Mage Data strengthens its data security posture with the ISO 27001 certification. READ MORE >

About

Team

Partners

Data Privacy

Cross-Border Data Sharing

Data Security

Test Data Management

Database Security

Secure Digital Transformation

Overview

Sensitive Data Discovery

Static Data Masking

Dynamic Data Masking

Privacy Enhancing Technologies

Database Activity Monitoring

Data Subject Access Rights Automation

Datasheets

In the News

Business Use Cases

Whitepapers

Secure FactTM

Guides & E-Books

Blogs

Success Stories

Webinars

FAQ




CYBER SECURITY NEWS – WEEK OF MARCH 11, 2024


Utility company in Iowa says info of nearly 37,000 leaked in January ransomware attack

  • Muscatine Power and Water, a utility company controlling the water, electricity and internet for the Muscatine and Fruitland area in eastern Iowa confirmed that a January ransomware attack led to the exposure of sensitive information from nearly all local residents.
  • The company said 36,955 people had their Social Security numbers accessed by the hackers alongside telecommunications subscriber data called customer proprietary network information (CPNI).
  • A forensic investigation revealed that some current and former customer data, such as address, social security number, driver’s license, etc. may have been potentially exposed in the incident.

*Source

 

Fidelity customers’ financial info feared stolen in suspected ransomware attack

  • According to Fidelity, the US-headquartered insurance giant, miscreants “likely acquired” information about 28,268 customers’ personal and financial information — including bank account and routing numbers, credit card numbers and security or access codes – after infiltrating Infosys’ IT systems.
  • The firm said it “believes’ the data included: names, Social Security numbers, states of residence, bank accounts and routing numbers, or credit/debit card numbers in combination with access code, password, and PIN for the account, and dates of birth.
  • LockBit claimed to be behind the Infosys intrusion in November, shortly after the Indian tech services titan disclosed the “cybersecurity incident” affecting its US subsidiary, Infosys McCamish Systems aka IMS.

*Source

 

Mr. Green Gaming Suffers Data Breach, Exposing Personal Information of 27,000 Users

  • Mr. Green Gaming, a longstanding online games community established in 2006, has disclosed that they have fallen victim to a data breach in which sensitive information of approximately 27,000 users had been exposed, including details such as dates of birth, email addresses, geographic locations, addresses, and usernames.
  • The breach was attributed to the unauthorized access of an inactive administrator account by malicious actors who exploited the account to gain entry into the system, subsequently vandalizing the website and exfiltrating sensitive user information.
  • The hijacked account did not have access to login credentials or password information kept on their servers, but nonetheless users were advised to change their passwords as a precaution.

*Source

 

American Express credit cards exposed in third-party data breach

  • American Express has warned customers that credit card information was exposed in a third-party data breach after a merchant processor which processed American Express Card member data was hacked.
  • As per the data breach notification, a third party service provider engaged by numerous merchants experienced unauthorized access to its system, leading to customers’ American Express Card account numbers, names, and card expiration data being accessed by the hackers.
  • It is unclear how many customers were impacted, what merchant processor was breached, and when the attack occurred.

*Source

 

Ransomware Attackers Leak Sensitive Swiss Government Documents, Login Credentials

  • Around 65,000 documents relating to the federal government, including classified documents and log in credentials, were leaked by the Play ransomware group following an attack on IT service provider Xplain in 2023. Xplain is a major IT service provider to national and cantonal authorities in Switzerland.
  • The Swiss NCSC discovered that personal data, technical information, classified data and passwords were held in 5182 of the files. Personal data, including names, email addresses, telephone numbers and postal addresses were found in a further 4779 files. Technical information such as documentation on IT systems, software requirement documents or architectural descriptions was held in 278 files.
  • The documents were published by the attackers on the darknet on June 14, 2023 and comprised 5% of the total data package uploaded by Play. Of these files, 47,413 belonged to Xplain (70%) and 9040 to the Federal Administration (14%).

*Source

 

Ukraine claims it hacked Russian Ministry of Defense servers

  • The Main Intelligence Directorate (GUR) of Ukraine’s Ministry of Defense has claimed that it breached the servers of the Russian Ministry of Defense (Minoborony) and stole sensitive documents that contained secret service information.
  • The compromised information included the software used to protect and encrypt data, secret service documents from the Russian Ministry of Defense, information on the complete structure of the Minoborony and its links, data that helps identify Minoborny personnel and documents belonging to the Russian Deputy Minister of Defense.
  • Four screenshots showing database query results, log files, and documents outlining official procedures/guidelines have been posted as evidence of the alleged breach.

*Source

SECUREFACT ARCHIVE >