Tag: personal | Page 3

Russian gang’s hack in Maine affected personal data of 1.3 million people

November 11, 2023/in Internet Security

More than 1 million people who had contact with Maine state agencies have been caught up in a Russian gang’s international cybersecurity breach, potentially exposing their Social Security numbers, dates of birth and other confidential information, state officials said Thursday.

The Department of Administrative and Financial Services is notifying people who may have been affected by what it called a “global cybersecurity incident” that occurred May 28 and May 29 concerning the file transfer tool, MOVEit. The state is among several thousand organizations affected by software vulnerability that allowed cybercriminals to access and download data, the state said in an announcement about the breach. It affected industries such as insurance, finance, education, health and government.

The breach, which affected 1.3 million people, exposed data on more than half of the state Department of Health and Human Services workers and between 10% and 30% of the employees at the Department of Education. Maine’s population is 1.37 million people.

Other affected agencies are the Office of the Controller, Workers’ Compensation, Bureau of Motor Vehicles, Department of Corrections, Department of Economic and Community Development, Bureau of Human Resources, Department of Professional and Financial Regulation, and the Bureau of Unemployment Compensation.

Once the breach was discovered, the state sought to identify people whose information might have been compromised. The assessment of those affected took months and was recently completed. The state is now notifying individuals using a press release issued nationwide, the U.S. Postal Service and email.

The exploited program, MOVEit, a file-transfer platform made by Progress Software Corp., is widely used by businesses to share files, The Associated Press reported in June. The breach was blamed on a Russian cyber-extortion gang’s hack of a file-transfer program popular with corporations and governments.

The incident in May was specific and limited to Maine’s MOVEit server and did not impact any other state networks or systems, according to information posted on the state’s website.

Maine agencies hold information about…

Source…

Japanese Watchmaking Giant Seiko Confirms Personal Data Stolen in Ransomware Attack

October 26, 2023/in Internet Security

Japanese watchmaking giant Seiko has confirmed that the ransomware attack discovered a few months ago resulted in a data breach affecting customers, business partners, and employees.

Seiko revealed on August 10 that it had identified a possible data breach in late July. The company said at the time that hackers had gained access to at least one server and its investigation showed that some information may have been compromised.

Roughly ten days later, the ransomware group known as BlackCat and ALPHV took credit for the attack and started leaking files taken from Seiko after the company refused to respond to its extortion attempts.

The cybercrime group claimed to have stolen over 2Tb worth of files, including employee information, production technology details, video and audio recordings of management meetings, emails, and copies of passports belonging to employees and foreign visitors.

At the time, they threatened to leak or sell the data unless their demands were met, and in mid-September they made all the information public on their Tor-based leak website.

Seiko released another statement on the incident on Wednesday, confirming that a total of roughly 60,000 personal data records associated with Seiko Group Corporation (SGC), Seiko Watch Corporation (SWC), and Seiko Instruments Inc. (SII) were compromised.

According to Seiko, compromised data includes SWC customer information, including names, addresses, phone numbers, and email addresses. The company says payment card information was not stolen.

In addition, the attackers stole SGC, SWC, and SII business partner information such as name, job title, company affiliation, and company contact details.

Advertisement. Scroll to continue reading.

The names and contact information of current and former employees, as well as job applicants, was also stolen by the ransomware group.

“As part of our ongoing response, we temporarily blocked external communication with the affected servers and have installed EDR (Endpoint Detection and Response) systems on all servers and PCs to detect unauthorized activity. We have also implemented measures such as multi-factor authentication to prevent further breaches,” Seiko…

Source…

University of Michigan says hackers gained personal information of individuals in cyberattack

October 24, 2023/in Computer Security

CBS News Detroit Digital Brief for Oct. 23, 2023

03:03

(CBS DETROIT) – The University of Michigan said on Monday that hackers were able to get the personal information during a cyberattack back in August.

University officials say an investigation launched an investigation and learned of suspicious activity on the computer network.

The investigation revealed that an “authorized third party was able to access personal information relating to certain students and applicants, alumni and donors, employees and contractors, University Health Service and School of Dentistry patients, and research study participants,” the university said.

The information included social security numbers, driver’s licenses or other government-issued identification numbers, financial account or payment card numbers, and health information. The university determined that the hacker gained access between Aug. 23-27.

In response to the suspicious activity, officials disconnected the campus network on Aug. 27 for its Ann Arbor, Dearborn, and Flint campuses. At that time, University President Santa Ono said it was investigating a “security issue.” The internet was restored on Aug. 30.

The university says in addition to the investigation, it is also “continuing to work with third-party cybersecurity experts to take steps to harden our systems and emerge from this incident as a more secure community.”

U of M sent letters on Monday to all individuals whose information was involved. The university is offering free credit monitoring services to those individuals.

The university also launched a call center to address the incident. Anyone who believes their information was involved and does not receive a letter can call the toll-free number at 888-998-7088 between 9 a.m. and 9 p.m. Monday through Friday.

…

Source…

Cloud gaming outfit Shadow warns hackers stole users’ personal info during a security breach

October 12, 2023/in Internet Security

Shadow, the French cloud gaming company that allows subscribers to run games via high-powered PCs over the internet, has emailed customers to warn them that it has suffered a security breach in which customer data was stolen. While Shadow hasn’t confirmed how many people were affected, it’s thought that around 530,000 users have had their information stolen.

In an email sent to customers and reported on by TechCrunch, Shadow said that it was the victim of a social engineering attack that targeted one of its employees at the end of September 2023. The attack apparently began on Discord and then resulted in the employee downloading a game on Steam at the suggestion of a third party. That third party was also a victim of the attack.

Cloud gaming outfit Shadow warns hackers stole users' personal info during a security breach 02

2

VIEW GALLERY – 2 IMAGES

The data itself was collected after the attacker was able to gain access to an as-yet-unnamed software-as-a-service (SaaS) provider.

TechCrunch reports that an individual on a popular hacking forum has already claimed responsibility for the attack, saying that they are now willing to sell the data after being ignored by Shadow. The post says that the data covers more than 530,000 people.

As for Shadow, it hasn’t confirmed how many people are impacted nor exactly which service the attacker was able to access. They did say which types of data were stolen, however, with full names, email addresses, dates of birth, billing addresses, and credit card expiry dates all swiped. Shadow does say that there were no passwords or sensitive banking data taken during the attack, however.

Shadow also warned customers to be on the lookout for any suspicious emails and to set up multi-factor authentication on their accounts.

Source…

Tag Archive for: personal