Here’s your weekly data breach news roundup:
Belden says the security breach took place after hackers gained access to a limited number of its file servers.
The intrusion was detected after the company’s IT personnel detected unusual activity involving the compromised servers. A subsequent investigation revealed that the intruders had copied data of some current and former employees, as well as limited company information regarding some business partners.
Belden is now notifying customers and employees whose data it believes was exposed in the incident.
Hackers selling data of 21,000 British motorists on the dark web. Personal information, including driving licence numbers and phones numbers, of 21,000 British motorists have reportedly been stolen by cyber criminals and put up for sale on dark web marketplaces.
The massive breach of personal records of British motorists was revealed by Sun Online in a report in which the paper said hackers obtained the vast tranche of personal data after breaching a web server owned by an insurance company.
The breach reportedly took place in October and involved the theft of the personal data of British motorists who were applying for new insurance cover. Hackers are now trying to monetise the stolen data by putting it up for sale on the dark market.
The breached data includes full names, addresses, phone numbers, dates of birth, email addresses and driving licences of motorists living across the UK. Aside from monetising the stolen data, hackers could use the stolen data to commit identity fraud or to perpetrate sophisticated phishing scams.
“It looks like the data has come from a hacked insurance company web server. The hacker appears to have ongoing access to several different insurance-related servers, as he’s been claiming that he has more data like it and from more than one source,” cyber expert Neil Doyle told Sun Online.
The Miami-based “value-added solutions and technology products” company Intcomex has suffered a major data breach, with nearly 1 TB of its users’ data leaked.
Parts of the data were leaked on a popular Russian hacker forum for free, with the first part made available on September 14, 2020, and the second part on September 20. The leaker originally promised to release the entire stolen database over an undisclosed period of time.
The personal and health information of more than 16 million Brazilian patients has been leaked online after a hospital employee uploaded a spreadsheet with usernames, passwords, and access keys to sensitive government systems on GitHub this month.
Among the systems that had credentials exposed were E-SUS-VE and Sivep-Gripe, two government databases used to store data on COVID-19 patients.
E-SUS-VE was used for recording COVID-19 patients with mild symptoms, while Sivep-Gripe was used to keep track of hospitalized cases.
The two databases contained sensitive details such as patient names, addresses, ID information, but also healthcare records such as medical history and medication regimes.
The leak came to light after a GitHub user spotted the spreadsheet containing the passwords on the personal GitHub account of an employee of the Albert Einstein Hospital in the city of Sao Paolo.
Mercy Iowa City began notifying patients on November 13 of a data breach that occurred in spring 2020 after an employee’s email account was accessed by a threat actor.
The hospital detected the breach on June 24 when the targeted account began sending out phishing emails and spam. An investigation revealed that the hacked account had been compromised between May 15 and June 24.
Security experts brought in to scrutinize the incident confirmed in October that sensitive patient data could have been accessed by the attacker.
Data exposed may have included names, Social Security numbers, driver’s license numbers, and health insurance information.
Chicago-based Polsinelli law firm, representing the hospital, said that 60,473 Iowa residents may have been impacted by the security incident.
“On November 24, 2020, Sophos was advised of an access permission issue in a tool used to store information on customers who have contacted Sophos Support,” the company said in an email sent to customers and obtained by ZDNet.
Exposed information included details such as customer first and last names, email addresses, and phone numbers (if provided).
A Sophos spokesperson confirmed the emails earlier today and told ZDNet that only a “small subset” of the company’s customers were affected but did not provide an approximate number.
Sophos said it learned of the misconfiguration from a security researcher and fixed the reported issue right away.
WhiteHat Jr has reportedly fixed the vulnerability after it was brought to its notice, however, it is as yet unclear whether any of the user data was compromised when the flaw had not been fixed.
According to a cybersecurity researcher, who spoke to The Quint anonymously, the BYJU’S-owned company was using Amazon Web Services (AWS) servers and the S3 buckets, where data is stored, were left open, allowing access into folders containing documents, files, data and videos. Typically, these folders are stored are only accessible by authorised company personnel with a username and a password.
The data of 1.4 Mn registered users on jobs listing website iimjobs.com was allegedly leaked on the dark web on Monday (November 23).
Inc42 has learnt from cybersecurity researcher Rajshekhar Rajaharia that the data, sized 50 GB, was being sold on a dark web marketplace by an anonymous user for as low as INR 370.
Screenshots of the breached database accessed by Inc42 indicate that the leaked data is sensitive, as it includes the names, phone numbers, email addresses, exact location of users (latitude and longitude), their industry of work and links to their LinkedIn profiles.
The leaked data also includes users’ encrypted passwords. However, Rajaharia said that the passwords had been encrypted using the MD5 message-digest algorithm, which is an outdated method of data encryption and can be easily decrypted by hackers today.