fbpx
week51-2021-min

Here’s your weekly #databreach news roundup:

Albanian citizens, Pro Wrestling Tees, Monongalia Health System, Sennheiser, Ubisoft, Big White, UK police data, Texas ENT, Tiyuli and Lametayel and more…

Albanian citizens

week51-2021-albania

The Albanian government has confirmed and apologized on Thursday for a data leak that exposed the personal and salary-related information for 637,138 citizens, more than 22% of the country’s entire population.

Details such as names, ID card numbers, salaries, job positions, and employer names were shared over the weekend on WhatsApp as an Excel document.

The file included what appeared to be tax and salary information filed by companies with the Albanian government for the month of January 2021, according to local media.

In a press conference today, Prime Minister Edi Rama confirmed and apologized for the breach.

Pro Wrestling Tees

Popular wrestling t-shirt site Pro Wrestling Tees has disclosed a data breach incident that has resulted in the compromise of the financial details of tens of thousands of its customers.

Pro Wrestling Tees is a website allowing professional wrestlers to set up their own mini-stores to sell merchandise like shirts, posters, action figures, and more to their fans.

The platform also organizes regular meet-ups for fans to meet their favorite athletes, making the site is very popular among the various wrestling communities worldwide.

In a data breach notification sent to affected individuals on December 15, 2021, Pro Wrestling Tees was informed by law enforcement on November 01, 2021, that a small portion of its customers’ credit card numbers had been compromised.

Monongalia Health System

A hospital system in West Virginia has suffered a data breach resulting from a phishing attack, which gave hackers access to several email accounts. 

Monongalia Health System — which runs Monongalia County General Hospital Company and Stonewall Jackson Memorial Hospital Company — said that hackers had access to several email accounts from May 10 to August 15. These accounts contained sensitive information from patients, providers, employees, and contractors. 

Sennheiser

According to a report from vpnMentor, the German audio equipment manufacturer, Sennheiser left an unsecured Amazon Web Services (AWS) server online. The server stored around 55GB of information on over 28,000 Sennheiser customers.

AWS buckets are popular among businesses that require storing large data files. However, defining the security settings for AWS S3 buckets is highly important, which according to vpnMentor, Sennheiser failed to ensure.

Ubisoft

week1_2021_ubisoft

Gaming giant Ubisoft has confirmed a cyberattack on its IT infrastructure targeting the popular game Just Dance. 

The company explained that the incident “was the result of a misconfiguration, that once identified, was quickly fixed, but made it possible for unauthorized individuals to access and possibly copy some personal player data.”

Big White

week1_2021_bigwhite

A potential data breach due to possible malware on Big White’s servers has prompted an alert from the resort’s CEO.

In an email sent Monday to all vendors and suppliers to Big White, including the resort’s utilities, president and CEO of Big White Peter Plimmer said the company’s servers experienced “an unauthorized intrusion” sometime before Sept. 10.

Data accessed nefariously may include personal and business information, such as names, addresses, banking info, electronic funds transfer arrangements, and CRA business numbers.

 

“Although we are not aware of any actual misuse of your personal and/or business information, we are providing notice to you and other potentially affected parties about the incident, and about steps you can take to protect yourself against possible identity theft or fraud,” said Plimmer.

UK police data

Confidential information held by some of Britain’s police forces has been stolen by Russian hackers in an embarrassing security breach, The Mail on Sunday can reveal.

The cyber-criminal gang Clop has released some of the material it plundered from an IT firm that handles access to the police national computer (PNC) on the so-called ‘dark web’ – with the threat of more to follow.

Clop is believed to have demanded a ransom from the company, Dacoll, after launching a ‘phishing’ attack in October that gave it access to material, including that of the PNC, holding the personal information and records of 13 million people.

Texas ENT

week51_2021_texas-ent

More than half a million patients have been impacted by a data breach at US healthcare provider Texas Ear, Nose and Throat Specialists (Texas ENT).

After learning of a security compromise on October 19, Texas ENT “determined that unauthorized parties gained access to our computer systems and took copies of Texas ENT files between August 9, 2021 and August 15, 2021”, reads a security alert (PDF) from the healthcare specialist.

The breached data includes patient names, dates of birth, medical record numbers, procedure codes used for billing purposes, and, for only “a limited number of files”, Social Security numbers.

Tiyuli and Lametayel

A hacker group called Sharp Boys announced that it had hacked two Israeli hiking websites on Saturday, leaking the information of 100,000 users and offering the information of around three million people for sale.
 
The leaked data includes emails, addresses, photos and phone numbers.
 
The two affected sites were Tiyuli and Lametayel. Tiyuli is a website that provides information on hiking, attractions, maps and places to sleep throughout Israel. Lametayel is a chain of hiking and sporting goods stores and its site also provides information on hiking.

4- sports gear sites

Four affiliated online sports gear sites have disclosed a cyberattack where threat actors stole credit cards for 1,813,224 customers.

While not much is known about the attack, a law firm representing the four websites stated that personal information and credit card information, including full CVV, were stolen on October 1st, 2021.

The affected websites are the following: