#Weekly Hacktivity Report November 15, 2024
Hungary confirms hack of defense procurement agency
Hungarian officials confirmed that the country’s defense procurement agency (VBÜ) was attacked by an “international group of hackers” and are now demanding $5 million in ransom. This is another example of national defense being put at risk, and underscores the urgency of addressing the vulnerability inherent in centralized databases.
Chinese hackers target Tibetan websites in malware attack
A hacking group believed to be Chinese state-sponsored has compromised two websites with ties to the Tibetan community in an attack meant to install malware on users' computers. There are many motives for hacking. Decentralized data storage will reduce those threats.
Cyberattack temporarily blocks Israeli credit card payments
An Iran-linked hacker group took responsibility for the attack. It’s not always profit that drives bad actors. We need to move beyond centralized data into data stores designed for an always-online, privacy-first Internet.
US confirms China-backed hackers breached telecom providers to steal wiretap data
The U.S. government has confirmed that hackers linked to China breached multiple U.S. telecommunication service providers to access the wiretap systems used by law enforcement to surveil Americans. Do we, as a nation, care enough about protecting our state secrets to relinquish failed cybersecurity models, and embrace the promise of inherently secure and privacy-based decentralized data storage? It’s time.
“Keep an eye on your account activity for the next 12 - 24 months” and “If you’d like, we’ll issue you a new debit card.” No word on what systemic changes will be implemented to prevent this from happening again… Are we ready for change yet? I think so.
Weekly #Hacktivity Report November 8, 2024
The whole mole edition
22,000 IPs Taken Down in Global Cybercrime Crackdown
More than 1,000 servers linked to targeted malicious services were taken down in Hong Kong, 291 servers were disrupted in Macau, and another in Mongolia, where 93 individuals linked to nefarious cyber activities were identified. We applaud these efforts but believe that it doesn’t address the root problem of a data storage model that is not secure. Even if you’re good at whack-a-mole, there will always be another mole.
This arrest is another example of addressing the bad outcomes associated with a problem, but not addressing the underlying problem itself. Just one more mole whacked, others are hiding just below the surface.
Chinese hackers gained access to huge trove of Americans’ cell records
https://apple.news/AqAKl963zRhC6RCSEuQnCNA
When foreign state actors breach networks, we have to treat it as a matter of national security. The hackers accessed information on who Americans talk to, how often, and when, as well as detailed location data. When will our responses equal the seriousness of these threats? Decentralized data storage will make us more secure, both individually and as a country.
Cyberattack disables tracking systems and panic alarms on British prison vans
This incident sounds like it could be a plot thread for a thriller involving a prison escape. Fortunately there was no attempted escape. An interesting aspect of the story (see link) is the movement towards establishing standards for cybersecurity. “...critical infrastructure operators and public sector contractors may be similarly obliged to introduce supplier requirements under the government’s forthcoming Cyber Security and Resilience Bill, which is expected to be introduced to parliament next year.” A decentralized solution should be part of cybersecurity standards.
Weekly #Hacktivity Report November 1, 2024
Each week, we’ll spotlight high-profile stories on cyber attacks, ransomware, identity theft, and other digital crimes. The frequency and impact of these incidents on individuals and businesses are on the rise.
We don’t need to accept this as the norm, nor as simply the price of being online.
Using independently encrypted shared blocks IronWeave offers unparalleled privacy, security, and scalability. Our patented shared-block architecture empowers you to determine who can see and share your data.
We are ushering in the new era of Read, Write, Own and SECURE. Learn more
Hackers demand France’s Schneider Electric pay a $125k ransom in baguettes
These hackers have a sense of humor. They have even offered to reduce their ransom by fifty percent if Schneider Electric admits they were hacked. Break the bread, and fork over less dough. Store your bread in private, secure data blocks and bad actors won’t get a crumb.
