w14-2021-banner

Here’s your weekly data breach news roundup: ​

Facebook, ECU Worldwide, Mendelson Kornblum Orthopedic and Spine Specialists, Personal Touch Home Care, University of Maryland (UMD) and the University of California (UC), PDI Group, 200 Networks, LLC, and MobiKwik

MobiKwik

w14-2021-mobikwik

A massive database appeared for sale on a popular hacker forum containing highly sensitive details of millions of Indians, users of MobiKwik. This is a Gurugram-based company offering a mobile phone-based payment system and a digital wallet, enabling users to perform transactions right from the mobile app. From 2016 and onward, MobiKwik even offered small loans to its users, and so KYC requirements had to be put in place. This means that the firm was holding PII, ID documents, scanned passports and Aadhar cards, and a lot more.

Independent researcher Rajshekhar Rajaharia has spotted the new database and informed us of the fact, so we have taken a look, and we can confirm that the data appears to be valid. The seller has set up a dark web portal where one can search by phone number or email ID and get the specific results out of a total of 8.2 TB of data.

200 Networks, LLC

w14-2021-200networksllc

The WebsitePlanet research team alongside Jeremiah Fowler, an IT security researcher, discovered an insecure database that had no password protection and contained a large number of phone call records as well as VOIP (Voice Over Internet Protocol) related data.

The dataset was exposed for almost 24 hours and the database kept growing in real-time with thousands of calls per hour being added to the records.

From the time when it was exposed till when it was secured again, the database logged 1.48 million robocalls altogether and the majority of the calls were outgoing but some call-backs were also logged.

The database belonged to 200 Networks, LLC, a company based in Reno, Nevada. The security researchers informed the company of their findings and 200 Networks restricted public access shortly after.

Since the database was open and visible in any browser and quite easily publicly accessible, anyone with malicious intentions could have made changes such as editing, downloading, or even deleting the data without having any sort of administrative credentials.

PDI Group

A major supplier of military equipment to the US Air Force and militaries across the globe appears to have fallen victim to a ransomware attack.

The victim is the PDI Group, an Ohio-based company that manufactures a wide range of ground support equipment for military needs, such as dollies, trollies, and platforms for transporting weapons, engines, and airplane parts during servicing operations.

On Tuesday, the criminal group behind the Babuk Locker ransomware created a page on their “leak site” under the company’s name threatening to leak more than 700 GB of data they claim to have stolen from PDI’s internal network unless the company gave in to its ransom demands.

To prove their claims, the Babuk Locker operators posted a series of screenshots of several internal documents they claim to have stolen from PDI’s internal network, including schematics, one of which appears to describe one of PDI’s aircraft engine trailers.

University of Maryland (UMD) and the University of California (UC)

On March 29, 2021, the Clop ransomware hacker group began leaking screenshots of sensitive data that was stolen (allegedly) from two U.S. Universities online. The leaked screenshots include federal tax documents, tax summary documents, passports, Board of Nursing applications and tuition remission paperwork. These documents include social security numbers, addresses, passport numbers with their photos, and birth dates. 

The leaked screenshot of documents have been alleged to belong to the University of Maryland (UMD) and the University of California (UC).

Personal Touch Home Care

A home healthcare company says a data breach affecting more than 753,000 patients, employees and former workers stems from a ransomware attack on its private cloud hosted by managed service providers. The company reported a similar incident 15 months ago.

Lake Success, New York-based Personal Touch Holding Corp., which operates about 30 Personal Touch Home Care subsidiaries in about a dozen states, says it discovered on Jan. 27 that “it experienced a cybersecurity attack on the private cloud hosted by its managed service providers.”

The notification statement does not name the vendors involved.

A breach notification report filed with the Maine attorney general’s office notes that the incident involved ransomware and affected 753,107 individuals, including 93 residents of that state.

Mendelson Kornblum Orthopedic and Spine Specialists

A US orthopedic practice has admitted that patient healthcare information was inadvertently left on a server that anyone with an internet connection could access.

In a data breach notice, Mendelson Kornblum Orthopedic and Spine Specialists admitted that patient names, medical record numbers, dates of birth, gender, and medical image metadata were potentially exposed as a result of the data privacy lapse.

“The potentially viewable information did not include any medical images themselves, other diagnosis or treatment information, health insurance information, Social Security numbers, credit or debit card numbers, or financial account information,” the clinic stated in its notice.

ECU Worldwide

A ransomware gang is threatening to release a massive trove of data stolen from shipping firm ECU Worldwide more than a month after a cyberattack caused serious disruptions to its online platforms. 

The Mount Locker ransomware gang claimed in a post to its leak site on Sunday that it had taken 2 terabytes of data from ECU. The hackers have yet to release any data and did not respond to a message sent by FreightWaves. 

ECU, a non-vessel operating common carrier (NVOCC) specializing in the consolidation of less-than-container load (LCL) shipments, was targeted in a cyberattack in February. The company’s owner, India-based AllCargo Logistics (NSE:ALLCARGO), acknowledged a “cyber incident” in a Feb. 16 letter filed with the National Stock Exchange of India. 

AllCargo Logistics, one of India’s largest publicly traded companies, would not comment on the ransomware gang’s post directly or say whether any data had been stolen in an attack. 

“We continue to diligently monitor our systems and processes and will take any steps necessary, legal and otherwise, to protect our customers’ data and interests,” AllCargo spokesperson Alok Roy said in an email to FreightWaves.

Facebook

w15-2021-facebook

The personal information of about half a billion Facebook users, including their phone numbers, have been posted to a website used by hackers, cybersecurity experts say.

There are records for more than 32 million accounts in the United States, 11 million in the United Kingdom, and 6 million in India, according to Alon Gal, the CTO of cyber intelligence firm
Hudson Rock. Details in some cases include full name, location, birthday, email addresses, phone number, and relationship status, he said.
 
Hudson Rock showed CNN Business the phone numbers of two our senior staff which are included in the database.
The leak was first reported by the news website Insider.
“This is old data that was previously reported on in 2019. We found and fixed this issue in August 2019,” Facebook spokesperson Andy Stone told CNN Saturday.
Facebook did not say if it notified affected users at the time.