Hello and welcome back. It's been quite an eventful week with some big names that were impacted by a cybersecurity incident. Where to begin?
Let's start with one of the world's largest hotel conglomerates, InterContinental Hotels Group PLC (IHG). The company was hit by a cyberattack that left consumers unable to book hotel rooms. In a statement filed September 6 with the London Stock Exchange, IHG - which owns hotel brands such as Holiday Inn, Crowne Plaza and Regent - stated its technology systems were subject to “unauthorized activity,” resulting in its booking channels and other applications being significantly disrupted. IHG stated that it had implemented response plans, and will be supporting hotel owners and operators. IHG was impacted by a credit card breach in late 2016, and by April of 2017 the company released details which showed that cash registers at more than 1,000 of its properties were compromised with malicious software designed to siphon customer debit and credit card data.
We usually don't read about many cybercrime incidents in Portugal, but for the second week in a row the country is in the news. A story in IT Pro is reporting that the Portuguese government’s department of defence (DoD) is the victim of a data breach involving the theft of NATO documents. IT Pro based its report on a story in Diário de Notícias (DN). That story says that many documents, perhaps hundreds, sent to Portugal’s officials by NATO have been found for sale on the deep web. Portugal's prime minister António Costa was notified by U.S. intelligence about the breach last month.
Android device giant Samsung revealed a data breach exposing the personal information of its customers. The breach occurred in late July when, according to a company blog post "an unauthorized third party acquired information from some of Samsung’s U.S. systems." Then, around August 4, it was determined that personal information of certain customers was affected. While the breach did expose some personal information, Samsung claims the hack did not comprise critical details such as Social Security numbers or credit and debit card numbers. However, name, contact, location, date of birth, and product registration information may have been exposed. This is the second time the company has been hacked this year. The other incident occurred six months ago when the source code of its Galaxy smartphones was leaked in the aftermath of an attack by the LAPSUS$ extortion gang.
Los Angeles Unified, the second-largest school district in the US, was hit with a ransomware attack last weekend. Luckily, school opened as usual on Tuesday despite the "significant disruption" to the school's infrastructure. In a statement on Tuesday the district said it detected unusual activity in its Information Technology systems over the weekend. After an initial review it was confirmed that an external cyber attack took place. According to Data Breach Today, login credentials for accounts within the school district's network were offered on the dark web for several months leading up to the attack. At least 23 sets of login credentials belonging to people working for and with the district were exposed.
Outdoor apparel brand 'The North Face' was targeted in a large-scale credential stuffing attack resulting in the hacking of 194,905 accounts on its website. The attack on The North Face website began on July 26 but the activity was not detected for two weeks. The company was able to stop the attack on August 19. A credential stuffing attack occurs when threat actors use email addresses/usernames and password combinations obtained from data breaches to attempt to hack into user accounts on other websites.
Also this week, Instagram was fined by Irish regulators to the tune of 405 million euros ($402 million) after an investigation found the social media platform mishandled teenagers’ personal information in violation of strict EU data privacy rules. The Instagram penalty is the largest GDPR penalty that its owner Meta has been hit with to-date.
That's a wrap for the week. See you back here next week!
Top Global Security News
IT Pro (September 8, 2022) Portugal government cyber attack allegedly leaks "hundreds" of classified NATO documents
The Portuguese government’s department of defence (DoD) has reportedly been the subject of a ‘significant’ data breach involving the theft of NATO documents.
According to local media, “hundreds” of documents sent to Portugal’s officials by NATO have been found for sale on the deep web and the General Staff of the Armed Forces (EMGFA), the department that was attacked, only found out after US intelligence informed them of their discovery.
The US made direct contact to Portugal’s prime minister António Costa in August, informing him of the NATO documents it found for sale online, according to Diário de Notícias (DN) which first reported the story.
Silicon Angle (September 7, 2022) Intercontinental Hotels Group systems knocked offline following cyberattack
InterContinental Hotels Group PLC, the owner of hotel brands such as Holiday Inn, Crowne Plaza and Regent, has been hit by a cyberattack that resulted in its booking systems being knocked offline.
In a statement filed Sept. 6 with the London Stock Exchange, IHG described the issue as its technology systems being subject to “unauthorized activity,” resulting in its booking channels and other applications being significantly disrupted. IHG stated that it had implemented response plans, notified regulatory authorities and engaged external specialists to investigate the incident.
“IHG is working to fully restore all systems as soon as possible and to assess the nature, extent and impact of the incident,” the filing reads. “We will be supporting hotel owners and operators as part of our response to the ongoing service disruption. IHG’s hotels are still able to operate and to take reservations directly.”
Bleeping Computer (September 7, 2022) 200,000 North Face accounts hacked in credential stuffing attack
Outdoor apparel brand 'The North Face' was targeted in a large-scale credential stuffing attack that has resulted in the hacking of 194,905 accounts on the thenorthface.com website.
A credential stuffing attack is when threat actors use email addresses/usernames and password combinations obtained from data breaches to attempt to hack into user accounts on other websites.
The success of these attacks relies on the practice of password recycling, where a person uses the same credentials across multiple online platforms.
The credential stuffing attack on The North Face website began on July 26, 2022, but the website's administrators detected the unusual activity on August 11, 2022, and were able to stop it on August 19, 2022.
Associated Press (September 6, 2022) Irish Watchdog Fines Instagram 405M Euros in Teen Data Case
Irish regulators are slapping Instagram with a big fine after an investigation found the social media platform mishandled teenagers’ personal information in violation of strict European Union data privacy rules.
Ireland’s Data Protection Commission said by email Monday that it made a final decision last week to fine the company 405 million euros ($402 million), though the full details won’t be released until next week.
The penalty is the second-biggest issued under the EU’s stringent privacy rules, after Luxembourg’s regulators fined Amazon 746 million euros last year.
Instagram parent Meta, which also owns Facebook, said that while it had “engaged fully” with regulators throughout the investigation, “we disagree with how this fine was calculated and intend to appeal it.”
ZDNet (September 6, 2022) The second-biggest school district in the US was hit with ransomware
Los Angeles Unified, the second-largest school district in the US, was hit with a ransomware attack over the weekend, the school district announced Tuesday. Despite the "significant disruption" to the school district's IT infrastructure, school opened as usual on Tuesday.
Based on a preliminary analysis of critical business systems, LA Unified said employee healthcare and payroll services were not impacted, nor did the cyber incident impact schools' safety and emergency mechanisms.
The school district said it has benefitted from "an immediate and comprehensive response" from the federal government, including assistance from the White House, the Department of Education, the FBI and the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA). They're also working with local law enforcement agencies.
IT Pro (September 6, 2022) Samsung confirms it was hit by a data breach
Samsung revealed it suffered a data breach that exposed the personal information of its customers.
“In late July 2022, an unauthorized third party acquired information from some of Samsung’s U.S. systems. On or around August 4, 2022, we determined through our ongoing investigation that personal information of certain customers was affected, the company stated in a blog post.
Despite the scope of the attack, the tech giant has assured that the hack did not compromise Social Security numbers or credit and debit card numbers. However, name, contact, location, date of birth, and product registration information may have been exposed.
This incident didn't affect consumer devices, and Samsung has confirmed users can continue to use the company's products and services as usual.
Other Top Security News