Here’s your weekly #databreach news roundup:
US Treasury, Lumen, Volkswagen, and ZAGG.
US Treasury
China-backed hackers reportedly compromised the US Treasury’s highly sensitive sanctions office during December cyberattack https://t.co/2XvChCHuPM
— Carly Page (@CarlyPage_) January 2, 2025
Incident Overview:
Chinese government hackers targeted the U.S. Treasury’s highly sensitive sanctions office, the Office of Foreign Assets Control (OFAC), during a cyberattack in December 2023.
Targeted Department Profile:
OFAC, a division of the U.S. Treasury Department, imposes economic and trade sanctions on foreign countries, entities, and individuals, including potential actions against Chinese organizations.
Extent of Breach:
The attack, attributed to a state-sponsored Chinese hacking group, compromised employee workstations and unclassified documents. The breach extended to the Treasury Department’s Office of Financial Research and the Office of the Treasury Secretary.
Discovery and Response:
The cyberattack, described as a “major cybersecurity incident” by the Treasury, was detected on December 8, 2023. BeyondTrust, a third-party identity management software provider, alerted the Treasury to the incident.
Objective and Implications:
The hackers likely sought information about potential U.S. financial sanctions targeting Chinese entities. The breach underscores vulnerabilities in government cybersecurity and risks to sensitive economic and foreign policy data.
Official Response:
The U.S. Treasury Department has not commented further on the incident as of this report.
Lumen
Lumen, one of at least nine US telecommunications firms reportedly compromised by Salt Typhoon hackers, says the Chinese hacking group is no longer in its network https://t.co/koqWAfws3H
— Carly Page (@CarlyPage_) December 31, 2024
Incident Overview:
Lumen Technologies, along with other U.S. telecom firms, was targeted by Salt Typhoon, a Chinese state-sponsored hacking group. Lumen has confirmed that the hackers are no longer in its network.
Company Profile:
Lumen, a U.S.-based telecommunications firm, provides network services to individuals, businesses, and governments, including high-profile customers in Washington, D.C.
Extent of Breach:
The breach affected at least nine U.S. telecom companies, including AT&T, Verizon, and T-Mobile. AT&T and Verizon confirmed that a small number of high-profile customers, such as U.S. officials and politicians, had their communications accessed. The total number of targeted individuals was reportedly fewer than 100.
Response and Investigation:
Lumen stated that an independent forensic analysis verified the removal of Salt Typhoon actors from its network and found no evidence of customer data being accessed. Similarly, AT&T, Verizon, and T-Mobile confirmed securing their systems and mitigating the threat.
Objective and Implications:
The hacking group appeared to focus on high-ranking officials, potentially seeking intelligence or sensitive communications. The incident highlights the persistent threat to critical U.S. infrastructure from state-sponsored cyber actors.
Official Response:
U.S. officials and impacted companies continue to monitor and address cybersecurity risks to prevent further exploitation.
Volkswagen
Volkswagen’s automotive software company, Cariad, exposed data collected from around 800,000 electric cars. The info could be linked to drivers’ names and reveal precise vehicle locations. #dataleakhttps://t.co/a410lV0nf1
— DevaOnBreaches (@DevaOnBreaches) December 31, 2024
Incident Overview:
Volkswagen’s software company, Cariad, exposed data collected from approximately 800,000 electric vehicles due to misconfigured IT applications. The data included precise geo-location information and could be linked to drivers’ identities.
Company Profile:
Cariad is an automotive software subsidiary of Volkswagen, developing digital functions and services for Volkswagen Group brands, including VW, Seat, Audi, and Skoda.
Extent of Breach:
Exposed data included customer details, precise geo-location data for 460,000 vehicles (accurate to 10 centimeters for some), and memory dumps containing access keys to cloud storage. Most affected vehicles were in Germany (300,000), with others across European countries like Norway, Sweden, and the UK. The data also included police patrol cars and vehicles linked to suspected intelligence service employees.
Discovery and Response:
The vulnerability was discovered by the Chaos Computer Club (CCC), an ethical hacking group, which responsibly disclosed it to Cariad on November 26. Cariad closed access on the same day and conducted an investigation, finding no evidence of third-party misuse. CCC confirmed that Cariad’s response was quick and responsible.
Objective and Implications:
Although no evidence suggests the data was exploited maliciously, the breach exposed sensitive location details and highlighted risks in managing cloud-stored vehicle data. It raised privacy concerns, particularly for high-profile individuals like German politicians whose car locations were traced.
Security Measures and Statements:
Cariad emphasized that data was pseudonymized and could only be linked to users by combining datasets. The company also stated that vehicle data collection is essential for optimizing digital services and future vehicle improvements, ensuring compliance with legal and privacy regulations. Customers can deactivate data sharing at any time.
ZAGG
ZAGG Inc. is informing customers that their credit card data has been exposed to unauthorized individuals after hackers compromised a third-party application provided by the company's e-commerce provider, BigCommerce. #databreachhttps://t.co/9IGTeuTuFL
— DevaOnBreaches (@DevaOnBreaches) December 31, 2024
Incident Overview:
ZAGG Inc., a consumer electronics accessories maker, has disclosed a breach exposing customers’ credit card data due to malicious code injected into a third-party app, FreshClicks, used on its e-commerce platform, BigCommerce.
Company Profile:
ZAGG, based in Utah with annual revenue of $600 million, specializes in mobile accessories like screen protectors, phone cases, and power banks. BigCommerce, its e-commerce provider, is a SaaS platform supporting businesses globally, offering app integrations like FreshClicks.
Extent of Breach:
The breach occurred between October 26 and November 7, 2024. The attacker accessed names, addresses, and payment card data from ZAGG.com shoppers during checkout. ZAGG has not disclosed the total number of affected customers.
Discovery and Response:
BigCommerce detected the breach in the FreshClicks app through internal tools and uninstalled the app from customers’ stores to remove the malicious code. ZAGG implemented remediation measures, notified law enforcement, and arranged for impacted customers to receive 12 months of free credit monitoring through Experian.
Objective and Implications:
The attackers aimed to scrape sensitive payment data, posing risks of financial fraud and identity theft for affected customers. ZAGG advised customers to monitor financial account activity, place fraud alerts, and consider credit freezes.
Official Statements:
BigCommerce emphasized that its core systems were not compromised and acted promptly to uninstall the compromised app. ZAGG assured customers of ongoing efforts to enhance security and protect customer data.
