Here’s your Cyber Security Incidents Update for wk26 2024
(a once-a-week on Monday glimpse into just a fraction of the Cyber Security events of the previous week to inform regarding the depth and breadth of the incidents world-wide)
A little change this week as there are no Healthcare incidents. There were some but I chose not to include them 😊
-Organisation
⦿ Ticketek Entertainment Group, an Australia-based live events and ticketing firm (a bit like Ticketmaster but, as far as I can tell, in Aus only)
-Data compromised
⦿ Dates of birth, Email addresses, Genders, Names, Passwords, Salutations of 30M users (hacker claim) or 17.6M users (data loaded into Have I Been Pwned)
-Initial access
⦿ "hackers accessed a database stored on a cloud-based platform"
-Organisation
⦿ Neiman Marcus, luxury retailer, Dallas Texas, USA, with several dozen outlets across the US
-Data compromised
⦿ Names, contact information, dates of birth, and Neiman Marcus and Bergdorf Goodman gift card numbers of.. (wait for it) 64,000 (according to Neiman Marcus) or 40 MILLION (according to Security Researchers). (Is someone telling little Porkie Pies to try and downplay something to a regulator?)
-Initial access
⦿ Believed to be Credential Stuffing as this is another breach associated with the Snowflake incident
-Possible Prevention
⦿ Don't re-use passwords but do use MFA 🤦♂️
-Organisation
⦿ Levi's (Levi Strauss & Co), privately held American clothing company
-Data compromised
⦿ (possibly) order history, name, email, stored addresses, last four digits of card number, card type and expiration date. "Possibly" because Levi's did take "swift action to force a password reset the same day for all user accounts that were accessed"
-Initial access
⦿ Credential Stuffing (again)
-Possible Prevention
⦿ Don't re-use passwords but do use MFA (again) 🤦♂️
One piece of good news 👍:
"First Light", an international law enforcement operation involving police officers from 61 countries, resulted in the arrests of 3,900 suspects, seizure of $257 million in illegally obtained assets, 6,745 bank accounts and identification of over 14,600 other possible suspects involved in online scam networks in several countries
One final note:
Recently-disrupted LockBit ransomware group, in a desperate attempt to make a comeback, claimed this week that it had hit the Federal Reserve, the central bank of the United States. Turns out that wan't actually true. The actual victim was a single bank in the US: Evolve
How unlike criminals not to tell the truth 🤦♂️