Try it
See a demo
sf-22

SecureFact – Cyber Security News – Week of January 13, 2025

UK domain registry Nominet confirms breach via Ivanti zero-day

  • Nominet, the UK domain registry responsible for managing over 11 million domain names, has confirmed a network breach that occurred two weeks ago due to a zero-day vulnerability in Ivanti’s VPN software.
  • The breach was linked to a critical vulnerability (CVE-2025-0282) that allowed attackers to exploit remote access systems.
  • Despite the breach, Nominet stated there is currently no evidence of data leakage or backdoors in their systems.
  • The company has reported the incident to relevant authorities, including the National Cyber Security Centre (NCSC), and has implemented restrictions on VPN access as a precaution.

*Source

Telefónica confirms internal ticketing system breach after data leak

  • Telefónica has confirmed a breach of its internal ticketing system after data was leaked on a hacking forum.
  • The company, which operates under the name Movistar in Spain, reported that unauthorized access was gained to their Jira development and ticketing server using compromised employee credentials.
  • The attackers, identified by aliases such as DNA, Grep, Pryx, and Rey, claimed to have extracted approximately 2.3 GB of documents and tickets, some of which involved customer-related issues.
  • In response to the breach, Telefónica has taken steps to block unauthorized access and reset passwords for affected accounts.

*Source

STIIIZY data breach exposes cannabis buyers’ IDs and purchases

  • STIIIZY, a prominent California-based cannabis brand, has reported a data breach involving its point-of-sale (POS) vendor, which compromised sensitive customer information.
  • The breach was first detected on November 20, 2024, following a notification from the vendor about unauthorized access by an organized cybercrime group.
  • An investigation revealed that personal data was stolen between October 10 and November 10, 2024.
  • The compromised information includes government-issued IDs such as driver’s licenses and medical cannabis cards, along with transaction histories. Specific details affected include names, addresses, dates of birth, driver’s license numbers, passport numbers, photographs, and signatures.
  • The breach impacted customers who made purchases at select STIIIZY locations in San Francisco, Alameda, and Modesto.In response to the breach, STIIIZY has implemented enhanced security measures and is offering free credit monitoring to affected individuals.

*Source

Largest US addiction treatment provider notifies patients of data breach

  • BayMark Health Services, the largest provider of substance use disorder treatment in North America, has notified patients of a data breach that occurred between September 24 and October 14, 2024.
  • The breach was discovered on October 11, 2024, when unauthorized access disrupted the company’s IT systems.
  • An investigation revealed that attackers accessed files containing sensitive patient information, including Social Security numbers, driver’s license numbers, treatment details, and insurance information.
  • In response to the breach, BayMark is offering one year of free identity monitoring services to affected individuals.
  • The ransomware group RansomHub has claimed responsibility for the attack, stating they stole approximately 1.5 TB of data from BayMark’s systems.
  • The company has implemented additional security measures to prevent future incidents and expressed its commitment to protecting patient information amid growing concerns over healthcare data security breaches

*Source

Medical billing firm Medusind discloses breach affecting 360,000 people

  • Medusind, a major medical billing provider, has disclosed a data breach affecting approximately 360,934 individuals, which occurred in December 2023.
  • The Miami-based company detected suspicious activity on its network and subsequently took affected systems offline, engaging a cybersecurity firm for investigation.
  • The breach exposed various types of sensitive information, including: Health insurance and billing details (e.g., policy numbers and claims information) Payment information (e.g., credit/debit card numbers) Health records (e.g., medical history and prescription information) Government IDs (e.g., Social Security numbers and driver’s licenses) Other personal data (e.g., names, addresses, and contact information)
  • In response to the breach, Medusind is offering two years of free identity monitoring services to those affected, including credit monitoring and identity theft restoration support.

*Source

Thousands of credit cards stolen in Green Bay Packers store breach

  • The Green Bay Packers have reported a data breach affecting over 8,500 customers of their official Pro Shop online store, which occurred in September 2024.
  • The breach was discovered on October 23, prompting the team to disable all checkout and payment functionalities immediately.
  • A subsequent investigation revealed that cybercriminals injected malicious code into the checkout page to steal sensitive customer information.
  • The compromised data included names, addresses, email addresses, credit card types and numbers, expiration dates, and CVVs.
  • However, the attackers were unable to intercept transactions made using gift cards or third-party payment options like PayPal and Amazon Pay.
  • The Packers have since removed the malicious code and implemented security measures with their website vendor.
  • Affected individuals are being offered three years of identity theft restoration and credit monitoring services through Experian.
  • The Packers advised customers to monitor their accounts for any fraudulent activity and report any identity theft attempts to their banks and authorities.

*Source

UN aviation agency confirms recruitment database security breach

  • The United Nations’ International Civil Aviation Organization (ICAO) has confirmed a data breach involving its recruitment database, resulting in the theft of approximately 42,000 records.
  • This incident was first announced on January 8, 2025, following an investigation into a potential security breach.
  • The breach was linked to a threat actor known as “Natohub,” who leaked an archive of documents on the BreachForums hacking forum.
  • The stolen data reportedly includes names, dates of birth, addresses, phone numbers, email addresses, and employment history.
  • However, ICAO clarified that no financial information, passwords, or sensitive personal documents were compromised.
  • The agency emphasized that the breach is limited to recruitment data and does not impact aviation safety or security systems.

*Source