Sergiu Gatlan reports: Uber believes the hacker behind last week’s breach is affiliated with the Lapsus$ extortion group, known for breaching other high-profile tech companies such as Microsoft, Cisco, NVIDIA, Samsung, and Okta. The company added that the attacker used the stolen credentials of an Uber EXT contractor in an MFA fatigue attack where the contractor was flooded with two-factor authentication (2FA)…
Revolut hit by ‘phishing’ cyberattack
Ben Martin reports: A cyberattack on Revolut has compromised the personal details of more than 50,000 people. The breach at the app-based payments company occurred last Sunday night after a Revolut employee was caught out by a phishing scam. The attack has affected 50,144 people and involved an unauthorised third-party accessing some of their details,…
Bosnia and Herzegovina investigating alleged ransomware attack on parliament
Jonathan Greig reports: Prosecutors in Bosnia and Herzegovina are investigating a wide-ranging cyberattack that has crippled the operations of the country’s parliament. For nearly two weeks, the website for the country’s parliament has been down, and local news outlet Nezavisne spoke with several lawmakers who said they were told to not even turn on their computers, barring them from…
ClearBalance, Bricker & Eckler settle data breach lawsuits involving patient data
To follow up on two previously reported breaches involving protected health information, here are two class action settlements that involve business associates: CSI Financial Services aka ClearBalance In July 2021, DataBreaches reported a breach at CSI Financial Services, aka ClearBalance, a firm that services loans made by hospitals and providers to patients who need to…
NYSARC Columbia County Chapter discloses ransomware incident in July
From their press release, issued yesterday: On July 19, 2022, NYSARC Columbia County Chapter (“NYSARC”) detected irregular activity on their systems that was consistent with a typical ransomware attack. Out of an abundance of caution, NYSARC immediately began to remediate the situation including disconnecting systems, engaging data security and privacy experts, contacting law enforcement, and simultaneously beginning…
IHG hack: ‘Vindictive’ couple deleted hotel chain data for fun
Joe Tidy reports: Hackers have told the BBC they carried out a destructive cyber-attack against Holiday Inn owner Intercontinental Hotels Group (IHG) “for fun”. Describing themselves as a couple from Vietnam, they say they first tried a ransomware attack, then deleted large amounts of data when they were foiled. They accessed the FTSE 100 firm’s…