week08-2023

Here’s your weekly #databreach news roundup:​​​​​

Activision, US Military Emails, The Good Guys, Stanford University, TELUS, Indigo, and Rancho Mesquite Casino

Activision

Activision
Activision has confirmed that it suffered a data breach in early December 2022 after hackers gained access to the company’s internal systems by tricking an employee with an SMS phishing text. The video game maker says that the incident has not compromised game source code or player details. “On December 4, 2022, our information security team swiftly addressed an SMS phishing attempt and quickly resolved it. Following a thorough investigation, we determined that no sensitive employee data, game code, or player data was accessed,” a company spokesperson told BleepingComputer.

Military Emails

The Defense Department and Microsoft Corp. are investigating an error that exposed at least a terabyte of military emails including personal information and conversations between officials, people familiar with the matter said, an episode that highlighted the security risk of moving sensitive Pentagon data to the cloud.

The Good Guys

The Good Guys
Up to 1.5 million customers of The Good Guys loyalty program may have had their personal information hacked in a data breach at a third-party company. The electronics retailer released a statement saying the IT systems of a former third-party supplier, Pegasus Group Australia, now known as My Rewards, had been improperly accessed by an unauthorised user.

Stanford University

Stanford University
Stanford University disclosed a data breach after files containing Economics Ph.D. program admission information were downloaded from its website between December 2022 and January 2023. Last week, the university sent data breach notification letters to 897 individuals who submitted personal and health information as part of the graduate application to its Department of Economics, informing them that their info was accessed without authorization.

TELUS

Canada’s second-largest telecom, TELUS is investigating a potential data breach after a threat actor shared samples online of what appears to be employee data. The threat actor subsequently posted screenshots that apparently show private source code repositories and payroll records held by the company. TELUS has so far not found evidence of corporate or retail customer data being stolen and continues to monitor the potential incident.

Indigo

Indigo
Current and former employees at Canada’s largest bookstore chain, Indigo Books & Music Inc.have had their social insurance numbers, financial details and other personal information leaked after a ransomware attack took down the retailer’s website. Late on Thursday, Indigo president Andrea Limbardi wrote to the company’s staffers with her signature at the bottom of a lengthy memo. “We recently learned that your personal information may have been acquired by an unauthorized third party between Jan. 16, 2023, and Feb. 8, 2023,” Ms. Limbardi said.

Rancho Mesquite Casino

A class-action lawsuit filed Wednesday alleges a southern Nevada casino’s computer systems were left vulnerable to a cyberattack, leaving the personal information of more than 200,000 customers and employees exposed, court documents said.

A hacker was able to access the sensitive information involving Rancho Mesquite Casino over several days in November 2022, documents said. Information accessed included full names and Social Security numbers.

The company operates the Rising Star Sports Ranch Resort in Mesquite and The Brook in Seabrook, New Hampshire, its website said. Two of the company’s properties were affected, documents said.