Security News Round-Up: Over 9 Million Customers Affected in EasyJet Hack
Over 9 Million Customers Affected in EasyJet Hack
According to Hack Read, a complex cyberattack hit EasyJet, affecting more than 9 million of the airline’s customers. The data of 2,208 payment cards was exposed in the incident, along with other data including email addresses and travel information. Though the company has expressed there has been no reason to believe any information has been misused by the criminals, those who had card data exposed have been notified as well as offered assistance, according to the article. Both how the attack carried out as well as which cybercriminals executed the attack remain unknown.
Cybercrime Group Plotting COVID-19 Hospital Attacks Exposed
European police were able to track down suspects that are believed to have been plotting COVID-19 related attacks against hospitals, says Info Security Magazine. The group gained access to remote access trojans, ransomware, SQL tools, and more. These tools would later be used to steal data and cause other harm to both private and public organizations, according to the article. The police revealed the attacks were being planned against mainly hospitals located in Romania using social engineering techniques disguised in email various emails that used COVID-19 information to lure in readers at such organizations.
Texas Transportation Agency Hacked
In a second attack against the Texas government within the past week, ransomware has hit the Texas Department of Transportation, according to Security Week. The previous attack affected the state’s high and appellate courts. The transportation agency was able to isolate the parts of the network that were involved in the incident and prevent any further access by the hackers. Some of the transportation website’s features are not currently available, but which ones specifically have not yet been revealed by the organization.
Australian Shipping Company’s Data Leaked After 2nd Attack
After experiencing two different ransomware attacks this year, Toll Group had its data leaked by cybercriminals, says Bank Info Security. The Nefilim ransomware group carried out the second attack earlier this month. Not having paid the ransom in the Mailto ransomware attack faced six weeks earlier, the company did the same despite the second group’s threats, the article states. The Nefilim group revealed that they had been able to steal more than 200GB of Toll Group’s data and have now published a portion of that data online to prove it was real. Included in the stolen data allegedly are annual financial reports, information regarding cash flows, drug-screening invoices, and reports for the board of directors, Bank Info Security states.
Steel Maker Hit by Cyberattack in Australia
Operations were interrupted as Australian steel maker BlueScope experienced a cyber-incident this month, says Security Week, mostly affecting manufacturing and sales processes located in Australia. However, a handful of operations were able to use manual methods to carry on. The company has yet to reveal what type of incident it was, but they did note that their New Zealand, North Star, and Asian operations experienced little to no disruption or effects at all. Some news sources have reported that the incident was a ransomware attack and that the company is working on recovering from it at the moment, Security Week highlights.
Hacker Responsible for Selling 87GB Database Arrested
According to The Hacker News, Ukrainian police arrested a hacker who was responsible for posting an 87GB trove of stolen data for sale last year. The database includes sensitive data such as bank card PINs, PayPal accounts, cryptocurrency e-wallets, and more. When the database was posted for sale, the hacker—known by the name Sanix—had offered buyers the opportunity to purchase access for life for $45-$65, says the article. Those whose data was included in the leak were predominantly European Union and North American citizens. Police discovered 2T of stolen data when searching the criminal’s home, along with profits from illegal actions totaling $10,000 in cash.
192 Million Records of Massive Brazilian Cosmetic Company Leaked
Two misconfigured Amazon Web Server databases resulted in the leak of 102 million records belonging to cosmetic giant The Natura & Co Group, located in Brazil. According to Hack Read, databases were left online unprotected and contained sensitive, personal, and financial information about affected customers. The company does business across 73 different countries and owns Aesop, Avon, The Body Shop, and more. Information such as birth dates, full names, genders, purchase history, telephone numbers, email and physical addresses, access tokens, and more were all included in the massive leak.