Try it
Schedule a Demo
October 14

SecureFact – Cyber Security News – Week of October 14, 2024

Internet Archive hacked, data breach impacts 31 million users

  • The Internet Archive has suffered a significant data breach affecting approximately 31 million users.
  • A threat actor compromised the website, stealing a user authentication database that includes unique records such as email addresses, screen names, and Bcrypt-hashed passwords.
  • The breach was revealed through a JavaScript alert displayed on the archive.org site, which directed users to the Have I Been Pwned (HIBP) service, indicating their data may have been exposed.
  • The stolen database, named “ia_users.sql,” is a 6.4GB SQL file containing authentication information for registered members.
  • Cybersecurity expert Troy Hunt confirmed the authenticity of the data after reaching out to affected users.

*Source

Star Health Data Breach: Hacker Alleges Top Executive’s Role In Leaking Personal Details, Records Of Over 31 Million Customers

  • Star Health Insurance has experienced a significant data breach, exposing the personal details of over 31 million customers.
  • The breach includes sensitive information such as names, addresses, phone numbers, tax details, and medical records.
  • A hacker has alleged that the Chief Information Security Officer (CISO), sold this data for $150,000.
  • The hacker reportedly used Telegram chatbots to sell the stolen data, which included policy details and medical diagnoses.
  • In response to the breach, Star Health has filed lawsuits against Telegram and Cloudflare for their roles in facilitating the leak.

*Source

Fidelity Investments says data breach affects over 77,000 people

  • Fidelity Investments has disclosed a data breach affecting over 77,000 customers, which occurred between August 17 and 19, 2024.
  • An unknown attacker accessed personal information through two newly established customer accounts.
  • Although Fidelity detected the unauthorized activity on August 19 and terminated access immediately, the specific types of personal information compromised have not been fully detailed, aside from names and identifiers.
  • The company stated that there is no evidence of misuse of the stolen data and emphasized that no actual account access occurred.
  • To support those affected, Fidelity is offering two years of free credit monitoring and identity restoration services through TransUnion.

*Source

ADT discloses second breach in 2 months, hacked via stolen credentials

  • ADT has disclosed a data breach affecting its systems for the second time in two months, with unauthorized access occurring through stolen credentials obtained from a third-party business partner.
  • The breach, reported in an SEC filing, resulted in the exfiltration of encrypted employee account data.
  • In response, ADT terminated the unauthorized access and initiated an investigation with third-party cybersecurity experts while cooperating with federal law enforcement.
  • Although the company stated that customer data and security systems were not compromised, the containment measures have caused disruptions to internal operations.
  • This incident follows a previous breach in August, where approximately 30,800 customer records were leaked on a hacking forum, including personal details like emails and addresses.

*Source

MoneyGram confirms hackers stole customer data in cyberattack

  • MoneyGram has confirmed that hackers stole customers’ personal information and transaction data during a cyberattack that occurred in late September 2024.
  • The attack, detected on September, forced the company to shut down its IT systems, disrupting services for five days.
  • The breach reportedly took place between September 20 and 22, when threat actors accessed the network and extracted various sensitive customer information, including names, email addresses, postal addresses, phone numbers, utility bills, government IDs, and Social Security numbers.
  • The extent of the stolen data varied by customer.
  • The breach was initiated through a social engineering attack on MoneyGram’s IT help desk, where attackers impersonated an employee to gain access.

*Source

Comcast Data Breach Exposes Personal Information of 237,000

  • Comcast has confirmed a data breach affecting over 237,000 individuals, including 22 residents of Maine, linked to a cyberattack on Financial Business and Consumer Solutions, Inc. (FBCS), a third-party service provider.
  • The breach began on February 14, 2024, when unauthorized access to the FBCS network led to the downloading and encryption of sensitive data during a ransomware attack.
  • Initially, FBCS informed Comcast on March 13 that no consumer data had been compromised.
  • However, on July 17, they revealed that customer data had indeed been affected. The compromised information includes names, addresses, Social Security numbers, dates of birth, and Comcast account numbers, posing significant risks for identity theft and fraud.
  • FBCS has reported the breach to the FBI and engaged third-party cybersecurity experts for investigation.

*Source

Casio confirms customer data stolen in a ransomware attack

  • Casio has confirmed that it suffered a ransomware attack earlier this month, resulting in the theft of personal and confidential data belonging to employees, job candidates, and some customers.
  • The attack caused significant system disruptions and service outages, prompting the company to investigate the unauthorized access to its networks.
  • The Underground ransomware group claimed responsibility for the breach and leaked various documents purportedly stolen from Casio’s systems.
  • Following this, Casio acknowledged that sensitive data had been compromised, including: Personal information of permanent and temporary employees, Details related to business partners and certain affiliates, Information about individuals who interviewed for jobs at Casio, Customer data linked to services provided by Casio, Financial data concerning invoices and sales transactions, Internal documents covering legal, financial, human resources, audit, sales, and technical matters.
  • However, Casio clarified that no credit card information was exposed, as payment data is not stored on its systems.
  • As the investigation continues, Casio warns that the impact may expand and advises those potentially affected to remain vigilant against unsolicited emails.

*Source