Here’s your weekly #databreach news roundup:

The Colorado Department of Higher Education (CDHE), 400,000 corporate credentials stolen, and NATO.

The Colorado Department of Higher Education (CDHE)

The Colorado Department of Higher Education (CDHE) faced a major cybersecurity attack in June 2023 where hackers gained access to their system, stealing sensitive data of students, former students, and teachers spanning from 2004 to 2020. This data includes personal information like names, social security numbers, and even some police reports. The hackers used this stolen data to threaten CDHE, saying they’d reveal the information unless they were paid. CDHE hasn’t said how many people this affects, but it’s likely a big number since the data covers many years. Those affected are offered free identity theft monitoring for two years. Everyone should be cautious, as there’s a chance this stolen data could be misused.

400,000 corporate credentials stolen

Hackers have infiltrated businesses using information-stealing malware that captures sensitive data from applications like web browsers and email clients. A study of around 20 million of these stolen data logs, mainly sold on the dark web and Telegram channels, has shown a significant breach into business environments. Malware families like Redline and Raccoon are among the most used. Even though these malwares often target individuals downloading questionable software, companies have also been largely affected. This happens when employees use personal devices for work, leading to the theft of business-related information. Cybersecurity firm Flare discovered that these logs contain access details to business apps such as AWS, Google Cloud, and Salesforce. Majority of these logs were found on Telegram and Russian marketplaces. Flare also found a concerning number of logs with access to OpenAI, which could potentially leak crucial business information. These stolen corporate credentials, classified as “tier-1”, fetch high prices in the cybercrime world. Flare suggests that businesses reduce risks by using password managers, multi-factor authentication, and by training employees to avoid typical malware traps.



NATO is looking into allegations by hacking group SiegedSec about a breach on the Communities of Interest (COI) Cooperation Portal, an unclassified platform used by NATO for information-sharing among its member nations. SiegedSec claimed on Telegram to have stolen hundreds of documents from this portal. Cybersecurity firm CloudSEK analyzed the exposed data, revealing it contains personal details such as names, job titles, and addresses, potentially affecting 31 NATO member countries. A NATO spokesperson has confirmed they are investigating the matter. SiegedSec, believed to be hacktivists rather than financially-driven hackers, stated the attack was in response to NATO countries’ human rights violations, emphasizing that it wasn’t related to the Russia-Ukraine conflict.