Here’s your weekly #databreach news roundup:
MRW, T-Mobile, Rhode Island Public Transit Authority (RIPTA), and Onus.
MRW itself has informed who is suffering these days a campaign to try to impersonate his identity. Dozens of users have explained in social networks that they are receiving SMS impersonating MRW where a dispatch locator is sent and a link that redirects to a fake page that try to get us to pay some supposed shipping costs for the package sent by MRW. Many would not fall into this trap, if it were not for the fact that our name, the actual shipping locator and the name of the store where we have purchased the product appear in that message.
T-Mobile confirmed that recent reports of a new data breach are linked to notifications sent to a “very small number of customers” who fell victim to SIM swap attacks.
“We informed a very small number of customers that the SIM card assigned to a mobile number on their account may have been illegally reassigned or limited account information was viewed,” a T-Mobile spokesperson told BleepingComputer.
“Unauthorized SIM swaps are unfortunately a common industry-wide occurrence, however this issue was quickly corrected by our team, using our in-place safeguards, and we proactively took additional protective measures on their behalf.”
T-Mobile refused to provide additional details when asked for more info on the total number of affected customers and the method used by the attackers to pull off the SIM swap attacks successfully.
“We are not providing any additional information at this time. Thank you!,” a company spokesperson told BleepingComputer.
Rhode Island Public Transit Authority (RIPTA)
Rhode Island Attorney General Peter Neronha told The Providence Journal on Thursday that he is going to open an investigation into a data breach involving the Rhode Island Public Transit Authority (RIPTA). This comes after outrage grew this week over the agency’s handling of the incident.
Neronha’s office told the news outlet that they are receiving a high number of calls about the incident, prompting them to look into what happened.
Personal data of 1.92 million users of Vietnamese digital currency app Onus has been leaked due to a security breach.
The Singapore-based company founded and managed by Vietnamese stated Monday its server had been attacked and personal data of a large number of users could have been leaked.
It added user assets were not affected by the attack.
Internet users on Dec. 25 found the data of Onus customers posted on a data trading website by an account named ‘vndcio.’
The data includes real name, email address, phone number, username and Electronic Know Your Customer (eKYC) info, which is the digital verification of an identity without the need for face-to-face interaction.