Week50-20020-newsletter

Here’s your weekly data breach news roundup:

  1. Embraer, world’s third-largest airplane maker
  2. Foxconn electronics giant
  3. PayPay smartphone payment service
  4. Indian credit card and debit card user
  5. Fax Express
  6. Dental Care Alliance
  7. Breached MySQL servers (Multiple breaches)
  8. Mongolian software company
  9. New York law firm Brooklyn Defender Services

Embraer

w50-2020-embraer

Brazilian company Embraer, considered today’s third-largest airplane maker after Boeing and Airbus, was the victim of a ransomware attack last month.

Hackers involved in the intrusion have leaked some of the company’s private files as revenge after the airplane maker refused to negotiate and instead chose to restore systems from backups without paying their ransom demand.

Foxconn

Foxconn electronics giant suffered a ransomware attack at a Mexican facility over the Thanksgiving weekend, where attackers stole unencrypted files before encrypting devices.

Foxconn is the largest electronics manufacturing company globally, with recorded revenue of $172 billion in 2019 and over 800,000 employees worldwide. Foxconn subsidiaries include Sharp Corporation, Innolux, FIH Mobile, and Belkin.

BleepingComputer has been tracking a rumored Foxconn ransomware attack that occurred over the Thanksgiving weekend.

PayPay

w50-2020-paypay

The operator of smartphone payment service PayPay said Monday that a server containing information on all 2.6 million stores using the service has been hacked.

There is a possibility that some 20.07 million items of information such as store names and bank accounts may have been compromised, but there are no traces of malicious use of such data, PayPay Corp. said.

The fraudulently accessed server did not contain information on individual users.

The PayPay operator, which is an affiliate of SoftBank Corp., said that there were flaws in settings regarding access authorization for the information.

Indian credit card and debit card users

The personal data of 7 Mn Indian credit card and debit card users has been leaked on the dark web this month. 

Screenshots of the leaked data reveal that the database, sized 2 GB, which is on a public Google Drive link, includes cardholders’ names, phone numbers, email addresses, names of employer firms, annual incomes, types of accounts and whether they have switched on mobile alerts or not. Further, the leaked database also includes the PAN numbers for 5 Lakh cardholders. 

The leaked data is from the period between 2010 and 2019. 

According to cybersecurity researcher Rajshekhar Rajaharia, who alerted Inc42 about the development, the leaked data can be used by cybercriminals for spam messages and phishing attacks. 

FAXEXPRESS

The New Jersey-based fax machine reseller ‘Fax Express’ has leaked the email addresses and passwords of about 560,000 of its customers. The event happened through a database leak included in the “Cit0day.in” packs that saw the light last month. Unfortunately, everything in the database was unencrypted, so the passwords are in plain text form.

‘Fax Express’ never realized the breach or simply chose not to disclose it when it happened. Additionally, the firm failed to respond to the researchers of CyberNews, who attempted to contact them on November 16, 2020, to inform them about the involved risks. Maybe they should have tried sending them a fax.

Dental Care Alliance

An American healthcare provider has started notifying more than a million patients that their data may have been exposed as the result of a cyber-attack.

Dental Care Alliance discovered on October 11 that it had been the victim of a hack that began on September 18, 2020. The company, which is headquartered in Sarasota, Florida, was able to contain the attack by October 13.

Patient data that may have been accessed in the security incident included names, addresses, dental diagnosis and treatment information, patient account numbers, billing information, bank account numbers, the name of the patient’s dentist, and health insurance information. 

Breached MySQL servers (Multiple breaches)

Hackers have set up an auction site on the dark web to sell 250,000 databases stolen from tens of thousands of breached MySQL servers.

The entire collection is seven terabytes in size and is part of a database ransom business that registered a sharp rise since October.

Although the hacker’s website on the clear web listed only 31 databases, the number of abuse reports for the wallet left in the ransom note was above 200, indicating a much larger operation.

Able Software - Mongolian Software Company

A Chinese state-sponsored hacking group, also known as an APT, is suspected of having breached a Mongolian software company and compromised a chat app used by hundreds of Mongolian government agencies.

The attack is believed to have taken place earlier this year, in June, according to a report published today by Slovak security firm ESET.

The hackers targeted an app called Able Desktop, developed by a local company named Able Software.

Brooklyn Defender Services

New York law firm Brooklyn Defender Services says it has been struck by a data breach involving sensitive personal information belonging to its low income, government-funded clients.

The public defender organization said that on September 13, it discovered that “some” employee email accounts had been compromised by an “unauthorized person”, according to a press release published on December 10.

A subsequent investigation revealed “that emails or attachments may have included employees’ and clients’ names, addresses, financial account numbers, Social Security numbers, driver’s license numbers, passport numbers, health information, and/or biometric data such as fingerprints”.