Recent Cyber Security Breaches: PayPal, Special Olympics NY and More

cyber security breach

As a managed IT service provider it is important to us to make sure to stay in know about the latest cyber security breaches. Every few weeks we like to share our findings with you here on our blog. Please take a peek below to learn more about some of the most recent cyber attacks.

PayPal

Online payment platform

The Hack: Phishing attack

Summary from Kevin Lancaster: “Some PayPal users are receiving phishing emails purportedly notifying of unusual account activity and requiring users to verify their personal information to restore full account access. The hackers fabricate a sense of urgency by noting that user accounts will be disabled until they confirm their identity. Although the messages contain many tell-tale signs of a phishing scam, they pose a serious risk to PayPal customers and the company’s reputation.”

Read More Here >> PayPal Phishing Attack Promises to Secure Accounts, Steals Everything

 

 

Nexus Mods

Game module website

The Hack: Unauthorized database access

Summary from Kevin Lancaster: “Hackers exploited a legacy codebase on the platform to access user credentials. Although the company discovered the breach in November, they just revealed it this week, a move that will likely increase the customer blowback from the incident. While Nexus Mods moved up the development of new software and worked to mitigate the risks posed by their outdated code base, the incident reflects a lack of attention to detail and breach response plan.”

Read More Here >> Nexus Mods Game Moduling Site Discloses Data Breach

 

 

LifeLabs (Canada)

Laboratory diagnostics and testing service.

The Hack: Ransomware

Summary from Kevin Lancaster: “Hackers accessed Life Labs’ IT, stealing copious amounts of customer information and demanding a ransom for the data’s return. In a notice to customers, Life Labs notes that it identified the breach in October, but waited until December to notify customers, a concerning timeframe that will make it more difficult for victims to protect their credentials against misuse. According to the company, they paid the ransom and their data was returned. Now they are declaring the incident a “low risk” to customers”, but given their poor communication so far, this is unlikely to assuage anyone’s concerns anytime soon.”

Read More Here >> LifeLabs pays hackers to recover data of 15 million customers

 

 

Special Olympics NY

Nonprofit organization

The Hack: Phishing scam

Summary from Kevin Lancaster: “Cybercriminals hacked the organization’s network and used this access to send phishing emails to its previous donors. Special Olympics NY contacted those impacted by the event, asking them to disregard the phishing communication and to offer confidence that their data was secure. Criminals created a sense of urgency by alerting donors that an automatic donation for $1,942,49 was scheduled to debit in two hours, and the emails invited users to confirm their donation by inputting their personal data on a malicious website.”

Read More Here >> Special Olympics New York Hacked to Send Phishing Emails

 

 

Sinai Health System

Chicago-based healthcare network

The Hack: Phishing scam

Summary from Kevin Lancaster: “Two employees fell for a phishing scam that gave hackers access to email accounts containing patients’ personal data. The attack, which occurred on October 16th, wasn’t discovered until December. In response, Sinai Health Network reset employees’ email passwords and provided employees with phishing scam awareness training to prevent a similar event in the future. Unfortunately, these actions cannot undo the damage of a data breach, and the healthcare network will now endure heavy regulatory scrutiny, as the Office for Civil Rights has launched an investigation into the incident.”

Read More Here >> Former Lurie Children’s employee wrongfully accessed patient data, hospital says

 

 

Andrew Agencies (Canada)

Insurance and financial service provider

The Hack: Ransomware

Summary from Kevin Lancaster: “A ransomware attack has encrypted hundreds of the agency’s computers, rendering them unusable and leaving the company searching for a solution. The company first discovered the attack back in October but has declined to pay the ransom. However, the hackers are continuing to set new payment deadlines with promises to publish the company’s data if they don’t comply. The group claims to have 1.5GB of customer data, but that claim has gone unverified by hackers and the media.”

Read More Here >> Canadian Insurance Firm Hit By Maze Ransomware, Denies Data Theft

 

To learn more about how to keep your company safe and secure, click here to explore our San Diego IT Services & IT Security plans that are offered by SDTEK.

Leave a Reply