T-Mobile confirms it was hacked in recent wave of telecom breaches
- T-Mobile has confirmed that it was hacked as part of a recent wave of breaches targeting telecommunications companies, attributed to Chinese state-sponsored threat actors known as Salt Typhoon.
- This group has been active since at least 2019 and typically focuses on government and telecom entities in Southeast Asia.
- The breach reportedly allowed access to private communications, call records, and law enforcement information requests, particularly affecting the cellphone lines of senior U.S. officials
- The company is actively monitoring the situation and collaborating with industry peers and authorities
US govt officials’ communications compromised in recent telecom hack
- Chinese hackers have compromised the private communications of a limited number of U.S. government officials following breaches at multiple telecommunications companies, including AT&T, Verizon, and Lumen Technologies.
- This was confirmed by CISA and the FBI, which stated that the attackers, linked to the Chinese state-sponsored group Salt Typhoon, accessed customer call records and information related to law enforcement requests.
- The hacking group reportedly maintained access to these networks for months, enabling them to collect extensive data from various internet service providers affecting millions of Americans. The breach also involved systems used for court-authorized wiretapping requests.
- In addition to U.S. targets, Canada has reported similar attacks by China-backed actors on its government agencies and democratic institutions.
Leaked info of 122 million linked to B2B data aggregator breach
- A significant data breach involving the business contact information of 122 million individuals has been confirmed to originate from DemandScience, a B2B demand generation platform.
- The breach, which was initially reported in February 2024 by a threat actor named ‘KryptonZambie,’ involved the sale of 132.8 million records on BreachForums.
- These records included full names, addresses, email addresses, phone numbers, job titles, and social media links.
- Security expert Troy Hunt confirmed the authenticity of the leaked data and noted that it included his own information from a previous employment at Pfizer.
HIBP notifies 57 million people of Hot Topic data breach
- Have I Been Pwned (HIBP) has alerted nearly 57 million customers about a data breach involving Hot Topic, Box Lunch, and Torrid.
- The breach, claimed by a hacker named “Satanic” on October 21, 2024, reportedly exposed personal information including full names, email addresses, dates of birth, phone numbers, physical addresses, purchase history, and partial credit card details.
- The hacker initially sought to sell the stolen database of 350 million records for $20,000 and demanded a ransom of $100,000 from Hot Topic.
- A report suggested that the breach may have stemmed from malware that compromised credentials for a data unification service used by the retailer.
- The dataset includes around 25 million credit card numbers encrypted with a weak cipher.
- Customers are advised to remain vigilant against phishing attempts and to monitor their financial accounts for unusual activity.
- HIBP has set up a site for individuals to check if their information has been compromised.
Amazon confirms employee data breach after vendor hack
- Amazon has confirmed a significant data breach affecting its employees, following a hack of a third-party vendor associated with the company.
- The breach, attributed to a threat actor known as Nam3L3ss, involved the leak of over 2.8 million lines of employee data, which includes names, contact details, and work locations.
- This incident is linked to the broader MOVEit data theft attacks that occurred in May 2023, where a zero-day vulnerability in the MOVEit Transfer platform was exploited by cybercriminals.
- An Amazon spokesperson clarified that the compromised data was limited to employee work contact information and did not include sensitive personal data such as Social Security numbers or financial information.
- The vendor responsible for the breach has since addressed the security vulnerabilities that allowed the attack.
- Nam3L3ss has also claimed to have leaked data from 25 other companies during this incident, highlighting a widespread issue stemming from the MOVEit attacks that have affected numerous organizations globally, including notable names like Lenovo, McDonald’s, and HSBC.
Yorozu Corporation Faces Cyberattack, Delays Financial Report Submission Amid Data Breaches
- Yorozu Corporation, a prominent Japanese automotive parts manufacturer, announced a delay in its semi-annual securities report submission due to a ransomware attack that occurred in mid-October 2024.
- The attack disrupted critical operations, leading to the report’s new deadline of January 17, 2025, which extends the original due date by two months.
- The company detected the cyberattack on October 14, when several internal files were encrypted, prompting immediate cybersecurity protocols and the formation of an incident response team.
- Despite efforts to isolate affected servers and prevent further damage, the attack compromised critical data and raised concerns about potential leaks of personal and confidential information.
- Yorozu has notified Japan’s Personal Information Protection Commission and is collaborating with external experts to investigate the breach.