Try it
Schedule a Demo
1 2

SecureFact – Cyber Security News – Week of December 09, 2024

BT unit took servers offline after Black Basta ransomware breach

  • Multinational telecommunications company BT Group confirmed that its BT Conferencing division took several servers offline following a ransomware attack attributed to the Black Basta group.
  • The incident, reported on December 4, 2024, involved an attempt to compromise the BT Conferencing platform, but the company stated that its core operations and conferencing services remained unaffected.
  • The Black Basta gang claimed to have stolen approximately 500GB of sensitive data, including financial records, personal documents, and confidential information.
  • They provided evidence of their breach by publishing folder listings and screenshots of documents on their dark web site, alongside a countdown indicating when they would leak the data.
  • BT Group is currently investigating the breach and cooperating with regulatory and law enforcement agencies.

*Source

Anna Jaques Hospital ransomware breach exposed data of 300K patients

  • Anna Jaques Hospital in Massachusetts confirmed that a ransomware attack on December 25, 2023, exposed sensitive data for over 316,000 patients.
  • The hospital, known for its community healthcare services, took immediate action to contain the breach by taking affected systems offline and notifying law enforcement.
  • The attack was attributed to the Money Message ransomware group, which began publicly extorting the hospital on January 19, 2024.
  • The exposed information includes: Demographic information, Medical information
  • Health insurance details, Social Security numbers, Driver’s license numbers, financial information, Other personal health information
  • While the hospital reported no indications of fraud resulting from the incident, it has notified affected individuals and offered them 24 months of identity protection and credit monitoring services through Experian and 1B.
  • Patients are also advised to monitor their financial accounts for any suspicious activity.

*Source

FTC bans data brokers from selling Americans’ sensitive location data

  • On December 3, 2024, the Federal Trade Commission (FTC) imposed a ban on data brokers Mobilewalla and Gravy Analytics for unlawfully collecting and selling sensitive location data of Americans.
  • This data included tracking information related to visits to sensitive locations such as churches, healthcare facilities, military installations, and schools.
  • The FTC’s complaint highlighted that Gravy Analytics and its subsidiary, Venntel, utilized this location data to create products that allowed clients—including government agencies like the IRS, DEA, FBI, Customs and Border Protection, and ICE—to access detailed historical location data over three years.
  • They could also track devices continuously and gather various device-related information.
  • As part of the settlement, both companies are prohibited from selling or using sensitive location data in any form and must implement a program to manage sensitive location data.
  • Additionally, Mobilewalla is banned from collecting consumer data from online advertising auctions for non-auction purposes.

*Source

1.6 crore customer records of HDFC Life being sold on Dark Web: CyberPeace

  • The CyberPeace research team has reported that 1.6 crore (16 million) customer records from HDFC Life Insurance are being sold on the Dark Web for 200,000 USDT (approximately $200,000).
  • The compromised data includes sensitive information such as policy numbers, names, mobile numbers, dates of birth, email addresses, residential addresses, and health status.
  • HDFC Life acknowledged instances of data leaks and is currently assessing the impact of this breach.
  • The insurance company is conducting a thorough investigation with cybersecurity experts to determine the root cause and necessary remedial actions.
  • CyberPeace indicated that the hackers have already sold parts of the data in smaller batches, raising concerns about potential misuse for phishing scams and identity theft.
  • This incident follows a similar case involving Star Health Insurance, where 7.24 TB of customer data was reportedly made available for sale after a cyberattack in October.

*Source

Data broker blunder: More than 600,000 sensitive files exposed in data services leak

  • A significant data breach has occurred involving SL Data Services LLC, which exposed over 600,000 sensitive files containing personal information of Americans.
  • The leaked database included 644,869 PDF files totaling 713.1 GB of data, primarily consisting of background checks, court records, and vehicle ownership details. This information revealed highly sensitive data such as full names, addresses, phone numbers, email addresses, employment details, and criminal histories.
  • The database was left publicly accessible without any password protection or encryption, making it easy for anyone with the link to access and download the files.
  • The naming convention of the files further compromised privacy by including identifiable details in the filenames.
  • This incident raises serious concerns about data security practices among companies that profit from personal information.

*Source

CISA Issues Guidance to Telecom Sector on Salt Typhoon Threat

  • The Cybersecurity and Infrastructure Security Agency (CISA) has issued guidance to telecommunications companies regarding the Salt Typhoon threat, which is linked to a Chinese state-sponsored hacking group.
  • This group has been targeting telecom and technology sectors, particularly in the Asia-Pacific region, with a focus on gaining access to sensitive data and compromising network infrastructure.
  • CISA’s recommendations include: Implementing robust security measures such as multifactor authentication and regular software updates. Monitoring network traffic for unusual activity that could indicate a breach.Employing encrypted messaging services to secure communications and Conducting regular security assessments to identify and mitigate vulnerabilities.
  • The agency emphasizes the importance of collaboration between private and public sectors to enhance overall cybersecurity resilience against such sophisticated threats.

*Source