Here are the top stories of recent weeks:
- Laptop Theft Results in Healthcare Data Breach
- Online Banking Users’ Targeted by Trojan Malware Campaign
- Tens of Thousands of Soccer Fans Exposed in Brazilian Leaky Server
- Doppelpaymer, the New Ransomware Selling Victims Information on the Dark Web
- SpiceJet Suffers Breach Affecting 1.2 Million Customers
As cloud adoption continues to increase exponentially across all industries, data breaches have been, by large, the result of hacking and IT incidents. However, there are still a few data breaches each year that arise from loss or theft, and that is exactly what occurred to medical transportation vendor, GridWorks. The Oregon-based ride to care vendor experienced a burglary that resulted in a laptop stolen, which contained the personal identifiable information (PII) of 654,362 members. The database included names, addresses, phone numbers, and Medicaid ID numbers.
The Metamorfo banking trojan has targeted users for more than 20 banks across the globe, including US, Canada, Peru, Chile, Spain, Brazil, Ecuador and Mexico. It began with phishing emails that claimed to contain invoice information pertaining to the recipients, urging them to download a .ZIP file in order to view it. Consequently, by downloading and running the file, the victim allows Metamorfo to execute and run on a Windows machine. The malware even includes a function that monitors 32 keywords corresponding to the targeted banks. This notifies the threat actors in real time, when a user is attempting to access the online service.
Supporters of various soccer clubs were the victims of a leaky S3 bucket, in Brazil. The bucket contained personal information pertaining to predominantly São Paulo-based participants. These were members and loyalty program participants for the Brazilian soccer team, Palmeiras, which has over 18 million supporters nationwide. The database contained tens of thousands of names, contact details, dates of birth, marital status, Social Security numbers, and payment methods used for membership subscriptions. Although, it is unclear how long the server was exposed, Futebol Card rectified the issue upon notification.
DoppelPaymer may be new to the ransomware family but it is operated by the same malicious actors. Ultimately, it steals victims’ files before encrypting their devices, then threatens to publish or sell said data if the victims do not pay the ransom. The DoppelPaymer operators have publicly stated that they have been selling stolen data for over a year and also claim to have intentions of publicizing the stolen data in order to increase their ransom yield.
SpiceJet’s system was breached by an unnamed security researcher, which resulted in unauthorized access to unencrypted PII of more than one million passengers. The data included full names, phone numbers, email addresses, and dates of birth. The researcher reportedly contacted SpiceJet to inform them of the lack of security surrounding the data, however, the researcher never received a response. Easy access to sensitive data such as this can cause customers to fall victim to cyberattacks such as identity theft, phishing, and more.
To learn about cloud access security brokers (CASBs) and how they can protect your enterprise from data leakage, malware, and more, download the Top CASB Use Cases below.