fbpx

Here’s your weekly data breach news roundup:

Booking.com. FBI email system, Sunwater – Australia’s regional water suppliers, Costco, Aruba Central, Robinhood, and US defense contractor Electronic Warfare Associates (EWA).

Booking.com

week45-2021-booking.com

A hacker working for a US intelligence agency breached the servers of Booking.com in 2016 and stole user data related to the Middle East, according to a book published on Thursday. The book also says the online travel agency opted to keep the incident secret.

Amsterdam-based Booking.com made the decision after calling in the Dutch intelligence service, known as AIVD, to investigate the data breach. On the advice of legal counsel, the company didn’t notify affected customers or the Dutch Data Protection Authority. The grounds: Booking.com wasn’t legally required to do so because no sensitive or financial information was accessed.

FBI email system

week45-2021-fbi

Hackers compromised a Federal Bureau of Investigation email system on Saturday and sent tens of thousands of messages warning of a possible cyberattack, according to the agency and security specialists.

Fake emails appeared to come from a legitimate FBI email address ending in @ic.fbi.gov, the FBI said in a statement.

 

Although the hardware impacted by the incident “was taken offline quickly upon discovery of the issue,” the FBI said, “This is an ongoing situation.”

The hackers sent tens of thousands of emails warning of a possible cyberattack, threat-tracking organization Spamhaus Project said on its Twitter account.

Sunwater - Australia's regional water suppliers

ne of Australia’s largest regional water suppliers was breached for several months before detecting the unauthorized access, another worrying sign of weaknesses in critical infrastructure security.

A Queensland Audit Office annual report on the water industry did not mention the provider by name but said it continues to see “significant control weaknesses in the security of information systems” across the industry.

 

The breach in question occurred between August 2020 and May 2021, resulting in unauthorized access to a web server.”Threat actors targeted an older and more vulnerable version of the system. The web server that stores customer information contained suspicious files that increased visitor traffic to an online video platform,” the report explained.

“As entities use more cloud-based services (which provide remote access to systems), cyber risk vulnerabilities and exposures must be continuously assessed. Entities need to make sure their users are aware of their responsibilities in managing cyber risks.”

Costco

Costco Wholesale Corporation has warned customers in notification letters sent this month that their payment card information might have been stolen while recently shopping at one of its stores.

The retail giant (also known as Costco Wholesale and Costco) is an American multinational that operates a large chain of membership-only retail stores, the fifth-largest retailer worldwide, and the tenth-largest corporation in the US by total revenue according to Fortune 500 rankings.

It has 737 warehouses worldwide, and it also operates e-commerce websites targeting multiple world regions, including the Americas, Europe, and Asia.

Aruba Central

week45-2021-aruba-hpe

HPE has disclosed that data repositories for their Aruba Central network monitoring platform were compromised, allowing a threat actor to access collected data about monitored devices and their locations.

Aruba Central is a cloud networking solution that allows administrators to manage large networks and components from a single dashboard.

HPE disclosed today that a threat actor obtained an “access key” that allowed them to view customer data stored in the Aruba Central environment. The threat actor had access for 18 days between October 9th, 2021, and October 27th, when HPE revoked the key.

The exposed repositories contained two datasets, one for network analytics and the other for Aruba Central’s ‘Contract Tracing‘ feature.

Robinhood

week4-2021-robinhood

Robinhood announced that it’s popular app has suffered a breach, exposing millions of email addresses, names and more.

In a statement released on Monday, Robinhood said it discovered the incident on the evening of November 3, explaining that an “unauthorized third party” managed to obtain their customers’ personal information.

The company was quick to say that no Social Security numbers, bank account numbers, or debit card numbers were exposed.

But they admitted that about 7 million people had some amount of information leaked in the attack. The customers affected have been emailed.

US defense contractor Electronic Warfare Associates (EWA)

US defense contractor Electronic Warfare Associates (EWA) has disclosed a data breach after threat actors hacked their email system and stole files containing personal information.

The company claims the breach’s impact was limited but confirmed that the threat actor managed to exfiltrate files containing sensitive information.

As detailed in a notice to the Montana Attorney General’s office, EWA discovered that a threat actor took over one of their email accounts on August 2, 2021.

The firm noticed the infiltration when the hacker attempted wire fraud, which appears to be the primary goal of the actor.

“Based on our investigation, we determined that a threat actor infiltrated EWA email on August 2, 2021. We were made aware of the situation when the threat actor attempted wire fraud,” reads EWA’s data incident notification.