w40-2022

Here’s your weekly #databreach news roundup:​​​​

Shangri-La, Electricity Company of Ghana, NJVC, Telstra, Digital Network System, CorrectHealth, and Toyota. 

Shangri-La

Luxury hotel chain Shangri-La Group has been a victim of a major data breach. Reportedly, the personal data of guests who had stayed at its hotels in countries such as Tokyo, Singapore, Thailand, Taipei, and Hong Kong has been compromised. 

“A sophisticated threat actor managed to bypass Shangri-La’s IT security monitoring systems undetected and illegally accessed the guest databases,” the hotel chain’s senior vice-president for operations and process transformation, Brian Yu informed the affected guests in an e-mail.

The database contained data such as guest names, email addresses, phone numbers, postal addresses, Shangri-La Circle membership numbers, reservation dates and company names. 

“Although we were not able to confirm the content of the exfiltrated data files, it is likely that they contained guest data,” he further said. 

Electricity Company of Ghana (ECG)

Electricity Company of Ghana (ECG)

For about five days now some customers of the largest electricity seller in the country, Electricity Company of Ghana (ECG) have been unable to buy power and others have had their power off for days without respite, because some sections of the company’s systems have been hacked, ghanabusinessnews.com has been told by people familiar with the crisis.

According to these sources who have asked not to be named because they say it is a sensitive matter bothering on potential national security, some sections of the ECG project site situated near the Kwame Nkrumah Circle in Accra has been infiltrated by ransomware, and the hacker or hackers have changed the source code and taken control of parts of the server.

NJVC

The BlackCat ransomware gang, also known as ALPHV, has allegedly broken into IT firm NJVC, a provider of services to civilian US government agencies and the Department of Defense.

DarkFeed, which monitors the dark web for ransomware intelligence, tweeted this week that BlackCat had added NJVC to its victims’ list, along with sharing a screenshot allegedly of ALPHV’s blog notifying NJVC that it had stolen data during its intrusion. 

“We strongly recommend that you contact us to discuss your situation. Otherwise, the confidential data in our possession will be released in stages every 12 hours. There is a lot of material,” ALPHV said, per the screenshot.

Digital Network System

dns

Russian retail chain ‘DNS’ (Digital Network System) disclosed yesterday that they suffered a data breach that exposed the personal information of customers and employees.

DNS is Russia’s second-largest computer and home appliance store chain, with 2,000 branches and 35,000 employees.

According to the scant details provided in the announcement, a group of hackers residing outside the Russian Federation exploited a security gap in the company’s IT systems and accessed customer and employee details.

“We have already found gaps in the protection of our information infrastructure and are working to strengthen information security in the company,” says the DNS announcement.

While the firm has not provided details on what information was compromised, it clarified that the hackers didn’t steal user passwords and payment card data, as that data isn’t stored on their systems.

Telstra

telstra

Australia’s largest telecoms firm Telstra Corp Ltd (TLS.AX) said on Tuesday it had suffered what it called a small data breach, a disclosure that comes two weeks after its main rival Optus was left reeling by a massive cyberattack.

Telstra, which has 18.8 million customer accounts equivalent to three-quarters of Australia’s population, said an intrusion of a third-party organisation exposed some employee data dating back to 2017.

According to local media, a Telstra internal staff email put the number of affected current and former employees at 30,000.

The data that was taken was “very basic in nature”, limited to names and email addresses, a company spokesperson said in a statement.

“We believe it’s been made available now in an attempt to profit from the Optus breach,” the spokesperson also said without elaborating.

Telstra did not comment on the number of people affected or when the breach occurred, but said it affected current and former staff only.

City of Tucson

The City of Tucson, Arizona, has disclosed a data breach affecting the personal information of more than 123,000 individuals.

As revealed in a notice of data breach sent to affected people, an attacker breached the city’s network and exfiltrated an undisclosed number of files containing sensitive information.

The threat actors had access to the network between May 17 and May 31 and might have accessed or stolen documents containing the information of 123,513 individuals.

“On May 29, 2022, the City learned of suspicious activity involving a user’s network account credential,” the data breach notification reads.

“On August 4, 2022, the City learned that certain files may have been copied and taken from the City’s network.”

CorrectHealth

correcthealth

A Forsyth County company that provides healthcare for people inside correctional facilities nationwide was the target of a recent data breach, leaving tens of thousands of incarcerated people at risk of having their identities stolen.

CorrectHealth reported the breach and notified the 54,000 affected inmates in late August, but the incident until now has largely avoided publicity. Inmates are among the more vulnerable people to data breaches and among the more tempting targets for cyber thieves.

That’s because of the potential for criminals to obtain sensitive personal information and use it without detection as an incarcerated person might not be promptly alerted nor have access behind bars to tools with which to protect themselves.

Toyota

Toyota

Toyota has announced that 296,019 email addresses and customer numbers have been exposed in a hack.

The car manufacturer said customers using T-Connect, a telematics service that connects vehicles via an online network, have been potentially leaked to hackers.

Toyota said the affected customers are those who signed up to the service from July 2017 onwards.

An investigation conducted by security experts could not be confirmed from the access history of the data server where the information was stored.

Toyota added that third-party access “could not be completely ruled out”.