Recent Cyber Security Breaches: Twitter, BMW UK, and More

Data Breach Cyber Security

As a managed IT service provider it is important to us to make sure to stay in know about the latest cyber security breaches. Every few weeks we like to share our findings with you here on our blog. Please take a peek below to learn more about some of the most recent cyber attacks here and around the world.

Twitter

Social Media Platform

The Hack: Accidental Data Sharing

Quick Summary: “Twitter sent a notification to business clients last week acknowledging a data breach that exposed the personal and billing information of some users. The breach occurred due to an issue that led to some users’ sensitive information being stored in the browser’s cache. Twitter explained that it recently became aware of this issue. Business users were warned that prior to May 20, 2020, if you viewed your billing information on ads.twitter or analytics.twitter your account’s billing information may be at risk.” -Kevin Lancaster

Read More Here >> Twitter Admits Business Data Breach For Some Users and Conveys Apologies

 

AMT Healthcare

Medical Care Solutions Provider

The Hack: Internal Email Account Compromise

Quick Summary: “AMT Healthcare revealed this week that it had experienced a data breach affecting a large pool of customers in December 2019 that was discovered through suspicious activity on an employee email account. The California-based company recently completed an investigation into the incident and contacted those who were affected. Potentially compromised data includes patient names, Social Security numbers, medical record numbers, diagnosis information, health insurance policy information, medical history information, and driver’s license/state identification numbers.” -Kevin Lancaster

Read More Here >> AMT healthcare data breach impacts nearly 50,000 patients

 

University of California San Francisco

Education and Research Institution

The Hack: Ransomware

Quick Summary: “The University of California San Francisco (UCSF) confirmed this week that it paid cybercriminals $1.14 million to decrypt data following a ransomware attack. Although UCSF was able to detect the incident quickly, it was not fast enough to allow cybersecurity teams to quarantine the affected servers, and a significant portion of its medical school and research data was encrypted. The ransom was demanded to free essential COVID-19 research data that was captured in an intrusion on June 1. Reports indicate that UCSF was one of four academic institutions targeted in a single week by the Netwalker ransomware group.” -Kevin Lancaster

Read More Here >> UCSF Pays $1.14m Ransomware Fee

 

Chem Pack (Australia)

Liquid Chemical Formulation Manufacturer

The Hack: Ransomware

Quick Summary: “As a barrage of cyberattacks continues to affect companies in Australia, Chem Pack has been caught in a ransomware attack. Cybercriminals using REvil ransomware have compromised and encrypted data at the Melbourne-based manufacturer. REvil ransomware exploits a known 2018 Windows vulnerability to elevate account privileges, enabling these bad actors to strike. The attackers claim to have exfiltrated financial information, personal information, and other essential business data, and recently posted a screenshot of a sample of the data on a Dark Web forum. Typically, this group posts a screenshot as proof that they’ve encrypted the affected data and asks the victim to contact them to negotiate a ransom for the key to unlock it.” -Kevin Lancaster

Read More Here >> Gang uses REvil to attack Melbourne contract formulation firm Chem Pack

 

BMW UK (United Kingdom)

Automobile and Truck Manufacturer, UK Division

The Hack: Unauthorized Database Access

Quick Summary: “A customer database containing information for BMW owners in the UK was recently discovered for sale by cybersecurity researchers, The database was offered in an underground forum by the KelvinSecurity Group, a well-known hacking group responsible for several major data sales in the last few months. The available information included customer names, emails, addresses, vehicle numbers, dealer names, and other information. The data was purportedly obtained from a corporate call center and includes records from 2016 to 2018. The database is also reported to contain data for some UK customers of other car companies including Mercedes, Honda, and Hyundai.” -Kevin Lancaster

Read More Here >> BMW customer database for sale on dark web

 

Heartland Farm Mutual (Canada)

Insurance Company

The Hack: Email Account Compromise

Quick Summary: “An unknown actor gained unauthorized access to an employee email account and all of the information it contained. Heartland Farm Mutual, a provider of agricultural insurance, announced that a small number of clients may have had their personal data exposed in the incident. The company has announced that the incident was contained quickly and that they’re bringing in an outside firm to investigate the breach.” -Kevin Lancaster

Read More Here >> Data breach at Canadian insurance firm exposes personal information

To learn more about how to keep your company safe and secure, click here to explore our San Diego IT Services & IT Security plans that are offered by SDTEK.

Leave a Reply