Data breach hits 68,000 Texans, 800,000 nationwide at Texas life insurance servicer
Did the hackers miss anything of value? It doesn’t seem like they missed anything in this data heist. Here’s what was accessed: names, addresses, dates of birth, social security numbers/tax identification numbers, driver’s license numbers/government-issued ID numbers, financial information such as credit card numbers, and medical and health insurance information. The only reason people are not marching on the seats of government for these types of breaches is that cybercrimes are less visible than holding up a bank or carjacking. The results can be as dire.
California court suffering from tech outages after cyberattack
“Justice delayed is justice denied.” The attack disabled all of the court’s phone and fax services, websites containing juror reporting instructions, the e-filing platform, credit card payment processing and more. Some jurors scheduled for this week were excused. If you had to remain in jail, or in the jury room, while systems were restored after a hack, wouldn’t you demand more robust cybersecurity?
Ransomware attack hits German pharmaceutical wholesaler, disrupts medicine supplies
6,000 pharmacies are at risk of being unable to provide essential medicines to their customers. Centrally stored data is a tempting target for those seeking to disrupt vital functions. Decentralized data storage is the answer to stronger data security.
Chinese state-backed hackers breached 20 Canadian government networks over four years, agency warns
The Canadian Centre for Cyber-Security (CCCS) reports that the goal of the hackers included espionage, IP theft, malign influence, and transnational repression. Governments often lag in adopting technological innovations, but we argue that these types of threats demand immediate action to protect their people.
Peru's Interbank reports data breach potentially affecting 2M+ customers
The hackers claim to have stolen Interbank customers' full names, account IDs, birth dates, addresses, phone numbers, email addresses, and IP addresses, as well as credit card and CVV numbers, credit card expiry dates, info on bank transactions, and other sensitive information, including plaintext credentials.
Weekly #Hacktivity Report October 25, 2024
$900,000 Paycom data breach class action settlement
Paycom pays heavily for a settlement that resolves claims the company failed to protect the personally identifiable information (PII) of its customers from a data breach. Hacks cost everyone, and increasingly, those who are also victims.
Change Healthcare hack affects over 100M, largest-ever US healthcare breach
Change Healthcare reported that the data breach and ransom demand occurred in February, but only now has acknowledged the scope of how many people were affected. The data included extensive personally identifying information and patient medical information. The effects of this breach may be felt for years.
Hot Topic Allegedly Breached, Hacker Claims Database With 350M Users
The data breach exposed millions of customer records of Hot Topic and two affiliated brands, BoxLunch and Torrid. The hacker is offering the database for $20,000 while demanding Hot Topic pay $100,000 to have the sale removed. There is no guarantee that the data will be deleted after the ransom is paid.
Henry Schein discloses data breach a year after ransomware attack
The healthcare solutions provider, Henry Schein, disclosed that the company was the victim of two cyberattacks in 2023 that resulted in the theft of the personal information of over 160,000 people. The BlackCat (ALPHV) ransomware group claimed responsibility, The company has offered two free years of credit monitoring and fraud protection.
Weekly #Hacktivity Report October 18, 2024
Each week, we’ll spotlight high-profile stories on cyber attacks, ransomware, identity theft, and other digital crimes. The frequency and impact of these incidents on individuals and businesses are on the rise.
We don’t need to accept this as the norm, nor as simply the price of being online.
Using independently encrypted shared blocks, IronWeave offers unparalleled privacy, security, and scalability. Our patented shared-block architecture empowers you to determine who can see and share your data.
We are ushering in the new era of Read, Write, Own and SECURE. Learn more
Weekly #Hacktivity Report October 18, 2024
$1.575 Mil Behavioral Health Group Data Breach Class Action Settlement
The lawsuit asserts the Health company failed to protect patient data from a December 2021 breach of its systems. What does this settlement mean for individual class members? Class members can receive up to $200 in reimbursement for ordinary data breach-related expenses and up to $200 in lost wages/time. Who thinks this is adequate? No one, especially not the patients whose data was exposed.
