12 Apr
Here’s your weekly #databreach news roundup:
Canadian Open Parkinson Network, Iberdrola, VGTRK, Block, Wheeling Health Right, Trezor, and Globant.
Canadian Open Parkinson Network
Recently, the Canadian Open Parkinson Network (C-OPN) became aware of an unauthorized #databreach on March 23, 2022, accessing C-OPN User data held by the University of Calgary.https://t.co/OON1QLnrxd
— DevaOnBreaches (@DevaOnBreaches) April 8, 2022
Recently, the Canadian Open Parkinson Network (C-OPN) became aware of an unauthorized data breach on March 23, 2022, accessing C-OPN User data held by the University of Calgary. On March 31, as a major co-funder Parkinson Canada was made aware of the data breach.
The University of Calgary’s and McGill University’s privacy office and their IT teams, and relevant privacy and research ethics office are investigating. While the investigation is ongoing, the web application has been removed from the website and will not be relaunched until an investigation concludes and it is deemed safe to do so.
Iberdrola
Iberdrola, a Spanish energy giant and the parent company of Scottish Power has been hit with a major cyberattack, leading to a #databreach and impacting over 1.3 million customers.https://t.co/M8csu8yP0s
— DevaOnBreaches (@DevaOnBreaches) April 8, 2022
Iberdrola, a Spanish energy giant and the parent company of Scottish Power, has been hit with a major cyberattack, leading to a data breach and impacting over 1.3 million customers. According to local reports, the attack took place on March 15.
VGTRK
The data leaked by the Anonymous affiliate group contains 4,000 files and more than 900,000 emails from Russian state-run television and radio broadcaster VGTRK (aka All-Russia State Television and Radio Broadcasting Company). #databreach @WAK4Shttps://t.co/ULlDNkdZ6O
— DevaOnBreaches (@DevaOnBreaches) April 8, 2022
The data leaked by the Anonymous affiliate group contains 4,000 files and more than 900,000 emails from Russian state-run television and radio broadcaster VGTRK (aka All-Russia State Television and Radio Broadcasting Company).
NB65 (Network Battalion 65) is a hacker group linked with the Anonymous hacktivist collective. The group claims to have breached the servers of Russian state-run television and radio broadcaster called the “All-Russia State Television and Radio Broadcasting Company” (VGTRK).
Anonymous’ Twitter account (@YourAnonTV) also tweeted about the hack on their handle this week, revealing that hackers have leaked around 800 GB of data online.
Block
Block has confirmed a #databreach involving a former employee who downloaded reports from Cash App that contained some U.S. customer information.@CarlyPage_ https://t.co/9GgVFUKO5H
— DevaOnBreaches (@DevaOnBreaches) April 6, 2022
Block has confirmed a data breach involving a former employee who downloaded reports from Cash App that contained some U.S. customer information.
In a filing with the Securities and Exchange Commission (SEC) on April 4, Block — formerly known as Square — said that the reports were accessed by the insider on December 10.
“While this employee had regular access to these reports as part of their past job responsibilities, in this instance these reports were accessed without permission after their employment ended,” the filing reads. Block refused to answer our questions about why a former employee still had access to this data, and for how long they retained access after their employment at the company had ended.
It included users’ full names and brokerage account numbers, and for some customers the accessed data also included brokerage portfolio value, brokerage portfolio holdings, and stock trading activity for one trading day.
Wheeling Health Right
Wheeling Health Right, announced today that the organization was victimized by a highly-sophisticated cyberattack that resulted in unauthorized access to certain types of personal information, including protected health information.#databreachhttps://t.co/ttQhcMoQro
— DevaOnBreaches (@DevaOnBreaches) April 4, 2022
On January 18, 2022, WHR discovered that the organization was the victim of a cyberattack that encrypted its systems. Upon discovery of the attack, WHR engaged legal counsel and a data breach remediation firm to conduct a thorough investigation into the scope of the illicit attack. The investigation determined that an unauthorized cybercriminal may have accessed certain information stored in the organization’s systems, however, WHR is unaware of any actual or attempted misuse of the information as a result of the attack.
he type of information that may have been accessed includes: full name, postal address, email address, phone number, driver’s license number, medical record number, Social Security number, tax information, income information, and other health information about patients who applied for or received services from WHR.
Trezor
A compromised Trezor hardware wallet mailing list was used to send fake #databreach notifications to steal cryptocurrency wallets and the assets stored within them. @bleepincomputerhttps://t.co/VknRcEvRqv
— DevaOnBreaches (@DevaOnBreaches) April 4, 2022
A compromised Trezor hardware wallet mailing list was used to send fake data breach notifications to steal cryptocurrency wallets and the assets stored within them.
Trezor is a hardware cryptocurrency wallet that allows you to store your crypto assets offline, rather than using cloud-based wallets or wallets stored on your PC that are more vulnerable to theft.
When setting up a new Trezor, a 12 to 24-word recovery seed will be displayed that allows owners to recover their wallets if their device is stolen or lost.
However, anyone who knows this recovery seed can gain access to the wallet and its stored cryptocurrencies, making it vital to store the recovery seed in a safe place.
Starting today, Trezor hardware wallet owners began receiving data breach notifications prompting recipients to download a fake Trezor Suite software that would steal their recovery seeds.
Globant
IT and software consultancy firm Globant has confirmed that they were breached by the Lapsus$ data extortion group, where data consisting of administrator credentials and source code was leaked by the threat actors. #databreach @Ionut_Ilascu https://t.co/J9uuJWVFBK
— DevaOnBreaches (@DevaOnBreaches) March 31, 2022
IT and software consultancy firm Globant has confirmed that they were breached by the Lapsus$ data extortion group, where data consisting of administrator credentials and source code was leaked by the threat actors.
As part of the leak, the hacking group released a 70GB archive of data stolen from Globant, describing it as “some customers source code.”
Among the data published by Lapsus$, there is a screenshot the group claims to be of an archived directory from Globant, containing folder names that appear to be company customers.
Some of the source code folders listed in the screenshot include, Abbott, apple-health-app, C-span, Fortune, Facebook, DHL, and Arcserve.
Shutterfly
Online retail and photography manufacturing platform Shutterfly has disclosed a #databreach that exposed employee information after threat actors stole data during a Conti ransomware attack.@LawrenceAbrams https://t.co/NQ9xUYUZYD
— DevaOnBreaches (@DevaOnBreaches) March 30, 2022
Online retail and photography manufacturing platform Shutterfly has disclosed a data breach that exposed employee information after threat actors stole data during a Conti ransomware attack.
Shutterfly offers photography-related services to consumers, the enterprise, and education through various brands, including Shutterfly.com, BorrowLenses, GrooveBook, Snapfish, and Lifetouch.
Today, Shutterfly disclosed that its network was breached on December 3rd, 2021, due to a ransomware attack.
During ransomware attacks, threat actors will gain access to a corporate network and steal data and files as they spread throughout the system. Once they gain access to a Windows domain controller, and after harvesting all valuable data, they deploy their ransomware to encrypt all network devices.
According to Shutterfly’s data breach notification, the Conti threat actor deployed the ransomware on December 13th, 2021, when the company first became aware that they were compromised.