Hello and welcome to GlobalSign's first monthly NewsScam (yes you read that right…) of 2023!
We’ve been keeping an eye on the news stories and trends emerging and each month we’ll do a round-up of what we’ve noticed over the previous month.
Ransomware and data protection have been big themes in January. So far, we've seen another data breach at T-Mobile, international postal operations have come to a halt, passwords become compromised, ship management software impacted, plus Meta and Apple have received data privacy fines.
So, let's dive into the biggest cybersecurity headlines in the last several weeks.
T-Mobile Breached – Again
T-Mobile, one of the world's largest mobile phone providers, has been breached again. The last time was in 2021, when data from nearly 77 million customer accounts was exposed. The company ended up spending $350 million to settle customer claims, and another $150 million to improve its cybersecurity posture.
Now the company is faced with yet another incident involving the breach of 37 million accounts. A new regulatory filing says a hacker stole customer data that included names, billing addresses, emails, phone numbers, dates of birth, T-Mobile account numbers and information describing the kind of service they have with the wireless carrier. But the company says more critical information such as social security numbers, credit card information, government ID numbers, passwords, PINs or financial information were not exposed. The mobile carrier discovered the breach on January 5 and took action “within 24 hours.”
International Mail Comes to a Halt from the UK
The effects of a major ransomware attack on the British mail service continued this week.
After more than a week since the incident at the Royal Mail first occurred, the company is still experiencing "severe service disruption" to its outgoing international postal operations.
Royal Mail CEO, Simon Thompson confirmed that a cyberattack is to blame.
“We’ve confirmed that we’ve had a cyberattack,” Thompson told a U.K. parliamentary committee on Tuesday in response to questions from lawmakers. Thompson added that while the mail service believes that no customer data was compromised in the attack, the organization is prepared for that situation to change and has already notified the U.K. data protection regulator, the Information Commissioner’s Office, as a precaution.
The cybercrime gang LockBit appears to be behind the attack. The group is responsible for a string of incidents in the last several years, from Microsoft Exchange servers to an automotive supplier and an Italian tax agency. In this new BankInfoSecurity article, ransomware-tracking researcher Jon DiMaggio says the group “runs just like a business, with a relentless focus on recruiting top talent and maintaining advanced product.” Though, in a surprising move, after a member recently attacked a Canadian children's hospital - violating the group’s supposed rules - LockBit provided a free decryptor. It appears, somewhere, they do have a heart.
Accounts Compromised at NortonLifeLock
Also in the news is a huge hack at NortonLifeLock, with millions of accounts compromised. The company has informed some customers that “malicious third parties” have likely accessed their accounts, potentially even reaching their password vaults. However, NortonLifeLock owner Gen Digital maintains that its systems were not compromised.
The attack at NortonLifeLock began on December 12, and then during a two-week period, at least 925,000 accounts were successfully comprised, though the final number appears to be in the millions. All signs indicate this was a credential stuffing attack, where hackers gather information from other compromised accounts, in order to gain access to its target.
Ransomware Attack at Top Shipping Company
A top shipping company based in Norway is the victim of a ransomware attack. Industrial risk management and assurance solutions provider DNV said a recent ransomware attack on its ship management software impacted 1,000 vessels. The company announced on January 9 that its ShipManager software was targeted in a cyberattack two days prior, forcing it to shut down associated servers. According to Security Week, it's still unclear which ransomware group is responsible for the attack.
Data Privacy Fines for Meta and Apple
Meanwhile, data privacy fines are alive and well. Both Facebook owner Meta and Apple have recently been fined for millions of dollars.
In Meta's case, the fine is staggering: $413 million (which naturally the company will contest). The fine was imposed by the Irish Data Protection Commission (DPC) for breaches of the GDPR, specifically for breaches related to its Facebook and Instagram services.
In Apple's case, the fine was much lower at $8 million for a privacy breach in France (a mere drop in the bucket compared to Meta!) France's data protection authority CNIL found that Apple did not "obtain the consent of French iPhone users (iOS 14.6 version) before depositing and/or writing identifiers used for advertising purposes on their terminals.”
Wait, there’s more…
- Mailchimp Suffers Another Security Breach Compromising Some Customers' Information – The Hacker News
- The Guardian Confirms UK Members' Data Was Accessed in Ransomware Attack - InfoSecurity
- Twitter claims leaked data of 200M users not stolen from its systems - Bleeping Computer
- Is ChatGPT a cybersecurity threat? - TechCrunch