As a managed IT service provider it is important to us to make sure to stay in know about the latest cyber security breaches. Every few weeks we like to share our findings with you here on our blog. Please take a peek below to learn more about some of the most recent cyber security attacks here and around the world.
Walgreen’s (United States)
Drugstore chain
The Hack: Misconfiguration
Quick Summary: “Vox reports that the personal data of patients that had a COVID-19 test at Walgreens was stored incorrectly and exposed to anyone who cared to view it. The data exposure potentially affects millions of people who used Walgreens’ COVID-19 testing services over the course of the pandemic. The exposure came to light after a security expert checked for test results for a family member and noticed the issue. discovered the issues in March after a family member got a COVID-19 test. The vulnerability has been around since at least March 2021 when the expert discovered it, but likely longer.” -ID Agent
Read More Here >> How Walgreens’ sloppy Covid-19 test registration system exposed patient data
McDonald’s (United Kingdom)
Fast Food Chain
The Hack: Misconfiguration
Quick Summary: “The popular “Monopoly” game is back at McDonald’s in the UK, and winners received a surprise when the login names and passwords for the game’s database were made available to all winners. A Misconfiguration caused automated emails that went out to prize winners to contain the relevant usernames and passwords for both the production and staging database servers, allowing anyone to access the information. The missent information also included sensitive back-end info like hostnames for Azure SQL databases.” -ID Agent
Read More Here >> McDonald’s leaks password for Monopoly VIP database to winners
Microsoft (United States)
Software Developer
The Hack: Misconfiguration
Quick Summary: “The personal information of hundreds of thousands of users of Microsoft’s EventBuilder has been exposed in a misconfiguration snafu. Researchers who discovered the leak say that the data was exposed through an improperly configured Azure blob and was available for an unknown length of time. The mistake was quickly fixed.” -ID Agent
Read More Here >> EventBuilder misconfiguration exposes Microsoft event registrant data
France-Visas (France)
Government Services Platform
The Hack: Hacking
Quick Summary: “A cyber-attack has compromised the data of around 8,700 people applying for visas to visit or move to France via the official government-run France-Visas website. No details of the nationalities affected or other information about the applicants that had information exposed was released, but French officials say that they have been contacted by mail.” -ID Agent
Read More Here >> Personal details of 8,700 French visa applicants exposed by hackers
Pacific City Bank (United States)
Financial Institution
The Hack: Ransomware
Quick Summary: “Pacific City Bank, a California-based bank that focuses on the Korean-American community, was rocked by ransomware. The bank was hit by the AVOS Locker ransomware gang last week. On Saturday, September 4, 2021, the ransomware gang added the bank to its leak site and published some screenshots as proof of the hack including a ZIP archive that contains a series of documents allegedly stolen from the bank. The incident is under investigation.” -ID Agent
Read More Here >> Pacific City Bank hit by AVOS Locker Ransomware
Department of Justice and Constitutional Development (South Africa)
Government Agency
The Hack: Ransomware
Quick Summary: “A ransomware attack struck the Department of Justice and Constitutional Development of South Africa. According to a department statement, many departments have been impacted, including the issuing of letters of authority, bail services, departmental email and the departmental website. Some services are available through old-fashioned pen and paper and child support payments won’t be delayed. The department announced that its team is working to restore operations. The incident is under investigation, and no word was available at press time on who was responsible for the attack.” -ID Agent
Read More Here >> Department of Justice and Constitutional Development of South Africa hit by a ransomware attack
To learn more about how to keep your company safe and secure from cyber security attacks, click here to explore our San Diego IT Services & IT Security plans that are offered by SDTEK.
