1 Million Accounts Leaked From Banks, Government Agencies Consultancy Firms

0 views

Skip to first unread message

Message has been deleted

Onofre Alamillo

unread,

Jul 10, 2024, 3:55:56 AM7/10/24

to mulnicosli

According to projections, cybercrime is forecast to cost the global economy $10.5 trillion by 2025, reflecting a 15% yearly increase. Businesses have never been more vulnerable; even large enterprises with substantial cybersecurity defenses can fall victim. Lessons learned from these attacks can help smaller businesses prepare their security strategy for any eventuality.

An undisclosed number of American Express customers were notified of a potential breach of their data at the beginning of March 2024. In a statement, American Express announced the incident stemmed from unauthorized access to a third-party merchant processor, rather than their own internal systems.

1 Million Accounts Leaked From Banks, Government Agencies Consultancy Firms

Download File https://psfmi.com/2yM2HE

Customers were informed that their names, account numbers, and card details may have been compromised in the breach, and were urged to monitor their accounts for fraudulent activity over the following 12 to 24 months. American Express users have also been encouraged to enable real-time notifications to alert them to unusual purchases or transactions.

Early reports suggest the group has been paid a $22 million ransom, though this has not been confirmed by UnitedHealth Group. The far-reaching implications of the attack have gone on to attract federal scrutiny, with the Office for Civil Rights opening an investigation into the breach.

In March 2024, Fujitsu confirmed the presence of malware on its corporate network, which may have left customer information vulnerable to hackers. In its initial statement, the company declined to disclose the number of affected users or the nature of the data that may have been compromised.

The International Monetary Fund (IMF) confirmed a cyber incident was detected in February 2024 in which 11 email accounts were compromised. In a brief statement, the organization said they worked with cybersecurity experts to investigate the breach and re-secure the affected accounts. It concluded:

The attack highlights the dangers of password reuse across multiple platforms, as Roku customers were locked out of their accounts and attackers attempted to fraudulently purchase streaming subscriptions. Roku assured customers that their social security numbers, full account numbers, and personal information remained uncompromised in the attack, but urged users to reset their accounts and passwords.

The leaked data encompasses usernames, passwords, and sensitive information spanning various sources like Tencent, Weibo, Twitter, MySpace, Wattpad, LinkedIn, Adobe, Canva, MyFitnessPal, and government sites like Alabama.gov. Despite some data possibly being outdated, experts stress the substantial risk of credential-stuffing attacks, phishing schemes, and unauthorized account access.

Taking precautions is crucial: individuals should change passwords, enable two-factor authentication, and stay vigilant against phishing attempts. While some data may be from past breaches, regular security upkeep minimizes the need for extensive password updates. Cybernews offers a searchable list of affected sites for reference.

DNA testing company 23andMe was subjected to a large-scale breach this year, in which the data of 6.9 million users was leaked. In a statement, the company confirmed that 5.5 million of these users had DNA Relatives enabled, which connects members with similar genetic profiles. A further 1.4 million users had their family trees accessed.

TechCrunch reports this is the third data breach at the tech company in the last two years. In September 2022, Samsung issued a notice that its U.S. systems had been subject to an attack. In March of the same year, another breach was confirmed at the hands of Lapsus$ hackers.

Walmart issued data breach letters to impacted customers in October and filed a notice of data breach with the U.S. Department of Health and Human Services Office for Civil Rights but has yet to make further details publicly available.

The 2023 cyber attack is the latest in a long history of breaches at the retailer. Most recently, in 2021, a website vulnerability was exploited to access customer information, while a third-party vendor was investigated in 2019 for viewing internal emails without authorization.

In early September, MGM Resorts International experienced a significant cyberattack that disrupted its operations, highlighting the digital vulnerabilities even large corporations face. The attack, attributed to the Scattered Spider group and ransomware by ALPHV (BlackCat), cost MGM an estimated $80 million in revenue over five days. Social engineering played a pivotal role, emphasizing the need for robust cybersecurity measures.

Key takeaways for businesses from the MGM cyber attack include the importance of layered cybersecurity defenses, regular security audits and updates, incident response plans, employee training and awareness, and third-party risk management. Businesses must adopt a comprehensive approach to cybersecurity, as relying on a single security measure is insufficient against modern threats.

