Last week, breaches and cyberattacks occurred across several industries from the semiconductor manufacturing, higher education, healthcare, food service, retail to the public sector. Devastating consequences have been uncovered from earlier data breaches and attacks, such as Australia Communications & Media Authority to prosecute Optus over 2022 data breach, and that Kakao was fined $11.1 million for a 2023 data breach that leaked more than 65,000 users’ personal information. Furthermore, new vulnerabilities and patches for Github have also been found and released. It is highly recommended to not only be aware of them but to also update them as soon as possible. Read on to receive a quick summary of what happened this week in the space of cybersecurity. Australia Communications & Media Authority to prosecute Optus over 2022 data breach. The Australia Communications and Media Authority (ACMA) has filed proceedings in the Federal Court against Optus. ACMA alleges that during the 17-20 September 2022 data breach, Optus failed to protect customers’ personal information from unauthorised interference or access as required under the Telecommunications Act 1979. The breach led to the hackers stealing personal information from 10 million current and former Optus customers. This includes their names, birthdates, phone numbers, and email addresses. In a statement, Optus stated that they will defend the matter, and that Optus has previously apologised to their customers, and has taken significant measures to protect them. Furthermore, Optus has also reimbursed customers for the cost of replacing identity documents. This follows after Optus had to pay a penalty of more than AUD1.5 million after ACMA found large-scale breaches of public safety rules by the telco. EU Parliament suffers from a data breach: Sensitive documents stolen. The European Parliament has begun notifying staff of the PEOPLE recruitment system breach that were used by the European Parliament for hiring non-permanent staff on 22 May. In the notice, the data stolen in the breach includes passports, identification documents, work experience and excerpts of criminal records, military obligations, declarations of honour, education, contacts and entitlement documents. All documents are believed to have been affected. According to a spokesperson for the EU Parliament, the PEOPLE HR tool has since been deactivated as investigations are ongoing. The EU Parliament has not disclosed how many people were affected in the breach nor how the threat actor gained access. OmniVision discloses data breach after 2023 ransomware attack. OmniVision, a imaging sensor manufacturer, warns of a data breach after the company suffered a Cactus ransomware attack last year. On Friday, OmniVision informed the Californian authorities of a security breach incident that occurred between 4-30 September 2023, whereby certain OVT systems were encrypted by ransomware. The notice stated that after investigation, which concluded on 3 April 2024, it was determined that an unauthorised party took some personal information from certain systems. The type of data stolen and the number of exposed individuals remain unknown. However, from Cactus ransomware gang announcement on 17 October 2023, who claimed the attack, leaked the following samples: passport scans, non-disclosure agreements, contracts, and confidential documents. The threat actors eventually released all data they had from the attack in a ZIP archive that was made available to download for free. Currently, OmniVision has been removed from the Cactus ransom extortion page on the dark web. OmniVision is offering 24-month credit monitoring and identity theft restoration service to impacted individuals. Western Sydney University suffers a data breach: Student data exposed. Western Sydney University (WSU) has notified students and academic staff about a data breach which occurred after threat actors breached their Microsoft 365 and Sharepoint environment on 17 May 2023. In an announcement posted on their website, the University warned that the hackers accessed its Microsoft Office 365 environment, and this includes email accounts and SharePoint files. Their investigations also indicate that the University's Solar Car Laboratory infrastructure may have been used as part of the incident. This breach was only discovered in January 2024, with the University’s IT team shutting the unauthorised access, launching an internal investigation, and involving specialists. The data exposed varies per individual, and it depends on the content of the email communications and the documents stored in the University’s SharePoint environment. This breach approximately impacts 7,500 individuals, who will soon receive personalised notices via email and phone. Although this might not be the final figure, as investigations are still ongoing. WSU stated that no threats have been received, and that their core operations have not been impacted. So far, no ransomware or extortion groups have claimed responsibility for the attack. Impacted students and personnel can receive support through a dedicated phone line and monitor their page for updates. CentroMed suffers from another data breach: 400,000 individuals’ personal information compromised. San Antonio-based healthcare provider El Centro Del Barrio (operates as CentroMed) is informing 400,000 patients that their