04 Jan
Here’s your weekly data breach news roundup:
- Kawasaki- Japanese aerospace company,
- T-mobile,
- Whirlpool – Home appliance Giant,
- Juspay – payments platform
- Capcom – Resident Evil developer,
- Indigo – airlines,
- 26 Breaches,
- Freedom Finance –Broker business ,
- Eyemed ,
- GetSchooled, a charity founded by the Bill & Melinda Gates Foundation &
- Probase – Surrey based app developer
Kawasaki
Japanese aerospace company Kawasaki Heavy Industries on Monday warned of a security incident that may have led to unauthorized access of customer data.#databreach https://t.co/4uYCSu9hSW
— DevaOnBreaches (@DevaOnBreaches) December 30, 2020
Japanese aerospace company Kawasaki Heavy Industries warned of a security incident that may have led to unauthorized access of customer data.
According to the company’s data breach notification, it first discovered unauthorized parties accessing a server in Japan, from an overseas office in Thailand, on June 11, 2020. After terminating that access, the company throughout the following days in June discovered several other incidents of unauthorized access. Kawasaki said these stemmed from other overseas sites in Indonesia, the Philippines, and the United States.
T-mobile
T-Mobile has announced a #databreach exposing customers' proprietary network information(CPNI), including phone numbers and call records.
— DevaOnBreaches (@DevaOnBreaches) December 31, 2020
Starting yesterday, T-Mobile began texting customers that a "security incident" exposed their account's information.https://t.co/8yVlxsBtpV
T-Mobile has announced a data breach exposing customers’ proprietary network information (CPNI), including phone numbers and call records.
T-Mobile began texting customers that a “security incident” exposed their account’s information.
According to T-Mobile, its security team recently discovered “malicious, unauthorized access” to their systems. After bringing in a cybersecurity firm to perform an investigation, T-Mobile found that threat actors gained access to the telecommunications information generated by customers, known as CPNI.
The information exposed in this breach includes phone numbers, call records, and the number of lines on an account.
Whirlpool
Whirlpool suffered a ransomware attack by the Nefilim ransomware gang and documents related to employee benefits, accommodation requests, medical information requests, background checks etc. were exposed.https://t.co/iJdSzj5WFY
— DevaOnBreaches (@DevaOnBreaches) December 30, 2020
Home appliances giant Whirlpool suffered a ransomware attack by the Nefilim ransomware gang who stole data before encrypting devices.
Whirlpool is one of the world’s largest home application makers with appliances under its name and KitchenAid, Maytag, Brastemp, Consul, Hotpoint, Indesit, and Bauknecht. Whirlpool employs 77,000 people at 59 manufacturing & technology research centers worldwide and generated approximately $20 billion in revenue for 2019.
Over the weekend, the Nefilim ransomware gang published files stolen from Whirlpool during a ransomware attack. The leaked data included documents related to employee benefits, accommodation requests, medical information requests, background checks, and more.
Indigo
IndiGo on Thursday said that its servers were hacked during the early days of December and it is possible that hackers might upload some internal documents on public websites.https://t.co/zCUiUKGbgD
— DevaOnBreaches (@DevaOnBreaches) January 1, 2021
IndiGo confirmed that its servers were hacked during the early days of December and it is possible that hackers might upload some internal documents on public websites.
“We would like to make this disclosure that some of our servers were subject to a hacking incident earlier this month,” said India’s largest airline in a statement.
IndiGo was able to restore systems in a very short span of time with minimal impact, it said.
“There were some segments of data servers that were breached—so, there is a possibility that some internal documents may get uploaded by the hackers on public websites and platforms,” the airline said.
The carrier said it realises the seriousness of the issue, and it continues to engage with “all relevant experts and law enforcement” to ensure that the incident is investigated in detail.
Juspay
Sensitive data of over 100 million credit and debit cardholders from Juspay has been leaked on the dark Web, according to a security researcher. The #databreach included full names, phone numbers, and email addresses of the cardholders etc. https://t.co/HHO7exXYBL
— DevaOnBreaches (@DevaOnBreaches) January 4, 2021
Sensitive data of over 100 million credit and debit cardholders has been leaked on the dark Web, according to a security researcher.
The data included full names, phone numbers, and email addresses of the cardholders, along with the first and last four digits of their cards.
It appears to have been associated with payments platform Juspay that processes transactions for Indian and global merchants including Amazon, MakeMyTrip, and Swiggy, among others.
The Bengaluru-based startup acknowledged that some of its user data had been compromised in August.
Check How Safe Is A Password ?
Capcom
Resident Evil developer Capcom has revealed that a security breach announced earlier is believed to be a ransomware attack.
— DevaOnBreaches (@DevaOnBreaches) January 3, 2021
Some 350,000 individuals may be at risk of data compromise. https://t.co/kGtaB7h5SI
A leading gaming company has revealed that a security breach announced earlier this month is much worse than first thought, with data on potentially hundreds of thousands of customers, employees and others compromised.
Nearly two weeks ago, Resident Evil developer Capcom revealed the breach, believed to be a ransomware attack, happened on November 2. At the time it said: “there is no indication that any customer information was breached.”
