News: Hacking

Yukon education department exposed students' personal info

2022-09-29T11:14:11.281Z

An education department worker exposed the data of more than 500 Yukon students, according to a notification obtained by CBC News.

The breach involves a risk of significant harm to students' privacy. The following data was exposed:

Full names,
Phone numbers,
Email addresses,
Dates of birth,
Social insurance numbers.

The data leak happened on Aug. 24.

A spokesperson for the Office of the Information and Privacy Commissioner said the office "is aware of the breach, and will work with the Department of Education to ensure it has met its obligations under the Access to Information and Protection of Privacy Act.

The spokesperson said people can still file a complaint to the privacy commissioner's office.

Recently, Physician’s Business Office notified 196,573 patients that their personal information and protected health data was stolen.

197K patients impacted by data breach at Physician’s Business Office impacts

2022-09-29T09:37:04.114Z

Physician’s Business Office (PBO) notified 196,573 patients that their personal information and protected health data was stolen.

Based in West Virginia, PBO is a medical practice management and administrative services for healthcare providers.

PBO disclosed unusual activity in its network environment in April and took steps to secure its IT systems. An outside digital forensics and incident response firm was brought on to assist, which found data stored on the network was accessed “and potentially acquired without authorization” during the data security incident.

Under the Health Insurance Portability and Accountability Act, covered entities and business associates are required to report any breaches of PHI affecting over 500 patients within 60 days of discovery.

The stolen data could include:

Full names,
Social Security numbers,
Dates of birth,
Driver’s licenses,
Treatments,
Diagnoses,
Contact details,
Disability codes,
Prescription information and health insurance account details.

Patients will receive free credit monitoring and identity theft protection services.

In the same time, an Elasticsearch server belonging to a healthcare software provider in India is currently exposing the Covid antigen test results of Indians and foreign nationals who traveled to or from India in the last couple of years.

Mysterious Team Bangladesh targeting Indian govt servers

2022-09-27T13:51:42.457Z

On Sept. 22, cybersecurity experts reported they have discovered a hacktivist group from Bangladesh that is targeting the Indian government's websites and servers.

Websites belonging to governments of Assam, Madhya Pradesh, Uttar Pradesh, Gujarat, Punjab and Tamil Nadu were affected.

The group called Mysterious Team Bangladesh (MTB) is using DDoS (Distributed Denial of Service) attacks against domains and subdomains of several state governments and a web server hosted by the Indian government, according to the team from cyber-security firm CloudSEK.

The members of the group primarily reside in the Chittagong area of Bangladesh and either study in college or have recently graduated. Hacktivism appears to be their predominant motivation and the group majorly operates and communicates via Facebook, Telegram and Twitter.

Cybersecurity researchers said:

Through meticulous analysis and profiling of multiple groups, it can be rightly concluded that such hacktivist groups collaborate among each other excessively to conduct nefarious attacks, DDoS being the primary one, followed by defacing attacks.

One of the co-founders of Mysterious Team Bangladesh has been recognised as Taskin Ahmmed.

The rest of the group primarily consists of students or recent graduates between the age of 20 to 25 years that previously operated under hacker organisations, like Elite Force 71, Bangladesh Cyber Anonymous Team, and Taskin Vau.

In the same time, Anonymous hacker collective have claimed to be behind attacks on several websites affiliated with the Iranian government amid protests following the death of 22-year-old Mahsa Amini.

Covid test results of 1.7m people exposed online

2022-09-26T15:06:35.300Z

An Elasticsearch server belonging to a healthcare software provider in India is currently exposing the Covid antigen test results of Indians and foreign nationals who traveled to or from India in the last couple of years.

It is worth noting that these tests were taken through a rapid antigen kit known as Covi-Catch. Covi-Catch is an Indian Council of Medical Research (ICMR) approved self-testing kit for COVID-19.

What’s worse, the server is still exposed and publicly accessible without any security authentication or password. Originally, the server is being exposed since July 2, 2022.

It all started when Anurag scanned for misconfigured databases on Shodan and noted a server exposing more than 23GB worth of data to public access. Anurag said that the server belongs to a company based in Gurgaon, Haryana, India, but we would not share the name of the company in this article because the server is still exposed.

Anurag’s analysis of the server revealed that the exposed records are actually Covid antigen test results, while the number of victims in the incident is over 1.7 million. These results not only comprise personal records but medical records of travelers including the following information:

Gender
Full names
Nationality
Date of birth
Full addresses
Phone numbers
Vote ID numbers
Covid test results
Aadhaar numbers
Passport numbers
Underlying medical conditions
Vaccine details (vaccine type, vaccine taken or not).

Recently, Anonymous hacker collective have claimed to be behind attacks on several websites affiliated with the Iranian government amid protests following the death of 22-year-old Mahsa Amini.

Iranian govt sites hacked by Anonymous amid protests following death of Mahsa Amini

2022-09-24T08:22:38.962Z

Anonymous hacker collective have claimed to be behind attacks on several websites affiliated with the Iranian government amid protests following the death of 22-year-old Mahsa Amini.

Several websites, including for the central bank and the national government portal and state-owned media sites, have been intermittently unreachable.

Some hacktivist accounts have claimed to have conducted destructive attacks on these government websites, including deleting databases associated with the site for the government spokesperson, although no evidence has been provided for those claims.

Amini — who was Kurdish and also went by her Kurdish name Jhina Amini — died last Friday while in the custody of the Islamic Republic’s morality police after being detained for what the authorities described as an improper hijab.

Although the authorities report that police did not physically attack Amini while she was in custody — instead stating she had a heart attack and died in a hospital — her family have questioned this narrative, saying she had no history of heart problems and had bruises on her legs.

Her death has prompted international and domestic outrage.

