Here’s your Cyber Security Incidents Update for wk12 2024
(a once-a-week on Monday glimpse into just a fraction of the Cyber Security events of the previous week to inform regarding the depth and breadth of the incidents world-wide)
-Organisation
⦿ NHS Dumfries and Galloway, Scotland, UK
-Data compromised
⦿ Not known at this time but ransomware would be a prime suspect. This NHS Trust serves a population of 150.000 people
(reporting an incident of an attack on a healthcare organisation, in the US, could easily be a weekly event but this one is a bit closer to home hence why it made the cut this week)
-Organisation
⦿ Nations Direct Mortgage, Nevada, USA (Nevada-based, operational in 35 States in the US)
-Data compromised
⦿ (believed to be) names, addresses, social security numbers, and unique Nations Direct loan numbers of 83,000 customers
-Organisation
⦿ VF Corporation, Denver, Colorado, USA (owns brands including Vans, North Face, Timberland, Jansport etc etc)
-Data compromised
⦿ email addresses, full names, phone numbers, billing addresses, shipping addresses and possibly order history, total order value, payment method for 35 MILLION customers
One piece of good news 👍:
(once again I've gone "above and beyond" and found TWO 🤣)
1️⃣ Robert Purbeck, Idaho, USA, pled guilty in a Georgia, USA Federal Court to charges of computer fraud and abuse for stealing the personal information of more than 130,000 people and and hacking into the networks of a medical clinic in Griffin, Georgia and the police department of the nearby city of Newnan (amongst other incidents). Mr Purbeck will be sentenced in June 👍
2️⃣ Bundeskriminalamt (BKA), or German federal police, said they seized the infrastructure of the popular illegal dark-net marketplace known as Nemesis and took its website down. In a wonderful piece of trolling they then added an animated spaceship reminiscent of a 1990s video game called Nemesis to the site which blows up the marketplace logo and then vanishes from the screen, leaving behind a QR code that links to the website for the Bundeskriminalamt 🤣🤣 Nemesis sold all kinds of illegal goods — drugs, compromised data and cybercrime services such as ransomware and tools to conduct phishing or DDoS attacks
One final note:
(and this one is a bit strange)
-- In Aug 2021 hackers posted, for sale, what they claimed to be 70 MILLION records of **AT&T customers to a dark-web hacking forum
-- Not sure if anyone stumped up the fee but then this year the same data was posted to the clear web (that's what normal people call the world-wide web 🤣)
-- Here comes the strange bit, AT&T deny the data came from them 🤷🏻♂️ but within the 70 million records there are 49 MILLION unique email addresses and Troy Hunt of Have I Been Pwned has verified with a sample of users that the data is real and the users are, or were, AT&T customers
-- (I think this one isn't finished with 🤣)
**For those that are this side of the pond and not familiar with the organisation, AT&T is the biggest telecom provider in the US and indeed world-wide (AT&T, Verizon, Deutsche Telekom)