Try it
Schedule a Demo
sf-2 4

SecureFact – Cyber Security News – Week of December 02, 2024

Facebook users affected by data breach eligible for compensation, German court says

  • A German court has ruled that Facebook users affected by a major data breach are eligible for compensation.
  • The Federal Court of Justice (BGH) determined that victims can claim damages based on the loss of control over their personal data, without needing to prove specific financial losses or misuse of their data.
  • This ruling stems from a 2018-2019 incident where hackers accessed data from approximately 533 million users through a loophole in Facebook’s search function, leading to a leak in April 2021.
  • The court’s decision overturned a previous dismissal by a lower court, which required proof of tangible harm for compensation claims.
  • The BGH suggested that compensation could be around €100 ($105) per user, significantly impacting Meta Platforms Inc., given that about six million German users were affected.

*Source

Bologna FC confirms data breach after RansomHub ransomware attack

  • Bologna Football Club 1909 has confirmed a data breach following a ransomware attack by the RansomHub group, which occurred on November 19, 2024.
  • The attackers have leaked sensitive data online, including personal information of players, financial records, sponsorship contracts, and medical records. Bologna FC issued a warning against downloading or sharing the stolen data, highlighting the legal consequences of such actions.
  • RansomHub claimed that the club’s management failed to secure the confidential data, leading to the publication of the complete dataset on the dark web after a ransom demand was not met.

*Source

Chinese hackers breached T-Mobile’s routers to scope out network

  • Chinese hackers, identified as part of the “Salt Typhoon” group, successfully breached T-Mobile’s routers to probe the company’s network.
  • T-Mobile reported that the attack before it could escalate or compromise customer data, thanks to their cybersecurity measures, including proactive monitoring and network segmentation.
  • The breach was detected when suspicious commands associated with reconnaissance activities were executed on T-Mobile’s routers. Jeff Simon, T-Mobile’s Chief Security Officer, emphasized that no sensitive customer information, such as calls or texts, was accessed during this incident.
  • The attack originated from a connected wireline provider’s network, which T-Mobile quickly disconnected due to security concerns.

*Source

Zello asks users to reset passwords after security incident

  • Zello has issued a warning to its users, advising them to reset their passwords if their accounts were created before November 2, 2024, following a potential security incident.
  • This alert comes after many users received notifications on November 15, urging them to change their passwords as a precautionary measure.
  • The company has not confirmed whether this situation stems from a data breach or a credential stuffing attack, but it suggests that unauthorized individuals may have gained access to user passwords.
  • Zello, which serves around 140 million users primarily in emergency services and communication sectors, has not provided further details regarding the incident.
  • Users have been encouraged to also update passwords for other online services if they share the same credentials.

*Source

New York fines Geico $9.8 million over data breach

  • New York’s Attorney General has imposed a $9.75 million fine on Geico due to significant data breaches that compromised the personal information of approximately 116,000 drivers in the state.
  • The breaches occurred during the COVID-19 pandemic, when cyberattacks targeting sensitive data surged, particularly for fraudulent unemployment claims.
  • Both Geico and Travelers Indemnity Company were found to have violated state data protection regulations by failing to implement adequate security measures.
  • Travelers was fined $1.55 million for a separate breach affecting around 4,000 individuals24.
  • The investigations revealed that attackers exploited vulnerabilities in Geico’s insurance quoting tools and Travelers’ agent portal, which lacked multifactor authentication, leading to unauthorized access and data theft

*Source