Iran’s ICT minister has said that internet disruptions are possible due to the “national security” implications of the unrest.

Iranian government authorities have not issued a statement about the hacktivist attacks.

The other day, Starbucks reported its customer database was breached online, with local media reporting that 200,000 individual's information was stolen.

Google’s Tag Manager hacked, sensitive info exposed

2022-09-23T12:25:07.953Z

Google’s Tag Manager (GTM) containers were hacked to install malicious e-skimmers that steal payment card data and personally identifiable information of shoppers on e-commerce sites.

Thousands of e-commerce sites use Google Tag Manager containers for data on website usage metrics, customer tracking and marketing purposes.

But cybersecurity experts have found three significant variants of malicious scripts that cybercriminals are hiding within GTM containers that allow them to exfiltrate the personal information of shoppers:

Over 165,000 payment card records attributed to victims of GTM container abuse attacks have been posted to dark web carding shops. The total number of payment cards compromised via GTM-based e-skimmers is likely higher.

The cybersecurity researchers found 569 e-commerce domains infected with e-skimmers. According to the report, 314 were confirmed to have been infected by a GTM-based e-skimmer variant while 255 had infections that exfiltrated stolen data to malicious domains associated with GTM abuse.

Nearly 90 of these e-commerce domains were still infected as of Aug. 25 and on average, researchers found it took more than three months for the infections to be remediated.

The other day, Starbucks reported its customer database was breached online, with local media reporting that 200,000 individual's information was stolen.

Optus under massive hacker attack, customer info stolen

2022-09-22T17:00:47.456Z

Optus has suffered a massive cyber-attack, with the personal information of customers stolen, including names, dates of birth, addresses, and contact details.

Optus suffered the data breach when hackers, believed to be working for a criminal or state-sponsored organization, accessed the sensitive information by breaking through the company’s firewall.

The Australian Cyber Security Centre is working with Optus to lock down its systems, secure any data against further breaches, and trace the attackers. The Australian federal police and the Office of the Australian Information Commissioner have also been notified.

Optus has 9.7 million subscribers, according to publicly available data, but the company said it was still assessing the size of the data breach.

The firm confirmed information which may have been exposed included Optus customers’ names, dates of birth, phone numbers, email addresses and, for a cohort of customers, physical addresses and identification document numbers such as driving licence or passport numbers.

Optus said payment details and account passwords have not been compromised, and that services, including mobile phones and home internet, were not affected.

The company insisted voice calls had not been compromised, and that Optus services remained safe to use and operate:

We are devastated to discover that we have been subject to a cyber-attack that has resulted in the disclosure of our customers’ personal information to someone who shouldn’t see it.

We are very sorry and understand customers will be concerned. Please be assured that we are working hard, and engaging with all the relevant authorities and organizations, to help safeguard our customers as much as possible.

Recently, American Airlines notified customers of a recent data breach after hackers compromised an undisclosed number of employee email accounts and gained access to sensitive personal information.

American Airlines suffers data leak, sensitive info exposed

2022-09-20T17:24:22.143Z

American Airlines has notified customers of a recent data breach after hackers compromised an undisclosed number of employee email accounts and gained access to sensitive personal information.

In notification letters sent on Sept. 16, the airline explained that it has no evidence that the exposed data was misused.

American Airlines disclosed the data breach on July 5, immediately secured the impacted email accounts, and hired a cybersecurity forensic firm to investigate the security incident:

In July 2022 we discovered that an unauthorized actor compromised the email accounts of a limited number of American Airlines team members.

Upon discovery of the incident, we secured the applicable email accounts and engaged a third party cybersecurity forensic firm to conduct a forensic investigation to determine the nature and the scope of the incident.

Personal information exposed in the hacker attack and potentially accessed by the attackers may have included:

Employees' and customers' names,
Dates of birth,
Home addresses,
Phone numbers,
Email addresses,
Driver's license numbers,
Passport numbers or certain medical information.

The other day, Starbucks reported its customer database was breached online, with local media reporting that 200,000 individual's information was stolen.

Revolut data breach exposed info of 50,000 users

2022-09-19T18:17:55.170Z

Revolut has been hit by a hacker attack that gave an unauthorized third party access to personal information of tens of thousands of clients.

Founded in 2015, Revolut is a financial technology company that has seen a rapid growth, now offering banking, money management, and investment services to customers all over the world.

The data security incident occurred a week ago, on Sept. 17, and has been described as "highly targeted."

A company spokesperson reported that an unauthorized party had access "for a short period of time" to details of only a 0.16% of its customers:

We immediately identified and isolated the attack to effectively limit its impact and have contacted those customers affected. Customers who have not received an email have not been impacted.

According to the breach disclosure to the State Data Protection Inspectorate in Lithuania, where Revolut has a banking license, 50,150 customers have been impacted.

The Lithuanian data protection agency notes that the likely exposed information includes:

Email addresses,
Full names,
Postal addresses,
Phone numbers,
Limited payment card data,
Account data.

The other day, Starbucks reported its customer database was breached online, with local media reporting that 200,000 individual's information was stolen.

Starbucks Singapore reported data breach

2022-09-19T18:10:06.776Z

On Sept. 16, Starbucks Singapore reported its customer database was breached online, with local media reporting that 200,000 individual's information was stolen.

The coffee chain said in an email to customers that it had discovered some unauthorized access to details such as:

Full names,
Gender,
Dates of birth,
Phone numbers,
Home addresses.

Relevant authorities have been informed and Starbucks Singapore is assisting them on this matter.

The firm said it was made aware of the breach on Sept. 13, and that no credit card details were taken as it does not store them.

Starbucks urged customers to reset their passwords.

Recently, one of the biggest pharmaceutical companies in India IPCA Laboratories became a victim of a ransomware operation that claims to have stolen 500 GB of data.