Mage Data strengthens its data security posture with the ISO 27001 certification. READ MORE >




CYBER SECURITY NEWS – WEEK OF SEPTEMBER 16, 2024


Nearly 1 million Medicare beneficiaries face data breach

  • Nearly 1 million Medicare beneficiaries are facing a potential data breach involving their personal information.
  • The breach was linked to a cybersecurity incident with MOVEit, a file transfer software used by the Wisconsin Physicians Service (WPS) Insurance Corp., which reported the issue to the Centers for Medicare & Medicaid Services (CMS) on July 2024. Upon discovering the breach, WPS conducted an investigation that confirmed unauthorized copying of files containing protected health information.
  • While there have been no reports of identity fraud directly resulting from this breach, CMS and WPS are proactively notifying affected individuals and offering resources to help protect their information.

*Source

300K Victims’ Data Compromised in Avis Car Rental Breach

  • A data breach at Avis Car Rental has compromised the personal information of approximately 300,000 customers.
  • The breach, which occurred in late 2023, involved unauthorized access to sensitive data, including names, addresses, phone numbers, and driver’s license numbers.
  • Avis has begun notifying affected customers and is offering them identity theft protection services.

*Source

Payment gateway data breach affects 1.7 million credit card owners

  • A data breach at payment gateway provider Slim CD has compromised the personal and credit card information of approximately 1.7 million individuals.
  • The breach occurred over nearly a year, from August 2023 to June 2024, with unauthorized access detected on June 15, 2024. The compromised data includes full names, physical addresses, credit card numbers, and expiration dates.
  • However, the lack of card verification numbers (CVV) means that while the risk of fraud exists, it may not be sufficient for immediate fraudulent transactions.
  • Slim CD has since implemented enhanced security measures and has advised affected individuals to monitor for signs of fraud and report any suspicious activity to their card issuers.

*Source

Transport for London confirms customer data stolen in cyberattackSource

  • Transport for London (TfL), the urban transportation agency, has confirmed that a cyberattack on September 1, 2024, resulted in the theft of customer data, including names, contact details, email addresses, and home addresses.
  • The agency also discovered that hackers may have accessed Oyster card refund data and bank account details for approximately 5,000 customers.
  • While the impact on operations has been minimal, TfL is still facing system outages and disruptions.

*Source

Fortinet confirms data breach after hacker claims to steal 440GB of files

  • Cybersecurity company Fortinet has confirmed a data breach involving the theft of 440GB of files from its Microsoft SharePoint server.
  • The breach was disclosed by a hacker known as “Fortibitch,” who claimed to have stolen the data and attempted to extort Fortinet for ransom.
  • The hacker shared credentials to an S3 bucket where the stolen files are allegedly stored. Fortinet acknowledged that unauthorized access occurred to a limited number of files on a third-party cloud-based shared file drive, which included some data related to a small number of customers.
  • However, the company did not specify how many customers were affected or the nature of the compromised data. Fortinet has communicated directly with impacted customers but has not provided further details publicly.

*Source

Toyota has a data dilemma after hackers leak 240GB of customer information

  • A hacker group known as ZeroSevenGroup leaked 240GB of customer and employee data from Toyota on a dark web forum.
  • The leaked information includes sensitive details such as contact information, financial records, and emails.
  • Toyota initially acknowledged the incident but later claimed that the data was stolen from a third-party entity, not directly from their systems.
  • The breach appears to be linked to an earlier incident involving Toyota Financial Services, with the data possibly being created or stolen in December, 2022.
  • To protect themselves, customers are advised to enable two-factor authentication, monitor their financial accounts for unusual activity, and be cautious of phishing scams.

*Source

SECUREFACT ARCHIVE >