This week in the cybersecurity world, we saw fake ransomware threats, hacktivists targeting Russian wives, and growing concerns regarding ChatGPT. All of these events prompted the need for enhanced phishing protection solutions among all organizations. Read on to know more.
Service NSW Suffers A Data Breach, Exposes Personal Data Impacting Thousands Of Customers
Service NSW said that the personal information of its customers got exposed to other logged-in customers in a privacy breach.
It released an update to the “My Services” dashboard on March 20, which caused the data breach, Greg Wells, the Service NSW CEO, told the impacted customers in an e-mail. Personal information that might be exposed includes vehicle registration, driver’s license details, children’s names, and contact information.
The agency believes that the affected customers logged in to the MyServiceNSW Account between 1.20 pm and 2.54 pm. It added that hackers could not search the sensitive personal information, which was isolated to the website.
Wells said he believes it was an isolated incident, and only the affected customers logged in at the time. “I can confirm that it wasn’t a cyberattack, and Service NSW believes any risk presented by the incident is very low,” he said.
Bank of England Warns of Potential Cyber Attacks on The Financial System
The Bank of England recently warned banks, market infrastructure companies, and insurers to take immediate steps to prepare against a potential major cyber-attack. It issued the warning amid growing concerns of Russian-linked hackers attempting to disrupt the financial system leading to widespread chaos.
Image sourced from qentelli.com
The move comes after Royal Mail and the Guardian became targets of high-profile attacks earlier this year. There are fears that ransomware gangs will increasingly target businesses crucial to Britain’s financial system’s functioning.
The Bank of England instructed the companies to improve their systems and emergency response measures by March 2025. Additionally, the Bank’s Financial Policy Committee urged the firms to invest in mitigations to better manage their risks to financial stability during an incident.
Experts Say That Chinese E-Commerce Giant Pinduoduo Spies On Users
Researchers allege that the popular e-commerce application Pinduoduo can bypass mobile security and monitor user activity across other apps. The comments come after Google suspended the application from its Play Store.
Google suspended the app because it discovered malware in its Chinese versions, which the users downloaded from other online stores. Additionally, CNN reported that the app collects user data without their consent.
“E-commerce giant Pinduoduo has taken privacy violations and data security to the next level,” CNN said, citing various cybersecurity experts from Asia, Europe, and the United States.
Fake Ransomware Gang Blackmails U.S. Organizations With Empty Data Leak Threats
Fake extortionists are using the growing data breaches and ransomware incidents and threatening U.S. companies that they will publish or sell the stolen data unless the victims pay a ransom.
The attackers behind the activity go by the name Midnight, and they have been targeting U.S. organizations since at least March 16.
They also impersonated popular ransomware and data extortion gangs in the e-mails and claimed they were the authors of the intrusion, stealing gigabytes of essential data.
Empty threats since 2019
Midnight Group’s fake extortion scam is not new. Coveware, a famous incident response company, observed it in 2019, calling it Phantom Incident Extortion.
Ukrainian Hacktivists Trick Russian Military Wives Into Sharing Personal Info
Ukrainian hacktivists group Cyber Resistance, also called the Ukrainian Cyber Alliance, reportedly designed a unique strategy to hack into Russian military personnel’s e-mail accounts.
They convinced the wife of a Russian military serving colonel to participate in a patriotic photoshoot, who further convinced 12 more military wives to join. They allowed hacktivists to extract personal and sensitive data. The hacktivists tricked Colonel Sergey Valeriyevich Artoshchenko’s wife into a patriotic photoshoot and extracted personal information.
It assumes significance because Artoshchenko is currently commissioned at an aviation unit (960 Assault Aviation Regiment) in Crimea. The unsuspecting army wives clicked photographs wearing their husbands’ uniforms. These photographs provided Ukrainian hackers with enough information to track down the personal details of their husbands, mainly Col. Areshchenko.
Italy Raises Privacy Concerns And Temporarily Blocks ChatGPT
Italy temporarily blocked the AI software ChatGPT as it investigates a possible violation of the stringent European Union data protection rules.
The Italian Data Protection Authority said it took provisional action “until ChatGPT starts respecting privacy.” It temporarily limited ChatGPT from processing Italian users’ data.
U.S.-based OpenAI (ChatGPT’s developer) said it disabled ChatGPT for Italian users after the government’s request. It further added that its practices comply with European privacy laws and wishes ChatGPT would be available again soon.
Italy’s action is the first nationwide restriction of an emerging AI platform by a democracy and comes after several public schools and universities worldwide blocked ChatGPT over student plagiarism concerns.