The government is getting fed up with ransomware payments fueling endless cycle of cyberattacks
The U.S. government is taking the epidemic of ransomware attacks very seriously and is advising companies not to pay ransoms. Naturally this puts companies in a bind since they must restore business functions to stay solvent. We believe this approach simply isn’t looking at the problem correctly. IronWeave’s secure-private data primitive (a new base online data unit) will proactively address and thwart these kinds of threats.
Wells Fargo class action claims data breach impacted customer info
Consumers are asking for companies to be held responsible for data breaches. The Wells Fargo class action suit, filed in California, claims that Wells Fargo failed to properly protect the sensitive data of their customers and when hacked, waited two years before beginning an investigation into the incident.
Hackers are extorting Globe Life with stolen customer data
Insurance company Globe Life, in a recent filing with the U.S. Securities and Exchange Commission, reports they are being extorted by a hacker who has stolen customers’ sensitive data. So far Global Life claims that 5,000 people have been affected by the breach but the number could go as high as 19 million.
Commercial laundry giant reports data breach
Alliance Laundry Systems, a large commercial laundry company, was the victim of a cybersecurity attack. Data accessed: names, Social Security numbers, financial account information, and driver’s license numbers. At the time of reporting it was not clear specifically what information was taken and who might be affected. That information will almost certainly come out in the wash. Regardless, this incident is a terrible stain on their reputation.
Weekly #Hacktivity Report October 11, 2024
Fidelity says data breach exposed personal data of 77,000 customers
Fidelity confirmed that 77,099 customers were affected by the breach and included Social Security numbers and drivers licenses. Can Fidelity make it right with their customers? Or is it just too late for all that compromised data?
Comcast Cable Discloses Breach of Private Info on More Than 230,000 Customers
What was exposed? Comcast customers’ name, address, Social Security number, date of birth, and Comcast account number and ID numbers used internally at FBCS, (Financial Business and Consumer Solutions), a third-party service provider previously used by Comcast.) How can Comcast repair any damage to their customers? More importantly, can they?
FTC Takes Action Against Matt and Starwood Over Multiple Data Breaches
Sometimes there are consequences. From the FTC’s press release:
“The Federal Trade Commission will require Marriott International, Inc. and its subsidiary Starwood Hotels & Resorts Worldwide LLC to implement a robust information security program to settle charges that the companies’ failure to implement reasonable data security led to three large data breaches from 2014 to 2020 impacting more than 344 million customers worldwide.” The press release goes on to say, “...Marriott also agreed to pay a $52 million penalty to 49 states and the District of Columbia to resolve similar data security allegations.”
The increasing cost of lax and ineffective data security practices will drive change, as the breach costs outstrip the cost of properly securing the data you are entrusted with. Hacks and breaches are bringing about the end of ‘business as usual’.
Internet History Hacked, Wayback Machine Down—31 Million Passwords Stolenhttps://www.forbes.com/sites/daveywinder/2024/10/10/internet-hacked-wayback-machine-down-31-million-passwords-stolen/
What was taken? Email addresses, screen names, password change timestamps, hashed passwords, and other internal data, A blockchain-based, secure, private data solution - which only IronWeave offers - would have prevented this breach.
Money transfer app hit by major hack that exposed customer social security numbers and bank accounts
MoneyGram has been slow to address what information and how many of their customers have been affected by this data breach. The company claims to have more than 150 million customers across 200 countries and territories.
Weekly #Hacktivity Report October 4, 2024
AT&T, Verizon reportedly hacked to target US govt wiretapping platform
According to the Wall Street Journal, multiple U.S. broadband providers including Verizon, AT&T and Lumen Technologies were breached by Chinese hackers intent on accessing systems used by the U.S. federal government for court-authorized network wiretapping requests. The amount and type of data accessed is still being assessed.
