fbpx
week26-2021-banner-min

Here’s your weekly data breach news roundup: ​​

LinkedIn, Arthur J. Gallagher (AJG), New Skills Academy, QSURE, LimeVPN, Salvation Army, NewsBlur, Tamil Nadu PDS data, University Medical Center, Danmarks Nationalbank, Altus Group, and IBBI.

Arthur J. Gallagher (AJG)

week26-2021-ajg

Arthur J. Gallagher (AJG), a US-based global insurance brokerage and risk management firm, is mailing breach notification letters to potentially impacted individuals following a ransomware attack that hit its systems in late September.

“Working with the cybersecurity and forensic specialists to determine what may have happened and what information may have been affected, we determined that an unknown party accessed or acquired data contained within certain segments of our network between June 3, 2020 and September 26, 2020,” AJG said.

As one of the largest insurance brokers in the world, AJG has over 33,300 employees and its operations span 49 countries.

The company is also ranked 429 on the Fortune 500 list, and it reportedly provides insurance services to customers from more than 150 countries.

New Skills Academy

week26-2021-newskillsacademy

New Skills Academy, a major online learning provider based in Hertford, United Kingdom has suffered a data breach in which account information of its customers has been exposed to unauthorized sources.

ccording to New Skills Academy’s data breach notification email seen by Hackread.com, the number of victims impacted by the breach is yet unknown. However, the information accessed by threat actors includes:

  • Usernames
  • Email addresses
  • Encrypted passwords (hashing algorithm unknown).

The company maintains that physical addresses or financial data such as credit or debit card records were not accessed in the breach. 

It is worth noting that, according to New Skills Academy, the institution has 800+ courses with 800,000 students. Therefore, if you have registered an account on New Skills Academy, it is advised to change its password without further ado.

You should also change the password for your email and password on any other site in case you are using a similar password.

QSure

week26-2021-qsure

QSure, a big player in South Africa’s insurance industry, has been hit by a data breach in which bank account numbers and other sensitive information were compromised by a third party.

The company would not say how many records were exposed through the breach, only that the incident is “still being investigated”.

“On 9 June 2021, QSure became aware that it had been subject to illegal and unauthorised access to its IT infrastructure, and immediately isolated its IT network and shut down its systems,” said chief operating officer Ian du Toit in e-mailed response to questions from TechCentral.

QSure is a registered financial services provider and one of the collection agencies that provides collection and premium handling services for the South Africa insurance industry. Its clients include big insurance companies and insurance brokers.

LimeVPN

LimeVPN has confirmed a data incident, and meanwhile its website has been knocked offline.

The VPN provider known as LimeVPN has been hit with a hack affecting 69,400 user records, according to researchers.

A hacker claims to have stolen the company’s entire customer database before knocking its website offline (Threatpost confirmed that as of press time, the website was down). The stolen records consist of user names, passwords in plain text, IP addresses and billing information, according to PrivacySharks. Researchers added the attack also included public and private keys of LimeVPN users.

“The hacker informed us that they have the private keys of every user, which is a serious security issue as it means they can easily decrypt every LimeVPN user’s traffic,” the firm said in a posting.

Salvation Army

week26-2021-salvationarmy

The UK arm of the Salvation Army has been hit by a ransomware attack, it has been reported.

The Christian charity is thought to be negotiating with the attackers over the siphoned data.

The Register reported that the Salvation Army first noticed the attack around a month ago, which is believed to have affected a London data center used by the charity.

Speaking to The Register, a Salvation Army spokesperson confirmed the attack took place and that the Information Commissioners Office (ICO) has been informed: “We are investigating an IT incident affecting a number of our corporate IT systems. We have informed the Charity Commission and the ICO, are also in dialogue with our key partners and staff and are working to notify any other relevant third parties.”

Thankfully, the charity said that none of its services for vulnerable people had been affected.

There is currently no further information about the incident, such as the attackers’ identity or the data accessed. Additionally, no data has appeared on any known ransomware gang sites.

However, Salvation Army staff and volunteers have been advised to keep a close watch for any unusual banking activity from their accounts or suspicious communication they receive.

NewsBlur

The hacker controlled 250GB worth of the NewsBlur database and ransomed it before deleting it.

NewsBlur is a US-based software company that runs an online RSS newsreader service. NewsBlur suffered a service outage after a hacker wiped its database.

Reportedly, the hacker (or script kiddie, as NewsBlur’s founder called it) gained access to its database when the RSS reader was transitioning to Docker.

This process circumvented some firewall rules and exposed the service’s MongoDB database to the public. During the transitioning process, the original primary MongoDB cluster was shut down, so it remained untouched when the attack happened. 

