SecureFact – Cyber Security News – Week of March 17, 2025

In 2024, Americans lost a record $12.5 billion to fraud, a 25% increase from the previous year, according to the FTC.
Investment scams were the costliest, totaling $5.7 billion, followed by imposter scams at $2.95 billion.
Younger individuals reported fraud more frequently than those over 70.
Job scams have also seen a significant rise.
While online scams were common, phone interactions resulted in higher individual losses.
Email was the most frequent initial contact method by scammers.
The FTC’s Consumer Sentinel Network received 6.5 million consumer reports, but this is likely a fraction of the actual fraud due to underreporting.
Victims can report fraud at IdentityTheft.gov and ReportFraud.ftc.gov.

Kaspersky reports that 2.3 million credit and debit cards were leaked on the dark web between 2023 and 2024 due to infostealer malware, which infected 26 million Windows devices.
Bank card information is compromised in approximately one out of every 14 infections.
The Redline infostealer was the most common, while Risepro saw a significant increase in infections, targeting not only banking details but also cryptocurrency wallets, spreading through software cracks and game mods.
Kaspersky recommends users monitor bank notifications, use two-factor authentication, and perform regular security scans.

PowerSchool, a cloud-based K-12 software provider, suffered a significant data breach in December 2024 through its customer support portal, PowerSource, potentially affecting millions of students and teachers.
A recent CrowdStrike investigation revealed that PowerSchool was initially hacked in August and September 2024 using the same compromised credentials.
While the December breach led to the exfiltration of sensitive data, including names, addresses, SSNs, and grades, there’s no evidence the stolen data has been leaked, possibly due to a paid ransom.
The investigation couldn’t confirm if the earlier breaches were by the same threat actor. PowerSchool has yet to disclose the full impact of the breach, but sources indicate that over 6,500 school districts and a total of 72 million students and teachers may have had their data stolen.

Rivers Casino Philadelphia experienced a significant data breach in November 2024, exposing sensitive personal information of thousands of individuals.
Unauthorized actors accessed and potentially exfiltrated files containing names, Social Security numbers, and bank account details used for direct deposits.
The breach was specific to the Philadelphia location and did not affect other Rivers Casino sites. By December 30, 2024, the casino began notifying affected individuals via letters and emails.
The ransomware group Cicada3301 claimed responsibility, stating it had stolen 2.56 TB of data and demanded a ransom by February 15, 2025.
The casino has not disclosed whether it paid the ransom.
In response, Rivers Casino secured its systems and launched an investigation.
It is also offering one year of identity theft protection through Experian to eligible victims.
Several law firms, including Levi & Korsinsky LLP, are investigating the breach and exploring potential class-action lawsuits for impacted individuals.

Bank of America warned certain customers about a potential data breach stemming from a document-handling mishap by a third-party vendor on December 30.
The vendor failed to secure bank documents during transit, leading to some being found outside their containers near a financial center.
The unsecured information included personal details like names, addresses, Social Security numbers, and financial data.
Bank of America is monitoring affected accounts and offering a free two-year Experian identity theft protection service.
The exact number of affected customers and locations isn’t specified, but Massachusetts reported two residents affected, with their Social Security, credit card, and financial account information breached.