Phishing Watchdog – Stay Safe with Instant Alerts

MyRepublic discloses data breach exposing government ID cards

10th September 2021 | Target: MyRepublic | Reported Here

MyRepublic says almost 80,000 of its mobile subscribers in Singapore have had their personal data compromised, following a security breach on a third-party data storage platform. The affected system had contained identity verification documents needed for mobile services registration, including scanned copies of national identity cards and residential addresses of foreign residents.

The “unauthorised data access” incident was uncovered on August 29 and the relevant authorities had been informed of the breach, said MyRepublic in a statement Friday.

MyRepublic


 

[above via Zdnet post] Update 1 / Update 2

 

Howard University Hit by a Ransomware Attack

7th September 2021 | Target: Howard University | Reported Here

Howard University, one of the largest historically Black schools in the United States, canceled classes Tuesday after a ransomware attack.

The attack shut down the campus Wi-Fi, and nonessential employees were instructed to not report to work, the university announced Monday. In-person classes will resume Wednesday, but online classes remain canceled until at least Thursday.

Howard University


 

[above via CNBC post] Update 1 / Update 2

 

Jenkins project discloses security breach

6th September 2021 | Target: Jenkins Software | Reported Here

In a statement, Jenkins documentation officer Mark Waite explained that the affected server was taken offline and the team is investigating the impact of the issue.

“At this time we have no reason to believe that any Jenkins releases, plugins, or source code have been affected. Thus far in our investigation, we have learned that the Confluence CVE-2021-26084 exploit was used to install what we believe was a Monero miner in the container running the service,” Waite wrote.

Jenkins


 

[above via Zdnet post] Update 1

 

Student, Teacher Personal Information Taken in Dallas ISD Data Theft

2nd September 2021 | Target: Dallas ISD | Reported Here

The Dallas Independent School District says they learned of a data breach about a month ago that affects former and current students, alumni, parents, and district employees.

In an FAQ on their website, the district said someone downloaded data from their server and temporarily stored it on an encrypted cloud storage site. The district said the data have since been removed from that site and that there is no evidence it was otherwise accessed, disseminated, or sold but that they cannot be sure the data has not been shared publicly until a forensic analysis is completed.

Dallas Independent School


 

[above via NBCDFW post] Update 1

 

DuPage Medical Group notifying 600,000 patients about a data breach

30th August 2021 | Target: Dupage Medical Group | Reported Here

DuPage Medical Group experienced a security breach that reportedly may affect 600,000 patients, the group announced Aug. 30. Now, the medical group, Illinois’ largest independent physician group, is mailing letters to notify patients of the cyberattack.

The unauthorized use occurred between July 12-13 and caused a network outage. On Aug. 17, after an investigation by cyber forensic specialists, the medical group determined patient information may have been reached by “unauthorized actors.”

DuPage Medical Group


 

[above via Chicago Tribune post] Update 1

 

LockBit Gang to Publish 103GB of Bangkok Air Customer Data

30th August 2021 | Target: Bangkok Airways | Reported Here

The LockBit ransomware gang has apparently struck again, having purportedly stolen 103GB worth of files from Bangkok Airways and promising to release them tomorrow, on Tuesday.

A Dark Web intelligence firm calling itself DarkTracer (apparently a separate intel firm than the better-known DarkTrace) tweeted a screen capture of a countdown clock from LockBit 2.0 that, as of Friday, showed four and a half days left. “LockBit ransomware gang has announced Bangkok Airways on the victim list,” DarkTracer tweeted. “It announced that 103GB of compressed files will be released.”

Bangkok Airways


 

[above via Threat Post post] Update 1 / Update 2 

 

Boston Public Library discloses cyberattack

27th August 2021 | Target: Boston Public Library | Reported Here

The Boston Public Library said Friday that it is experiencing “a systemwide technical outage” after being targeted by a cyberattack.

“On Wednesday morning, 8/25, the Boston Public Library experienced a systemwide technical outage due to a cybersecurity attack, pausing public computer and public printing services, as well as some online resources,” the library said in a statement. “Affected systems were taken offline immediately, and proactive steps were taken to isolate the problem and shutdown network communication. There is currently no evidence that sensitive employee or patron data has been disclosed.”

Boston Public Library


 

[above via NBC Boston post] Update 1

 

New Hampshire town loses $2.3 million to overseas scammers

24th August 2021 | Target: Peterborough, Hampshire | Reported Here

The town of Peterborough, New Hampshire, said Monday that it has lost $2.3 million in taxpayer dollars as the result of a cyberattack.

“It pains us to inform the residents and taxpayers of Peterborough that, like so many other towns and cities, we have fallen victim to an internet-based crime that has defrauded our taxpayers of $2.3m,” Select Board Chairman Tyler Ward and Town Administrator Nicole MacStay said in a press release posted to Facebook.


 

[above via NBC Boston post] Update 1 / Update 2

 

Chase bank accidentally leaked customer info to other customers

17th August 2021 | Target: Chase bank | Reported Here

New York City-based JPMorgan Chase Bank has admitted that a technical bug on its online banking website and app led to the accidental leak of customer data… to other customers.

Incidents of customer data breaches have been on the rise over the past year, alongside numerous instances of organized, targeted cyberattacks affecting organizations big, small, and in-between. Many incidents came about as bad actors, emboldened by the lack of data security on many platforms and targeting go-between service providers, orchestrated cyber intrusions that have ended up affecting thousands of businesses globally.

Chase bank


 

[above via Techhq post]

 

Data Breach at Georgia Health System

11th August 2021 | Target: Georgia Health System | Reported Here

A ransomware attack on one of southeast Georgia’s largest healthcare systems exposed both staff and patients’ protected health information (PHI.)

St. Joseph’s/Candler (SJ/C) announced on August 10 that it experienced “a data security incident that may have resulted in unauthorized access to patient and employee information,” according to a press release.

The Georgia-based healthcare system, which has 116 service locations across the state, identified suspicious activity in its network on June 17, 2021, according to the press release

Georgia Health System


 

[above via Health IT Security post]