Tag Archive for: Giant

A Green Energy Giant Was Defrauded Of $800,000–The Hackers Sent $50,000 To A Nigerian Oil Official, FBI Says

/in


This is the web version of this week’s edition of The Wiretap newsletter, which every Tuesday brings exclusives and other news about surveillance, privacy and cybercrime, straight to your inbox. Click here to get on the newsletter list!

In June last year, hackers took control of an email account belonging to an employee at heavy machinery manufacturer Mountain Crane. The hackers used their access to send an invoice totalling $1.75 million to one of the company’s customers, wind turbine giant Nordex, which then unwittingly paid the hackers over $800,000. A month later, Nordex realized it had been defrauded and contacted the FBI.

The fraud, outlined in a search warrant obtained by Forbes, was a classic case of what’s known as Business Email Compromise (BEC), one of the most common and financially devastating cyberattacks, costing the U.S. $2.7 billion in 2022 alone. But something strange caught the FBI’s attention: $50,000 of the stolen funds were sent to the bank account of Dr. Kelechi Ofoegbu, a Nigerian government official and regulator of the oil and gas industry. Ofoegbu is currently an executive commissioner at the Nigerian Upstream Petroleum Regulatory Commission, and previously worked at energy giants Shell and Eland Oil & Gas.

Ofoegbu has strenuously denied any wrongdoing and said funds from his bank account were wrongly seized. “I am completely innocent and would crave an opportunity to prove this,” he told Forbes. He said he has been banned from travelling to the U.S. and was only made aware of the Nordex fraud after Forbes contacted him about the allegations.

The Department of Justice declined to comment any further on the case. Mountain Crane didn’t respond to requests for comment. Nordex spokesperson Antje Eckert said the company was working with law enforcement on the case, adding that the company had been told the FBI recovered the full amount paid.

Why Ofoegbu allegedly had the money in his account remains a mystery, however. You can read the court document on the case

Source…

Japanese Watchmaking Giant Seiko Confirms Personal Data Stolen in Ransomware Attack

/in


Japanese watchmaking giant Seiko has confirmed that the ransomware attack discovered a few months ago resulted in a data breach affecting customers, business partners, and employees.

Seiko revealed on August 10 that it had identified a possible data breach in late July. The company said at the time that hackers had gained access to at least one server and its investigation showed that some information may have been compromised.   

Roughly ten days later, the ransomware group known as BlackCat and ALPHV took credit for the attack and started leaking files taken from Seiko after the company refused to respond to its extortion attempts. 

The cybercrime group claimed to have stolen over 2Tb worth of files, including employee information, production technology details, video and audio recordings of management meetings, emails, and copies of passports belonging to employees and foreign visitors. 

At the time, they threatened to leak or sell the data unless their demands were met, and in mid-September they made all the information public on their Tor-based leak website. 

Seiko released another statement on the incident on Wednesday, confirming that a total of roughly 60,000 personal data records associated with Seiko Group Corporation (SGC), Seiko Watch Corporation (SWC), and Seiko Instruments Inc. (SII) were compromised.

According to Seiko, compromised data includes SWC customer information, including names, addresses, phone numbers, and email addresses. The company says payment card information was not stolen. 

In addition, the attackers stole SGC, SWC, and SII business partner information such as name, job title, company affiliation, and company contact details.

Advertisement. Scroll to continue reading.

The names and contact information of current and former employees, as well as job applicants, was also stolen by the ransomware group. 

“As part of our ongoing response, we temporarily blocked external communication with the affected servers and have installed EDR (Endpoint Detection and Response) systems on all servers and PCs to detect unauthorized activity. We have also implemented measures such as multi-factor authentication to prevent further breaches,” Seiko…

Source…

Casino giant Caesars sends breach notifications to thousands • The Register

/in


As more details emerge from September’s Las Vegas casino cyberattacks, Caesars Entertainment – the owner of Caesars Palace – has disclosed more than 41,000 Maine residents alone had their info stolen by a ransomware gang.

In a Friday filing with the the US state’s Attorney General’s office, Caesars disclosed extortionists siphoned 41,397 Mainers’ data, and listed the total number of victims “TBD.”

The hotel, restaurant, and casino chain described the theft as follows:

The hotel chain’s loyalty program was pillaged and Caesars noted that the stolen personal data included names and driver’s license numbers and/or identification card numbers. According to the filing, the crooks didn’t access customers’ financial information nor payment details.

In an attached security breach notification letter [PDF], Caesars told customers that the entertainment conglomerate has “taken steps to ensure that the stolen data is deleted by the unauthorized actor, although we cannot guarantee this result.”

These steps, we’d assume, including paying the ransom demand – which was reportedly negotiated at $15 million after an initial demand for $30 million.

“To ease any concern you may have, we are offering you complimentary identity theft protection services for two years through IDX, a data breach and recovery services expert,” the notification letter continued. 

“This identity protection service includes two years of credit and dark web monitoring to help detect any misuse of your information, as well as a $1,000,000 insurance reimbursement policy and fully managed identity restoration in the event that you fall victim to identity theft.”

The casino giant first confirmed the data theft in an SEC filing in September, but has yet to comment on the reported ransom paid to the ransomware crew. 

Caesars has not responded to multiple inquiries from The…

Source…

Product leasing giant warns that sensitive information was stolen during cyberattack

/in


Progressive Leasing, a billion-dollar company that allows people to lease consumer products, announced a cyberattack last week.

In a statement to Recorded Future News, the company said it has seen no “major” operational impacts to its services as a result of the attack but noted that it is still investigating what happened.

“Progressive Leasing recently experienced a cybersecurity incident affecting certain Progressive Leasing systems. Promptly after detecting the incident, we engaged leading third-party cybersecurity experts and launched an investigation,” a spokesperson said.

“Our team is working diligently alongside our cybersecurity experts and with law enforcement to investigate and respond to this incident … The investigation into the incident, including identification of the data involved, remains ongoing.”

The Salt Lake City-based company has dozens of partnerships with major retailers like Best Buy, Samsung, Cricket, Lowe’s, Zales, Overstock, Dell and more. They are one of the biggest lease-to-own companies in operation and are part of a larger corporation — PROG Holdings — that offers “buy now, pay later” options.

On Thursday, the corporation reported the cyberattack to regulators at the SEC, writing that it “believes the involved data contained a substantial amount of personally identifiable information, including social security numbers, of Progressive Leasing’s customers and other individuals.”

“Progressive Leasing will provide notice to those individuals whose personally identifiable information was involved in the incident, as well as to regulatory authorities, in accordance with applicable laws,” it said.

“The Company has incurred, and may continue to incur, significant expenses to respond to, remediate and investigate this matter. The full scope of the costs and related impacts of this incident, including the extent to which these costs will be offset by the Company’s cybersecurity insurance, has not been determined.”

The company’s chief financial officer added that they do not expect there to be a financial fallout from the attack as a result of limited operations — unlike cleaning giant Clorox, which reported to the SEC…

Source…