Tag Archive for: Employee

NJ medical lab employee indicted on charges he sabotaged competitor’s computer systems

/in


A New York man employed at a medical testing lab in New Jersey allegedly sabotaged his competitor’s operations by posing as a repairman to enter the other laboratory’s offices, based in Millburn, and disabled their computer systems and security devices, according to the Justice Department.

Eric Leykin, 32, of Brooklyn, was indicted in federal court last week on charges of wire fraud, accusing him of using a prepaid cellphone to call his competitor in July 2022, posing as an employee from the lab’s tech support firm, and made an appointment to service their equipment the following day, according to court documents.

Upon arriving at the facility, Leykin allegedly proceeded to sever wires connected to the lab’s security system, removed multiple computer hard drives, unplugged the company’s backup generator and damaged various testing devices, the indictment claims.

If convicted, Leykin could serve up to 20 years in federal prison and face a fine of either $250,000 or an amount equal to the company’s financial losses as a result of the alleged scheme.

This article originally appeared on NorthJersey.com: NJ medical lab employee accused of sabotage, posing as repairman

Source…

Hack on Transportation Systems Exposes Employee Information

/in


The Department of Transportation’s administrative systems were hacked, exposing the data of hundreds of thousands of employees, the agency confirmed on Monday. 

According to Reuters, the agency notified Congress about the hack late Friday. Transportation confirmed the breach exposed the personal information of approximately 237,000 current and former agency employees.

The affected administrative systems were used, for example, to process employee transit benefits. The agency noted that the breach did not affect any transportation safety systems. 

Transportation’s Office of the Chief Information Officer is investigating the breach, “with the support of other federal agencies, including CISA,” an agency spokesperson told Nextgov in an emailed statement. ”The OCIO is addressing the breach and has suspended access to relevant systems while we further investigate the issue, and secure and restore the systems.” 

It is unclear who is behind the cyber attack, how it occurred and when it was first discovered.

“In an era where the federal government is asking the private sector to do more in terms of cybersecurity, the Department of Transportation breach shows the government needs to follow its own lead and better protect its own systems,” Brandon Pugh, director of Cybersecurity and Emerging Threats at the R Street Institute, told Nextgov in an emailed statement. “All data breaches are concerning, but there are particular risks with information on federal employees being made public. The information could be used to target the impacted federal employees or to carry out future attacks, depending on the precise data that was breached.”

“Cyber attackers require a single vulnerability to infiltrate an organization’s network, highlighting the critical importance of fortifying individual systems during a data breach,” Amit Bareket, CEO and co-founder of Perimeter 81, told Nextgov in an emailed statement. “In today’s rapidly evolving digital landscape, malicious actors continually devise novel techniques to target organizations and exploit their invaluable resources.”

Bareket noted that “individuals who were affected by the U.S. Department of Transportation data breach…

Source…

Canadian Bookstore Chain Indigo Says Employee Data Stolen in Ransomware Attack

/in


Canadian bookstore chain Indigo this week confirmed that the personal information of both current and former employees was stolen in a ransomware attack last month.

The hack, Indigo says, took place on February 8 and resulted in the company taking down affected systems to contain the incident. The company was able to restore online payments and exchanges and returns two weeks ago.

The investigation into the incident has revealed that some employee data was compromised during the attack, but Indigo says it has no evidence that customer data was accessed. No credit and debit card information was impacted, the company says in an updated notice on its website.

Should the investigation reveal that any customer data has been compromised, Indigo promises to contact the impacted individuals immediately.

The ransomware deployed during the attack, Indigo says, was LockBit, which is known to be used by cybercriminals either located in Russia or with ties to Russian organized crime.

The company says it has already started notifying impacted individuals of the incident, but did not say how many were affected. Indigo currently operates more than 160 stores across Canada and has over 8,000 employees.

Indigo also says that it has been working with Canadian authorities and the FBI to investigate the attack and that it does not plan to give in to the attackers’ ransom demands.

The hackers, however, have threatened to publish the stolen data on the dark web starting this week, unless a ransom is paid.

“The privacy commissioners do not believe that paying a ransom protects those whose data has been stolen, as there is no way to guarantee the deletion/protection of the data once the ransom is paid. Both US and Canadian law enforcement discourage organizations from paying a ransom,” the company notes.

Related: Dish Network Says Outage Caused by Ransomware Attack

Related: Ransomware Attack Hits US Marshals Service

Related: Ransomware Attack Forces Produce Giant Dole to Shut Down Plants

Source…

Employee Security – 7 Best Practices to Consider

/in


In the first installment of our cybersecurity best practices, we explored how individuals can safeguard their personal data. But just as vital to security is employee security awareness and protecting important information within an organization. One wrong move by employees could have major repercussions not only for themselves but also for a company’s reputation and clientele.

Part two delves into the steps employees should take to ensure protection: from password, email, and mobile device precautions–all necessary employee security to prevent vulnerable exposure in the workplace.

1. Passwords

Good for everyday security users

The same set of rules from the first part of the series apply with employee security as well. 

Recommendations

Don’t set your passwords for your work accounts to things like “lovemyjob123” or “techguy83”. This will only to lead to poor security and a larger attack space for your work account. Furthermore, don’t share passwords across accounts–especially between personal and work. 

Like in part one, you should use a solid password manager like Bitwarden. Password managers can handle all of your work accounts as well as generate secure passwords for you.

2. Email Use

Good for everyday security users

Using personal email for business activities–and vice versa–is the wrong thing to be doing. 

As an employee you are more likely to be the target of phishing scams and malicious emails at your company email address. For your personal email address, you are more likely to receive the “Hot Girls in your area” or “Low-cost Viagra” spam email. 

Both of these kinds of emails are malicious and obviously not desirable–and can cause serious damage in both environments.

3. Mobile Devices

Good for everyday security users

Many organizations have a “Bring Your Own Device”–or BYOD–employee security policy in place for employees to use their personal cell phones for work. If this is the case, there are likely many policies in the company’s handbook for acceptable use on these devices.

It should go without saying, but it is going to be said: “Regardless of company policy, DO NOT put company information on your personal device.Source…