Tag: confirms | Page 3

Fujitsu hack raises questions, after firm confirms customer data breach • Graham Cluley

March 18, 2024/in Computer Security

Fujitsu hack raises questions, after firm confirms customer data breach

Fujitsu has warned that cybercriminals may have stolen files with personal and customer data after it discovering malware on its computer systems.

The firm at the center of the British Post Office scandal, said in a Japanese press release that it had discovered the presence of malware on its computers, the potential theft of customer data, and apologised for any concern or inconvenience caused.

Fujitsu announcement — Announcement published on Fujitu’s Japanese website.

The press release (a Google-translated version can be read here), is somewhat scant on detail.

For instance:

Fujitsu doesn’t disclose the malware found, the number of affected computers, or the internal systems or databases accessed.
Fujitsu doesn’t specify the type of malware found – a remote access backdoor? ransomware? something else?
Fujitsu doesn’t share details about the stolen information, calling it “personal information and customer information.” For instance, does it include contact details, passwords, or payment information?
Fujitsu announced on Friday 15 March that it suffered a cyber attack, but didn’t specify when it was discovered or how long the hackers had access to its systems and data.

Fujitsu says it has reported the incident to regulators and will contact affected individuals and customers.

The company also says that it has not seen any reports of the potentially stolen information being misused. Statements like these are meant to reassure affected parties, but they don’t make you feel much more comfortable in reality.

An absence of evidence is not evidence of absence. How could a company ever confidently and honestly claim it has incontrovertible proof that exfiltrated data has not been exploited by malicious hackers and online fraudsters?

Sign up to our free newsletter.
Security news, advice, and tips.

In the past, there have been many incidents where data stolen in a hack has not immediately shown up, before appearing on the dark web months or even years later.

Source…

UnitedHealth Group Confirms ALPHV Ransomware Gang Is Behind Attack

March 1, 2024/in Internet Security

Insurance giant UnitedHealth Group is officially blaming a notorious ransomware group for a major outage that’s been preventing healthcare providers from processing prescriptions.

The company issued the update as its subsidiary Change Healthcare is still struggling to restore services, a week after suffering the attack, which has ensnared IT systems at hospitals and pharmacies across the country.

“Change Healthcare can confirm we are experiencing a cyber security issue perpetrated by a cybercrime threat actor who has represented itself to us as ALPHV/Blackcat,” the company said on Thursday.

The statement clarifies that the attack isn’t exactly from a “suspected nation-state” actor, as UnitedHealth Group initially said. Instead, ALPHV is more of a cybercriminal group, although its members are likely based in Russia.

The company issued the confirmation a day after ALPHV took to its own site on the Dark Web and claimed responsibility for the attack on Change Healthcare. In some potentially bad news for users, the ransomware gang claims to have stolen 6TB or 6,000GB of data from United Healthcare during the attack.

This Tweet is currently unavailable. It might be loading or has been removed.

“Change Healthcare production servers process extremely sensitive data to all of UnitedHealth clients that rely on Change Healthcare technology solutions. Meaning thousands of healthcare providers, insurance providers, pharmacies, etc,” the group alleged.

As a result, the stolen data encompasses patient medical records, along with other sensitive user information, such as phone numbers, email addresses, and Social Security numbers, the gang claims. Change Healthcare also serves military hospitals, so data on US service members was apparently stolen as well.

Recommended by Our Editors

Interestingly, ALPHV appears to have taken down its original post about stealing data from UnitedHealth Group, which suggests the insurance provider may have paid the ransom.

UnitedHealth Group didn’t respond to a request for comment. In the meantime, the company’s statement notes: “Our experts are working to address the matter and we are working closely with law enforcement and…

Source…

Change Healthcare confirms ransomware attack, hackers claim massive data haul

February 29, 2024/in Computer Security

Optum’s Change Healthcare confirmed Feb. 29 that it was hacked by a ransomware gang after the group claimed to have stolen massive amounts of data.

“Change Healthcare can confirm we are experiencing a cybersecurity issue perpetrated by a cybercrime threat actor who has represented itself to us as ALPHV/Blackcat,” an Optum spokesperson emailed Becker’s on Feb. 29. “We are actively working to understand the impact to members, patients and customers.”

Many of Change Healthcare’s applications, which span revenue cycle management to prescription processing, have been down since Feb. 21, disrupting operations at hospitals, physician practices and pharmacies across the country.

ALPHV/Blackcat, aka BlackCat, claimed responsibility for the hack, posting on its dark web leak site that it stole 6 terabytes worth of Change Healthcare data involving “thousands of healthcare providers, insurance providers, pharmacies, etc,” Bleeping Computer reported Feb. 28. The allegedly stolen data includes medical records, patient Social Security numbers, and information on active military personnel (Change serves some military healthcare facilities).

But as Politico noted Feb. 28: “Ransomware groups, which demand extortion payments in exchange for restoring or not publishing stolen data, often exaggerate their exploits as a negotiating tactic.”

ALPHV/Blackcat, which has been linked to Russia, has been targeting the U.S. healthcare industry since December after the FBI disrupted its operations.

Change Healthcare said it is working with cybersecurity firms Palo Alto Network and Mandiant, a Google subsidiary, as well as law enforcement to address the cyberattack.

Source…

Japanese Watchmaking Giant Seiko Confirms Personal Data Stolen in Ransomware Attack

October 26, 2023/in Internet Security

Japanese watchmaking giant Seiko has confirmed that the ransomware attack discovered a few months ago resulted in a data breach affecting customers, business partners, and employees.

Seiko revealed on August 10 that it had identified a possible data breach in late July. The company said at the time that hackers had gained access to at least one server and its investigation showed that some information may have been compromised.

Roughly ten days later, the ransomware group known as BlackCat and ALPHV took credit for the attack and started leaking files taken from Seiko after the company refused to respond to its extortion attempts.

The cybercrime group claimed to have stolen over 2Tb worth of files, including employee information, production technology details, video and audio recordings of management meetings, emails, and copies of passports belonging to employees and foreign visitors.

At the time, they threatened to leak or sell the data unless their demands were met, and in mid-September they made all the information public on their Tor-based leak website.

Seiko released another statement on the incident on Wednesday, confirming that a total of roughly 60,000 personal data records associated with Seiko Group Corporation (SGC), Seiko Watch Corporation (SWC), and Seiko Instruments Inc. (SII) were compromised.

According to Seiko, compromised data includes SWC customer information, including names, addresses, phone numbers, and email addresses. The company says payment card information was not stolen.

In addition, the attackers stole SGC, SWC, and SII business partner information such as name, job title, company affiliation, and company contact details.

Advertisement. Scroll to continue reading.

The names and contact information of current and former employees, as well as job applicants, was also stolen by the ransomware group.

“As part of our ongoing response, we temporarily blocked external communication with the affected servers and have installed EDR (Endpoint Detection and Response) systems on all servers and PCs to detect unauthorized activity. We have also implemented measures such as multi-factor authentication to prevent further breaches,” Seiko…

Source…

Tag Archive for: confirms

Recommended by Our Editors