CYBER SECURITY NEWS – WEEK OF JUNE 24, 2024
Jollibee Cyberattack: Data of 32 Million Customers of Fast Food Chain Allegedly Compromised
- Jollibee, a popular fast-food chain in the Philippines, is reportedly facing a data breach.
- Jollibee, a popular fast-food chain in the Philippines, is reportedly facing a data breach. \
- A hacker using the alias “Sp1d3r” claims to have infiltrated Jollibee’s systems and gained access to sensitive data of 32 million customers.
- This data supposedly includes names, addresses, phone numbers, emails, and even details about food orders and transactions.
- The hacker is allegedly trying to sell this information for $40,000. The news came to light on June 20, 2024.
Massive data breach exposes over 3 million Americans’ personal information to cybercriminals
- A massive data breach at Financial and Consumer (FS), a debt collection agency, has exposed the personal information of over 3 million Americans to cybercriminals.
- The breach, which occurred on Valentine’s Day and was detected on February 2024, compromised sensitive data such as names, Social Security numbers, dates of birth, and driver’s license or ID card numbers.
- While the affected company initially thought 1.9 million were impacted, the number has risen to 3 million. The company has informed those affected and authorities are involved.
Chicha San Chen membership database hacked, says parent company
- A hacker gained unauthorized access to the customer relationship management system of Chicha San Chen, a popular bubble tea chain in Singapore, compromising the personal information of its members.
- The breach exposed members’ names, mobile numbers, email addresses, and encrypted login passwords. Chicha San Chen’s parent company, YKGI, has reported the incident to the Personal Data Protection Commission and is working with the external vendor managing the system to strengthen cybersecurity measures.
- YKGI has started notifying affected individuals and is advising all Chicha San Chen members to change their login passwords immediately
Frontier fallout as 750K customers’ data exposed in RansomHub cyberattack
- Frontier Communications, a leading U.S. telecommunications company, has suffered a significant data breach that exposed the personal information of over 750,000 customers.
- The breached data included full names and Social Security numbers for 751,895 customers, though Frontier assured that no financial information was compromised.
- The cybercrime group RansomHub claimed responsibility for the attack on June 2024, raising suspicions about the timing of Frontier’s data breach notification. RansomHub allegedly stole data on 2 million customers, including personal information and details about their Frontier services.
- Frontier is currently notifying affected customers and providing them with free credit monitoring and identity theft resolution services for one year.
Pharma giant’s data breach exposes patients’ sensitive information
- Pharmaceutical giant Cencora, previously known as AmerisourceBergen, has experienced a data breach exposing sensitive medical information of its patients.
- The breach began on February 21, 2024, and was disclosed to regulators a week later on February 27.
- The stolen data includes patients’ names, addresses, dates of birth, health diagnoses, and medications.
- Cencora has initiated notifications to affected individuals, acknowledging that it lacks complete address information for some of them. The company has identified and notified around half a million people so far, but the full extent of the breach remains unclear.
Hackers Detail How They Allegedly Stole Ticketmaster Data From Snowflake
- A cybercrime group known as ShinyHunters has claimed responsibility for a series of data breaches that have impacted several major companies, including EPAM Systems, Snowflake, and Ticketmaster.
- The ShinyHunters group has been actively selling stolen data from these breaches on dark web forums. The compromised data includes sensitive information such as customer names, email addresses, passwords, and in some cases, financial data.
- These data breaches highlight the ongoing threat of cybercrime groups like ShinyHunters, who are actively targeting high-profile companies to steal and sell sensitive customer data.
Lack of MFA Implementation Likely Caused Medibank Data Breach
- The lack of multi-factor authentication (MFA) was a key factor that enabled the data breach at Medibank, one of Australia’s largest private health insurers.
- The breach, which occurred in October 2022, exposed the personal information of nearly 10 million current and former customers.
- The investigation revealed that Medibank failed to implement MFA on its systems, allowing hackers to gain unauthorized access using stolen credentials.
- The breach resulted in the exposure of sensitive customer data, including names, addresses, birthdates, phone numbers, email addresses, Medicare numbers, and health claims information.