However, in an update , the Osaka-headquartered firm admitted that some personal and corporate information had been taken.
Although at present Capcom could only confirm the compromise of data on five former employees, four employees and some sales and financial info, much more may have been taken.
26 Breaches
Large #databreach exposing customer records from 26 companies including new ones like Teespring, MyON, Chqbook, Anyvan, Eventials, Wahoofitness, Sitepoint & Clickindia is currently on sale on a hacker forum.https://t.co/WeuFmTxXSB
— DevaOnBreaches (@DevaOnBreaches) January 1, 2021
A data breach broker is selling the allegedly stolen user records for twenty-six companies on a hacker forum, BleepingComputer has learned.
When threat actors and hacking groups breach a company and steal their user databases, they commonly work with data breach brokers who market and sell the data for them. Brokers will then create posts on hacker forums and dark web marketplaces to market the stolen data.
A data broker began selling the combined total of 368.8 million stolen user records for twenty-six companies on a hacker forum.
Freedom Finance
Broker business ‘Freedom Finance’ has suffered a severe hacker attack that resulted in a #dataleak. Data is already offered for purchase on various darknet forums. CEO said no client passwords were compromised, even though the seller claims otherwise.https://t.co/08QtxQr0w3
— DevaOnBreaches (@DevaOnBreaches) December 31, 2020
Timur Turlov, CEO of the ‘Freedom Finance’ investment platform, has admitted the leak of sensitive details about 16,000 clients on social media. Although the data dates back to 2018, the things that are included make the event pretty grave. The company claims to have realized the breach only recently after they received a tip about data belonging to them appearing on dark web forums.
The seller of the data pack claims to be in possession of 12 GB of data, including the valid credentials of 16,000 clients, their full names, passport details, phone numbers, extracts, signatures, bank account details, and bank account balances. Even employee login credentials are included in the pack, but they have already reset their passwords.
Eyemed
The number of victims impacted by the email hack on EyeMed reported earlier this month has drastically increased, as the Department of Health and Human Services breach reporting tool shows 484,157 members.#databreachhttps://t.co/3jF70ZFJws
— DevaOnBreaches (@DevaOnBreaches) December 30, 2020
The number of victims impacted by the email hack on EyeMed reported earlier this month has drastically increased, as the Department of Health and Human Services breach reporting tool shows 484,157 Aetna ACE plan members were included in the compromised data.
With its notification, the incident becomes the sixth largest healthcare data breach of 2020.
On July 1, a hacker gained access to an email account and sent phishing emails to contacts from the account’s address book on the same day. The security team discovered the breach on the same day and quickly secured the account.
An investigation determined the hacked account contained information from EyeMed’s current and former vision benefits’ members. The data included member names, contact details, dates of birth, health insurance account and identification numbers, Medicaid or Medicare numbers, driver’s driver’s licenses and other government identification numbers.
GetSchooled
This #databreach occurred when GetSchooled (https://t.co/xEw6TF2HZz), a charity founded by the Bill & Melinda Gates Foundation in collaboration with Viacom left a database open impacting 930k individuals, composed of children (10-16y/o).https://t.co/F6dOJ9O51x
— DevaOnBreaches (@DevaOnBreaches) December 30, 2020
The Financial Times was the first to break this story earlier today (29th December 2020).
This breach occurred when GetSchooled (getschooled.com), a charity founded by the Bill & Melinda Gates Foundation in collaboration with Viacom left a database open and accessible to anyone with a browser and internet connection.
According to TurgenSec: The breach impacts 930k individuals, composed of children (10-16y/o), some young adults and some college students.
The breached information contains extensive personal details of children, teenagers and young adults including: full addresses, schools, full student PII including student phone numbers and emails, graduation details, ages, genders and more…
The breach was responsibly disclosed by TurgenSec (turgensec.com) to GetSchooled on the 18th of November 2020 and GetSchooled closed the breach on the 21st of December, over a month later.
Probase
The unsecured blob managed by Surrey-based app developer Probase exposed 587,000 files, ranging from emails to letters, spreadsheets, screenshots, and sensitive documents of its customers. #databreachhttps://t.co/XeXIrn67xr
— DevaOnBreaches (@DevaOnBreaches) December 29, 2020
The unsecured blob was managed by Surrey-based app developer Probase and according to The Register, it contained 587,000 files, ranging from backed-up emails to letters, spreadsheets, screenshots, and more.
“Finding a storage bucket like this where a provider has lumped all of their clients’ files in a single bucket rather than creating separate storage for each client demonstrates how, in 2020, the basics of secure design are still not being followed,” Hough told The Register.
The blob contained occupational health assessments, insurance claim documents from US firms underwritten by Lloyds of London, and senior barristers’ private opinions about junior colleagues applying for promotion.
More worryingly however the blob also included FedEx shipment security documentation, along with highly sensitive medical data, and at least one passport scan.
When approached, Probase director Paul Brown, did not comment on how long the blob had been left unsecured, but shared that they are working closely with the Information Commissioner’s Office to resolve the issue.