June 7, 2019

Monthly Breach Report: June 2019 Edition

PKWARE
Monthly Breach Report: June 2019 Edition

Data breaches serve as a rude reminder that despite all the technological advancement, businesses need to be cautious and watchful in their data management approach. Moreover, they bring the issue to light that both business and security risks are connected and need to be addressed together.

Since compromised data can be a crushing blow to any organization irrespective of its size, shape, and industry expertise, breach containment should be a top priority for businesses. Keeping in mind that data breaches can jeopardize the company’s future investments, hamper employee morale and reputation and much more, today we will throw light on some of the most crucial data breaches that shook the world of business last month. Although not all of these incidents are particularly large, the type of attack or the sensitivity of the compromised data proves that user data is vulnerable and should be treated on priority.

HCL

Prominent IT services provider HCL Technologies became the latest target of a security breach when it unintentionally allowed online access to crucial sensitive organizational information like employee passwords, client project details, etc.

The tech giant resorted to prompt measures as soon as it was notified by Australia-based cybersecurity entity UpGuard about the incident on May 6. According to a blog posted by UpGuard, the exposed confidential data included candidate name, ID, contact number, date and location of joining, recruiter name, user name, offer accepted status, a link to the candidate form, and cleartext password.

Reports suggest that all of the data was made available on the subdomains of HCL-owned domain. Keeping the distinctiveness of the breach, UpGuard researchers decided to use the “wait and watch” approach to inform HCL despite identifying the mishap on the first of last month.

Source:
Threatpost

Whatsapp

WhatsApp, a messaging app which is used by over 1.5 billion people globally, recently encountered a nasty digital attack that allowed hackers to install spyware making use of its call feature.

Reports suggest that the installation didn’t even need the device owner to answer the call as it took place making use of WhatsApp’s call feature. During the attack, the targeted device would start mentioning its encrypted content as soon as the dialed number was attacked.

WhatsApp claims the attack appeared to be carried out by a private sector player that works with governments to deliver spyware. It was further suggested that the Israel-based cybersecurity enterprise, NSO Group, is likely to be the mastermind behind the attack as it was aimed at only selected individuals.

WhatsApp realized the potential of the attack when cybercriminals were able to successfully install surveillance software on iPhones and Android by simply calling the targets using the app. Apart from informing the US Justice Department and several human rights organizations, WhatsApp has advised users to upgrade the app and also clarified that their Engineering team are making concerted efforts to close any security lapse caused by the spyware installation.

Last year, WhatsApp’s parent company Facebook made headlines for a series of privacy and security breaches they encountered themselves.

Russian Government

Personal and passport related information of over 2.25 million Russian citizens, including government employees and high-ranked politicians, was leaked by different Russian government websites.

The information leak was discovered by Ivan Begtin who is the co-founder of a Russia-based NGO Informational Culture. Begtin’s blog stated that he made the discovery about the security leak after he carried out a detailed probe on 50 government portals, government online certification centers, and an e-bidding site that are all used by the government agencies. He also said that the security breach disclosed information was available online. Begtin also claimed despite informing Russia’s government agency handling data privacy about the leak nearly eight months back, no action was taken.

Varied news report suggests that important information of top-notch Russian government officials, such as deputy chairman of the Russian Duma (Parliament) Alexander Zhukov, and two ex-deputy prime ministers, Arkady Dvorkovich and Anatoly Chubais, were not even spared.

Source:
Moscow Times

Shubert Organization

New York-based theatrical producing organization The Shubert Organization has announced that it was hit by a data breach. The revelation came only after some unlawful activity was observed on an employee’s email account in February this year, after which Shubert initiated a probe in collaboration with forensic experts.

The investigation, which concluded in mid-March, clarified that the leak allowed access to the email accounts of the employees, which was made up of customer names and credit card details like numbers and expiration dates.

The Shubert Organization, the owner of 17 Broadway theaters and the popular ticketing service Telecharge, has resorted to security measures to ensure data protection and avoid such incidents in the future. As part of its efforts to ensure privacy, the company will train employees, launch relevant security updates and offer the affected parties with credit monitoring services.

