From Digital Age to Nano Age. WorldWide.

Tag: data breach

Atoms Lanka Solutions > data breach
Robotic Automations

Hackers are threatening to publish a huge stolen sanctions and financial crimes watchlist | TechCrunch

April 18, 2024 10:57 PM0


A financially motivated criminal hacking group says it has stolen a confidential database containing millions of records that companies use for screening potential customers for links to sanctions and financial crime.

The hackers, which call themselves GhostR, said they stole 5.3 million records from the World-Check screening database in March and are threatening to publish the data online.

World-Check is a screening database used for “know your customer” checks (or KYC), allowing companies to determine if prospective customers are high risk or potential criminals, such as people with links to money laundering or who are under government sanctions.The hackers told TechCrunch that they stole the data from a Singapore-based firm with access to the World-Check database, but did not name the firm.

A portion of the stolen data, which the hackers shared with TechCrunch, includes individuals who were sanctioned as recently as this year.

Simon Henrick, a spokesperson for the London Stock Exchange Group, which maintains the database, told TechCrunch: “This was not a security breach of LSEG/our systems. The incident involves a third party’s data set, which includes a copy of the World-Check data file. This was illegally obtained from the third party’s system. We are liaising with the affected third party, to ensure our data is protected and ensuring that any appropriate authorities are notified.”

LSEG did not name the third-party company, but did not dispute the amount of data stolen.

The portion of stolen data seen by TechCrunch contains records on thousands of people, including current and former government officials, diplomats, and private companies whose leaders are considered “politically exposed people,” who are at a higher risk of involvement in corruption or bribery. The list also contains individuals accused of involvement in organized crime, suspected terrorists, intelligence operatives, and a European spyware vendor.

The data varies by record. The database contains names, passport numbers, Social Security numbers, online crypto account identifiers and bank account numbers, and more.

World-Check is currently owned by the London Stock Exchange Group following a $27 billion deal to buy financial data provider Refinitiv in 2021. LSEG collects information from public sources, including sanctions lists, government sources, and news outlets, then provides the database as a subscription to companies for conducting customer due diligence.

But privately run databases, like World-Check, are known to contain errors that can affect entirely innocent people with no nexus or connection to crime but whose information is stored in these databases.

In 2016, an older copy of the World-Check database leaked online following a security lapse at a third-party company with access to the data, including a former advisor to the U.K. government that World-Check had applied a “terrorism” label to his name. Banking giant HSBC shut down bank accounts belonging to several prominent British Muslims after the World-Check database branded them with “terrorism” tags.

A spokesperson for the U.K.’s data protection authority, the Information Commissioner’s Office, did not immediately comment on the breach.

To contact this reporter, get in touch on Signal and WhatsApp at +1 646-755-8849, or by email. You can also send files and documents via SecureDrop.


Software Development in Sri Lanka

Robotic Automations

Targus says cyberattack is causing operational outage | TechCrunch

April 17, 2024 2:13 AM0


Mobile gadget and bag maker Targus says it is experiencing a “temporary interruption” to its business operations following a cyberattack on Friday.

In a notice with regulators on Monday, Targus’ parent company, B. Riley Financial, said it discovered “a threat actor gained unauthorized access to certain of Targus’ file systems,” and shut down much of its network to isolate the incident.

“The incident has been contained and Targus systems recovery efforts are in process,” the statement said.

Details of the cyberattack at Targus are now public thanks to a new rule by the U.S. securities regulator that requires public companies disclose cyberattacks — including on their subsidiaries — that could have a material impact on investors within 96 hours of their discovery.

Targus did not say what kind of interruption to its operations it was experiencing. It’s not uncommon for companies to shut down their networks in an effort to prevent intruders from accessing other systems or sensitive data. The company did not give a timeframe for when its operations would return to normal.

It’s not known if any Targus customer data was stolen in the intrusion, but the company said it will “work with law enforcement with respect to the unauthorized access to information.”

Founded in 1983, Targus is a popular mobile electronics brand and accessory maker. B. Riley acquired Targus in a 2022 deal worth approximately $250 million.

