Mage Data strengthens its data security posture with the ISO 27001 certification. READ MORE >




CYBER SECURITY NEWS – WEEK OF SEPTEMBER 02, 2024


Park’N Fly notifies 1 million customers of data breach

  • Park’N Fly has notified approximately 1 million customers in Canada about a data breach that exposed personal and account information.
  • The breach occurred between July 11 and July 13, 2024, when hackers accessed the company’s network using stolen VPN credentials.
  • On August 1, Park’N Fly confirmed that customer data had been compromised.
  • The exposed information includes full names, email addresses, physical addresses, Aeroplan numbers, and
  • CAA numbers, however, no financial or payment card data was affected

*Source

Patelco notifies 726,000 customers of ransomware data breach

  • Patelco Credit Union has notified 726,000 customers of a data breach following a ransomware attack attributed to the RansomHub gang.
  • The breach occurred after unauthorized access to their network on May 23, 2024, and a subsequent ransomware attack on June 29, which led to a two-week shutdown of customer-facing systems to mitigate damage.
  • The stolen data includes sensitive personal information such as full names, Social Security numbers, driver’s license numbers, dates of birth, and email addresses.

*Source

Google Cloud Bucket Leak Tied to Shark Tank Contestant, Exposed Data of 83,000 People

  • A recent incident involving Google Cloud Storage has revealed a significant data leak due to improperly configured storage buckets.
  • The leak exposed sensitive information belonging to various organizations, including personal data, financial records, and confidential business documents.
  • The vulnerability stemmed from misconfigurations that allowed unauthorized access to these storage buckets.
  • Security researchers discovered that the exposed data could be accessed without any authentication, raising serious concerns about data protection practices within cloud services.

*Source

Chip Giant AMD Hit by Second Alleged Cyberattack in 2024

  • Advanced Micro Devices (AMD) has experienced a second cyberattack in 2024, compromising sensitive internal communications and employee information.
  • This incident is attributed to the criminal groups IntelBroker and EnergyWeaponUser, who are reportedly selling the stolen data on dark web marketplaces.
  • The breach includes user credentials, internal resolutions, and detailed case descriptions.
  • This attack follows a previous incident in June 2024, also linked to IntelBroker, which involved a significant data leak.
  • AMD is currently investigating the breach and has stated they are working to understand its implications.

*Source

FBI: RansomHub ransomware breached 210 victims since February

  • Since its emergence in February 2024, the RansomHub ransomware has breached over 210 victims across various critical sectors in the U.S., including healthcare, telecommunications, and government services.
  • This ransomware-as-a-service (RaaS) operation primarily focuses on data theft rather than file encryption, threatening to leak stolen data if victims do not comply with demands.
  • Notable breaches include those of Patelco credit union, Rite Aid, Christie’s auction house, and Frontier Communications, which exposed personal information of over 750,000 customers.

*Source

Durex India’s Security Lapse Reveals Personal Data of Customers

  • Durex India has reportedly experienced a significant data breach that exposed sensitive customer information due to inadequate security measures on its order confirmation page.
  •  Discovered in late August 2024 by security researcher Sourajeet Majumder, the breach allowed access to customers’ full names, phone numbers, email addresses, shipping addresses, ordered items, and payment details.
  • The breach raises serious concerns about data security, particularly given the intimate nature of the products involved, which could lead to social harassment or moral policing in conservative regions.

*Source

DICK’S shuts down email, locks employee accounts after cyberattack

  • DICK’S Sporting Goods has recently experienced a cyberattack that led to the exposure of confidential information.
  • The breach was detected on August 21, 2024, prompting the company to shut down its email systems and lock employee accounts to contain the threat.
  • Employees are currently unable to access their accounts and must verify their identities manually to regain access.

*Source

SECUREFACT ARCHIVE >