CYBER SECURITY NEWS – WEEK OF OCTOBER 23, 2023
Decathlon data leak exposes personal information of 8,000 employees on Dark Web
- Personal information of around 8,000 global employees, which was exposed in an alleged Decathlon data breach two years ago, has been shared on the dark web.
- According to a recent blog published by vpnMentor, an online hacker has shared the data from a previously reported breach, which affected Decathlon employees and customers worldwide.
- This revelation was discovered by the firm’s research team in an online forum post that surfaced on September 7, 2023.
- The forum user uploaded a 61-MB database purportedly linked to Decathlon. As per the post, this database is said to include personally identifiable information (PII) of approximately 8,000 Decathlon employees.
Casio discloses data breach impacting customers in 149 countries
- Japanese electronics manufacturer Casio disclosed a data breach impacting customers from 149 countries after hackers gained to the servers of its ClassPad education platform.
- Casio detected the incident on Wednesday, October 11, following the failure of a ClassPad database within the company’s development environment. Evidence suggests that the attacker accessed customers’ personal information a day later, on October 12.
- The exposed data includes customer names, email addresses, countries of residence, service usage details, and purchase information such as payment methods, license codes, and order specifics.
Californian IT company DNA Micro leaks private mobile phone data
- Hundreds of thousands of clients who opted-in for a screen warranty were exposed when DNA Micro leaked data from its systems.
- The victims most affected by the data leak were those using the services of DNA Micro’s subsidiary company InstaProtek, which provides a screen warranty service.
- Other companies affected by the leak included screen protectors and phone case manufacturers, such as Liquipel and Otterbox, which used the warranty service.
- The leak is hazardous, as threat actors could potentially attack individual devices and disrupt their services. Leaked private data can be used to create phishing campaigns and pose a threat to the company’s customers, potentially putting them at risk of “doxxing” and “swatting.” This is particularly concerning since sensitive information such as home addresses was also exposed.
Henry Schein provides information on cybersecurity incident
- Henry Schein, Inc. (Nasdaq: HSIC) determined that a portion of its manufacturing and distribution businesses experienced a cybersecurity incident.
- Henry Schein promptly took precautionary action, including taking certain systems offline and other steps intended to contain the incident, which has led to temporary disruption of some of Henry Schein’s business operations.
- The Company has engaged outside cybersecurity and forensic information technology experts to help investigate any data impact and respond to this situation. Henry Schein also has notified relevant law enforcement authorities.
D-Link confirms data breach after employee phishing attack
- Taiwanese networking equipment manufacturer D-Link confirmed a data breach linked to information stolen from its network and put up for sale on BreachForums earlier this month.
- The attacker claims to have stolen source code for D-Link’s D-View network management software, along with millions of entries containing personal information of customers and employees, including details on the company’s CEO.
- The stolen data allegedly includes names, emails, addresses, phone numbers, account registration dates, and the users’ last sign-in dates.
IBM says 631k affected in Johnson & Johnson database breach
- IBM has reported to federal regulators that the personal information of 631,000 people was compromised by a “technical method” that allowed unauthorized access to a third-party database used by a Johnson & Johnson patient medication support platform.
- The data breach, which was publicly disclosed last month by IBM and Johnson & Johnson but was just posted this week on the Department of Health and Human Services’ HIPAA Breach Reporting Tool website, is also already the subject of at least two proposed federal class action lawsuits filed against the companies.
- Each of the lawsuits makes similar allegations against IBM and Johnson & Johnson, including claims that the companies were negligent in failing to protect individuals’ sensitive protected health information and personal identifiable information from unauthorized access.