When reached by email, B. Riley spokesperson Jo Anne McCusker did not immediately comment.


Software Development in Sri Lanka

Robotic Automations

Hackers stole 340,000 Social Security numbers from government consulting firm | TechCrunch

April 17, 2024 12:13 AM0


U.S. consulting firm Greylock McKinnon Associates (GMA) disclosed a data breach in which hackers stole as many as 341,650 Social Security numbers.

The data breach was disclosed on Friday on Maine’s government website, where the state posts data breach notifications.

In its data breach notice sent by mail to affected victims, GMA said it was hit by an unspecified cyberattack in May 2023 and “promptly took steps to mitigate the incident.”

GMA provides economic and litigation support to companies and U.S. government agencies, including the U.S. Department of Justice, bringing civil litigation. According to its data breach notice, GMA told affected individuals that their personal information “was obtained by the U.S. Department of Justice (“DOJ”) as part of a civil litigation matter” supported by GMA.

The reasons and target of the DOJ’s civil litigation are not known. A spokesperson for the Justice Department did not respond to a request for comment.

GMA said that individuals notified of the data breach are “not the subject of this investigation or the associated litigation matters,” and that the cyberattack “does not impact your current Medicare benefits or coverage.”

“We consulted with third-party cybersecurity specialists to assist with our response to the incident, and we notified law enforcement and the DOJ. We received confirmation of which individuals’ information was affected and obtained their contact addresses on February 7, 2024,” the firm wrote.

GMA told victims that “your personal and Medicare information was likely affected in this incident,” which includes names, dates of birth, home address, some medical information and health insurance information, and Medicare claim numbers, which included Social Security numbers.

It’s unclear why it took GMA nine months to determine the extent of the breach and notify victims.

GMA, and the firm’s outside legal counsel, Linn Freedman of Robinson & Cole LLP, did not immediately respond to a request for comment.


Software Development in Sri Lanka

Robotic Automations

Omni Hotels says customers' personal data stolen in ransomware attack | TechCrunch

April 16, 2024 8:07 PM0


Hotel chain giant Omni Hotels & Resorts has confirmed cybercriminals stole the personal information of its customers in an apparent ransomware attack last month.

In an update on its website posted on Sunday, Omni said the stolen data includes customer names, email addresses, and postal addresses, as well as guest loyalty program information. The company said the stolen data does not include financial information or Social Security numbers.

Omni said it shut down its systems on March 29 after identifying intruders in its systems. Guests reported widespread outages across Omni’s properties, including phone and Wi-Fi issues. Some customers said that their room keys stopped working. The hotel chain restored its systems a week later on April 8.

Omni operates dozens of properties across the United States and Canada, and employs more than 14,000 staff, per its website.

A ransomware gang called Daixin has taken credit for the breach.

The Daixin gang said in a post on its dark web site that it would soon leak reams of customer records dating back to 2017. Ransomware gangs typically use such dark web sites to publish stolen information to extort a ransom from their victims.

The gang did not post evidence of their claims, but shared portions of the allegedly stolen files with veteran data breach watcher DataBreaches.net. Per the publication, the gang claimed to steal 3.5 million Omni customer records. A sample of the stolen data shared with DataBreaches.net matched the types of customers’ personal information that Omni said was taken.

A spokesperson for Omni did not immediately respond to a request for comment.

Daixin was the subject of a public advisory by U.S. cybersecurity agency CISA in October after the ransomware crew began targeting businesses across the U.S., including healthcare organizations. The Daixin gang previously took credit for several cyberattacks targeting U.S. hospitals and medical facilities.

Do you know more about the Omni Hotels breach? To contact this reporter, get in touch on Signal and WhatsApp at +1 646-755-8849, or by email. You can also send files and documents via SecureDrop.


Software Development in Sri Lanka

Robotic Automations

Change Healthcare stolen patient data leaked by ransomware gang | TechCrunch

April 16, 2024 2:47 AM0


An extortion group has published a portion of what it says are the private and sensitive patient records on millions of Americans stolen during the ransomware attack on Change Healthcare in February.