personal and health information was compromised in a recent cyberattack. The breach occurred on 30 April 2024, and was discovered on 1 May 2024. The unauthorised threat actor gained access to their network, and managed to access and/or acquired files that contain information relevant to CentroMed’s current and former patients. The compromised information included patients’ names, addresses, birthdates, medical and health information, insurance information, social security numbers, financial account information, and medical claims data. CentroMed highly recommends affected patients to review the statements they receive from their healthcare providers and contact the relevant provider immediately if they see services they did not receive. The organisation has started notifying potentially impacted individuals on 17 May, and has informed the US Department of Health and Human Services that a total of 400,000 former and current patients were affected by the breach. Jumbo Group suffers a ransomware attack. Jumbo Group, a seafood restaurant chain, stated in a course filing on 23 May, that they were subjected to a ransomware attack. The statement, signed off by group chief executive and executive director Ang Kiam Meng, did not mention the date, duration or extent of the attack, and whether a ransom was paid. The group stated that based on preliminary investigation, neither it nor external experts noticed any evidence of data being removed unlawfully. As of the date of the announcement, there has been no significant impact to the group’s business operations arising from the incident. The group added that this incident has been reported to the relevant authorities. Mustafa Group hit by a data breach: Personal data of customers and employees stolen. The Mustafa group, which runs a shopping mall among other businesses, has been hit by a data leak. On 25 April, a cyberattack on BreachForums claimed to have stolen the personal information of Mustafa customers and employees. The hacker claimed that he had obtained 180GB of data belonging to Mustafa, and had uploaded the files on the forum. As seen by The Strait Times, the files uploaded contained personal data such as the victims’ full names, NRIC numbers and home addresses. The files have since been removed. Mustafa has stated that they have engaged external cybersecurity experts for a thorough review of its IT systems, and have reported the incident to the relevant authorities. Cencora, US drug distributor, notified affected individuals about data stolen earlier this year: Exposed US patient info from 8 drug companies. Cencora has notified affected individuals that their personal and sensitive medical information was stolen during a cyberattack and data breach earlier this year. The company disclosed the incident in February, in which data, some of which may have contained personal information, was stolen from its information systems. Cencora stated that no evidence has been found so far that the stolen information has been publicly disclosed or misused for fraudulent purposes. In another announcement, Cencora’s unit Amerisource Bergen Specialty Group (ABSG) stated that the information stolen was related to a prescription supply program offered by their now-defunct subsidiary, Medical Initiatives Inc. Based on ABSG’s investigation, the compromised information includes fullname and prescriptions. The 8 firms impacted by this breach are: Novartis Pharmaceuticals Corporation, Bayer Corporation, AbbVie Inc, Regeneron Pharmaceuticals Inc, Genentech Inc, Incyte Corporation, Sumitomo Pharma America Inc, and Acadia Pharmaceuticals. Kakao was fined $11.1 million for a 2023 data breach that leaked more than 65,000 users' personal information. Kakao, a Korean tech giant, was fined $11.1 million, the highest penalty imposed on a domestic firm ever, by the country’s privacy watchdog for leaking more than 65,000 users’ personal data. The KakaoTalk operator opposed the decision, and said that they will take potential legal action to contest the penalty. The Personal Information Protection Commission (PIPC) stated on Thursday that they had approved the fine during its plenary session, and concluded that Kakao’s negligence in protecting user information was responsible for the data leak. As not only did Kako not take action when the utilised hacking methods for Kakao was revealed in online developer communities, but also failed to report the incident immediately after becoming aware of it. GitHub patched a high severity vulnerability that allows attackers to take over accounts. GitLab patches a high severity vulnerability (tracked as CVE-2024-4835) that allows unauthenticated attackers to take over user accounts in cross-site scripting (XSS) attacks. GitLab has released versions 17.0.1, 16.11.3, and 16.10.6 for GitLab Community Edition (CE) and Enterprise Edition (EE). It is highly recommended that all GitLab installations be upgraded to one of these versions immediately as they contain important bug and security fixes. On Wednesday, the company also fixed 6 other medium severity vulnerabilities. Hence, it is highly recommended for users to immediately upgrade. That is all! Enjoy the rest of the week and don't forget to update your devices and systems to the latest patches! Comments are closed.
|
Archives
June 2024
Categories
All
|
© 2021, TAFA HOLDINGS (S) PTE LTD. ALL RIGHTS RESERVED
|