Founder’s Statement

According to NewsBlur founder Samuel Clay, the hacker acted fast and copied the entire database before deleting the original one. The entire process took them just three hours. 

Tamil Nadu PDS data

Data from the Tamil Nadu government website for the state’s public distribution scheme, which caters to over six crore beneficiaries, has reportedly been breached with the details of nearly 50 lakh users including Aadhaar numbers uploaded on a hacker forum, a Kochi-based cybersecurity firm has reported.

According to a report by Technisanct, a link for a file-sharing platform containing 5.2 million columns of user data including 49,19,668 Aadhaar numbers was uploaded on a popular hacker forum on June 28 by a vendor known to have shared leaked databases in the past. The data of users of Tamil Nadu’s PDS included multiple parameters including the beneficiary member id, Aadhaar number, names of beneficiaries as well as that of their family members, addresses, mobile numbers, relationships, and more.

The data was uploaded for sale for eight Credits on the website—the link was taken off after just one hour.

University Medical Center

University Medical Center acknowledged Tuesday that it had experienced a criminal data breach after a notorious hacker group began posting personal information purportedly obtained in the cyberattack.

Images of Nevada driver’s licenses, passports and Social Security cards of around half a dozen alleged victims were posted late Monday on the hacker group’s website and were reviewed by the Review-Journal.

After receiving an inquiry from the newspaper, the hospital issued a statement confirming that cybercriminals accessed a server used to store data in mid-June. Law enforcement is now investigating the incident, it said.

The statement said there is no evidence that any clinical systems were accessed in the attack but that patients and employees would be notified that their personal information may be at risk.

The hospital will also offer “access to complimentary identity protection and credit monitoring services.”

“This type of attack has become increasingly common in the health care industry, with hospitals across the world experiencing similar situations,” the statement said.

Danmarks Nationalbank

Russian state hackers compromised Denmark’s central bank (Danmarks Nationalbank) and planted malware that gave them access to the network for more than half a year without being detected.

The breach was part of the SolarWinds cyber espionage campaign last year that the U.S. attributed to the Russian Foreign Intelligence Service, the SVR, through its hacking division commonly referred to as APT29, The Dukes, Cozy Bear, or Nobelium.

The compromise came to light after technology publication Version2 obtained official documents from the Danish central bank through a freedom of information request.

The SolarWinds campaign is considered to be one of the most sophisticated supply-chain attacks as trojanized versions of the IT management platform SolarWinds Orion had been downloaded by 18,000 organizations across the world.

Read more at : https://www.bleepingcomputer.com/news/security/russian-hackers-had-months-long-access-to-denmarks-central-bank/

Altus Group

On June 14th, Altus Group, a commercial real estate software solutions company, has announced that its data was breached. A week later, they reported “no evidence of impact”. Now, we have information that their data may have possibly been leaked by Hive – a new ransomware group. Here’s what we know.

A day before the announcement, the Altus group has been affected by a cybersecurity breach. IT back-office and communications systems, such as email have been taken offline at the time.

Throughout the further updates, the company was yet to disclose whether any information was actually leaked. We have a reason to believe that there is.

LinkedIn

After 500 million LinkedIn enthusiasts were affected in a data-scraping incident in April, it’s happened again – with big security ramifications.

A new posting with 700 million LinkedIn records has appeared on a popular hacker forum, according to researchers.

Analysts from Privacy Sharks stumbled across the data put up for sale on RaidForums by a hacker calling himself “GOD User TomLiner.” The advertisement, posted June 22, claims that 700 million records are included in the cache, and included a sample of 1 million records as “proof.”

Privacy Sharks examined the free sample and saw that the records include full names, gender, email addresses, phone numbers and industry information. It’s unclear what the origin of the data is – but the scraping of public profiles is a likely source. That was the engine behind the collection of 500 million LinkedIn records that went up for sale in April. It contained an “aggregation of data from a number of websites and companies” as well “publicly viewable member profile data,” LinkedIn said at the time.

IBBI

The IBBI (Insolvency and Bankruptcy Board of India) has made a dire configuration mistake while setting up its new online portal and leaked the full names, Aadhaar numbers, and PANs (Permanent Account Number) belonging to employees of firms that are currently undergoing corporate insolvency proceedings. The regulator is overseeing procedures of this kind as a public entity, and the purpose of the new portal was to increase the transparency of this work towards the public. However, it seems that the technicians who set it up implemented more transparency than what they should have gone for.

As reported by The Indian Express, the blunder was almost immediately admitted by the agency, which attributed the situation to a “mistake.” The medium reviewed three separate documents uploaded on the IBBI website and confirmed that 128 Aadhaar numbers and 234 PANs were exposed. However, the total number of the affected individuals may very easily be much greater, but there was no official confirmation on any specific figure.