On Monday, a new ransomware and extortion gang that calls itself RansomHub published several files on its dark web leak site containing personal information about patients across different documents, including billing files, insurance records and medical information.

Some of the files, which TechCrunch has seen, also contain contracts and agreements between Change Healthcare and its partners.

RansomHub threatened to sell the data to the highest bidder unless Change Healthcare pays a ransom.

It’s the first time that cybercriminals have published evidence that they have in their possession medical and patient records from the cyberattack.

For Change Healthcare, there’s another complication: This is the second group to demand a ransom payment to prevent the release of stolen patient data in as many months.

UnitedHealth Group, the parent company of Change Healthcare, said there was no evidence of a new cyber incident. “We are working with law enforcement and outside experts to investigate claims posted online to understand the extent of potentially impacted data. Our investigation remains active and ongoing,” said Tyler Mason, a spokesperson for UnitedHealth Group.

What’s more likely is that a dispute between members and affiliates of the ransomware gang left the stolen data in limbo and Change Healthcare exposed to further extortion.

A Russia-based ransomware gang called ALPHV took credit for the Change Healthcare data theft. Then, in early March, ALPHV suddenly disappeared along with a $22 million ransom payment that Change Healthcare allegedly paid to prevent the public release of patient data.

An ALPHV affiliate — essentially a contractor who earns a commission on the cyberattacks they launch using the gang’s malware — went public claiming to have carried out the data theft at Change Healthcare, but that the main ALPHV/BlackCat crew stiffed them out of their portion of the ransom payment and vanished with the lot. The contractor said the millions of patients’ data was “still with us.”

Now, RansomHub says “we have the data and not ALPHV.” Wired, which first reported the second group’s extortion effort on Friday, cited RansomHub as saying it was associated with the affiliate that still had the data.

UnitedHealth previously declined to say whether it paid the hackers’ ransom, nor did it say how much data was stolen in the cyberattack.

The healthcare giant said in a statement on March 27 that it obtained a dataset “safe for us to access and analyze,” which the company obtained in exchange for the ransom payment, TechCrunch learned from a source with knowledge of the ongoing incident. UHG said it was “prioritizing the review of data that we believe would likely have health information, personally identifiable information, claims and eligibility or financial information.”

As the Change Healthcare outage drags on, fears grow that patient data could spill online


Software Development in Sri Lanka

Robotic Automations

A ransomware gang is leaking Change Healthcare's stolen patient data | TechCrunch

April 16, 2024 2:15 AM0


An extortion group has published a portion of what it says are the private and sensitive patient records on millions of Americans stolen during the ransomware attack on Change Healthcare in February.

On Monday, a new ransomware and extortion gang that calls itself RansomHub published several files on its dark web leak site containing personal information about patients across different documents, including billing files, insurance records and medical information.

Some of the files, which TechCrunch has seen, also contain contracts and agreements between Change Healthcare and its partners.

RansomHub threatened to sell the data to the highest bidder unless Change Healthcare pays a ransom.

It’s the first time that cybercriminals have published evidence that they have in their possession medical and patient records from the cyberattack.

For Change Healthcare, there’s another complication: This is the second group to demand a ransom payment to prevent the release of stolen patient data in as many months.

UnitedHealth Group, the parent company of Change Healthcare, said there was no evidence of a new cyber incident. “We are working with law enforcement and outside experts to investigate claims posted online to understand the extent of potentially impacted data. Our investigation remains active and ongoing,” said Tyler Mason, a spokesperson for UnitedHealth Group.

What’s more likely is that a dispute between members and affiliates of the ransomware gang left the stolen data in limbo and Change Healthcare exposed to further extortion.

A Russia-based ransomware gang called ALPHV took credit for the Change Healthcare data theft. Then, in early March, ALPHV suddenly disappeared along with a $22 million ransom payment that Change Healthcare allegedly paid to prevent the public release of patient data.

An ALPHV affiliate — essentially a contractor who earns a commission on the cyberattacks they launch using the gang’s malware — went public claiming to have carried out the data theft at Change Healthcare, but that the main ALPHV/BlackCat crew stiffed them out of their portion of the ransom payment and vanished with the lot. The contractor said the millions of patients’ data was “still with us.”

