Tag Archive for: Stole

Fujitsu Confirms Hackers Stole Customer Data

/in


Fujitsu has officially confirmed in a blog post that malware has been detected in its systems. Hackers could have stolen personal and customer information.

The confirmation was reportedly made late last week. The Japanese tech giant said a significant cybersecurity breach exposed systems and data, including sensitive client information. 

Fujitsu claims that after establishing the malware’s existence, it quickly separated the impacted business systems and took action, including surveilling additional company PCs. 

Japan's Second Quantum Computer Successfully Developed by Fujitsu, Riken

(Photo: KAZUHIRO NOGI/AFP via Getty Images)  Japan’s second quantum computer has been successfully developed. Fujitsu and research institute Riken are at the forefront of the latest technological advancement.

Although the company claims to have not received any reports of customer data being misused, Fujitsu pointed out that the company has reported the event to the Personal Information Protection Commission and is currently creating individual notices for the affected consumers.

Fujitsu is reportedly the sixth-largest provider of IT services in the world. Its portfolio consists of software, hardware for telecommunications, cloud solutions, system integration, IT consulting services, and computing devices, including servers and storage systems.

Read Also: Japan’s Second Quantum Computer Successfully Developed by Fujitsu, Riken

Fujitsu Data Breaches

The malware notification follows a hack into several Japanese government agencies’ offices in May 2021. Thanks to an exploit of Fujitsu’s ProjectWEB information-sharing technology, the hack gave rise to the unlawful access and subsequent theft of 76,000 email addresses and confidential information.

The stolen materials were among the sensitive data from government networks and perhaps air traffic control information from Narita International Airport.

Despite these Fujitsu data breaches, the company has proven to remain a global player in the tech industry, for better and for worse, most notably in the United Kingdom, wherein it reportedly became the epicenter of the “Post Office Scandal.”

More than 900 sub-postmasters were falsely convicted due to flaws in Fujitsu’s…

Source…

Chinese Hackers Stole Over 95 GB Of Indian Immigration Data

/in


Chinese hackers have conducted extensive cyber intrusions against foreign governments and companies, including India. The Washington Post reported that Chinese intelligence and cyber-surveillance accessed 95.2 GB (gigabytes) of Indian immigration data. 

Other targeted countries include Malaysia, Taiwan, South Korea, Hong Kong, Thailand, the United Kingdom, Nepal, Mongolia and Kazakhstan, among others.

According to the report, Chinese hackers are targeting software vulnerabilities in companies like Apple, Google and Microsoft. 

Leaked documents, posted a week ago on Github, reveal successful breaches of 80 overseas targets, including the acquisition of immigration data from India and call logs from South Korea’s LG U Plus telecom provider.

These documents belonged to a Chinese company called ISoon, headquartered in Shanghai. It is known to sell third-party hacking and data gathering services to state-owned companies and Chinese government bureaus.

The leaked cache contains more than 570 leaked files, images, and chat logs of users. These hacks were initiated by a Shanghai-based company Isoon, offering hacking and data collection services to Chinese government agencies and state-owned businesses.

Chinese state agents are using these hacking tools to identify users of social media platforms like X (erstwhile Twitter), access emails, and conceal the online activities of overseas agents. Additionally, the documents describe disguised devices such as power strips and batteries also used to compromise Wi-Fi networks.

Concerns about Chinese hacking campaigns have been raised by US intelligence officials, who view it as a significant long-term threat to national security. Similarly, the Indian government has taken measures to block Chinese mobile applications due to concerns about potential monitoring by Beijing.

This is just a part of the rampant cyberattacks that the country has been witnessing in recent times. India witnessed 13.91 Lakh cyber security incidents in 2022, Minister of State for Electronics and Information and Technology Rajeev Chandrasekhar informed the Parliament.

Those numbers still do not give an entire picture of cyberattacks on the country as these statistics…

Source…

FTC slams Blackbaud for “shoddy security” after hacker stole data belonging to thousands of non-profits and millions of people

/in


Data and software services firm Blackbaud’s cybersecurity was criticised as “lax” and “shoddy” by the United States Federal Trade Commission (FTC) in a damning post-mortem of the business’s February 2020 data breach.

According to the FTC, Blackbaud’s poor security breach in February 2020 led to a hacker accessing the company’s customer databases and stealing personal information of millions of consumers in the United States, Canada, the UK, and the Netherlands.

Blackbaud’s affected customers are mainly non-profits, such as healthcare agencies, charities, and educational organizations.

Data stolen by the hacker included unencrypted personal information, such as consumers’ and donors’ full names, ages, dates of birth, social security numbers, addresses, phone numbers, email addresses, financial details (bank account information, estimated wealth, and identified assets), medical and health insurance information, gender, religious beliefs, marital status, spouse names, spouses’ donation history, employment details, salaries, education, and account credentials.

The security failure was exacerbated by Blackbaud not enforcing its own data retention policies, causing customer data to be kept for years longer than necessary. Blackbaud also retained data of former and potential customers for years longer than required.

All of which was a treasure trove for the attacker, who demanded a ransom from Blackbaud or threatened to expose the stolen data. The company paid 24 Bitcoin (worth US $235,000) to the hacker, but was not able to verify if the deleted the data.

The poor data retention practices were not the FTC’s only complaints about Blackbaud’s handling of the incident.

The FTC criticized the company for not notifying customers of the breach for two months after detection, saying Blackbaud had “misrepresented the scope and severity of the breach after an exceedingly inaccurate investigation.”

According to Blackbaud’s customer breach notification of July 16, 2020, “The cybercriminal did not access credit card information, bank account information, or social security numbers… No action is required on your end because no personal information about your constituents was…

Source…

Cloud gaming outfit Shadow warns hackers stole users’ personal info during a security breach

/in


Shadow, the French cloud gaming company that allows subscribers to run games via high-powered PCs over the internet, has emailed customers to warn them that it has suffered a security breach in which customer data was stolen. While Shadow hasn’t confirmed how many people were affected, it’s thought that around 530,000 users have had their information stolen.

In an email sent to customers and reported on by TechCrunch, Shadow said that it was the victim of a social engineering attack that targeted one of its employees at the end of September 2023. The attack apparently began on Discord and then resulted in the employee downloading a game on Steam at the suggestion of a third party. That third party was also a victim of the attack.

Cloud gaming outfit Shadow warns hackers stole users' personal info during a security breach 02

Open Gallery 2

VIEW GALLERY – 2 IMAGES

The data itself was collected after the attacker was able to gain access to an as-yet-unnamed software-as-a-service (SaaS) provider.

TechCrunch reports that an individual on a popular hacking forum has already claimed responsibility for the attack, saying that they are now willing to sell the data after being ignored by Shadow. The post says that the data covers more than 530,000 people.

As for Shadow, it hasn’t confirmed how many people are impacted nor exactly which service the attacker was able to access. They did say which types of data were stolen, however, with full names, email addresses, dates of birth, billing addresses, and credit card expiry dates all swiped. Shadow does say that there were no passwords or sensitive banking data taken during the attack, however.

Shadow also warned customers to be on the lookout for any suspicious emails and to set up multi-factor authentication on their accounts.

Source…