Mage Data strengthens its data security posture with the ISO 27001 certification. READ MORE >


Dell API abused to steal 49 million customer records in data breach

  • The recent Dell data breach involved a threat actor who accessed the company’s partner portal API as a fake company, scraping information from 49 million customer records.
  • The breach exposed customer order data, including warranty information, service tags, customer names, installed locations, customer numbers, and order numbers.
  • The threat actor, known as Menelik, created a program to generate service tags and submitted them to the portal, allowing them to harvest the data by generating 5,000 requests per minute for three weeks without Dell blocking the attempts.


Massive webshop fraud ring steals credit cards from 850,000 people

  • A massive webshop fraud ring called ‘BogusBazaar’ has stolen credit card details from over 850,000 people in the US and Europe.
  • The criminal group operated a network of 75,000 fake online shops that tricked victims into making purchases, allowing them to steal payment information and attempt to process an estimated $50 million in fraudulent orders.
  • The BogusBazaar network, which has recently diminished to around 22,500 active sites, hosted fake shops on previously expired domains with good reputations.


JPMorgan Chase Suffers Data Breach Affecting Personal Information of 451,809 Customers

  • JPMorgan Chase recently experienced a data breach affecting the personal information of approximately 451,809 customers.
  • The breach, discovered by the banking giant, was due to a software issue that had been active since August 26, 2021.
  • This bug allowed unauthorized access to retirement plan records containing sensitive data like names, addresses, Social Security numbers, and bank account numbers.
  • JPMorgan has since rectified the issue that inadvertently granted full access to several “authorized system users” employed by JPMorgan customers or their agents.


UK confirms Ministry of Defence payroll data exposed in data breach

  • The UK Government confirmed a recent data breach at the Ministry of Defence, where a threat actor gained access to part of the Armed Forces payment network.
  • This breach exposed personal data belonging to active and reserve personnel, as well as some recently retired veterans.
  • The compromised system, managed by a contractor and separate from the MoD’s core network, contained names, banking details, and in some cases, addresses.
  • Approximately 270,000 payroll records were exposed, but the incident did not significantly impact salaries, expense payments, or veterans’ pensions.
  • The MoD took immediate action upon discovery, isolating the system to prevent further intrusion and halting payment processing.


Largest non-bank lender in Australia warns of a data breach

  • Firstmac, the largest non-bank lender in Australia, experienced a cyber incident where unauthorized individuals accessed part of their IT system and stole customer data.
  • The exposed data includes sensitive information like full names, addresses, email addresses, phone numbers, dates of birth, bank account details, and driver’s license numbers for some customers.
  • Firstmac reassured customers that their accounts and funds are secure and implemented enhanced security measures such as two-factor authentication (2FA) for account changes.
  • The Embargo cyber extortion group claimed responsibility for the breach and leaked over 500GB of stolen data from Firstmac.


MedStar Health Reports Data Breach Impacting 183,000 Patients

  • MedStar Health, a prominent non-profit healthcare provider disclosed a data breach that impacts more than 183,000 patients from its hundreds of care locations which it operates in the Baltimore-Washington area in the U.S.
  • The impacted individuals’ personal data may have been compromised when an outsider gained access to emails and files of three employees, MedStar Health said in a statement on the data breach.
  • MedStar Health reported notifying 183,709 affected patients via letters and filed a notice with the Department of Health and Human Services.
  • Patient information including names, addresses, dates of birth, service dates, provider names and insurance details, were contained in the compromised emails and files.