Industry News: ESG5

The Target: The PandaBuy online shopping platform.

The Take: The data contained approximately 1.5 million unique UserIds, First Name, Last Name, Phone Numbers, Emails, and Login IPs.

The Vector: "The data was stolen by exploiting several critical vulnerabilities in the platform's API and other bugs were identified allowing access to the internal service of the website," the threat actor said.

This breach is critical reminder that zero-day exploits do happen, and furthermore that patching software in a timely, effective manner is a key component of ensuring customer data is protected. Ensuring third-party vendors are deploying patches and fixes in accordance with a firm’s cybersecurity policy is an important step in an overall robust security posture.

Read more...

The Target: Prudential Insurance — one of the largest insurers in the United States.

The Take: The company said the names, addresses, driver's license numbers or ID cards of 36,545 were accessed.

The Vector: The company filed documents with the SEC on February 13 warning that a “cybercrime group” was able to access “administrative and user data from certain information technology systems and a small percentage of Company user accounts associated with employees and contractors.”

 This breach is a stark reminder of how strong authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.

Read more...

The Target: Okta is a San Fransisco-based cloud identity and access management solutions provider whose Single Sign-On (SSO), multi-factor authentication (MFA), and API access management services are used by thousands of organizations worldwide.

The Take: The leaked data includes user IDs, full names, company names, office addresses, phone numbers, email addresses, positions/roles, and other information.

The Vector: In October 2023, Okta warned that its support system was breached by hackers using stolen credentials, allowing attackers to steal cookies and authentication for some customers.

This breach is a stark reminder of how strong authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.

Read more...

The Target: Financial services firm Paysign. Paysign brought in a revenue of about $12 million last quarter through its prepaid card programs, payment processing systems and digital banking services.

The Take: 1,242,575 records containing the full names of customers, addresses, dates of birth, phone numbers and account balances.

The Vector: A cybercriminal with the name “emo” claimed to have taken the data and leaked it on to a hacking forum. The company declined to provide any further information regarding how the attack occurred.

With the fintech industry experiencing rapid growth, this leak stands as a clear reminder of the critical role of robust cybersecurity measures. Fintech companies manage and store exceptionally sensitive customer data. This breach is a stark reminder of how authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.

Read more...

The Target: Houser LLP, a U.S. law firm that specializes in serving high-profile financial institutions.

The Take: The data included names and one or more of Social Security number, driver’s license number, individual tax identification number, financial account information, and medical information.

The Vector: The company said certain files were encrypted during the incident and were “copied and taken from the network.”

This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.

Read more...

The Target: Giant loan and mortgage company LoanDepot

The Take: The stolen LoanDepot customer data includes names, dates of birth, email and postal addresses, financial account numbers, and phone numbers. The stolen data also includes Social Security numbers, which LoanDepot collected from customers.

The Vector: LoanDepot was hit by a cyberattack around January 4 that it described at the time as involving the “encryption of data,” or a ransomware attack. It’s not known if LoanDepot paid a ransom.

This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.

Read more...

The Target: Washington National Insurance and Bankers Life, both subsidiaries of the CNO Financial Group

The Take: Personal information including names, social security numbers, dates of birth, and policy numbers.

The Vector: SIM-swapping attacks involve fraudsters tricking customer support staff at a cellphone operator into giving them control of someone else's phone number. This allows the fraudster to receive the victim's phone calls and SMS messages, including two-factor authentication tokens.

This breach is a stark reminder of how strong authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.

Read more...

The Target: Verizon is an American telecommunications and mass media company providing cable TV, telecommunications, and internet services to over 150 million subscribers across the U.S.

The Take: The data that was exposed varies per employee but could include: full name, physical address, social security number (SSN), National ID, gender, union affiliation, date of birth, compensation information.

The Vector: A data breach notification shared with the Office of the Maine Attorney General revealed that a Verizon employee gained unauthorized access to a file containing sensitive employee information on September 21, 2023.

This breach is a stark reminder of how authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.

Read more...

The Target: Direct Trading Technologies (DTT) is an international fintech company offering trading platforms for stocks, forex, precious metals, energies, indices, Contracts for Difference (CFDs), and cryptocurrencies.

The Take: The leaked data included the trading activity of over 300,000 users spanning the past six years, along with names, email addresses, emails sent by the company, and IP addresses.

The Vector: In October 2023, a research team discovered a misconfigured web server with backups and development code references allegedly belonging to the fintech company Direct Trading Technologies. The discovered directory included multiple database backups, each holding a significant amount of sensitive information about the company’s users and partners.

With the fintech industry experiencing rapid growth, this leak stands as a clear reminder of the critical role of robust cybersecurity measures. Fintech companies manage and store exceptionally sensitive customer data. This breach is a stark reminder of how authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.

Read more...

The Target: Popular hardware cryptocurrency wallet vendor Trezor

The Take: A subset of 66,000 users who have interacted with Trezor Support since December 2021 may have had their names or usernames, and email addresses exposed to an unauthorized party.

The Vector: Trezor has already confirmed 41 cases where exposed data has been exploited, with the attackers approaching users to trick them into giving away their recovery seeds - a string of words that contain all the information required for gaining access to a wallet.

As phishing actors continue to explore every potential abuse opportunity on legitimate service providers, novel security gaps constantly threaten to expose users to severe risks. It is essential not to rely solely on email protection solutions, and also scrutinize every email that lands on your inbox, look for inconsistencies, and double-check all claims made in those messages.

Read more...