Data

Encryption provider for Sony leaks data for over a year

Encryption provider for Sony leaks data for over a year

A server at encryption services company ENC Security, which serves more than 12 million customers including Sony and Lexar, has been leaking data since 2021. An investigation by technology news site Cyber News into the Netherlands-based security provider has revealed a flaw in its software which has caused it to leak configuration and certificate files from May 27, 2021 to November 9, 2022. The data stored inside the vulnerable server included a range of information used to authenticate customers’ identities. These included HMAC message authentication codes, Simple Mail Transfer Protocol (SMTP) credentials, API keys used for licensing payment and email…
Read More
Meta fined US$275 million following enquiry into April 2021 data leak

Meta fined US$275 million following enquiry into April 2021 data leak

Ireland’s Data Protection Commission (DPC) has announced it will be imposing a €265mn (US$275mn) fine and “a range of corrective measures” on Meta Platforms Ireland Limited (MPIL), owner and operator of social media site Facebook, after an investigation into suspected data scraping on the site. Data-scraping refers to a technique that locates and extracts information from a source, like a social media site, and deposits it in a database. The inquiry was commenced on April 14 2021, after a data leak saw the personal data of 553 million Facebook users published to the internet. The Facebook IDs, names, dates of…
Read More
Revising your backup strategy in 2023

Revising your backup strategy in 2023

Data protection is an important task for any organization. Backups can protect not only from the loss of information but also from the suspension of the company's activities. But what are the specifics of good backup strategies, and what backup algorithms should companies follow? For every company, data is the most valuable asset. However, it can be lost for a variety of reasons, including: Human eror (accidental or intentional deletion) Cyber attacks like ransomware or malware Hard drive failures Natural disasters Accidents at the organization's data center or the inaccessibility of the site where the data center is located, for…
Read More
How to foster secure and efficient data practices

How to foster secure and efficient data practices

Companies rely on data transfers to communicate between departments and with clients. However, there are several risks if these data transfers are insecure. If insecure file transfer methods such as unencrypted email or cloud services are used, companies can open themselves up to potential exploitation by malicious actors. When considering data transfer security, one of the main risks is employees using unsafe practises as they do not understand the risks of them. In this report, Cyber Security Hub explores how companies can apply secure file transfer practices without affecting the efficiency of their business. Download the report to learn: The…
Read More
Medibank refuses pay ransom after 9.7m customers’ details stolen

Medibank refuses pay ransom after 9.7m customers’ details stolen

Australian health insurance company Medibank has said that it will not be paying a ransom to the hacker that accessed the personal details for 9.7m current and former customers.  The data breach took place after a hacker gained unauthorized access to Medibank's internal servers on October 13. Originally, Medibank believed that no customer information had been stolen during the hack, however the company was then contacted on October 16 by the supposed hacker, who threatened to sell the data if their ransom demands were not met. After reviewing a sample of the 200GB worth of data the malicious actor claimed…
Read More
IOTW: Toyota admits to data breach after access key is posted on GitHub

IOTW: Toyota admits to data breach after access key is posted on GitHub

Car manufacturer Toyota has issued a statement and an apology after it was discovered that third parties may have gained unauthorized access to customer details between December 2017 and September 15, 2022.  The incident concerns T-Connect, an app which allows customers to connect their phone to their car. Any customers who registered between this period are at risk for their data being accessed, meaning the data for a potential 296,019 customers may have been leaked. The information available for access includes email address and customer management number, but personal or sensitive information including payment card information, name and address were…
Read More
Ferrari denies breach following 7GB of data posted online

Ferrari denies breach following 7GB of data posted online

Italian car manufacturer Ferrari has denied being the victim of a cyber-attack after ransomware gang RansomEXX claimed it had stolen 7GB of the company’s data and posted it online. News of the alleged breach was posted by dark web intelligence feed DarkFeed on Twitterwhere it shared screenshots from RansomEXX in which they claimed to be sharing “some internal documents, data sheets [and] repair manuals”. 🌐 RansomEXX #ransomware team added Ferrari To the victim's list 🚨RansomEXX claims to have stolen over 7G of data from the Ferrari company, The attack is published only 4 days after the announcement of the partnership…
Read More
Revolut data breach exposes information for more than 50,000 customers

Revolut data breach exposes information for more than 50,000 customers

Fintech start-up Revolut has confirmed the personal information of more than 50,000 users was accessed during a data breach. The breach, which took place on September 11, involved a third party gaining access to Revolut’s database and the personal information of  50,150 users. The State Data Protection Inspectorate in Lithuania, where Revolut has a banking license, explained in a statement that the breach was due to a social engineering attack. It went on to say that the data accessed  includes names, addresses, email addresses and partial payment card information, although Revolut has stated that card details were masked.  Revolut is…
Read More
Social engineering “most dangerous” threat, say 75% of security professionals

Social engineering “most dangerous” threat, say 75% of security professionals

Research by CS Hub has revealed that social engineering and phishing attacks are the top threat to cyber security Add bookmark Cyber security practitioners consider social engineering and phishing attacks to be the number one threat to their organization, research by CS Hub has revealed. In the CS Hub Mid-Year Market Report 2022, 75 percent of respondents cited social engineering/phishing attacks as the top threat to cyber security at their organization, followed by supply chain/third-party risks (36 percent) and lack of cyber security expertise (30 percent). Phishing and social engineering attacks rely on human error rather than software vulnerabilities, meaning…
Read More
Twitter confirms data from 5.4 million accounts has been stolen

Twitter confirms data from 5.4 million accounts has been stolen

Twitter has confirmed that a suspected data breach in July led to account data being stolen Add bookmark Twitter has confirmed that the phone numbers and email addresses from 5.4 million accounts have been stolen due to the zero-day vulnerability on the platform that was originally flagged in January 2022. The vulnerability meant that if a bad actor entered a phone number or email address and attempted to log in, they were able to learn if that information was associated with an existing account. This then led to the email address and phone numbers associated with 5.4 million accounts being…
Read More