Outlast Developer Red Barrels Suffers Major Data Breach
1.8 terabytes of data were stolen and the perpetrators reportedly gained access to various game source codes, game builds, human resource information, and even company credit card information.
Cyberattack hits Michigan's Wayne County government
Due to the systems that were affected, the jails were not able to process posted bonds to enable the release of prisoners, attorneys could not visit their jailed clients, online tax payments could not be collected, real estate sales could not be recorded nor records accessed. Wayne County has 43 communities, including the city of Detroit, with a population of 1.8 million people.
Outlast Developer Red Barrels Suffers Major Data Breach
Game developer Red Barrels was breached and 1.8 terabytes of data was stolen. According to published reports, 1.8 terabytes of data included credit card details, HR materials, game builds, and the full source code for Outlast and Outlast 2. The potential impact on people’s lives could be severe.
Community Clinic of Maui says 123,000 affected by cyberattack
As many as 123,000 people have been affected in what is believed to have been a ransomware attack. The hackers stole Social Security numbers, passport numbers, financial account numbers with CVV numbers and expiration dates as well as troves of data on medical treatments. As with many of these breaches there could be long term risks of identity theft, fraud, and delays in travel.
Weekly #Hacktivity Report September 27, 2024
Statewide Internet Outage at Delaware Libraries Caused by Hackers
The hackers have demanded that the state of Delaware pay a ransom, state officials are refusing to pay. Instead they plan to entirely rebuild their systems. Meanwhile, students and non-profit organizations who rely on computer services and Internet access from the Delaware library system are unable to do their work. Our hope is they consider a decentralized system.
'Cybersecurity issue' takes MoneyGram offline for three days – and counting (as of 9/24/2024)
MoneyGram has not yet addressed whether said ‘Cybersecurity issue’ is a ransomware attack. Nor has the company said when they expect to restore their systems.
Cybercrooks strut away with haute couture Harvey Nichols data (hats off to the person who thought of this headline)
Customers’ personal information was accessed and the company asserts the vulnerability was fixed. But a centralized system needs only one point of entry for an attack to succeed. It’s time for a data storage model that fixes this systemic flaw. IronWeave offers that solution. [Link to blog]
Wi-fi hack on 19 UK railway stations displays message about terror attacks
When bad actors can breach a public communications network, there can be serious and harmful repercussions. With a single access point, panic-inducing messaging was displayed at 19 locations. We can and should harden the defenses of our online data. [Link to blog]
Dell investigating employee data breach claims
Dell is investigating claims that their systems have been breached, exposing names, company IDs and other personal information about over ten thousand employees. A hacker is reported to have offered a sample of Dell’s data for free and will sell the entire set of data ‘...at a minimal cost’. Someone might wonder, at what point will there be so much data known on an individual that its value will be next to nothing?
Weekly #Hacktivity Report for September 20, 2024
Cyberattacks plague health care. Critics call the federal response 'inadequate'
With the widespread proliferation of cyberattacks, we’re hearing heated discussions as to who should fund better security and which industries should receive improved security. We believe these discussions are beside the point. The centralized data storage model with its single-point-of-failure is not working. IronWeave’s secure, private, and decentralized solution will render these discussions moot.
Hackers Got Record Ransom Of $75M For Cencora Breach
It was a good week to be in the cybercrime business if you didn’t get caught. Pharmaceutical distributor Cencora, a publicly traded company, paid the largest ransom in history at $75 million. Previously the largest payout was $40 million, paid in 2021 by insurance company CNA Financial Corp. Cencora disclosed the hackers accessed and locked personal data including names, addresses, dates of birth, diagnoses, prescriptions and medications. At IronWeave we think there’s enough data to declare centralized storage solutions an antiquated approach to data in our always-online world, and a new unit of data - the IronWeave shared-block - the data unit of the future.
Australia-based Compass Group confirms Medusa ransomware attack
In this case, the ransomware group is demanding $2 million to unlock the company’s data (they can’t all be record setting ransom demands). Compass Group, according to its website, is “Australia’s largest food and support services company.”
