Cybersecurity news provided by NetworkTigers on Monday, 05 April 2021.
SAN MATEO, CA — Facebook users personal data leaked, Capital One confirms more data than previously thought leaked, DeepDotWed seized by the FBI, Accellion hack results in New York college data leak, data breach at Texas hospital, personal information for 3.5 million users posted for sale, whistleblower claims Ubiquiti’s legal tean silenced data leak disclosure, student data leaked in Georgia county school district, over half Indian organisations hacked in the last year, DHS officials hacked in SolarWinds breach, Australian TV network and parliament under cyberattack.
Personal data from 500 million Facebook users found online
While the information appears to be from several years ago, Business Insider has reported that data from more than 500 million Facebook users covering 106 countries has been found online. The leaked information contains names and phone numbers, including the phone number for Facebook CEO Mark Zuckerberg. While Facebook has stated that the data in question is old and resulted from a security issue that has long been resolved, the leak once more highlights the vast amount of personal user data the social network retains. Read more.
Capital One discloses updated research on 2019 hack
US bank Capital One experienced a hack in 2019 that impacted data associated with over 100 million people. According to Capital One, information related to this hack has been recently reanalyzed and findings have determined that more Social Security information was stolen than originally believed. The bank has issued a statement to clients thought to be affected and is offering free credit monitoring services. Read more.
Dark web news site administrator pleads guilty to conspiracy
DeepDotWeb, a site dedicated to news and current events regarding activity on the dark web, has been seized by the FBI. The site’s administrator, Tal Prihar, has pleaded guilty to conspiracy to commit money laundering in a US court after it was found that he was profiting by providing links to customers allowing them to make illegal purchases on the dark web. In total, it is reported that Prahar and his co-defendant Michael Phan made $8.4 million over the course of the site’s life, using shell companies and various Bitcoin accounts to conceal the nature of their funds. Read more.
Accellion hack results in stolen information from New York college
The IT department of New York City’s Yeshiva University has disclosed to students via email on April 1st that their network had sustained a “data security incident.” The department explains that an unauthorized user has been sending emails to those associated with YU threatening to publish stolen sensitive information. It is understood that the hack took place due to YU’s usage of third party Accellion, who recently suffered a major, widespread data breach. Read more.
Texas hospital experiences breach of patient data
Memorial Hermann hospital in Houston, Texas has informed its patients that their personal data may have been exposed in a breach involving Med-Data, Incorporated, a third party company used to provide solutions for Medicaid eligibility and patient billing. Due to human error, some of Med-Data’s sensitive information was posted to a public-facing website. The data exposed includes Social Security numbers, names, addresses, and information regarding medical diagnoses and conditions. Med-Data, Incorporated has provided those affected with a credit monitoring service, implemented new security measures, and informed law enforcement of the nature of the breach. Read more.
Posting on dark web reveals giant data theft in India
A staggering 8.2TB of personal information affecting 3.5 million users has been posted for sale on the dark web. The data is allegedly from payment platform MobiKwik and contains names, addresses, credit card numbers, and more. MobiKwik has been receiving public admonishment over their handling of the situation due to their initial denial of being the source of the breach in spite of users being able to find information that is unique to their usage of the MobiKwik platform within the leak. Read more.
Breach of Ubiquiti said to be worse than officially reported
Earlier this year, cloud-enabled device vendor Ubiquiti reported that it had suffered a data breach due to third-party vendor exposing customer data. According to an anonymous whistleblower familiar with the situation, the third-party vendor aspect of the statement was deliberately misleading. The whistleblower claims that Ubiquiti’s legal team worked to silence any disclosure of the fact that the company itself had actually suffered a “catastrophic” cybersecurity event. The whistleblower is accusing the company of being negligent with regard to customer data in order to avoid a drop in its stock price. Read more.
Student data in Georgia county school district leaked
PCS Revenue Control Systems, Inc. is emailing the parents of students in the Dekalb County School District regarding a December, 2019 security breach. According to PCS, unauthorized access was detected regarding files associated with its managed student meal programs. The data exposed includes names, Social Security numbers, and birth dates. PCS stated that it has found no evidence of any of the data being misused and has provided those affected with a credit monitoring survive. The Dekalb County School District has not reported any security breaches. Read more.
More than half of all Indian companies hacked in past year
Cybersecurity firm Sophos is reporting that 52% of all Indian organizations have been the victim of successful cyber attacks over the past year. A large majority of those businesses labeled their breaches as “severe” and a significant portion of those attacked were left scrambling to fix the damage for over a week. The report also details that company cybersecurity budgets in India have remained largely the same in spite of the increasing frequency of cyberattacks. Read more.
Highest ranking DHS officials were hacked in SolarWinds breach
Calling into question the US government’s ability to protect itself and others against cyberattacks, it has been revealed that the email accounts of top DHS officials had been compromised in the SolarWinds intrusion. Sources say that the federal agencies that fell victim struggled to identify and mitigate the hack due to outdated technology that was not fully equipped to deal with modern, sophisticated threats. Both the SolarWinds hack as well as the recent hack of Microsoft Exchange were discovered not by the federal government but by private companies. Read more.
Australian TV network and parliament hit by cyberattacks
In what is being called the biggest hack of a media outlet in the country’s history, Australian broadcaster 9 News was taken off the air for more than 24 hours as it sustained a “significant, sophisticated” attack. The breach is being investigated by the Australian Cyber Security Centre. Australia’s federal parliament computer networks were also attacked, although authorities are not currently sure if the crimes are connected and have stated that the attack on the government network was not successful. Read more.
More cybersecurity news
Read more cybersecurity news and articles brought to you by NetworkTigers.
About NetworkTigers
NetworkTigers was founded in January 1996 as Andover Consulting Group, which built and re-architected data centers for Fortune 500 firms. Today, NetworkTigers provides consulting and network equipment to businesses and individuals globally. www.networktigers.com
Contact NetworkTigers
Mike Syiek, CEO
NetworkTigers, Inc.
1029 S. Claremont Ave
San Mateo, CA 94402
editor@networktigers.com
1-800-430-6950