SecureFact – Cyber Security News – Week of January 20, 2025

Otelier, a hotel management platform, experienced a significant data breach that exposed personal information and reservations for millions of guests associated with major hotel brands like Marriott, Hilton, and Hyatt.
The breach reportedly began in July 2024 and continued until October, during which hackers accessed nearly eight terabytes of data from Otelier’s Amazon S3 cloud storage.
The attackers gained access by initially compromising Otelier’s Atlassian server through stolen employee credentials obtained via malware.
They downloaded extensive data, including nightly reports and accounting documents related to Marriott, which confirmed the breach’s impact but stated that none of its own systems were compromised.
While the stolen data includes guests’ names, addresses, phone numbers, and email addresses, there is no evidence that sensitive information like passwords or billing details was taken.

Wolf Haldenstein Adler Freeman & Herz LLP has reported a significant data breach affecting approximately 3.5 million individuals.
The breach, which occurred on December 13, 2023, was only disclosed publicly on January 12, 2025, due to complications in data analysis and digital forensics.
The breach was detected when suspicious activity was noted in the firm’s network, leading to the discovery that unauthorized access had occurred.
The exposed data includes sensitive information such as full names, Social Security numbers, employee identification numbers, medical diagnoses, and medical claim information.
Although the firm has not found evidence of misuse of this data, the exposure heightens the risk of phishing and other targeted attacks.
Wolf Haldenstein has struggled to notify affected individuals due to difficulties in locating their contact information.

Avery Products Corporation has reported a data breach following a cyberattack on its website, which occurred on December 9, 2024.
The breach was linked to a card skimmer that had been implanted on their online shop, avery.com, as early as July 18, 2024.
This malicious software allowed attackers to scrape sensitive payment information entered by customers during transactions.
The compromised data includes customers’ names, billing and shipping addresses, email addresses, phone numbers, and payment card details (such as card numbers, CVV codes, and expiration dates).
However, no Social Security numbers or government-issued IDs were involved. Despite this, the exposed information is sufficient for potential fraudulent transactions.
Avery acknowledged receiving reports from customers about unauthorized charges and phishing attempts after the breach.
Approximately 61,193 customers were affected by this incident.
To assist those impacted, Avery is offering 12 months of free credit monitoring through Cyberscout and has set up a dedicated assistance line for inquiries related to the breach.

OneBlood, a non-profit organization that supplies blood to over 250 hospitals in the U.S., has confirmed that a ransomware attack in July 2024 resulted in the theft of personal data from its donors.
The attack, which began on July 14 and was discovered on July 28, forced OneBlood to revert to manual processes, causing significant delays in blood collection and distribution, ultimately leading to critical shortages.
The organization notified the public about the breach on July 31, but it wasn’t until January 2025 that they began sending out data breach notifications to affected individuals.
The investigation revealed that the stolen data primarily included names and Social Security numbers, raising concerns about potential identity theft and financial fraud.
To assist those impacted, OneBlood is offering a free one-year credit monitoring service and recommends that individuals consider placing credit freezes or fraud alerts on their accounts.
Although OneBlood fulfilled its commitment to inform affected individuals, the six-month delay in notification has left many at risk.

Telefónica has confirmed a data breach that exposed sensitive information from its Jira ticketing system, affecting customer data.
The breach, which occurred in December 2024, allowed unauthorized access to internal tickets containing personal details of customers, including names, email addresses, and phone numbers.
The attackers reportedly exploited vulnerabilities in the company’s systems to gain entry and extract data.
Telefónica has stated that they are investigating the incident and have implemented measures to enhance security protocols to prevent future breaches.
The company is also notifying affected customers and advising them to remain vigilant against potential phishing attempts or identity theft resulting from the exposure of their information.
This incident highlights ongoing concerns regarding cybersecurity in large organizations and the importance of robust data protection measures.