One cannot have their guards down in today’s cyber world, where cyber adversaries are on the rise and improving their methods and methodologies of launching cyber attacks by the day. However, a pertinent goal can be to ensure maximum security and efficient risk management for yourself and the business you run or work for if such an attack targets your systems. To this end, here are the top security hacks, data breaches, and phishing attacks from the last week, so you keep yourself abreast, learn from the mistakes of others and take robust anti-phishing measures in advance.
Data Breach Hits Harvard-Westlake
The Los Angeles-based elite private school Harvard-Westlake underwent a cyberattack recently where adversaries illegally accessed the account of a senior administrator. Consequently, students’ personal information was leaked, including their psychological portraits and critical assessments mentioned in their college recommendation letters. Among the notable alumni of Harvard-Westlake school are Dorothy Arzner, Jason Segel, Ben Platt, Jamie Lee Curtis, Myrna Loy, Jason Reitman, Shirley Temple, Dean Zanuck, etc.
In the recent attack, the confidential academic data from the last decade was compromised, which affected around 150 alumni. These include children of influential people ranging from political donors to billionaires, celebrities, to Oscar winners. The school has adopted necessary phishing attack prevention measures and informed the FBI. In addition, breach notifications were sent to the affected students’ parents.
AvosLocker Ransomware Gang Hits Pacific City Bank
The America-based Korean-American banking service provider Pacific City Bank (PCB) recently underwent a ransomware attack. The attack was discovered on 30th August 2021, and the bank is now sending data breach notifications to affected customers. PCB claims that the attack vector was addressed as soon as it was detected, but its investigation on the attack concluded only on 7th September. The internal investigation revealed that client organizations compromised the customers’ names, addresses, wage and tax details, social security numbers, tax return documents, loan applications, and payroll and W-2 information.
PCB has yet to disclose whether it’s just a subset of its entire clientele affected by the attack. Affected individuals were advised to remain vigilant and adopt the phishing prevention best practices. Furthermore, the bank extended one year of complimentary identity theft protection and credit monitoring to victims. While PCB itself hasn’t revealed anything about the attacker, AvosLocker has taken ownership of the attack, sharing even a sample of the stolen data on its data leak site.
Data Breach Hits Oregon Eye Specialists
The US-based optometry group Oregon Eye Specialists recently underwent a data breach that affected customers’ personal health information (PHI) across its six clinics in Portland. The adversaries illegally accessed internal email accounts and customers’ private data. The exposed data includes their names, DOBs, medical record numbers, health insurance provider’s details, financial information, dates of service, and policy numbers.
The organization first noticed suspicious activity in an email account on 10th August and immediately took phishing protection measures. Investigations into the breach revealed that the attacker accessed some of Oregon’s email accounts from 29th June to 31st August 2021. However, there is no proof of the misuse of the compromised data. Oregon Eye Specialists has notified all affected customers and offered them free-of-cost identity theft protection and credit monitoring services in an abundance of caution.
Cyberattack Hits Olympus
A cyberattack recently brought down the IT systems of the leading American medical technology enterprise Olympus. The incident occurred on 10th October and affected the Olympus systems in Canada, the US, and Latin America. Soon after detecting the attack, the organization deployed its response team and forensic experts to investigate and resolve the issue. To ensure protection against phishing attacks, Olympus shut down the affected systems and involved the concerned external partners. Fortunately, the attack’s impact was limited to the American region alone.
So far, Olympus has found no evidence of the loss or misuse of customer data and is working with third-party experts to safeguard the interests of partners and customers. This is the second attack on Olympus in two months which took place on a holiday when the majority of the employees were on leave. The FBI and CISA warn organizations against such attacks where adversaries are likely to target them on weekends or holidays.
Data Breach at Brazilian e-Commerce Enterprise Hariexpress
Researchers recently found a misconfigured Elasticsearch server online, exposing the personal information of around 1.8 billion sellers and customers. The database was traced back to the Brazilian e-commerce enterprise Hariexpress, which facilitates easy management and automation of vendor activities in marketplaces like Amazon and Facebook.
The issue was reported to Hariexpress back in July, and it acknowledged the breach after four days of being informed. However, the enterprise has been unavailable for comment since then. Fortunately, the issue has been fixed now, but a 610 GB database with customer and seller details was left unencrypted in the interim. The exposed customer details include their names, contact numbers, home addresses, delivery addresses, and billing information. The leaked seller details include their names, contact numbers, business addresses, and tax IDs.
Since Hariexpress hasn’t responded after the incident, the exact number of individuals affected remains unknown. A data breach of this magnitude is sure to affect thousands of people, if not millions. Therefore, all Hariexpress clients are advised to take measures to protect themselves from further phishing attacks.
Cyberattack Targets Meliá Hotels International
With over 370 hotels in over 40 countries, Meliá Hotels International is the 17th largest hotel chain globally (room number wise). But in a recent cyberattack, Meliá’s Spain-based operations were temporarily brought down. Parts of Meliá’s internal network, web-based servers, public websites, and reservation system were affected by the incident suspected to be the work of some ransomware gang. However, no ransomware operator(s) has taken ownership of the attack so far, nor has Meliá’s data been listed on any data leak site.
The attack took place in the wee hours of 4th October, and Meliá was quick to inform law enforcement and the Spanish financial agencies. As part of its anti-phishing protection measures, the hotel chain has collaborated with Telefonica’s cybersecurity division to investigate the attack. Fortunately, Meliá Hotels maintained their backup files, ensuring a hassle-free restoration of systems and uninterrupted services to guests. The hotel has refrained from disclosing further details on the nature of the attack until investigations are done.
Account Compromise At Visible
Verizon-owned all-digital wireless carrier Visible has an angry customer base using social media sites like Reddit to report account hacks and financial frauds. They all seemed displeased with Visible’s inability to fix the issue. However, the organization recently took to Twitter to acknowledge the attack and reassure users of its concern for their safety. Visible launched an investigation and deployed anti-phishing tools to get to the roots of the attack. It found that the adversaries got access to some users’ usernames and passwords from external sources (they probably used the same credentials for multiple accounts) and used those details to compromise Visible accounts.
In a Reddit post, a Visible user noted that they were charged $1,175.85 for a 128GB iPhone 13 Pro Max that was delivered to a faraway address in NYC while they lived in DC/Virginia. When this distressed user approached Visibly and requested access to their account, Visible denied the request with a message that said: We’re not sure. You should hear back within 24-48 hrs. Soon after, a Visible spokesperson took to Reddit to clarify that no cyberattack had affected its systems and it’s just a few user accounts that were affected by the incident. In this initial post, Visible had only urged users to take measures to prevent phishing attacks if they are so suspicious. However, recent updates indicate that the issue has been resolved.