Port of Seattle reveals details of ransomware attack, says it refused to pay criminal organization
At the Port of Seattle multiple services, including accounts payable services, contract management, phone service, and the public website, were affected in the attack. As services are restored they are using workarounds to provide essential services and are accelerating plans to improve their digital security. We hope they’re considering decentralized solutions to data security.
Ransomware gangs now abuse Microsoft Azure tool for data theft. The ransomware gangs use Microsoft Azure tools to access their victim’s data and quickly send the large quantities of stolen data to their own servers.
Weekly #Hacktivity Report September 13, 2024
Medicare Data Breach Impacts Almost 1 Million Subscribers
Medicare beneficiaries with compromised Medicare Beneficiary Identifiers will be sent a new card with a new number. That system of data storage is broken. A more reliable, secure, private system like IronWeave will ultimately make our current centralized model obsolete.
Fortinet confirms data breach after allegedly refusing to pay ransom
The irony of a cybersecurity firm being hacked is not lost on us. It brings no joy. Fortinet and the hackers disagree on the extent of the data accessed and it remains to be seen what, if any, effects it will have on the company’s customers.
Data breach at payment processor Slim CD hits 1.7M people
This one left us aghast. The hackers had access to the company’s database for almost one year, credit card information (but not the security numbers) was stolen over the course of two days.
Russian Hackers Hit Taiwan Bourse, Bank In Surprise Attack
The two Russian hacker groups, using Distributed Denial of Service (DDoS) attacks, disrupted Taiwanese financial platforms including the stock exchange and lender Mega Financial Holding Co.’s website.
Weekly #Hacktivity Report September 6, 2024
Each week, we’ll spotlight high-profile stories on cyber attacks, ransomware, identity theft, and other digital crimes. The frequency and impact of these incidents on individuals and businesses are on the rise.
We don’t need to accept this as the norm, nor as simply the price of being online.
Using independently encrypted shared blocks IronWeave offers unparalleled privacy, security, and scalability. Our patented shared-block architecture empowers you to determine who can see and share your data.
We are ushering in the new era of Read, Write, Own and SECURE. Learn more
What happened this week?
Leaked Disney data reveals financial and strategy secrets, WSJ reports Over a terabyte of data was exposed, including business strategy, financial information and personally identifiable information of some employees and customers. This can impact stock valuations, aid competitors, and endanger the people whose personal information has been exposed. We’ll keep an eye on this and report any further developments.
Iran pays millions in ransom to end massive cyberattack on banks, officials say Profit and not ideology appears to have been the motive here. Regardless of motive, it’s in no one’s best interest to destabilize a government.
Ransomware Group May Have Stolen Data From Planned Parenthood It’s not yet known whether any patient data was stolen but it’s yet another example that we need decentralized and private data security.
Hackers steal sensitive personal data in attack on WS Audiology Another example of personal data being compromised. IronWeave offers a better way to safeguard data and keep it private.
Toronto school board confirms students’ info stolen as LockBit claims breach First, ‘We’re confident hackers didn’t get your data’. Then, ‘They got your data but they probably won’t release it publicly’. And then, ‘We took “...a range” of steps to improve security”. Conclusion: Now that the horse is out of the barn, we’ve locked the door. …ok. We need better security for everyone, including schools, governments, and the private sector.
Rocinante Trojan Poses as Banking Apps to Steal Sensitive Data from Brazilian Android Users Mobile phone users had their keystrokes logged in this hacking scheme. People’s lives are being ruined. We need better data security now. IronWeave can meet this need.
#Hacktivity Report August 30, 2024
Each week, we’ll spotlight high-profile stories on cyber attacks, ransomware, identity theft, and other digital crimes. The frequency and impact of these incidents on individuals and businesses are on the rise.
We don’t need to accept this as the norm, nor as simply the price of being online.
