CYBER SECURITY NEWS – WEEK OF MAY 06, 2024
Panda Restaurants discloses data breach after corporate systems hack
- Panda Restaurant Group, the parent company of Panda Express, Panda Inn, and Hibachi-San, disclosed a data breach after attackers compromised its corporate systems in March, affecting the personal information of current and former associates.
- The compromised information includes names, Social Security numbers, driver’s license numbers, financial account information, and payment card data of current and former employees, as well as customer payment card data.
- Panda Express confirmed that only associate data was compromised, with no guest data involved.
The company took immediate action to secure its environment, engage in remediation efforts, and collaborate with cybersecurity experts and law enforcement to investigate the breach.
London Drugs stores remain closed, ‘cybersecurity incident’ may have breached personal data
- London Drugs stores across Western Canada remain closed due to a cybersecurity incident Initially, the company stated that no personal data had been breached, but they have now reversed this, acknowledging that personal information may have been compromised.
- London Drugs is working with security experts to assess the extent of the breach and will notify affected individuals in accordance with privacy laws if personal information was impacted.
- The company has disabled its telephone lines temporarily for the internal investigation and advises customers to visit stores in person for support.
UnitedHealthcare CEO says ‘maybe a third’ of US citizens were affected by recent hack
- UnitedHealthcare CEO estimates that the personal data of “maybe a third” or around 33% of U.S. citizens was impacted by the breach.
- The full extent of the breach is still under investigation, and it may take months before all affected individuals can be notified.
- The breach occurred due to compromised credentials accessing a Citrix portal that lacked multi-factor authentication.
- While full medical records like doctor charts do not appear to have been stolen, personal health information was accessed by the attackers.
- After this incident, UnitedHealthcare has now enforced multi-factor authentication across its systems to improve security.
Dropbox Warns Hacker Accessed Customer Passwords And 2FA Data
- Dropbox has confirmed a cybersecurity incident where a hacker gained access to customer information, including emails, usernames, phone numbers, hashed passwords, OAuth tokens, and multi-factor authentication data.
- The breach specifically impacted the Dropbox Sign platform, with unauthorized access to the production environment.
- While Dropbox has taken steps like resetting passwords and logging users out of connected devices, they have not found evidence of document access by the attackers.
Central Bank Argentina Data Breach: Hackers Allegedly Offer Customer Info for Sale
- An unverified claim of a data breach at the Central Bank of Argentina, where a threat actor is purportedly selling the bank’s database on a hackers’ forum.
- The potential breach could expose sensitive information like customer names, ID numbers, cities, and phone numbers, leading to identity theft and financial fraud.
- However, crucial details about the cyberattack, including its extent and motive, remain undisclosed.
- The operational status of the bank’s official website raises doubts about the authenticity of the claim.