Facebook
week04-2022-min-min

Here’s your weekly #databreach news roundup:

Electromed, Nuna Baby Essentials, Qubit Finance, Segway, and Belarusian Railway servers.

Electromed

week04-2022-electromed

Recently, Electromed, Inc. announced that the company experienced a data-security event impacting the personal and health information of more than 47,000 individuals, including customers and employees. In June 2020, Electromed, Inc. learned that an unauthorized third party gained access to and may have removed several files from the company’s information technology servers. These files contained sensitive consumer health information, including the first and last name, full mailing address, medical information and health insurance information of customers and the Social Security numbers, driver’s license numbers, and financial account information of affected employees.

Nuna Baby Essentials

week04-2022-nunababy

The company recently reported that, from March 26, 2020, through April 7, 2021, “malicious code” appeared on the company’s website (discovered on December 22, 2021).

A subsequent investigation revealed that an unauthorized party gained access to some files on its servers that may have contained the following information:

  • Credit card payment card numbers
  • Credit card expiration dates
  • CCV/CVV codes
  • Billing and shipping addresses

According to reports, Nuna Baby Essentials, Inc. does not know which individuals’ information was actually accessed and cannot confirm that the unauthorized party retained any of the information.

Qubit Finance

week04-2022-qubitfinance

Hackers were able to access and steal over $80 million from Qubit Finance, which is based on the Binance Smart Chain,  the protocol confirmed via a tweet on Friday. The addresses linked to the assault stole 206,809 Binance Coin (BNB) from Qubit’s QBridge protocol. The assets are valued at more than $80 million at the time of writing.

Segway

week04-2022-segway

Segway, the company most famous for its two-wheeled “hoverboard”, has confirmed it suffered a cyberattack that saw it leak credit card data to malicious actors.

The company’s online store was breached sometime around January 6, 2022 (possibly even earlier), by a group known as Magecart Group 12. As the name suggests, the group works to steal credit card information by integrating the Magecart script onto vulnerable online stores. The script intercepts transaction data during the checkout in an online store, which is a process also known as form jacking, digital skimming, or e-skimming. 

Belarusian Railway servers

A group of hackers (known as Belarusian Cyber-Partisans) claim they breached and encrypted servers belonging to the Belarusian Railway, Belarus’s national state-owned railway company.

They say their attack was prompted by Russia using Belarusian Railway’s rail transport network to move military units and equipment into the country.

“At the command of the terrorist Lukashenka, Belarusian Railway allows the occupying troops to enter our land,” the group said today on Twitter.

“We encrypted some of BR’s servers, databases and workstations to disrupt its operations. Automation and security systems were NOT affected to avoid emergency situations.”

The Belarusian Cyber-Partisans hacktivists say they have the encryption keys for the compromised Belarusian Railway servers. They added that they’re also ready to return the systems to normal mode under some conditions.