Tag Archive for: breach

Zero-day, supply-chain attacks drove data breach high for 2023

/in


“The complexity of modern software supply chains adds to this challenge, as it can hide potential security flaws and make comprehensive vetting difficult,” Neal adds.

Number of data breaches rise, but fewer victims

While the number of data breaches was up, the ITRC found a decline in the number of victims affected by the compromises, to 353,027,892, a 16% decline from 425,212,090 in 2022. That decline is part of a longer trend. “If you go back to 2018, which was the high point for victim count, we’re down 84%,” Lee says. “Identity thieves have changed their tactics. They’re more targeted, both in what they’re attacking and the information that they’re seeking.”

“Attackers today who want personal identifying information are more able to target the right systems,” Bach says. “If you’re more precise about the systems that you target, there’s going to be less collateral damage. That’s how we can see the number of attacks go up while the number of affected individuals goes down.”

“The breaches we’re seeing affect organizations more directly than individuals,” adds Luciano Allegro, co-founder and CMO of BforeAi, a threat intelligence company. “Many companies have stepped up their data privacy efforts due to GDPR and CCPA, but they are so focused on this aspect of data protection that they overlook the rest of their infrastructure.”

Supply-chain and zero-day attacks will continue to rise

The ITRC also reported that nearly 11% of all publicly traded companies were compromised in 2023 and that while most industries saw modest increases, healthcare, financial services, and transportation reported more than double the number of compromises compared to 2022.

For the coming year, Lee expects breach numbers to continue to trend upwards. “I don’t see any reason for it to go down,” he says. “With the increase in supply-chain and zero-day attacks, I believe we’re going to see another year of increases.”

Source…

Kahua Announces Data Breach Following Ransomware Attack | Console and Associates, P.C.

/in


On December 15, 2023, Kahua filed a notice of data breach with the Attorney General of Vermont after discovering that the company had fallen victim to a ransomware attack. In this notice, Kahua explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information. Upon completing its investigation, Kahua began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.

If you received a data breach notification from Kahua, it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options following the Kahua data breach. For more information, please see our recent piece on the topic here.

What Caused the Kahua Data Breach?

The Kahua data breach was only recently announced, and more information is expected in the near future. However, Kahua’s filing with the Attorney General of Vermont provides some important information on what led up to the breach. According to this source, on November 13, 2023, Kahua received a ransomware note in an email. Noting that the company’s IT systems were not encrypted, Kahua started working with outside data security professionals to investigate the incident.

The Kahua investigation ultimately determined that an unauthorized party was able to access the company’s computer network between October 25, 2023 and November 13, 2023. It was also confirmed that some of the files that were accessible to the unauthorized party contained confidential consumer information.

After learning that sensitive consumer data was accessible to an unauthorized party, Kahua reviewed the compromised files to determine what information was leaked and which consumers were impacted.

On December 15, 2023, Kahua sent out data breach letters to anyone who was affected by the recent data security incident. Unfortunately, the publicly available data breach letter from Kahua does not list what type of information was subject to unauthorized access. However, the personalized data…

Source…

Data Breach: Hackers Steal Information from Carnegie Mellon University |

/in


The US-based Carnegie Mellon University (CMU), which is known for its top tech and computer science programs, recently announced being hit by a cyberattack. The university, located in Pittsburgh revealed that in August 2023, hackers stole data from the educational institution. In a statement to KDKA-TV (spotted by CBS News), a CMU spokesperson said that this breach at the university’s computer systems has compromised the personal information of more than 7,300 people.
The report also notes that a third party accessed files of the university which included personal information.The people possibly impacted are current or former students, employees, applicants and contractors, the report added. As per the report, those who were impacted have been notified and the university is offering them credit monitoring services through Experian.

Read what CMU has to say

“On August 25, 2023, the Information Security Office at Carnegie Mellon University detected suspicious activity on a university computer system. A third party briefly accessed files which included some personal information of current or former students, employees, applicants or contractors. Our information security office secured the system within hours of detection and quickly engaged law enforcement. The university recently concluded its full investigation of the breach and sent notification to anyone whose information may have been compromised. There is no evidence of fraud or inappropriate use of the information from those files. Out of an abundance of caution, CMU is offering credit monitoring and other services through Experian for anyone who may be impacted. A total of 7,343 people received notifications.”Cyberattacks targeting colleges and universities around the world have increased with time. In 2023, several educational institutions across the world were attacked by cyber criminals.
According to the data by market research company KonBriefing, cyberattackers targeted institutions in four different countries in December itself. This includes universities from Canada, Austria, Lithuania and Australia.
The Times of India Gadgets Now awards: Cast your vote now and pick the best phones, laptops and other gadgets of…

Source…

Akira Ransomware Claim DENHAM The Jeanmaker Data Breach

/in


The Akira ransomware group has recently targeted DENHAM the Jeanmaker, a renowned denim brand established in Amsterdam in 2008.

The brand, founded by English jeanmaker Jason Denham, is known for its high-quality denim and offers a wide range of collections for both men and women, marking its prominence in the premium denim sector.

Despite the alleged DENHAM the Jeanmaker data breach, the firm’s official website remains fully functional, raising questions about the authenticity of the attack claim.

DENHAM the Jeanmaker Data Breach: Lack of Details

The Akira ransomware group, notorious for its double-extortion tactics involving both data theft and ransomware encryption, has not disclosed specific details regarding the extent of the DENHAM the Jeanmaker data breach, potential compromise, or the motive behind the attack.

The absence of detailed information from the threat actor adds layer of uncertainty, leaving the scale and nature of the leaked data shrouded in mystery.

Efforts to verify the Akira ransomware group’s claim were made by The Cyber Express Team, reaching out to DENHAM the Jeanmaker’s officials. However, as of the writing of this report, no response has been received, leaving the claim of DENHAM the Jeanmaker data breach unverified.

DENHAM the Jeanmaker Data Breach
Source: Twitter

Parallel Threats

This incident follows a recent cybersecurity threat targeting the Infiniti Mall, a prominent chain of shopping malls in India. A threat actor claims to have exposed 280,000 rows of data in a cyberattack on the Infiniti Mall. Similarly, the claim remains unverified as officials have not responded to inquiries made by The Cyber Express Team.

Prior to this, the threat actor Sanggiero claimed responsibility for a data leak allegedly involving over 1 million rows of information from Halara. The Halara data breach compromised sensitive details, underscoring the growing sophistication and audacity of cybercriminals targeting personal information.

The timeline of cyber threats appears to be escalating, with instances like ‘Nobody’ declaring possession of confidential data from renowned organizations in 2023, highlighting vulnerabilities in data security across sectors.

A concerning development is the…

Source…