Tag Archive for: Earlier

Ubisoft reportedly shutdown a “data security incident” earlier this week

/in


Ubisoft is reportedly investigating an “unknown threat actor” who allegedly gained access to the company’s Microsoft Teams, Confluence, Atlas, and SharePoint channels for 48 hours before access was revoked.

According to the Gaming Leaks and Rumours subreddit and as reported by Bleeping Computer, screenshots allegedly taken during the 20th December hack have since been leaked online. Ubisoft has reportedly confirmed it is investigating an “alleged data security incident”.

“December 20th, an unknown Threat Actor compromised Ubisoft,” tweeted vx-underground. “The individual had access for roughly 48 hours until administration realised something was off, and access was revoked.

“They aimed to exfiltrate roughly 900GB of data but lost access,” vx-underground adds. It’s not clear what, if any, data the hacker obtained before they were kicked from the system.

Apparently, the “threat actor” would not share how they got initial access, but upon entry into Ubisoft’s internal systems, the hacker “audited users access rights and spent time thoroughly reviewing Microsoft Teams, Confluence, and SharePoint”.

Access was revoked before the threat actor successfully exfiltrated Rainbow Six Siege user data.

“We are aware of an alleged data security incident and are currently investigating. We don’t have more to share at this time,” Ubisoft said in a statement to BleepingComputer.

Marvel’s Spider-Man developer Insomniac Games has now released a statement addressing the ransomware attack on its studio earlier this month, the release of stolen data this week, and the spread of information on upcoming projects now circulating the internet.

The PlayStation studio had stayed silent until now, something it said was a result of it being “focused inward” to support team members. Personal data was included in…

Source…

Hackers penetrated LAUSD computers much earlier than previously known, district probe finds

/in


Los Angeles, CA - September 06: Superintendent of Los Angeles Unified School District Alberto M. Carvalho speaks during a press conference at Edward R. Roybal Learning Center on Tuesday, Sept. 6, 2022, in Los Angeles, CA. There's been a major cyberattack on the Los Angeles Unified School District. Major problems over the weekend. (Francine Orr / Los Angeles Times)

Supt. Alberto M. Carvalho speaks at a September news conference about a major cyberattack on the Los Angeles Unified School District. (Francine Orr/Los Angeles Times)

An intrusion into the computer systems of the Los Angeles school district began more than a month earlier than previously disclosed and likely exposed confidential information, including Social Security numbers, of more than 500 people who worked for district contractors, according to information filed with the state.

As the district previously disclosed, the security breach does not appear to extend to the payroll records and Social Security numbers for the tens of thousands of district employees. An undisclosed number of students enrolled at some point from 2013 through 2016 and some employees during that period appear to have lost information that includes their date of birth and address. California school districts don’t collect student Social Security numbers.

The updated information comes by way of a “Notice of Data Breach” that the nation’s second-largest school system was required under state law to send to potential victims.

School district officials Friday did not provide information on the number of possible victims. In addition to having to notify victims, a notice letter must be filed with the state attorney general when the number of those affected surpasses 500 California residents, the mandated threshold for public notification.

District officials had previously stated that there would be a small but not-yet-determined number of victims — “outliers,” as Supt. Alberto Carvalho described them. The victims would be notified and assisted, he added, while emphasizing that the overriding narrative was one of a worse disaster averted.

Hackers made off with about 500 gigabytes of data — a figure agreed on by both the hackers and the school system. That’s a large haul compared with what an individual user would maintain, but a tiny fraction of the data under the control of L.A. Unified.

Stealing data is only one part of an attack. The second part involves encrypting computer systems so that its users cannot get in, paralyzing the ability to conduct everyday business. Hackers managed to encrypt servers in the…

Source…

Hackers got into L.A. school computers earlier than disclosed

/in


An intrusion into the computer systems of the Los Angeles school district began more than a month earlier than previously disclosed and likely exposed confidential information, including Social Security numbers, of more than 500 people who worked for district contractors, according to information filed with the state.

As the district previously disclosed, the security breach does not appear to extend to the payroll records and Social Security numbers for the tens of thousands of district employees. An undisclosed number of students enrolled at some point from 2013 through 2016 and some employees during that period appear to have lost information that includes their date of birth and address. California school districts don’t collect student Social Security numbers.

The updated information comes by way of a “Notice of Data Breach” that the nation’s second-largest school system was required under state law to send to potential victims.

School district officials Friday did not provide information on the number of possible victims. In addition to having to notify victims, a notice letter must be filed with the state attorney general when the number of those affected surpasses 500 California residents, the mandated threshold for public notification.

District officials had previously stated that there would be a small but not-yet-determined number of victims — “outliers,” as Supt. Alberto Carvalho described them. The victims would be notified and assisted, he added, while emphasizing that the overriding narrative was one of a worse disaster averted.

Hackers made off with about 500 gigabytes of data — a figure agreed on by both the hackers and the school system. That’s a large haul compared with what an individual user would maintain, but a tiny fraction of the data under the control of L.A. Unified.

Stealing data is only one part of an attack. The second part involves encrypting computer systems so that its users cannot get in, paralyzing the ability to conduct everyday business. Hackers managed to encrypt servers in the district’s facilities division, but had limited success elsewhere, even though normal operations, including classroom instruction and…

Source…

Hackers breached library system earlier than initially known

/in


Source…