w2-2021-newsletter

Here’s your weekly data breach news roundup:​

  • Juspay,
  • T-Mobile
  • Ho-Mobile
  • Nissan
  • Hackney Council,
  • American Express Credit Cards from Mexico &
  • Dassault Falcoln

Juspay

w1-2021-newsletter-juspay

Sensitive data of over 100 million credit and debit cardholders has been leaked on the dark Web, according to a security researcher.

The data included full names, phone numbers, and email addresses of the cardholders, along with the first and last four digits of their cards.

It appears to have been associated with payments platform Juspay that processes transactions for Indian and global merchants including Amazon, MakeMyTrip, and Swiggy, among others.

The Bengaluru-based startup acknowledged that some of its user data had been compromised in August.

T-Mobile

w1-2021-newsletter-tmobile

T-Mobile has announced a data breach exposing customers’ proprietary network information (CPNI), including phone numbers and call records.

T-Mobile began texting customers that a “security incident” exposed their account’s information.

According to T-Mobile, its security team recently discovered “malicious, unauthorized access” to their systems. After bringing in a cybersecurity firm to perform an investigation, T-Mobile found that threat actors gained access to the telecommunications information generated by customers, known as CPNI.

The information exposed in this breach includes phone numbers, call records, and the number of lines on an account.

Ho-Mobile

Ho Mobile, an Italian mobile operator, owned by Vodafone, has confirmed a massive data breach on Monday and is now taking the rare step of offering to replace the SIM cards of all affected customers.

The breach is believed to have impacted roughly 2.5 million customers.

It first came to light last month on December 28 when a security analyst spotted the telco’s database being offered for sale on a dark web forum.

While the company initially played down these initial reports, Ho confirmed the incident on Monday, in a message posted on its official website and via SMS messages sent to all impacted customers.

Nissan

The source code of mobile apps and internal tools developed and used by Nissan North America has leaked online after the company misconfigured one of its Git servers.

The leak originated from a Git server that was left exposed on the internet with its default username and password combo of admin/adminTillie Kottmann, a Swiss-based software engineer, told ZDNet in an interview this week.

Kottmann, who learned of the leak from an anonymous source and analyzed the Nissan data on Monday, said the Git repository contained the source code of:

  • Nissan NA Mobile apps
  • some parts of the Nissan ASIST diagnostics tool
  • the Dealer Business Systems / Dealer Portal
  • Nissan internal core mobile library
  • Nissan/Infiniti NCAR/ICAR services
  • client acquisition and retention tools
  • sale / market research tools + data
  • various marketing tools
  • the vehicle logistics portal
  • vehicle connected services / Nissan connect things
  • and various other backends and internal tools

Hackney East London council

w2-2021-newsletter-hackneylondoncouncil

A cyber criminal group has posted what it claims are documents stolen from Hackney Council in a ransomware attack last year.

The council in East London was hit by what it described as a “serious cyber attack” in October. It reported itself to the data watchdog due to the risk criminals accessed staff and residents’ data.

The council said it was working with the UK’s National Cyber Security Centre (NCSC) and the Ministry of Housing to investigate and understand the impact of the incident.

Although the extent of the data breach was never confirmed by the council, a criminal group known as Pysa/Mespinoza by security researchers has now published what it claims to be a range of sensitive information held by the authority.

The file names of the documents suggest the stolen files contain very sensitive information, including those with titles such as “passportsdump”, “staffdata” and “PhotoID”, although Sky News has not downloaded the information to verify it.

These documents were posted on a darknet website hosted by the criminals in which they list their victims and publish stolen data for extortion purposes.

American Express Credit Cards from Mexico

w2-2021-newsletter-americanexpress

As per a recent finding of Bank Security, data of 10,000 American Express credit cardholders’ accounts from Mexico has been posted by a threat actor on one of the underground forums for free. Reportedly, the same threat actor, in another post on the forum, has claimed to sell more data of Mexican banking customers of American Express, Santander, and Banamex.

Based on the screenshots shared by Bank Security, the leaked data set has potentially exposed American Express account (credit card) numbers and the personally identifiable information (PII) of its customers, which includes names, phone numbers, full address (including postal code), birth dates, gender, membership reward details, etc.

Dassault Falcon Jet

w2-2021-newsletter-dassault-falcon

Dassault Falcon Jet has disclosed a data breach that may have led to the exposure of personal information belonging to current and former employees, as well as their spouses and dependents.

Dassault Falcon Jet is the US subsidiary of French aerospace company Dassault Aviation which designs and builds military aircraft, business jets, and space systems.

The Dassault subsidiary has 2,453 employees and it is focused on marketing and providing aviation and maintenance services for Falcon aircrafts on the American continent.

Dassault Falcon Jet discovered the incident on December 6th, 2020, and sent a data breach notification letter to impacted current and former employees on December 31st.

According to media reports and the dates of breach reported by the company, the attackers maintained access to Dassault Falcon Jet’s systems for roughly six months, between June 6th and December 7th.

The Ragnar Locker operators who infiltrated the company’s systems were also able to infiltrate the network of several Dassault Falcon Jet subsidiaries.

The principal subsidiaries include Dassault Aircraft Services Corporation, Aero Precision Repair And Overhaul Company (APRO), Midway Aircraft Instrument Corporation, Dassault Falcon Jet Do Brasil Limitada, and Dassault Falcon Jet Leasing.

Check How Secure Is A Password