Try it
Schedule a Demo
sf-22

SecureFact – Cyber Security News – Week of November 25, 2024

Cyberattack at French hospital exposes health data of 750,000 patients

  • A cyberattack on a French hospital has resulted in the exposure of medical records for approximately 750,000 patients.
  • The breach was executed by a hacker known as ‘nears’, who claims to have accessed the electronic patient record system of MediBoard, a software solution used across various healthcare facilities in France.
  • The hacker has also claimed access to patient records for over 1.5 million individuals and is reportedly attempting to sell this access, which includes sensitive healthcare and billing information.
  • The exposed data consists of personal details such as full names, dates of birth, addresses, phone numbers, email addresses, physician information, prescriptions, and health card histories.

*Source

US space tech giant Maxar discloses employee data breach

  • Maxar Space Systems, a prominent U.S. satellite manufacturer, has disclosed a data breach affecting its employees’ personal information.
  • The breach was detected on October 11, 2024, after hackers accessed the company’s network using a Hong Kong-based IP address.
  • The compromised data includes sensitive employee details such as names, home addresses, Social Security numbers, business contact information, gender, employment status, job titles, and supervisor information.
  • However, Maxar confirmed that no bank account information was exposed during the incident.
  • In response to the breach, Maxar has implemented measures to secure its systems and is offering current employees identity protection and credit monitoring services through IDShield.
  • Former employees can enroll in identity theft protection services until mid-February 2025.

*Source

Microlise Admits Hackers Compromised Corporate Data in Cyberattack

  • Microlise, a Nottingham-based telematics company, has confirmed a cyberattack that occurred three weeks ago, leading to the exfiltration of corporate data from its headquarters.
  • The breach temporarily disrupted customer operations, particularly affecting services for British prison vans, which lost tracking and panic alarm functionalities.
  • However, Microlise has largely contained the incident, with most systems restored to normal functionality.
  • The company reassured stakeholders that no customer system data was compromised during the attack.
  • Despite this, some clients are conducting their own security verifications before fully reactivating user access.
  • Microlise has notified affected individuals about potential exposure of employee data and is cooperating with the Information Commissioner’s Office (ICO) and law enforcement in the investigation.

*Source

Microsoft Power Pages misconfigurations exposing sensitive data

  • Microsoft Power Pages has been found to have significant security misconfigurations that could expose sensitive data.
  • A report from the security firm CyberArk revealed that many Power Pages sites were left publicly accessible due to improper default settings, allowing unauthorized access to confidential information, including customer data and internal documents.
  • The vulnerabilities stem from a lack of proper configuration management, which can lead to data leaks if organizations do not adequately secure their web applications.
  • In response, Microsoft has urged users to follow best practices for securing their Power Pages sites, including implementing strict access controls and regularly auditing configurations.

*Source

Data breach exposes over 56 million clothing store customers

  • A significant data breach has exposed the personal information of over 56 million customers from the fashion retailer Hot Topic, along with its affiliates Torrid and Box Lunch.
  • The breach was first reported by cybersecurity firm Hudson Rock, which traced the incident back to a malware infection on an employee’s computer at Robling, a third-party analytics provider.
  • The hacker, using the alias “Satanic,” claimed responsibility for the breach, offering the stolen database for sale and demanding a ransom from Hot Topic.
  • The leaked data includes sensitive information such as email addresses, physical addresses, phone numbers, purchase history, gender, and dates of birth, as well as partial credit card details.
  • Although Hot Topic has not confirmed the breach or notified affected customers, the incident reportedly occurred on October 19.
  • Cybersecurity experts warn that the exposed data could lead to increased phishing attempts and identity theft risks for affected individuals.

*Source

Fintech giant Finastra investigates data breach after SFTP hack

  • Finastra, a major fintech company, is investigating a data breach following a cyberattack on its Secure File Transfer Platform (SFTP) on November 7, 2024.
  • The breach was detected when a threat actor, known as “abyss0,” began selling allegedly stolen data on a hacking forum, claiming to have accessed 400GB of information from Finastra.
  • The company has confirmed that the breach was limited to the SFTP system and did not extend to other platforms.
  • They are working with external cybersecurity experts to assess the situation and have isolated the affected platform as a precaution.
  • While Finastra has not confirmed whether the data being sold belongs to them, they are notifying individuals who may be affected directly

*Source