Tag Archive for: Employee

Following Optus Hack, Another Data Breach for Australia’s Biggest Telcos as Telstra Exposes Employee Data

/in


Just two weeks after Australia’s second-largest telecoms company was hacked, the largest in the market has suffered a data breach. The Telstra breach appears to be relatively minor as compared to the Optus hack, however, as the company reports only a “small amount” of employee data was exposed.

Source of Telstra data breach still unknown, 30K employee files impacted

While the Telstra data breach is considered “relatively” minor given the size of the company, it nevertheless included a substantial amount of records; the company says that some 30,000 employee files dating back to 2017 were exposed. However, the information in each was apparently extremely basic with just names and email addresses contained in most of the breached files.

If that assessment holds up it compares quite favorably to the Optus hack, which exposed the customer records of millions of Australians including driver’s license and passport numbers. The hacker sought profit from the attack, pledging to publicly release the customer records of 10,000 people per day until they received $1 million in ransom. A 19 year-old Sydney man was arrested on October 5 after texting 93 of the victims demanding an individual $2,000 ransom from each, but police say that the man is likely not the breach perpetrator and simply made use of data that the attacker had already made public.

Telstra says that no customers were impacted by the more recent data breach, only current and former employees that were with the company over roughly the past five years. There is also not much detail as of yet about how the data breach happened, in contrast to quick assignment of blame by the Australian government in the case of the Optus hack. That breach is suspected to have originated from an unprotected API that was mistakenly exposed to the internet. Telstra only said that the data breach was at a “third party provider” and did not involve its internal systems, and that a little under half of the exposed records belonged to current employees.

There is no concrete connection between the two data breaches as of yet, but the Telstra attacker took to the same underground forum that the Optus hacker used to attempt to peddle their…

Source…

Ex-CIA Employee Convicted in Theft of Covert Hacking Info

/in


Joshua Schulte Is Guilty on Nine Counts Ranging From Espionage to Obstruction

Mihir Bagwe (MihirBagwe) •
July 14, 2022    

Ex-CIA Employee Convicted in Theft of Covert Hacking Info

A former CIA programmer charged with spilling the agency’s top-secret hacking toolbox online is guilty after a federal jury returned a verdict on all counts.

See Also: OnDemand | Fireside Chat | Zero Tolerance: Controlling The Landscape Where You’ll Meet Your Adversaries

Joshua Schulte, 33, faces a minimum of 80 years in prison after hearing the verdict Wednesday afternoon in a Manhattan federal court room. The government indicted him on nine counts, including espionage, unauthorized access to a computer and obstruction of justice.

Schulte, who developed penetration tools for the espionage service, sent Wikileaks a trove of techniques used for snooping on iPhones, Cisco networking devices, Skype and even smart TVs (see: 7 Facts: ‘Vault 7’ CIA Hacking Tool Dump by WikiLeaks). WikiLeaks posted more than 8,700 documents online in March 2017, calling the leak “Vault 7” and revealing covert programs with names including CrunchyLimeSkies and McNugget.

U.S. Attorney Damian Williams called the leak “one of the most brazen and damaging acts” of espionage in American history. Schulte harbored resentment toward the CIA and was “aware that the collateral damage of his retribution could pose an extraordinary threat to this nation,” Williams said after the jury verdict.

For all Schulte’s apparent technical sophistication, a recent New Yorker profile of the now-convicted leaker found he was reckless with his personal security. Schulte also faces charges for possession of child pornography.

A first attempt to prosecute Schulte ended in a mistrial, with the jury convicting him on contempt of court charges as well as of lying to the FBI’s investigators, but not on the espionage charges. Schulte opted to represent himself in the second trial.

Source…

East West Family of Companies Announces Data Breach Involving Sensitive Employee Information | Console and Associates, P.C.

/in


Recently, East West Family of Companies (“East West”) confirmed that the company experienced a data breach after an unauthorized party gained access to sensitive consumer information stores on the company’s computer network. According to the East West, the breach resulted in the names and Social Security numbers of certain employees and employee dependents being compromised. On July 1, 2022, East West filed official notice of the breach and sent out data breach letters to all affected parties.

If you received a data breach notification, it is essential you understand what is at risk and what you can do about it. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the East West data breach, please see our recent piece on the topic here.

What We Know About the East West Data Breach

According to an official notice filed by the company, on November 8, 2021, East West detected unauthorized access on some of its computer systems. In response, the company secured its systems and launched an investigation into the incident with the assistance of third-party cybersecurity professionals. Shortly after the breach, East West was able to restore its system operations; however, the investigation determined that an unauthorized user was able to access certain files on the company’s network between November 5, 2021 and November 8, 2021. These files contained the information of current and former employees and employees’ dependents.

Upon discovering that sensitive employee data was accessible to an unauthorized party, East West then reviewed the affected files to determine exactly what information was compromised. The company completed this review on May 9, 2022. While the breached information varies depending on the individual, it may include your name and Social Security number.

On July 1, 2022, East West sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.

More Information About East West Family of Companies

East West Family of Companies is a commercial and residential construction company based in Denver,…

Source…

Former Amazon employee convicted of stealing data from more than 100M people – WPXI

/in


Former Amazon employee convicted of stealing data from more than 100M people (NCD)

SEATTLE — A former Amazon Web Services engineer was found guilty Friday of stealing data from more than 100 million people when she hacked Capital One three years ago.

Paige Thompson, who worked for the software giant until 2016, was convicted Friday of seven federal crimes, including wire fraud, illegally accessing a protected computer and damaging a protected computer, CNBC reported.

>> Read more trending news

While the wire fraud conviction carries up to 20 years in prison, the two lessor charges are each punishable by as many as five years in prison.

According to a news release issued by the U.S. Attorney’s Office’s western district of Washington, the jury found Thompson not guilty of aggravated identity theft and access device fraud. The panel deliberated for 10 hours.

Prosecutors argued at trial that Thompson created a tool to search for misconfigured AWS accounts, allowing her to hack into accounts from more than 30 Amazon clients, including Capital One. In addition to mining the data she found in the compromised accounts, Thompson was also accused of using her access to some of the retail behemoth’s servers to mine cryptocurrency for her personal benefit, CNBC reported.

“She wanted data, she wanted money, and she wanted to brag,” Assistant U.S. Attorney Andrew Friedman said of Thompson during his closing arguments, the network reported.

According to The Verge, Thompson’s breach, one of the largest on record, exposed the names, birth dates, social security numbers, email addresses and phone numbers of more than 100 million U.S. and Canadian residents.

Capital One has since been fined $80 million in regulatory fines for allegedly failing to secure users’ data and settled with affected customers for $190 million, the technology news outlet reported.

“Far from being an ethical hacker trying to help companies with their computer security, (Thompson) exploited mistakes to steal valuable data and sought to enrich herself,” U.S. Attorney Nick Brown stated in the news release confirming her conviction.

Thompson is slated to be sentenced Sept. 15.

©2022 Cox Media Group

Source…