Regular audits and updates are vital to staying ahead of evolving threats, while a well-defined incident response plan can mitigate the impact of a breach. Employee training and awareness programs help prevent human errors, and assessing third-party cybersecurity risks is crucial.

MOVEit is owned by Pension Benefit Information (PBI), a provider of audit, research, and address location services. As the implications of the attack continue to emerge, further breaches have been confirmed at Shell, Siemens Energy, Schneider Electric, First Merchants Bank, City National Bank, and a number of international targets.

Microsoft reported that China-based hackers gained access to customer email accounts by forging authentication tokens this year. The attack affected approximately 25 organizations, including government agencies.

Yum! Brands, the parent company of popular fast food chains KFC, Taco Bell, and Pizza Hut, announced in April of 2023 that a cyber attack had occurred in January. They initially believed the attack only directly affected corporate data. However, out of caution, they are now notifying employees who may have had their data breached.

The attack resulted in the company closing down almost 300 locations in the UK in January and has continued to cost the company money in additional security measures, customer communications, and brand perception.

Almost 6 million individuals were affected by the large-scale hack of PharMerica earlier this year. One of the leading providers of pharmacy services in the U.S., PharMerica, confirmed sensitive patient information was accessed as part of a wider attack on its parent company, BrightSpring Health Services.

Eye4Fraud, a provider of fraud protection for ecommerce merchants, was impacted by a significant hack in March of this year. In a statement, the company said a backup file containing limited customer information was accessed:

The company is handling the aftermath by notifying impacted users, confirming their emails, and adding additional security measures. Many Americans are skeptical of ChatGPT and AI in general, and this data breach is likely to further diminish trust.

Although less than 2% of customer data was breached, Chick-fil-A is already taking measures to prevent future cyber attacks. The restaurant announced they would increase online security and monitoring and also reimburse any accounts that suffered from the attack. If you think your account was affected, here is how you can secure your account and get reimbursed for any unauthorized transactions.

NCB Management Services, a debt collection company, experienced a system compromise earlier this year that resulted in the exposure of masses of financial data. Over 1 million people were believed to be affected by the hack across a number of associated financial institutions.

Bank of America account holders were among the first to be notified that their personal information had been stolen, including addresses, phone numbers, email addresses, birth dates, and Social Security numbers. Credit card and account numbers were also accessed. A short time later, Capital One also confirmed 16,500 of their customers were impacted by the breach.

The video game publisher behind the Call of Duty franchise, Activision, confirmed on February 19th that they had suffered a data breach in December. The hacker used an SMS phishing attack on an HR employee to gain access to employee data, including their emails, cell phone numbers, salaries, and work locations.

Even with just stolen phone numbers, cybercriminals can continue to wreak havoc, especially through smishing attacks that trick users into clicking dangerous SMS links. If you are a Google Fi user, be extra careful of suspicious messages in 2023.

Verizon customer details were discovered on an online forum in January of this year, with approximately 7.5 million wireless subscribers affected. The leaked data included the devices, reward systems, and subscription services used by customers, as well as their first names.

The telecom company released a statement clarifying that the material was recirculated data from a previous breach. As with many other incidents on this list, they indicated that the attack originated with a now-terminated third-party vendor.

Despite the fact the leaked data was linked to a past breach, the re-posting of customer data on a new forum highlights the long-term implications of such an attack and the importance of preventing similar incidents.

MailChimp, the email marketing platform, alerted customers to a data breach in January. The incident was the result of a social engineering attack that allowed unauthorized users into an internal customer support tool.

Data breaches in small businesses are on the rise. 61% of SMBs experienced at least one cyber attack in the past year, and 40% endured eight or more hours of downtime as a result. Watch this on-demand webinar to learn how to handle a data breach and establish a response plan.

Facebook is one of the most popular websites in the world today. However, the company has faced numerous privacy issues over the years. Their most recent attack occurred in 2021, affecting 533 million users. Before that, Facebook was also hacked in 2018 and 2014, leaving 2.2 billion and 50 million people impacted, respectively.