#Hacktivity Report October 4, 2024
AT&T, Verizon reportedly hacked to target US govt wiretapping platform
According to the Wall Street Journal, multiple U.S. broadband providers including Verizon, AT&T and Lumen Technologies were breached by Chinese hackers intent on accessing systems used by the U.S. federal government for court-authorized network wiretapping requests. The amount and type of data accessed is still being assessed.
Outlast Developer Red Barrels Suffers Major Data Breach
1.8 terabytes of data were stolen and the perpetrators reportedly gained access to various game source codes, game builds, human resource information, and even company credit card information.
Cyberattack hits Michigan's Wayne County government
Due to the systems that were affected, the jails were not able to process posted bonds to enable the release of prisoners, attorneys could not visit their jailed clients, online tax payments could not be collected, real estate sales could not be recorded nor records accessed. Wayne County has 43 communities, including the city of Detroit, with a population of 1.8 million people.
Outlast Developer Red Barrels Suffers Major Data Breach
Game developer Red Barrels was breached and 1.8 terabytes of data was stolen. According to published reports, 1.8 terabytes of data included credit card details, HR materials, game builds, and the full source code for Outlast and Outlast 2. The potential impact on people’s lives could be severe.
Community Clinic of Maui says 123,000 affected by cyberattack
As many as 123,000 people have been affected in what is believed to have been a ransomware attack. The hackers stole Social Security numbers, passport numbers, financial account numbers with CVV numbers and expiration dates as well as troves of data on medical treatments. As with many of these breaches there could be long term risks of identity theft, fraud, and delays in travel.
Weekly #Hacktivity Report September 27, 2024
Statewide Internet Outage at Delaware Libraries Caused by Hackers
The hackers have demanded that the state of Delaware pay a ransom, state officials are refusing to pay. Instead they plan to entirely rebuild their systems. Meanwhile, students and non-profit organizations who rely on computer services and Internet access from the Delaware library system are unable to do their work. Our hope is they consider a decentralized system.
'Cybersecurity issue' takes MoneyGram offline for three days – and counting (as of 9/24/2024)
MoneyGram has not yet addressed whether said ‘Cybersecurity issue’ is a ransomware attack. Nor has the company said when they expect to restore their systems.
Cybercrooks strut away with haute couture Harvey Nichols data (hats off to the person who thought of this headline)
Customers’ personal information was accessed and the company asserts the vulnerability was fixed. But a centralized system needs only one point of entry for an attack to succeed. It’s time for a data storage model that fixes this systemic flaw. IronWeave offers that solution. [Link to blog]
Wi-fi hack on 19 UK railway stations displays message about terror attacks
When bad actors can breach a public communications network, there can be serious and harmful repercussions. With a single access point, panic-inducing messaging was displayed at 19 locations. We can and should harden the defenses of our online data. [Link to blog]
Dell investigating employee data breach claims
Dell is investigating claims that their systems have been breached, exposing names, company IDs and other personal information about over ten thousand employees. A hacker is reported to have offered a sample of Dell’s data for free and will sell the entire set of data ‘...at a minimal cost’. Someone might wonder, at what point will there be so much data known on an individual that its value will be next to nothing?
Weekly #Hacktivity Report for September 20, 2024
Cyberattacks plague health care. Critics call the federal response 'inadequate'
With the widespread proliferation of cyberattacks, we’re hearing heated discussions as to who should fund better security and which industries should receive improved security. We believe these discussions are beside the point. The centralized data storage model with its single-point-of-failure is not working. IronWeave’s secure, private, and decentralized solution will render these discussions moot.
Hackers Got Record Ransom Of $75M For Cencora Breach
It was a good week to be in the cybercrime business if you didn’t get caught. Pharmaceutical distributor Cencora, a publicly traded company, paid the largest ransom in history at $75 million. Previously the largest payout was $40 million, paid in 2021 by insurance company CNA Financial Corp. Cencora disclosed the hackers accessed and locked personal data including names, addresses, dates of birth, diagnoses, prescriptions and medications. At IronWeave we think there’s enough data to declare centralized storage solutions an antiquated approach to data in our always-online world, and a new unit of data - the IronWeave shared-block - the data unit of the future.