Now, RansomHub says “we have the data and not ALPHV.” Wired, which first reported the second group’s extortion effort on Friday, cited RansomHub as saying it was associated with the affiliate that still had the data.

UnitedHealth previously declined to say whether it paid the hackers’ ransom, nor did it say how much data was stolen in the cyberattack.

The healthcare giant said in a statement on March 27 that it obtained a dataset “safe for us to access and analyze,” which the company obtained in exchange for the ransom payment, TechCrunch learned from a source with knowledge of the ongoing incident. UHG said it was “prioritizing the review of data that we believe would likely have health information, personally identifiable information, claims and eligibility or financial information.”

As the Change Healthcare outage drags on, fears grow that patient data could spill online


Software Development in Sri Lanka

Robotic Automations

US think tank Heritage Foundation hit by cyberattack | TechCrunch

April 13, 2024 2:01 PM0


Conservative think tank The Heritage Foundation said on Friday that it experienced a cyberattack earlier this week.

A person with knowledge of the cyberattack told TechCrunch that efforts at Heritage were underway to remediate the cyberattack, but said that it wasn’t immediately known what, if any, data was taken.

Politico, which first reported the news of the cyberattack on Friday, cited a Heritage official as saying the organization “shut down its network to prevent any further malicious activity while we investigate the incident.”

The news outlet quoted the Heritage official as saying that the cyberattack likely came from nation-state hackers, but did not provide evidence of the claim.

Heritage spokesperson Noah Weinrich declined to comment when reached by email on Thursday, and did not immediately respond to a request for comment when contacted by TechCrunch on Friday.

Founded in 1973, Heritage is based in Washington, DC, and supports and lobbies on conservative issues. The foundation is highly influential in Republican politics. Think tanks are frequent targets of overseas cyberattacks and nation state-led espionage efforts for their connections to government and policy making, many of which are staffed by former U.S. administration officials.

Heritage was hit by a cyberattack in 2015 in which hackers stole internal emails and the personal information of its donors.

US says Russian hackers stole federal government emails during Microsoft cyberattack


Software Development in Sri Lanka

Robotic Automations

Indian government's cloud spilled citizens' personal data online for years | TechCrunch

April 13, 2024 12:07 PM0


The Indian government has finally resolved a years-long cybersecurity issue that exposed reams of sensitive data about its citizens. A security researcher exclusively told TechCrunch he found at least hundreds of documents containing citizens’ personal information — including Aadhaar numbers, COVID-19 vaccination data, and passport details — spilling online for anyone to access.

At fault was the Indian government’s cloud service, dubbed S3WaaS, which is billed as a “secure and scalable” system for building and hosting Indian government websites.

Security researcher Sourajeet Majumder told TechCrunch that he found a misconfiguration in 2022 that was exposing citizens’ personal information stored on S3WaaS to the open internet. Because the private documents were inadvertently made public, search engines also indexed the documents, allowing anyone to actively search the internet for the sensitive private citizen data.

With support from digital rights organization the Internet Freedom Foundation, Majumder reported the incident at the time to India’s computer emergency response team, known as CERT-In, and the Indian government’s National Informatics Centre.

CERT-In quickly acknowledged the issue, and links containing sensitive files from public search engines were pulled down.

But Majumder said that despite repeated warnings about the data spill, the Indian government cloud service was still exposing some individuals’ personal information as recently as last week.

With evidence of ongoing exposures of private data, Majumder asked TechCrunch for help getting the remaining data secured. Majumder said that some citizens’ sensitive data began spilling online long after he first disclosed the misconfiguration in 2022.

TechCrunch reported some of the exposed data to CERT-In. Majumder confirmed that those files are no longer publicly accessible.

When reached prior to publication, CERT-In did not object to TechCrunch publishing details of the security lapse. Representatives for the National Informatics Centre and S3WaaS did not respond to a request for comment.

