Industry News: ESG5

The Target: Washington National Insurance and Bankers Life, both subsidiaries of the CNO Financial Group

The Take: Personal information including names, social security numbers, dates of birth, and policy numbers.

The Vector: SIM-swapping attacks involve fraudsters tricking customer support staff at a cellphone operator into giving them control of someone else's phone number. This allows the fraudster to receive the victim's phone calls and SMS messages, including two-factor authentication tokens.

This breach is a stark reminder of how strong authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.

Read more...

The Target: Verizon is an American telecommunications and mass media company providing cable TV, telecommunications, and internet services to over 150 million subscribers across the U.S.

The Take: The data that was exposed varies per employee but could include: full name, physical address, social security number (SSN), National ID, gender, union affiliation, date of birth, compensation information.

The Vector: A data breach notification shared with the Office of the Maine Attorney General revealed that a Verizon employee gained unauthorized access to a file containing sensitive employee information on September 21, 2023.

This breach is a stark reminder of how authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.

Read more...

The Target: Direct Trading Technologies (DTT) is an international fintech company offering trading platforms for stocks, forex, precious metals, energies, indices, Contracts for Difference (CFDs), and cryptocurrencies.

The Take: The leaked data included the trading activity of over 300,000 users spanning the past six years, along with names, email addresses, emails sent by the company, and IP addresses.

The Vector: In October 2023, a research team discovered a misconfigured web server with backups and development code references allegedly belonging to the fintech company Direct Trading Technologies. The discovered directory included multiple database backups, each holding a significant amount of sensitive information about the company’s users and partners.

With the fintech industry experiencing rapid growth, this leak stands as a clear reminder of the critical role of robust cybersecurity measures. Fintech companies manage and store exceptionally sensitive customer data. This breach is a stark reminder of how authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.

Read more...

The Target: Popular hardware cryptocurrency wallet vendor Trezor

The Take: A subset of 66,000 users who have interacted with Trezor Support since December 2021 may have had their names or usernames, and email addresses exposed to an unauthorized party.

The Vector: Trezor has already confirmed 41 cases where exposed data has been exploited, with the attackers approaching users to trick them into giving away their recovery seeds - a string of words that contain all the information required for gaining access to a wallet.

As phishing actors continue to explore every potential abuse opportunity on legitimate service providers, novel security gaps constantly threaten to expose users to severe risks. It is essential not to rely solely on email protection solutions, and also scrutinize every email that lands on your inbox, look for inconsistencies, and double-check all claims made in those messages.

Read more...

The Target: Liquipedia is an encyclopedia on various video games, covering everything from history to tactics. The platform was founded and is run by Team Liquid, a Netherlands-based professional e-sports organization owned by aXiomatic Gaming, an e-sports and gaming enabler.

The Take: A part of the exposed information was contained in a user collection weighing 77MB, containing data on nearly 119,000 users. The exposed Liquipedia user details include: User IDs, User emails, email verification status, two-factor authentication status and account creation dates.

The Vector: Researchers surmised that secrets and private RSA keys were used to authenticate admin access to Liquipedia’s Reddit, Discord, Twitch, and X accounts.

This breach is a stark reminder of how authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.

Read more...

The Target: HMG Healthcare is headquartered in The Woodlands, Texas, and provides a range of services, including memory care, rehabilitation and assisted living. HMG’s website says it employs more than 4,100 people and serves approximately 3,500 patients, generating more than $150 million in annual revenues.

The Take: HMG said the stolen information “likely contained” personal information, including names, dates of birth, contact information, Social Security numbers and records related to employment; as well as medical records, general health information and information regarding medical treatment, according to the notice.

The Vector: In a notice published on its website, HMG chief executive Derek Prince confirmed that hackers in August accessed a server storing “unencrypted files” containing sensitive information belonging to patients, employees, and their dependents. HMG said it learned of the breach months later in November.

As phishing actors continue to explore every potential abuse opportunity on legitimate service providers, novel security gaps constantly threaten to expose users to severe risks. It is essential not to rely solely on email protection solutions, and also scrutinize every email that lands on your inbox, look for inconsistencies, and double-check all claims made in those messages.

Read more...

The Target: Orrick, Herrington & Sutcliffe, a popular San Francisco-based international law firm.

The Take: The stolen data encompassed a vast array of information, including names, dates of birth, addresses, email addresses, and government-issued identification numbers like Social Security, passport, driver’s license, and tax identification numbers.

The Vector: The intrusion into Orrick’s network compromised a file share, revealing personal information and sensitive health data of victims.

This breach is a stark reminder of how authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.

Read more...

The Target: Americold is the world’s largest publicly traded real estate investment trust focused on temperature-controlled warehouses. The company controls 250 warehouses across the world — most of which are used by food producers, distributors and retailers.

The Take: Names, addresses, Social Security numbers, driver’s license/state ID numbers, passport numbers, financial account information, and employment-related health insurance and medical information were leaked

The Vector: Americold confirmed that hackers had breached its systems on April 26 and accessed the information of current and former Americold employees as well as their dependents. While the company did not explicitly call it a ransomware attack, it said the cybersecurity incident “involved the deployment of malware on certain systems.”

As phishing actors continue to explore every potential abuse opportunity on legitimate service providers, novel security gaps constantly threaten to expose users to severe risks. It is essential not to rely solely on email protection solutions, and also scrutinize every email that lands on your inbox, look for inconsistencies, and double-check all claims made in those messages.

Read more...

The Target: Toyota Financial Services is the finance arm of the Toyota Motor Corporation. It is a subsidiary of Toyota and provides a range of financial services to Toyota customers and dealerships worldwide.

The Take: Threat actors gained access to full names, residence addresses, contract information, lease-purchase details, and IBAN (International Bank Account Number).

The Vector: Threat actors likely exploited the vulnerability Citrix Bleed to gain initial access to the company’s network.

This breach is critical reminder that zero-day exploits do happen, and furthermore that patching software in a timely, effective manner is a key component of ensuring customer data is protected. Ensuring third-party vendors are deploying patches and fixes in accordance with a firm’s cybersecurity policy is an important step in an overall robust security posture.

Read more...

The Target: HTC Global Services is a managed service provider offering technology and business services to the healthcare, automotive, manufacturing, and financial industries.

The Take: The leaked data includes passports, contact lists, emails, and confidential documents allegedly stolen during the attack.

The Vector: While little information about the attack on HTC is available, cybersecurity professional Kevin Beaumont believes the company was breached using the Citrix Bleed vulnerability. According to Beaumont, one of HTC's business units, CareTech, operated a vulnerable Citrix Netscaler device, which was exploited for initial access to the company's network.

This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.

Read more...