Australia-based Compass Group confirms Medusa ransomware attack
In this case, the ransomware group is demanding $2 million to unlock the company’s data (they can’t all be record setting ransom demands). Compass Group, according to its website, is “Australia’s largest food and support services company.”
Port of Seattle reveals details of ransomware attack, says it refused to pay criminal organization
At the Port of Seattle multiple services, including accounts payable services, contract management, phone service, and the public website, were affected in the attack. As services are restored they are using workarounds to provide essential services and are accelerating plans to improve their digital security. We hope they’re considering decentralized solutions to data security.
Ransomware gangs now abuse Microsoft Azure tool for data theft. The ransomware gangs use Microsoft Azure tools to access their victim’s data and quickly send the large quantities of stolen data to their own servers.
Weekly #Hacktivity Report September 13, 2024
Medicare Data Breach Impacts Almost 1 Million Subscribers
Medicare beneficiaries with compromised Medicare Beneficiary Identifiers will be sent a new card with a new number. That system of data storage is broken. A more reliable, secure, private system like IronWeave will ultimately make our current centralized model obsolete.
Fortinet confirms data breach after allegedly refusing to pay ransom
The irony of a cybersecurity firm being hacked is not lost on us. It brings no joy. Fortinet and the hackers disagree on the extent of the data accessed and it remains to be seen what, if any, effects it will have on the company’s customers.
Data breach at payment processor Slim CD hits 1.7M people
This one left us aghast. The hackers had access to the company’s database for almost one year, credit card information (but not the security numbers) was stolen over the course of two days.
Russian Hackers Hit Taiwan Bourse, Bank In Surprise Attack
The two Russian hacker groups, using Distributed Denial of Service (DDoS) attacks, disrupted Taiwanese financial platforms including the stock exchange and lender Mega Financial Holding Co.’s website.
Weekly #Hacktivity Report September 6, 2024
Each week, we’ll spotlight high-profile stories on cyber attacks, ransomware, identity theft, and other digital crimes. The frequency and impact of these incidents on individuals and businesses are on the rise.
We don’t need to accept this as the norm, nor as simply the price of being online.
Using independently encrypted shared blocks IronWeave offers unparalleled privacy, security, and scalability. Our patented shared-block architecture empowers you to determine who can see and share your data.
We are ushering in the new era of Read, Write, Own and SECURE. Learn more
What happened this week?
Leaked Disney data reveals financial and strategy secrets, WSJ reports Over a terabyte of data was exposed, including business strategy, financial information and personally identifiable information of some employees and customers. This can impact stock valuations, aid competitors, and endanger the people whose personal information has been exposed. We’ll keep an eye on this and report any further developments.
Iran pays millions in ransom to end massive cyberattack on banks, officials say Profit and not ideology appears to have been the motive here. Regardless of motive, it’s in no one’s best interest to destabilize a government.
Ransomware Group May Have Stolen Data From Planned Parenthood It’s not yet known whether any patient data was stolen but it’s yet another example that we need decentralized and private data security.
Hackers steal sensitive personal data in attack on WS Audiology Another example of personal data being compromised. IronWeave offers a better way to safeguard data and keep it private.
Toronto school board confirms students’ info stolen as LockBit claims breach First, ‘We’re confident hackers didn’t get your data’. Then, ‘They got your data but they probably won’t release it publicly’. And then, ‘We took “...a range” of steps to improve security”. Conclusion: Now that the horse is out of the barn, we’ve locked the door. …ok. We need better security for everyone, including schools, governments, and the private sector.
Rocinante Trojan Poses as Banking Apps to Steal Sensitive Data from Brazilian Android Users Mobile phone users had their keystrokes logged in this hacking scheme. People’s lives are being ruined. We need better data security now. IronWeave can meet this need.
#Hacktivity Report August 30, 2024
Each week, we’ll spotlight high-profile stories on cyber attacks, ransomware, identity theft, and other digital crimes. The frequency and impact of these incidents on individuals and businesses are on the rise.
We don’t need to accept this as the norm, nor as simply the price of being online.
Using independently encrypted shared blocks IronWeave offers unparalleled privacy, security, and scalability. Our patented shared-block architecture empowers you to determine who can see and share your data.
We are ushering in the new era of Read, Write, Own and SECURE. Learn more
What happened this week?
Hackers steal banking creds from iOS, Android users via PWA apps You can prevent bad actors from accessing your data - if you own and control your data, you can choose what to share and with whom.
Non-Profit ARRL Pays $1 Million Ransom To Decrypt Their Systems After Attack
This story reports ransom being paid by the insurance company. Insurance rates will certainly rise, and hackers can do it again. Not a happy ending, not the right approach.
Whoops: FlightAware Exposes Sensitive Personal Data Of Millions Of Users, Pilots, And Plane Owners
Though not a hack, this data exposure is a direct result of a centralized system. Secure, private, individually owned and managed data units are the answer.
Dick's Sporting Goods hit by cyberattack
As reported in the company’s 8-K report filed with the SEC, the attack gained access to portions of their system that contained ‘certain confidential information’. Various news outlets indicate the company, with over 800 stores across the U.S., has locked all employees out of their accounts and shut down internal email systems.
California Water District Hacked, Preventing Customers from Making Phone Payments
The attack highlights how our essential utilities are vulnerable, and the urgent need to implement decentralized data storage and management.
Weekly #Hacktivity Report August 23, 2024
Each week, we’ll spotlight high-profile stories on cyber attacks, ransomware, identity theft, and other digital crimes. The frequency and impact of these incidents on individuals and businesses are on the rise.
We must not accept this as the norm, nor as simply the price of being online.
Hackers may have stolen the Social Security numbers of every American. Here's how to protect yourself - We include this story again so you can take steps to protect yourself from some of the threats that now exist.
Hackers steal banking creds from iOS, Android users via PWA apps
Bad actors have begun to use progressive web applications to impersonate banking apps, and steal login credentials from Android and iOS users.
Top US oilfield firm Halliburton hit by cyberattack The attack is reported to have affected the company’s Houston offices as well as their global networks. It’s not known whether the attack will affect global oil prices.
Chipmaker Microchip Hit by Cyberattack, Slowing Operations The company serves more than 120,000 customers across the industrial, automotive, consumer, aerospace and defense, communications and computing markets
Toyota admits 240GB data breach The carmaker offered the breach was, “limited in scope,” [it’s just a flesh wound?] but does not know how many customers were impacted.
Crypto firm Unicoin says hacker locked all employees out of Google accounts for four days The hackers then changed passwords of all users G-Mail, G-Drive and other related G-Suite functionality.
Weekly #Hacktivity Report August 15, 2024
Each week, we’ll spotlight high-profile stories on cyber attacks, ransomware, identity theft, and other digital crimes. The frequency and impact of these incidents on individuals and businesses are on the rise.
We must not accept this as the norm or the price of being online.
The most impactful event in cyber hacking news was the revelation that the Social Security numbers of every American have been exposed, along with other personally identifying information. Be sure to follow up on the recommended steps you can take to protect yourself from identity theft and fraud.
What to Know About the Latest Social Security Number Breach
Ransomware Attack Cost LoanDepot $27 Million
ADT confirms data breach after customer info leaked on hacking forum (Does anyone else see the irony?)
Massive data leak may include the personal data of everyone in US, UK, and Canada
US fines T-Mobile $60 million over unauthorized data access
Weekly #Hacktivity Report August 5, 2024
Each week, we spotlight high-profile stories on cyber attacks, ransomware, identity theft, and other digital crimes. The frequency and impact of these incidents on individuals and businesses are on the rise.
We must not accept this as the norm or the price of being online.
Monetary & reputational damage hit hard this week for Meta, Crowdstrike, Microsoft, & HealthEquity. One unnamed company set a grim record with a $75 million ransom—the largest in history. A stark reminder of the cost of inadequate digital security.