Majumder said it was not possible to accurately estimate the true extent of this data leak, but warned that bad actors were purportedly selling the data on a known cybercrime forum before it was shuttered by U.S. authorities. CERT-In would not say if bad actors accessed the exposed data.

The exposed data, Majumder said, potentially puts citizens at risk of identity thefts and scams.

“More than that, when sensitive health information like COVID test results and vaccine records get out, it’s not just our medical privacy that’s compromised — it stirs fears of discrimination and social rejection,” he said.

Majumder noted that this incident should be a “wake-up call for security reforms.”


Software Development in Sri Lanka

Robotic Automations

Roku says 576,000 user accounts hacked after second security incident | TechCrunch

April 13, 2024 8:25 AM0


Streaming giant Roku has confirmed a second security incident in as many months, with hackers this time able to compromise more than half a million Roku user accounts.

In a statement Friday, the company said about 576,000 user accounts were accessed using a technique known as credential stuffing, where malicious hackers use usernames and passwords stolen from other data breaches and reuse the logins on other sites.

Roku said in fewer than 400 account breaches, the malicious hackers made fraudulent purchases of Roku hardware and streaming subscriptions using the payment data stored in those users’ accounts. Roku said it refunded customers affected by the account intrusions.

The company, which has 80 million customers, said the malicious hackers “were not able to access sensitive user information or full credit card information.”

Roku said it discovered the second incident while it was notifying some 15,000 Roku users that their accounts were compromised in an earlier credential stuffing attack.

Following the security incidents, Roku said it rolled out two-factor authentication to users. Two-factor authentication prevents credential stuffing attacks by adding an additional layer of security to online accounts. By prompting a user to enter a time-sensitive code along with their username and password, malicious hackers cannot break into a user’s account with just a stolen password.

How two-factor authentication can protect you from account hacks


Software Development in Sri Lanka

Robotic Automations

US offers $10M to help catch Change Healthcare hackers | TechCrunch

April 13, 2024 8:07 AM0


The U.S. government said it is extending its reward for information on key leadership of the ALPHV/BlackCat cybercrime gang to its affiliate members, one of which last month took credit for a massive ransomware attack on a U.S. health tech giant.

In a statement Wednesday, the U.S. Department of State said it is offering a reward of up to $10 million for information that identifies or locates any person associated with ALPHV/BlackCat, including “their affiliates, activities, or links to a foreign government.”

The Russia-based ALPHV/BlackCat is a ransomware-as-a-service operation, which recruits affiliates — effectively contractors who earn a commission for launching ransomware attacks — and takes a cut of whatever ransom demand the victim pays. Although security researchers have not yet drawn a connection between ALPHV/BlackCat and a foreign government, the State Department implied in its statement that the gang may be “acting at the direction or under the control of a foreign government,” such as Russia.

The State Department blamed the prolific ransomware group for targeting U.S. critical infrastructure, including healthcare services.

Last month, an affiliate group of the ALPHV/BlackCat gang took credit for a cyberattack and weekslong outage at U.S. health tech giant Change Healthcare, which processes around one in three U.S. patient medical records. The cyberattack knocked out much of the U.S. healthcare system’s access to patient records and billing information, causing massive outages and delays in fulfilling medications and prescriptions and surgical authorizations for weeks.

The affiliate group went public after accusing the main ALPHV/BlackCat gang of swindling the contract hackers out of $22 million in ransom that Change Healthcare allegedly paid to prevent the mass leak of patient records.

The group said ALPHV/BlackCat carried out an “exit scam,” where the hackers run off with their fortune to avoid paying their affiliates and keep the stolen funds for themselves.

Despite having lost their cut of the ransom demand, the affiliate group claimed to still have access to a huge amount of stolen sensitive patient data.

Change Healthcare has since said that it ejected the hackers from its network and restored much of its systems. U.S. health insurance giant UnitedHealth Group, the parent company of Change Healthcare, has not yet confirmed if any patient data was stolen.

As the Change Healthcare outage drags on, fears grow that patient data could spill online


Software Development in Sri Lanka

Back
WhatsApp
Messenger
Viber