CloudSek reports: On 14 August, CloudSEK’s contextual AI digital risk platform XVigil discovered a threat actor Tanaka sharing a database marked as bitsphere[.]in on an english speaking hacking forum. Analysis of the database reveals that the following information has been leaked: More than 3 lakh 20 thousand patient records containing their PII information and medical diagnosis. 500 login…
Category: Non-U.S.
Pizza Hut Australia customer data hacked; ShinyHunters claims to have more than 1 million customers’ information
This has not been a great year for Australian citizens whose personal information has been compromised in a number of cyberattacks. Although DataBreaches regrets being the bearer of more bad news for them, more than one million customers of Pizza Hut Australia appear to have had their data acquired by ShinyHunters. According to “Shiny” (@shinycorp),…
Maker of ‘smart’ chastity cage left users’ emails, passwords, and locations exposed
Lorenzo Franceschi-Bicchierai reports on yet another incident in which responsible disclosure by a researcher and follow-up by media failed to get a company to address vulnerabilities that left the personal information of customers exposed: A company that makes a chastity device for people with a penis that can be controlled by a partner over the…
“It can be confirmed the system of the Department of Defence has not been hacked”- SANDF
Yesterday, DataBreaches reported on SNAtch Team and how they were not a ransomware gang or using what had been referred to as the Snatch locker or ransomware. In that report, DataBreaches included a description provided by their spokesperson about their attack on the South Africa Department of Defense — an attack that SANDF initially dismissed…
At some point, SNAtch Team stopped being the Snatch ransomware gang. Were journalists the last to know?
In December 2019, Sophos published an analysis of Snatch ransomware. In June 2020, DFIR Report provided a case study, and in July 2020, LIFARS wrote an article about Snatch ransomware having been detected in attacks in June. Since then, the Snatch leak site has continued to add victims and the media (including DataBreaches) has continued to…
Za: Enforcement Notice Issued To Dis-Chem For Violating POPIA
Gugu Lourie reports: On the 31st of August 2023, the Information Regulator took action by issuing an Enforcement Notice against Dis-Chem, due to their non-compliance with several provisions of the Protection of Personal Information Act (POPIA). In the timeline of events, it was revealed that during the months of April and May in 2022, a…