Using independently encrypted shared blocks IronWeave offers unparalleled privacy, security, and scalability. Our patented shared-block architecture empowers you to determine who can see and share your data.
We are ushering in the new era of Read, Write, Own and SECURE. Learn more
What happened this week?
Hackers steal banking creds from iOS, Android users via PWA apps You can prevent bad actors from accessing your data - if you own and control your data, you can choose what to share and with whom.
Non-Profit ARRL Pays $1 Million Ransom To Decrypt Their Systems After Attack
This story reports ransom being paid by the insurance company. Insurance rates will certainly rise, and hackers can do it again. Not a happy ending, not the right approach.
Whoops: FlightAware Exposes Sensitive Personal Data Of Millions Of Users, Pilots, And Plane Owners
Though not a hack, this data exposure is a direct result of a centralized system. Secure, private, individually owned and managed data units are the answer.
Dick's Sporting Goods hit by cyberattack
As reported in the company’s 8-K report filed with the SEC, the attack gained access to portions of their system that contained ‘certain confidential information’. Various news outlets indicate the company, with over 800 stores across the U.S., has locked all employees out of their accounts and shut down internal email systems.
California Water District Hacked, Preventing Customers from Making Phone Payments
The attack highlights how our essential utilities are vulnerable, and the urgent need to implement decentralized data storage and management.
Weekly #Hacktivity Report August 23, 2024
Each week, we’ll spotlight high-profile stories on cyber attacks, ransomware, identity theft, and other digital crimes. The frequency and impact of these incidents on individuals and businesses are on the rise.
We must not accept this as the norm, nor as simply the price of being online.
Hackers may have stolen the Social Security numbers of every American. Here's how to protect yourself - We include this story again so you can take steps to protect yourself from some of the threats that now exist.
Hackers steal banking creds from iOS, Android users via PWA apps
Bad actors have begun to use progressive web applications to impersonate banking apps, and steal login credentials from Android and iOS users.
Top US oilfield firm Halliburton hit by cyberattack The attack is reported to have affected the company’s Houston offices as well as their global networks. It’s not known whether the attack will affect global oil prices.
Chipmaker Microchip Hit by Cyberattack, Slowing Operations The company serves more than 120,000 customers across the industrial, automotive, consumer, aerospace and defense, communications and computing markets
Toyota admits 240GB data breach The carmaker offered the breach was, “limited in scope,” [it’s just a flesh wound?] but does not know how many customers were impacted.
Crypto firm Unicoin says hacker locked all employees out of Google accounts for four days The hackers then changed passwords of all users G-Mail, G-Drive and other related G-Suite functionality.
Weekly #Hacktivity Report August 15, 2024
Each week, we’ll spotlight high-profile stories on cyber attacks, ransomware, identity theft, and other digital crimes. The frequency and impact of these incidents on individuals and businesses are on the rise.
We must not accept this as the norm or the price of being online.
The most impactful event in cyber hacking news was the revelation that the Social Security numbers of every American have been exposed, along with other personally identifying information. Be sure to follow up on the recommended steps you can take to protect yourself from identity theft and fraud.
What to Know About the Latest Social Security Number Breach
Ransomware Attack Cost LoanDepot $27 Million
ADT confirms data breach after customer info leaked on hacking forum (Does anyone else see the irony?)
Massive data leak may include the personal data of everyone in US, UK, and Canada
US fines T-Mobile $60 million over unauthorized data access
Weekly #Hacktivity Report August 5, 2024
Each week, we spotlight high-profile stories on cyber attacks, ransomware, identity theft, and other digital crimes. The frequency and impact of these incidents on individuals and businesses are on the rise.
We must not accept this as the norm or the price of being online.
Monetary & reputational damage hit hard this week for Meta, Crowdstrike, Microsoft, & HealthEquity. One unnamed company set a grim record with a $75 million ransom—the largest in history. A stark reminder of the cost of inadequate digital security.