Tag Archive for: breach

Academy Mortgage says data breach hit 284,000 customers

/in


Academy Mortgage says it stopped a data breach last March that exposed the personal identifiable information of 284,443 customers. 

In a notice to the Office of the Maine Attorney General, the Draper, Utah-based lender did not say whether the incident was related to a ransomware gang’s alleged hack last year. Mortgage customer and employee names, dates of birth and Social Security numbers were compromised, although Academy said it had no evidence information was misused. 

“We have wiped and rebuilt affected systems and have taken steps to bolster our network security,” the company wrote in a consumer notice mailed Dec. 20. “We are also reviewing and altering our policies, procedures and network security software relating to the security of our systems.”

Ransomware as a service group Alphv claimed responsibility in May for holding Academy’s corporate data hostage, and it suggested the lender at that point refused to pay ransom. The gang’s threat to Academy included reference to the lender’s $38.5 million settlement in December 2022 over a False Claims Act case. 

It’s unclear if Alphv released its supposed data captured onto the dark web. International authorities last month seized the ransomware gang’s dark-web leak internet site. 

Academy, following the March breach, worked with unidentified third-party forensic specialists to help with its investigation, which wrapped up in late November. The mortgage firm is offering 12 months of complimentary credit monitoring and fraud assistance service through a Transunion subsidiary, Cyberscout.

The lender, which offers a large suite of residential loans, counts 220 branches nationwide and 846 sponsored mortgage loan originators, according to Nationwide Multistate Licensing System records. Data from S&P Global shows Academy originated $3.8 billion in loan volume in 2023 through September.

Academy’s notice follows recent data breach reports from major industry players Fidelity National Financial, First American Financial and Mr. Cooper. Those firms updated counterparties and customers swiftly following newer disclosure rules for publicly traded firms by the Securities and Exchange Commission. 

Source…

23andMe Blames Users for Recent Data Breach as It’s Hit With Dozens of Lawsuits

/in


It’s been nearly two years since Russia’s invasion of Ukraine, and as the grim milestone looms and winter drags on, the two nations are locked in a grueling standoff. In order to “break military parity” with Russia, Ukraine’s top general says that Kyiv needs an inspired military innovation that equals the magnitude of inventing gunpowder to decide the conflict in the process of advancing modern warfare.

If you made some New Year’s resolutions related to digital security (it’s not too late!), check out our rundown of the most significant software updates to install right now, including fixes from Google for nearly 100 Android bugs. It’s close to impossible to be completely anonymous online, but there are steps you can take to dramatically enhance your digital privacy. And if you’ve been considering turning on Apple’s extra-secure Lockdown Mode, it’s not as hard to enable or as onerous to use as you might think.

If you’re just not quite ready to say goodbye to 2023, take a look back at WIRED’s highlights (or lowlights) of the most dangerous people on the internet last year and the worst hacks that upended digital security.

But wait, there’s more! Each week, we round up the security and privacy news we didn’t break or cover in depth ourselves. Click the headlines to read the full stories, and stay safe out there.

23andMe said at the beginning of October that attackers had infiltrated some of its users’ accounts and abused this access to scrape personal data from a larger subset of users through the company’s opt-in social sharing service known as DNA Relatives. By December, the company disclosed that the number of compromised accounts was roughly 14,000 and admitted that personal data from 6.9 million DNA Relatives users had been impacted. Now, facing more than 30 lawsuits over the breach—even after tweaking its terms of service to make legal claims against the company more difficult—the company said in a letter to some individuals that “users negligently recycled and failed to update their passwords following … past security incidents, which are unrelated to 23andMe.” This references 23andMe’s long-standing assessment that attackers compromised…

Source…

LockBit Ransomware Executes Groupe IDEA Data Breach

/in


The notorious LockBit ransomware group has targeted Groupe IDEA, an industrial logistics service provider specializing in the design of supply chains for exceptional, special, and sensitive products.

The hacker group announced the Groupe IDEA data breach on their platform, setting a chilling deadline to meet their demands by January 22, 2024, at 20:13:20 UTC.

Groupe IDEA Data Breach: Key Details

Groupe IDEA manages a spectrum of logistics services, offering both general and customized support for the transportation of various goods. The hacker group’s announcement, however, lacked crucial details about the extent of the Groupe IDEA data breach, the compromised data, or the motive behind the attack.

The Cyber Express Team took swift action, reaching out to Groupe IDEA officials to verify the authenticity of the Groupe IDEA data breach claim. As of the time of writing this report, no official response has been received from the company.

Interestingly, despite the alleged breach, the official website of Groupe IDEA remains fully functional, raising doubts about the credibility of the hacker group’s claims.

Groupe IDEA data breach

LockBit’s Similar Attacks

This incident follows LockBit’s recent cyber onslaught in December 2023 when they targeted LivaNova PLC, a prominent US-based healthcare device manufacturer specializing in neuromodulation devices and cardiopulmonary products.

The cyberattack on LivaNova, detected on December 9, 2023, saw LockBit claiming responsibility for compromising a massive 2.2 terabytes of sensitive data. The cybercriminals also targeted Dawsongroup, a B2B asset hiring and funding company, in the same month.

The LockBit ransomware group has become a well-known threat actor in dark web forums, leaving a trail of compromised organizations in its wake. The cybersecurity landscape continues to face escalating challenges from such malicious entities.

As the situation with Groupe IDEA unfolds, The Cyber Express remains committed to providing updates on any official statements or confirmations from the organization regarding the alleged Groupe IDEA data breach.

The urgency of such cyber threats highlights the critical need for organizations to enhance their cybersecurity…

Source…

Ubisoft Thwarts Hacking Attempt Weeks After Insomniac Data Breach

/in


Ubisoft has apparently thwarted an attempted hack during which an individual gained access to the company’s systems for 48 hours. The company has said that it’s currently investigating the security breach, and a full statement will likely come after the holiday.

Ubisoft hack could have resulted in a theft of 900 GB of data

First reported by Bleeping Computer, Twitter user vx-underground posted screenshots that purportedly show an individual attempting to steal 900 GB of data from Ubisoft’s systems on December 20 — not long after a devastating ransomware attack on Insomniac Games. It’s unclear if the individual is affiliated with a group or was acting solo.

The hacker had access to Ubisoft’s systems for roughly 48 hours when the breach was detected and they were thrown out, seemingly unsuccessful in their attempt to lift the data.

Bleeping Computer reached out to Ubisoft who acknowledged reports of the infiltration. “We are aware of an alleged data security incident and are currently investigating,” the statement reads. “We don’t have more to share at this time.”

While Ubisoft managed to fight off the hacker, Insomniac Games wasn’t so lucky. The studio is still reeling from the impact of the ransomware attack, and is assessing the damage.

The post Ubisoft Thwarts Hacking Attempt Weeks After Insomniac Data Breach appeared first on PlayStation LifeStyle.

Source…