Sergiu Gatlan reports: A digitally signed and trojanized version of the 3CX Voice Over Internet Protocol (VOIP) desktop client is reportedly being used to target the company’s customers in an ongoing supply chain attack. 3CX is a VoIP IPBX software development company whose 3CX Phone System is used by more than 600,000 companies worldwide and…
Category: Hack
Dutch railway NS warns 780,000 customers about data breach
NL Times reports: The Dutch national railway, NS, has warned about 780,000 customers that their personal data may be involved in a data breach.The train operator works closely with market research firm Blauw. External parties gained access to personal data at via a software supplier for that company. For example, e-mail addresses, telephone numbers or…
Cyberattack on debt-buying giant exposes sensitive info on nearly 500,000 people
Jonathan Greig reports: Nearly half a million people had their sensitive financial information leaked during a cyberattack on NCB Management Services – a company that purchases debt. The Pennsylvania-based company sent out breach notification letters last week after discovering the attack on February 4. In documents filed with Maine’s Attorney General, the company said 494,969 people had…
Illinois Gastroenterology Group settles class action litigation for undisclosed sum
There has been a settlement in litigation stemming from a breach previously noted on DataBreaches. Without admitting guilt or wrongdoing, Illinois Gastroenterology Group has agreed to pay an undisclosed sum to settle claims from an October 2021 data breach first disclosed in April 2022. The incident involved unnamed threat actors accessing and exfiltrating data on…
Bits ‘n Pieces (Trozos y Piezas)
CR: CONASSIF Hacked With Chinese Characters El Consejo Nacional de Supervisión del Sistema Financiero (CONASSIF) is involved with the Costa Rican financial system. On March 20, the Computer Security Incident Response Center (CSIRT-CR) on the website of the Ministry of Science, Innovation, Technology and Telecommunications (MICITT), issued an alert involving the website of CONASSIF after…
Rio Tinto data vendor GoAnywhere’s possible breach spotted in Jan-end
CNA reports: U.S. cybersecurity firm Fortra said suspicious activity was identified within its GoAnywhere software nearly two months ago, a day after Rio Tinto in a staff memo said personal data of some of its Australian employees may have been stolen. The internal memo seen by Reuters on Thursday revealed payroll information, like payslips and…