week47-2021

Here’s your weekly #databreach news roundup:

Shipping giant Swire Pacific Offshore (SPO), Six Web Hosts – GoDaddy, S&R Membership Shopping, BTC-Alpha, and WSpot.

Shipping giant Swire Pacific Offshore (SPO)

week47-2021-swire

Shipping giant Swire Pacific Offshore (SPO) has announced a data breach after it fell victim to a cyber-attack.

The maritime organization, which is headquartered in Singapore, said in a press release that it had suffered “unauthorized access to its IT systems”.

It reads: “The unauthorized access has resulted in the loss of some confidential proprietary commercial information and has resulted in the loss of some personal data.”

While the company did not share any details about the cyber-attack, it did note that the incident was reported to the relevant authorities, presumably Singapore’s Personal Data Protection Committee (PDPC).

SPO also said it has taken measures to “reinforce” existing security protocols and mitigate further attacks.

It also reported that none of its global operations were affected.

Six Web Hosts - GoDaddy

The GoDaddy data breach that affected up to 1.2 million web hosts has expanded to six more web hosts serving customers worldwide. The six additional compromised web hosts are resellers of GoDaddy’s hosting services. The extent of the intrusion appears to be the same as with GoDaddy, with matching dates of when the security intrusion began.

The six compromised web hosting providers are:

  • 123Reg
  • Domain Factory
  • Heart Internet
  • Host Europe
  • Media Temple
  • tsoHost

S&R Membership Shopping

week47_2021_srmembership

The National Privacy Commission (NPC) on Wednesday, Nov. 24, said the personal data of 22,000 S&R members were compromised following a recent cyber attack.

n a statement, NPC confirmed the receipt of a breach notification report on Nov. 15 from S&R Membership Shopping concerning a cyber attack “that may have compromised its members’ personal data.”

The S&R said they discovered the security incident last Nov. 14 and submitted a supplemental breach report to the NPC on Wednesday.

 

According to the report, members’ personal data, including date of birth, contact number, and gender have been compromised.

However, S&R’s data protection officer assured that credit cards and other financial information of its customers were not among the compromised personal data.

BTC-Alpha

week47_2021_btcalpha

Cryptocurrency exchange BTC-Alpha suffered a ransomware attack earlier this month, and the company’s founder has blamed a competitor.

Reports of a potential attack surfaced last week when threat intelligence firm DarkTracer posted a screenshot to Twitter of a public leak site operated by the Lockbit ransomware group that claimed to have encrypted BTC-Alpha’s data. Lockbit threatened to leak the stolen data if a ransom was not paid by Dec. 1. That same day, a press release on PRLeap from Alpha founder and CEO Vitalii Bodnar alleged the attack was the work of a competing cryptocurrency firm.

WSpot

A Brazilian Wi-Fi management software firm was at the center of an incident that exposed data of various high profile companies and millions of their customers.

The company in question is WSpot, which provides software that enables businesses to secure their on-premise Wi-Fi networks and allow password-free online access to their customers. The exposure was discovered by security research firm SafetyDetectives.

The researchers found WSpot’s misconfigured Amazon Web Services (AWS) S3 bucket, which was left open and exposed 10GB worth of data to the public. After discovering the sensitive data on September 2, the researchers contacted the software firm on September 7. WSpot secured the breach the following day.