[Weekly Security News] Data breach and ransomware attack from 5 organizations
[April 17 2024]
1. Hacker claims Giant Tiger data breach, leaks 2.8M records online
Canadian retail chain Giant Tiger disclosed a data breach. A threat actor has now publicly claimed responsibility for the data breach and leaked 2.8 million records on a hacker forum that they claim are of Giant Tiger customers. The compromised data include email addresses, names, phone numbers, physical addresses, and website activity. According to the Giant Tiger Spokesperson, the company became aware of security concerns related to a third-party vendor.
Source : Bleeping Computer, Security Affaris, Sc Media
2. Roku says 576,000 accounts breached in cyberattack
About 576,000 Rokuaccounts were compromised in a cyberattack, the second security breach for the streaming service this year. fraudsters used a cyberattack method known as credential stuffing: Hackers try login and password information leaked in one data breach on a variety of users’ accounts, exploiting people who use the same credentials across different accounts. After concluding Roku’s investigation of the first incident, it continued to monitor account activity closely and identified a second incident, which impacted approximately 576,000 additional accounts.
Source : CNN, Bleeping Computer, Scripps News
3. Boat suffers data breach: Personal data of 7.5 mn users leaked on dark web
BoAt has suffered a massive data breach, where personal information of more than 7.5 million customers has been compromised. The breach, allegedly carried out by a hacker known as ShopifyGUY, has resulted in the exposure of sensitive personal information such as names, addresses, phone numbers, email addresses, and customer IDs, according to media reports. Reacting to the reports, boAt issued a statement on Monday saying that it was aware of the incident and has launched a detailed investigation into the matter. With the potential for the data to circulate freely on platforms like Telegram in the coming days, experts warn of an imminent surge in phone and email scams perpetrated by malicious actors capitalizing on the compromised information.
Source : Business Standard, Mint, News18
4. Ransomware attack disrupts GBI Genios
GBI Genios, a database company in Germany, announced its servers were unavailable due to a massive ransomware attack and cautioned. The company has to assume an outage for several days. Such an outage has affected the company’s WISO database used by higher education institutions and libraries across the country. Despite the disruption, there has been no indication that Genios access had been leveraged to target the firm’s customer base.
Source : SC Media, The Record
5. 530k Impacted by Data Breach at Wisconsin Healthcare Organization
Group Health Cooperative of South Central Wisconsin (GHC-SCW) has started notifying more than half a million people that their personal information was stolen in a ransomware attack. The hackers attempted to encrypt the company’s systems but failed. With help from the FBI and an outside cybersecurity firm, the company was able to restore its systems. In total, 533,809 people had information copied by the group — which has not come forward publicly to claim the attack.
Source : Security Week, SC Media, The Record
Check out Penta Security’s Cloudbric product lines:
Cloud-based Fully Managed WAAP: Cloudbric WAF+
Agent based Zero Trust Network Access Solution: Cloudbric PAS
Agentless Zero Trust Network Access Solution: Cloudbric RAS
Blockchain: Blockchain Security Solution
Click here for inquiries regarding the partner system of Cloudbric
Make sure to follow us on our social media platforms (LinkedIn, Twitter, and Facebook)
Check out Penta Security’s product lines:
Web Application Firewall: WAPPLES
Database Encryption: D’Amo
Identity and Access Management: iSIGN+
Car, Energy, Factory, City Solutions: Penta IoT Security
Click here for inquiries regarding the partner system of Penta Security
Make sure to follow us on our social media platforms (LinkedIn)