.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
The target: Broadvoice, a Voice-over-IP service provider.
The take: 350 million total customer records of personally identifiable information including: full names, date of birth, phone number, and voice-mail transcripts with highly sensitive details such as medical records, loan applications, and mortgage information.
The attack vector: A misconfigured Elasticsearch database housing 10 separate clusters of data. There was no authentication or security in place meaning anyone with an internet connection could have full access to the data. These storage servers are easily discoverable with scanning tools available to administrators and malicious attackers alike.
The type of data exposed in this breach poses enormous risk for Broadvoice’s customers as the intricate details leaked, in voice calls and prescription records for example, would give phishing and fraud attacks a high chance of success. This breach demonstrates the extreme importance of securing access to a firm’s data. Proper authentication, monitoring, and credential management are some of the critical tools which can be implemented to prevent these occurrences.
Cision: The research covered 50 medium-sized personal data breach cases with a damage scale of more than 1,000 cases and less than 1 million cases caused by unauthorized access and categorized the personal data breach cases into eight industries: manufacturers, retail, services and infrastructure, software and telecommunications, trading companies, financial services, advertising/publishing/media, and government/public offices/organizations, based on the information of the companies that announced the breach.
Yahoo Finance: European and American officials said Thursday that they have arrested 20 people in several countries for allegedly belonging to an international ring that laundered millions of euros stolen by cybercriminals through malware schemes.
The Sydney Morning Herald: Politicians and their staff face stricter rules around use of personal phones on parliamentary networks as it emerged a state actor was the likely culprit behind a second major cyber attack in 2019.
CNBC: For just a few dollars, criminals are selling credentials for customers of E*Trade, Charles Schwab, TD Ameritrade, Robinhood and others, according to New York-based security firm Intsights. The demand has only increased during the pandemic, according to the firm’s chief security officer Etay Maor.
Private Equity Wire: This is the seventh year of consecutive double digit growth for the Edinburgh and London-based business, and follows a 24 per cent rise to GBP32 million in 2018. It is the first year-end since mid-market private equity house Livingbridge supported an MBO in May 2019, and represents significant progress following the initial investment.
O Canada: The company, which was carved out of Intel Corp four years ago, will sell nearly 31 million shares, while the selling stockholders will offer about 6 million shares in the IPO, according to a regulatory filing https://www.sec.gov/Archives/edgar/data/1783317/000119312520268184/d89887ds1a.htm.
DARKReading: Technology and security companies teamed up with the financial services and telecommunications industries to disrupt the command-and-control (C2) infrastructure used to manage the well-known Trickbot ransomware to infect more than a million computing devices, the firms behind the takedown.
The target: Snewpit, an Australian-based news sharing platform.
The take: 80,000 user records of personally identifiable information including: usernames, full names, email addresses, profile pictures, and log data detailing the amount time users spent on the app and other behaviour metrics.
The attack vector: The information was exposed on an improperly secured, and publicly accessible, Amazon Web Services server. Bad actors can locate these unsecured storage buckets very easily and the complete lack of security on the database means the records were open to anyone with an internet connection.
The combination of data exposed in this incident could lead to very targeted and successful scams by fraudsters. Personally Identifiable information helps these attackers build a complete profile of their victims, and in this case, the log data which outlined the actions taken by users on Snewpit’s app greatly increases the credibility of their scams, vastly increasing the chance they are successful. Data and credential management are critical for ensuring sensitive information is stored safely and securely.
IT News: PwC Australia has created a new business unit bringing together cyber, digital trust and digital law teams from across the firm to bolster the services it offers clients navigating the cyber security and regulatory landscape.
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montreal
1080 Côte du Beaver Hall, Suite 904
Montreal, QC
Canada, H2Z 1S8
+1-450-465-8880
Halifax
168 Hobsons Lake Drive Suite 301
Beechville, NS
Canada, B3S 0G4
Tel: +1 902 429 8880
Manila
10th Floor, Two Ecom Center
Mall of Asia Complex
Harbor Dr, Pasay, 1300 Metro Manila
Philippines
Sydney
Level 15 Grosvenor Place
225 George Street, Sydney NSW 2000
Australia
Tel: +61 (2) 8823 3370
Abu Dhabi
Floor No. 15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy