Tag: Privacy Security Breaches
Hacker leaks millions of new 23andMe genetic data profiles
A hacker has leaked an additional 4.1 million stolen 23andMe genetic data profiles for people in Great Britain and Germany on a hacking forum. Earlier this month, a threat actor leaked the stolen data of 1 million Ashkenazi Jews who used 23andMe services to find their ancestry info and genetic predispositions. 23andMe told BleepingComputer that this data was obtained through credential stuffing…
23andMe hit with lawsuits after hacker leaks stolen genetics data
Genetic testing provider 23andMe faces multiple class action lawsuits in the U.S. following a large-scale data breach that is believed to have impacted millions of its customers. Late last month, a threat actor leaked 23andMe customer data in a CSV file named ‘Ashkenazi DNA Data of Celebrities.csv’ on hacker forums. The file allegedly contained the data of nearly 1 million Ashkenazi Jews…
Microsoft: State hackers exploiting Confluence zero-day since September
Microsoft says a Chinese-backed threat group tracked as ‘Storm-0062’ (aka DarkShadow or Oro0lxy) has been exploiting a critical privilege escalation zero-day in the Atlassian Confluence Data Center and Server since September 14, 2023. Atlassian had already notified customers about the active exploitation status of CVE-2023-22515 when it disclosed it on October 4, 2023. Still, the company withheld specific details on the…
Air Europa data breach: Customers warned to cancel credit cards
Spanish airline Air Europa, the country’s third-largest airline and a member of the SkyTeam alliance, warned customers on Monday to cancel their credit cards after attackers accessed their card information in a recent data breach. “We inform you that a cybersecurity incident was recently detected in one of our systems consisting of possible unauthorized access to your bank card data,”…
Cyberattacks Slam Israel After Hamas Surprise Assault
Israel has incurred several cyberattacks following the large-scale surprise attack by Palestinian militant group Hamas. Among the recorded incidents was an attack on the country’s services and government information website, resulting in the portal’s connectivity failure. It was claimed by hacktivists called Killnet, a pro-Russian cyber group that gained notoriety after Moscow’s 2022 invasion of Ukraine. “Israeli government, you are…
MGM didn’t pay up after hackers broke into its system and stole customer data
The Wall Street Journal wrote on Thursday that MGM Resorts International didn’t pay the ransomware attackers who broke into its systems last month, forcing the company to shut down systems at several of its hotels and casinos. The hack kept many waiting to check into their rooms, including FTC chair Lina Kahn, who was in Las Vegas, Nevada to attend…
Genetics firm 23andMe says user data stolen in credential stuffing attack
23andMe has confirmed to BleepingComputer that it is aware of user data from its platform circulating on hacker forums and attributes the leak to a credential-stuffing attack. 23andMe is a U.S. biotechnology and genomics firm offering genetic testing services to customers who send a saliva sample to its labs and get back an ancestry and genetic predispositions report. Recently, a threat…
MGM Resorts ransomware attack led to $100 million loss, data theft
MGM Resorts reveals that last month’s cyberattack cost the company $100 million and allowed the hackers to steal customers’ personal information. The hospitality and entertainment giant disclosed a cybersecurity issue on September 11, 2023, which impacted its main website, online reservations systems, and in-casino services like slot machines, credit card terminals, and ATMs. A few days later, it was revealed that the…
Israeli President Targeted by Cyber Attack
The Telegram channel of Israeli President Isaac Herzog was briefly hacked before being “very swiftly” restored, his spokesman said on Thursday. The breach on Wednesday evening was thought to be “criminal in nature,” the spokesman said, suggesting it was not linked to a foreign power or tied to the Israeli-Palestinian conflict. “Initial checks show no concern that information was obtained,”…
Warning: 100,000 industrial control systems exposed online
About 100,000 industrial control systems (ICS) were found on the public web, exposed to attackers probing them for vulnerabilities and at risk of unauthorized access. Among them are power grids, traffic light systems, security and water systems. Exposed ICSs include units (sensors, actuators, switches, building management systems, and automatic tank gauges) for critical infrastructure systems. Cybersecurity company BitSight alerted of the…
Disclosure of Pirates’ Identities “Compatible With EU Privacy Laws”
Following the creation of its Hadopi anti-piracy agency over 13 years ago, France monitored and stored data on millions of users suspected of infringing copyrights. The majority were BitTorrent users and the plan was to use evidence of their piracy activities as a basis for escalating actions including warnings, fines, and ultimately, internet disconnections. Operating the program for a decade…
The Group Claiming To Have Hacked Sony Is Using GDPR As A Weapon For Demanding Ransoms
Unintended Consequences We’ve spilled a great deal of ink discussing the GDPR and its failures and unintended consequences. The European data privacy law that was ostensibly built to protect the data of private citizens, but which was also expected to result in heavy fines for primarily American internet companies, has mostly failed to do either. While the larger American internet…
Microsoft breach led to theft of 60,000 US State Dept emails
Chinese hackers reportedly stole tens of thousands of emails from U.S. State Department accounts after breaching Microsoft’s cloud-based Exchange email platform in May. During a recent Senate staff briefing, U.S. State Department officials disclosed that the attackers stole at least 60,000 emails from Outlook accounts belonging to State Department officials stationed in East Asia, the Pacific, and Europe, as Reuters first…
Why the Secrecy Over Vaccine Contracts?
Major international governments have signed multibillion-dollar legal contracts with drug companies in order to secure access to covid-19 vaccines. But the drug companies and governments have refused to divulge details, saying the information is “commercial in confidence.” In 2021, we got our first peek at contracts between Pfizer and various international countries after they were leaked to The Bureau of Investigative Journalism and…
Air Canada discloses data breach of employee and ‘certain records’
Air Canada, the flag carrier and the largest airline of Canada, disclosed a cyber security incident this week in which hackers “briefly” obtained limited access to its internal systems. According to the airline, the incident resulted in the theft of a limited amount of personal information of some of its employees and “certain records.” Customer data was not affected. Hackers “briefly”…
Airbus Hacker Threatens to Sell US, Europe Military Intel on Dark Web
The hacker behind the recent attack on Airbus has warned that he will sell US and European military intelligence on the dark web. Known by the moniker “USDoD,” the hacker said he recently managed to enter the company’s website by exploiting employee access from Turkish Airlines. He also immediately posted the stolen data on a hacker forum. In a lengthy…