Apart from informing the state regulators and Attorneys General about the incident, a dedicated call center has also been set up by Shubert so that queries can be resolved on priority.

Source:
SCMagazine

Freedom Mobile

Calgary-based wireless telecommunications provider owned by Shaw Communications Freedom Mobile’s operations were hit by a phishing attack.

The carrier with operations spread across Ontario, Alberta and British Columbia stated in an official statement that the security breach affected approximately 15,000 clients and the claim of 1.5-million customers affected made by vpnMentor wasn’t true. The attack was the discovery of researchers at vpnMentor Noam Rotem and Ran Locar, who had shared a warning based on their findings some time back.

After the data leak incident surfaced, an in-depth investigation was initiated on March 25 in which it was found that the breached data was processed by third-party vendor Apptium Technologies that was responsible for streamlining Freedom Mobile’s retail customer support.

Freedom Mobile, touted as Canada’s fourth largest cell network, further said that the impacted clients were from 17 retail outlets who either opened or changed accounts as late as April 15 or made alterations to the opened accounts on April 16. By April 23, the issue was taken care of.

Furthermore, the telecom player has decided to carry out a complete forensic investigation soon to understand the severity of the leak.

Source:
ZDnet

Wyzant

Looking at the data breach trend, it appears that no one is safe from the hackers. Online tutoring website Wyzant’s databases was intruded by unknown hackers with the motive to access a data subset.

An email from Wyzant stated that the personal information of the users accessed by the hackers included email addresses, full names, zip codes, and Facebook profile images of those who chose to log in through their Facebook accounts. It was also clarified that other key data like password, payment details, or activity logs were not part of the breach.

Wyzant, whichhas more than two million registered users and more than 80,000 instructors, has not shared the exact count of customers that became a victim of this breach. To stop the recurrence of such events in the future, Wyzant has implemented additional measures that include scrutinizing the security protocols and processes apart from collaborating with law enforcement agencies.

Source:
ZDnet

Redtail CRM

Several financial advisor users of Redtail Technology’s CRM software became victims of a data breach when their customers’ personal information was leaked online. In an email sent out to the affected advisors, Redtail informed that it became aware of the incident on March 4 that had affected less than just 1 percent of the total customers. Redtail CEO Brian McLaughlin clarified that efforts were being made to ensure the safety of the customers’ data and hence free access to Symantec product to the affected advisors has been given.

Although the exact number of impacted customers wasn’t shared, Redtail has clarified that the data breach wasn’t an intentional third-party intrusion, rather a temporary exposure. To identify which customers’ data was compromised apart from ensuring removal of the impacted files, Redtail has decided to come up with a specific solution.

Currently, Redtail’s CRM enjoys 57 percent market share and is hugely popular among the financial advisory market.

Source:
Investment News

LibertyBus

Hundreds of LibertyBus customers data was compromised when the bus operator’s top-up website became a victim of a data leak. It was found that the hackers used a spoof platform to divert those customers who were eyeing to top up their pre-paid AvanchiCards. A probe has already been initiated by the Office of the Information Commissioner to find more details about it.

Apart from shutting down the site, the bus operator announced that the breach affected a total of 361 people in Jersey who accounted for nearly 2 percent of the Island’s 20,000 AvanchiCard users.

Also, LibertyBus’ sister concern CT Plus in Guernsey witnessed a similar kind of attack which impacted over 80 of its customers.

Source:
Jersey Evening Post

Keep your business out of data breach headlines with the help of PKWARE. Find out how with a free demo.

Share on social media
  • The Evolution from PKZIP and SecureZIP to PK Protect

    PKWARE December 12, 2024
  • Data Breach Report: November 2024 Edition

    PKWARE December 9, 2024
  • Harvest Now Decrypt Later Cybersecurity Attack

    PKWARE December 3, 2024
  • Top Cybersecurity Predictions for 2025

    Jason Dobbs November 18, 2024
  • The Evolution from PKZIP and SecureZIP to PK Protect
    PKWARE December 12, 2024
  • Data Breach Report: November 2024 Edition
    PKWARE December 9, 2024
  • Harvest Now Decrypt Later Cybersecurity Attack
    PKWARE December 3, 2024