Data breaches are a typical news headline in most cybersecurity updates today. There is no guarantee that ransomware attackers won’t steal data from a system before giving away the decryption key. As such, organizations must adopt phishing attack prevention measures from the beginning so that the adversaries are left with any vulnerabilities or loopholes to exploit. The following cyber headlines throw light on the significant data breaches and phishing attacks that have occurred over the week
Data Breach At Calgary Parking Authority
The Calgary Parking Authority, which provides paid parking facilities to vehicle owners, left one of its logging servers unprotected online, leaving it available for public access. Consequently, the vehicle owners’ names, DOBs, email addresses, phone numbers, postal addresses, license plate details, vehicle descriptions, parking offenses, location data, and parking ticket details were exposed. In some cases, even the payment card details and expiry dates were compromised.
The exact number of people affected by the breach is not known, but it is estimated that thousands of people may have been impacted. Soon after being notified of the security vulnerability, CPA secured the server. It was later confirmed that the server was public since 13th May. The CPS is investigating the breach (believed to be caused by human error) and has taken all necessary phishing protection measures.
Tallinn Man Steals Details Of Estonian Citizens From Govt. Website
The Estonian Police recently arrested a Tallinn man for exploiting a government’s photo transfer service vulnerability and making copies of the ID scans of over 286k Estonian citizens. This data was extracted from the Identity Documents Database (KMAIS). The threat actor was arrested on 23rd July after the RIA was alerted of an unusual number of queries. The investigations revealed that the accused had citizens’ details but had not transferred or used the same for any malicious purpose.
The suspect had used citizens’ names and personal ID codes (which are easily accessible) to download their government document photos. Fortunately, these details cannot be used for financial transactions or e-services. The police shall notify all affected Estonians, and they need not worry about applying for new identity documents. The Estonian Police is doing its best to prevent further phishing attacks and keep the citizens’ privacy intact.
Data Breach At Homewood Health Effects An Unknown Number Of People
Ontario-based Homewood Health had undergone a cyberattack earlier this year, and it is only now that the healthcare provider is notifying the affected agencies and companies. Among the victims of the incident are TransLink, BC Housing, and the Provincial Health Services Authority. Though Homewood Health has not given out the exact number of agencies and people affected by the security breach, it has notified them.
The adversaries have leaked the stolen information on Marketo’s data leak site, where hundreds of bidders are contesting for its possession. As per reports, at least some of this information available online is authentic. Homewood Health is working in collaboration with external cybersecurity experts to investigate the breach. So far, they have found no evidence of unauthorized access to their internal systems. As investigations continue, the victims of this breach must closely monitor their online accounts, look out for phishing texts and adopt anti-phishing measures.
Cyberattack At Express MRI Exposes Patient Data
Georgia-based medical imaging center Express MRI recently underwent a data breach that exposed the confidential medical information of its patients. Unauthorized third parties had accessed an Express MRI email account on 10th July 2020 and sent emails to the center’s contacts. The initial investigation had not suggested any data breach and the second investigation, which concluded in June 2021, also indicated the same.
However, the adversaries’ data may have had access to include the patients’ names, email addresses, DOBs, addresses, names of the referring physicians, details of the body part scanned, etc. However, no Social Security numbers were likely accessed. Express MRI regrets this unfortunate incident and has adopted cybersecurity measures to ensure protection in the future.
Taiwanese High-Level Dignitaries Targeted In LINE Attack
The Japanese instant messaging app LINE is the second-most popular messaging application in Taiwan. Recently, the LINE accounts of over a hundred Taiwanese dignitaries (state cabinet members, mayors, politicians, government officials, military personnel, etc.) were hacked. The adversaries exfiltrated the data stored on their devices. The company discovered this security blunder and immediately notified the victims.
The victims were asked to enable the message encryption feature for their accounts to ensure protection against phishing. LINE confirmed the attack on its website and announced that investigations continue to get to the roots of the attack.
Cyberattack Hits UC San Diego Health
The UC San Diego Health, California, underwent a data breach for four months between 2nd December 2020 and 8th April 2021. During that time, the adversaries had access to some of the health system’s employee email accounts. Regarded as one of the best hospitals, UC San Diego Health, was first notified of the suspicious activity on 12th March in the US. After the initial investigation, the unauthorized access was contained and removed on 8th April.
The health system has reported the incident to the FBI and law enforcement. It is suspected that the adversaries accessed the PII (Personally Identifiable Information) of students and employees and patients’ PHI (Protected Health Information) during the four-month breach period. Although there is no evidence of any data misused, the adversaries may have accessed the names, DOBs, email addresses, and addresses of victims. The other compromised details include claim information, fax numbers, medical record numbers, laboratory results, prescription and treatment details, social security numbers, payment card information, usernames, passwords, student ID numbers, etc.
UC San Diego Health has informed all involved parties of the breach. It also has changed employee credentials, enhanced overall cybersecurity posture, and disabled access points for further protection. The health system urges victims to look out for suspicious activities in their accounts or fraudulent messages.
2M BRI Life Customer Data Compromised
The insurance wing of Indonesia’s Bank Rakyat Indonesia (BRI) called BRI Life underwent a cyberattack recently, which exposed the personal details of over two million customers. The unknown threat actors have put up 460k documents from this data scrap for sale on the dark web.
The cybersecurity firm Hudson Rock has evidence proving that several BRI and BRI Life computers were compromised (probably leading to the massive data breach). The 460k stolen documents are up for sale on RaidForum for $7000. The post is accompanied by a 30-minute demo video exhibiting the types of customer data stolen from BRI Life. These include their taxpayer information, bank account details, and identity cards.
BRI Life is currently working with external cybersecurity experts to investigate the breach and tighten the security of its online operations. The company specified that it holds customers’ data privacy as an important element of its operations and never shares their data with any third parties that could compromise it in any way.
Ransomware Hits City Of Grass Valley
The City of Grass Valley recently underwent a ransomware attack. However, in this particular attack, the city officials decided to comply with the adversaries’ ransom demands. When asked why the city didn’t adopt other modes of retrieving data, it was found that the ransom was paid to protect citizens from future victimization and not merely restore the city’s systems.
An interviewed citizen said that paying the demanded ransom encourages the attackers and pushes netizens to even more vulnerable territories. Although the city has not revealed the ransom amount, it did indicate that there has been an expense of $50,000. The affected city services include some discretionary outages. The city has adopted measures to ensure protection against phishing in the future and informed the FBI. Investigations continue to get to the roots of the attack. Meanwhile, the city has made free credit monitoring available for all citizens, worrying that their data might have been breached.