Recent Cyber Security Breaches: Tupperware, Ambry Genetics and More

security breach

As a managed IT service provider it is important to us to make sure to stay in know about the latest cyber security breaches. Every few weeks we like to share our findings with you here on our blog. Please take a peek below to learn more about some of the most recent cyber attacks here and around the world.

Tupperware

Home products line

The Hack: Malware

Quick Summary: “Hackers infiltrated Tupperware’s online store, injecting payment skimming malware into the checkout process. The malicious script was active for at least five days, and it effectively mimicked Tupperware’s official payment form. After shoppers entered their data into the fake form, a “time out” error appeared, redirecting customers to the actual payment page and disguising the theft, which allowed it to go undetected. ”

Read More Here >> Tupperware website hacked and infected with payment card skimmer

 

Ambry Genetics

Genetic testing laboratory

The Hack: Phishing scam

Quick Summary: “An employee failed to identify a phishing scam, interacting with the message and giving hackers access to patient data between January 22, 2020, and January 24, 2020. However, the incident wasn’t reported until March 22nd, as the company struggled to dedicate resources to cybersecurity while it transitioned to remote work. In total, the breach is the second largest healthcare breach of the year, and, although the company is updating its cybersecurity practices in response to the incident, they will need to navigate a challenging recovery process during a pandemic.”

Read More Here >> Medical Information of 233,000 Individuals Exposed after Genetic Testing Lab Hack

 

LearnPress

WordPress plug-in

The Hack: Software vulnerability

Quick Summary: “Cybersecurity researchers identified flaws in the LearnPress plug-in that could allow hackers to access student information, steal money from course creators, or to alter their access privileges to become teachers. The popular WordPress plug-in is used by more than 100,000 schools, organizations, and content creators who rely on these digital services even more now that eLearning is the de-facto presentation method for nearly all students. ”

Read More Here >> Researchers Find Vulnerabilities in Popular Remote Learning Plug-ins

 

EU – Proton Technologies AG

GDPR compliance advice website

The Hack: Exposed database

Quick Summary: “An exposed database compromised users’ login credentials on GDPR.EU, an advice site for organizations striving to improve data privacy compliance that is partially sponsored by the Horizon 2020 Framework Programme, an EU research program. The ironic cybersecurity incident was easily-identifiable by cybersecurity researchers, who reported the vulnerability to developers. For a company that relies on institutional funding to power its platform, this incident is an embarrassing failure that could impact its long-term viability as a government partner.”

Read More Here >>GDPR Compliance Site Leaks Git Data, Passwords

Wolfe & Associates

Property management company

The Hack: Unauthorized access

Quick Summary: “A company database containing housing applicants’ personal data was infiltrated by hackers more than six months ago, providing bad actors unfettered and unrestrained access to sensitive personal information. Wolfe & Associates learned of the breach when it was notified by a local police department, which raises real questions about their cybersecurity capabilities and defensive posture. In addition to contacting victims directly, Wolfe & Associates completed a holistic overhaul of its IT infrastructure. However, this costly upgrade won’t undo the damage of its negligent data defense.”

Read More Here >> Data Thieves Hit California Property Management Company

 

European Union – Norwegian Cruise Line

Cruise tourism provider

The Hack: Phishing scam

Quick Summary: “A Norwegian Cruise Line employee was reeled in by a phishing scam that compromised the personal details of thousands of independent travel agents. The information was then posted on Dark Web forums, making it widely accessible to bad actors. The company, already reeling from the COVID-19 crisis, has now damaged its relationship with partners that are critical to its recovery. ”

Read More Here >> Norwegian Cruise Line Experiences Data Breach of Travel Agents Records

 

To learn more about how to keep your company safe and secure, click here to explore our San Diego IT Services & IT Security plans that are offered by SDTEK.

Leave a Reply