Apple Data Breach, BlackSuit Ransomware behind CDK Cyber Attack, Jollibee Data Breach, Truist Bank Data Breached and more.
Apple Data Breach Claimed by IntelBroker: Source Code Allegedly Exposed
The notorious threat actor IntelBroker has claimed responsibility for a data breach against Apple, posting on dark web forums that it had stolen internal source code from three commonly used tools – AppleConnect-SSO, Apple-HWE-Confluence-Advanced and AppleMacroPlugin. Access to this source code could impact authentication and leak sensitive employee data or sabotage operations. Apple is investigating but has not confirmed the breach. Read more
BlackSuit Ransomware Gang Behind Massive Cyber Attack on CDK Global
The notorious BlackSuit ransomware group was found responsible for the ongoing cyber attack against CDK Global, a major provider of automotive industry software. The initial ransomware deployment shut down IT systems and data centers, severely impacting thousands of car dealerships relying on CDK platforms. A second incident foiled restoration attempts, forcing negotiations between CDK Global and BlackSuit over decryption and preventing data leaks. Read more
Jollibee Data Breach Affects 32 Million Customers
Fast food giant Jollibee is investigating reports of a data breach involving its delivery systems, acknowledged to have affected 32 million customers. Cybersecurity group Deep Web Konek reported the personal details of customers, including names, addresses, phone numbers and order history, were being sold online. Jollibee said it was taking the matter seriously to understand the full scope but e-commerce systems were unaffected. Read more
The Ascension Hack: How an Honest Mistake of an Employee Resulted In One Of The Biggest Data Breaches
Ascension’s investigation into their major ransomware attack in May revealed it started with an employee downloading a seemingly legitimate but malicious file. It impacted systems like MyChart and disrupted operations. Attackers accessed 7 servers where PHI and PII may have been stolen. The Black Basta ransomware gang is believed responsible. The “honest mistake” led to disruption at one of the largest US nonprofit health networks. Read more
Truist Bank Data Breach Confirmed After Data Shows Up On Hacking Forums
Banking giant Truist confirmed experiencing a cybersecurity attack in October 2023 after stolen data, including details of 65,000 employees and account information, surfaced online for sale. An investigation found no evidence of fraud or links to other incidents like the Snowflake compromises. Additional customers were notified based on new information. The bank committed to security and working with experts to respond transparently following this high-profile attack. Read more
CDK Ransomware Attack Update: CDK Global Provides Update on Recovery Efforts
In a message to auto dealerships, CDK Global said core retail software systems impacted by the recent ransomware attack likely will not be fully restored before the end of June. This prolongs outages for over 15,000 dealers relying on the provider’s tools, impacting customers and ongoing sales. Dealers were advised to make alternate plans for month-end financial closes until recovery is complete. Read more
IRS Publicly Apologizes for Ken Griffin Tax Data Breach, Ken Griffin’s Data Leak Suit Ends in Settlement
An IRS contractor leaked the tax data of Ken Griffin, Trump and Musk by downloading returns from an IRS database. Griffin sued the IRS which led to a public apology for failures enabling the multi-year breach. The IRS agreed to boost security and address oversight body’s concerns as part of the settlement that saw Griffin’s legal action achieving its goal of protecting taxpayer information. Read more
CISA’s CSAT Tool Hacked – Sensitive Data from Chemical Facilities Potentially Compromised
The Cybersecurity and Infrastructure Security Agency disclosed its Chemical Security Assessment Tool was hacked between January 23-26, exposing sensitive security documents and personnel details from chemical facilities. While no data theft was confirmed, the nature of accessed info regarding operations, vulnerabilities and staff could impact facility protection if disclosed. CISA responded by notifying stakeholders and mitigating risks. Read more
Neiman Marcus Data Breach Compromises Personal Information of 64,000
Luxury retailer Neiman Marcus disclosed a data breach impacting over 64,000 customers after a hacker tried selling their stolen information online. The breach occurred between April-May 2024, compromising personal details. The hacker also claimed to possess a database of 180 million customer records including transactions and contact information, although Neiman Marcus has only acknowledged the smaller breach. An investigation is ongoing. Read more
Ticketmaster Data Breach Exposed North American Customers
Ticket sales platform Ticketmaster revealed a data breach compromising some North American customers’ personal details stored in a third-party cloud database. Breached information included names, payment information, emails and phone numbers. An investigation is ongoing into the unauthorized access, while customers are urged to monitor accounts for fraud and change passwords if reused elsewhere. Read more
BSNL Data Breach Exposes 278GB Of Sensitive Telecom Information Twice In 6 Months
Indian state-run telco BSNL suffered two major data breaches in the last six months exposing over 278GB of customer, billing and network data on unprotected storage buckets. Compromised information included names, addresses, call records and payment details. Security experts slammed the telco’s practices and said the repeated incidents highlighted the need for stronger access controls, monitoring and audits of third-party vendors. BSNL is investigating and improving security measures. Read more
Evolve Bank Data Breach Confirmed After LockBit Ransomware Attack
Evolve Bank & Trust confirmed it was hit by a LockBit ransomware attack which illegally obtained sensitive customer information. Over 33TB of compromised data containing personal identification details of both banking customers and clients of Evolve’s fintech partners was published online after ransom demands went unmet. The bank is notifying affected individuals and strengthening cybersecurity measures in response to this major breach. Read more