ransomware attack, with the threat actors claiming to have stolen three terabytes of corporate data.
- The threat actors shared lists of folders that were allegedly stolen from numerous Windows domains, including those from KIA Europe. While it is not known what data was stolen, the folder names indicate its related to various departments at the company, including legal, sales, human resources, accounting, IT, and management.
- The company, in a statement said that they were working closely with external cybersecurity and legal experts and that investigations were ongoing while relevant local authorities were notified.
US insurance firms sound alarm after 66,000 individuals impacted by SIM swap attack
- Two US insurance companies are warning that thousands of individuals’ personal information may have been stolen after hackers compromised computer systems. Washington National Insurance and Bankers Life, both subsidiaries of the CNO Financial Group, were targeted by SIM-swapping hackers in November 2023.
- In a notice filed with the Attorney General of Massachusetts, Washington National explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information, which includes their names, Social Security numbers, dates of birth, and policy numbers.
- A breach notification was sent by Washington National Insurance to 20,360 affected individuals explaining that a SIM-swapping attack on a “senior officer’s phone number” allowed the hackers to bypass multi-factor authentication, while Bankers Life sent a nearly identical breach notification letter to 45,842 individuals.
Data breach at French healthcare services firm puts millions at risk
- French healthcare services firm Viamedis suffered a cyberattack that exposed the data of policyholders and healthcare professionals in the country. Though the company’s website remains offline at the time of writing, an announcement was posted on LinkedIn warning of the data breach.
- The data exposed in the attack includes a beneficiary’s marital status, date of birth, social security number, name of health insurer, and guarantees open to third-party payment.
- Regarding the scale of the breach, Viamedis has not stated the number of exposed individuals, but it is known that it manages payments for 84 healthcare organizations covering 20 million insured individuals.
Verizon insider data breach hits over 63,000 employees
- Verizon Communications, an American telecommunications and mass media company, is warning that an insider data breach impacts almost half its workforce, exposing sensitive employee information.
- A data breach notification shared with the Office of the Maine Attorney General reveals that a Verizon employee gained unauthorized access to a file containing sensitive employee information on September 21, 2023. Verizon discovered the breach on December 12, 2023, nearly three months later, and determined it contained sensitive information of 63,206 employees.
- The data that was exposed varies per employee but could include full name, physical address, social security number (SSN), national ID, gender, union affiliation, date of birth, and compensation information.
HPE investigates new breach after data for sale on hacking forum
- Hewlett Packard Enterprise (HPE) is investigating a potential new breach after a threat actor put allegedly stolen data up for sale on a hacking forum, claiming it contains HPE credentials and other sensitive information.
- The company has said that they have not found any evidence of a security breach and no ransom has been requested, but it’s investigating the threat actor’s claims.
- IntelBroker, the threat actor selling the alleged HPE data, shared screenshots of some of the supposedly stolen HPE credentials but has yet to disclose the source of the information or the method used to obtain it. The data includes: CI/CD access, System logs, Config Files, Access Tokens, HPE StoreOnce Files (Serial numbers warrant etc) & Access passwords. (Email services are also included).