In our monthly roundup of data breaches, security incidents, and scams, we take a closer look at some of the biggest headlines you need to know.
Kronos ransomware attack disrupts paychecks and timesheets
On December 13, global payroll software provider UKG (Ultimate Kronos Group) disclosed a ransomware attack impacting Kronos Private Cloud, which houses a range of applications for tracking employee work hours and attendance, as well as managing payroll.
The attack has caused outages as UKG has been forced to pause some services, leaving clients across a wide range of industries unable to access payroll systems. Some companies who rely on the software are creating backup plans, such as issuing paper checks.
In a statement, UKG said that the company is working with cybersecurity experts to resolve the attack, and that it has notified authorities. However, the company expects outages to continue for at least the next several weeks.
In an FAQ about the security incident, UKG says it is “working diligently to determine whether customer data has been compromised.”
If you’re an Allstate Identity Protection member, know that our Customer Care team is available 24/7 to help with recovery if anything should come up with your identity.
Luxury retailer announces customer data breach, exposed payment details
Retailer Neiman Marcus Group recently alerted 4.6M of its customers to a breach that occurred in May 2020. Many customers' online accounts may have been exposed, including contact details, credit card information, gift card numbers, usernames, and passwords.
According to the company's public statement, "approximately 3.1 million payment and virtual gift cards were affected, more than 85% of which are expired or invalid." Neiman Marcus says its subsidiaries Bergdorf Goodman and Horchow have not been affected by the breach.
The company is presently working with law enforcement and a cybersecurity firm to resolve the incident. In the meantime, Neiman Marcus encourages customers to alert their payment card issuer to any unauthorized purchases, request and review a copy of their credit report, and update any of their credentials that may be reused across other sites.
If you're an Allstate Identity Protection member, consider adding important information like your credit card numbers to our dark web monitoring tool. If we find your data where it doesn't belong, we'll alert you as soon as it's detected. If you think you may be a victim, you can rest easy knowing our customer care team is on standby to help you fully resolve any potential identity theft.
Apple vulnerability compromises billions of devices
On September 13, global tech company Apple introduced an emergency software update to fix a vulnerability impacting 1.65B of the company's products worldwide. Apple's security team quickly developed the fix after being notified by security researchers that a flaw in the company's mobile and desktop products could allow invasive spyware to easily infect users' devices.
The spyware, allegedly developed by a foreign espionage agency, uses a "zero-click" infection method, allowing it to invisibly infect a target's device and gain total access — without the user having to click a suspicious link or fall victim to a phishing attempt.
Apple has urged users to run the latest software updates containing a fix for the vulnerability, by installing iOS 14.8, MacOS 11.6, and WatchOS 7.6.2.
Mobile data breach impacts millions of customers
T-Mobile recently announced a data breach affecting 47M of its current, former, and prospective customers. The records, posted for sale on a dark web forum, included personal data like customer names, dates of birth, Social Security numbers, and driver’s license numbers.
T-Mobile stated that “no phone numbers, account numbers, PINs, passwords, or financial information were compromised” in the leak. The company reported that 850K current customer names, phone numbers, and account PINs may have been exposed.
If your data is involved in a breach, we fully remediate any identity-theft related issues our members might face. For more information on what to do if you believe you were affected by a breach, read our article on What to Do After Your Data Is Breached.
LinkedIn scraping incident compromises 92% of usersBusiness and employment networking platform LinkedIn recently experienced a scraping incident that exposed 700M people — 92% of its total users. On June 22, 2021, a hacker advertised a database of LinkedIn user records for sale on the dark web, containing phone numbers, physical addresses, geolocation data, and inferred salaries.
The hacker appears to have exploited the official LinkedIn application programming interface to access and download records. While there are no passwords included in the data, the exposed information could be used to boost phishing attempts, sharpen social engineering attacks, commit identity theft, or even access other sites where users may have accounts.
In a statement, LinkedIn says they are still investigating the incident and while user data was obtained from their servers and other sources, "no private LinkedIn member data was exposed."
Ransomware attack hits major U.S. fuel pipeline
The massive 5,500 mile Colonial Pipeline was shut down by a ransomware attack on Friday, May 7, 2021. The largest fuel pipeline in the U.S., it carries more than 100M gallons of fuel a day from refineries on the Gulf Coast, comprising 45% of the East Coast's fuel supply.
The FBI has confirmed a cybercriminal gang known as DarkSide infiltrated Colonial's network through a cloud computing system, locking some computers and servers, and taking nearly 100 gigabytes of data hostage. The gang then demanded a ransom, threatening to leak the important data on the internet. It does not appear that the data has been removed from Colonial's servers and Colonial is working with the FBI and a cybersecurity firm to further investigate.
Security researchers say this ransomware attack may have been helped by the increase in remote-working brought on by the pandemic. More engineers were remotely accessing the pipeline's control systems from home, potentially leaving computer systems more exposed. Incidents like this show the risk that the dramatic increase in ransomware has posed to businesses and critical national infrastructure.
Facebook users personal information exposed again online
The sensitive personal data of more than 533 million Facebook users was recently posted on a cybercriminal forum. The cache of information was initially leaked back in 2019. Unfortunately, despite the company reportedly resolving the security flaw when it was first discovered, the breached data is still circulating on the dark web. The information initially sold for tens of thousands of dollars, but has continued to spread, selling for lower and lower prices. The most recent share was offered for free.
More than 32 million records were exposed during the breach, including phone numbers, birth dates, and individuals' biographical details. Overall, this ongoing exposure is affecting Facebook users in 106 countries. “Bad actors will certainly use the information for social engineering, scamming, hacking and marketing,” tweeted Alon Gal, of Israeli cybercrime intelligence company Hudson Rock, who flagged the recent release of the Facebook data.
Social engineering is when cybercriminals get access to someone's personal information by gaining their trust. Scammers use details obtained in a breach to convince a target to reveal even more sensitive information that can be used for identity theft and other types of fraud.
It's important to remember that even past breaches could still affect you today. Old data can resurface as it's passed along in dark web cybercriminal networks and could then be used for many types of fraud. Keeping a close eye on your personal information is a critical step you can take to help protect yourself.
For more information on what to do if you think you've been exposed in a data breach, check out our article.
Cybersecurity spending up, exposed personal data soaring
According to a recent report by tech market analyst firm Canalys, even though companies are spending more and more to protect themselves — investment in cybersecurity efforts grew 10% in 2020 to $53 billion — the amount of sensitive personal data exposed in data breaches continues to climb.
Ransomware attacks have become more targeted, allowing for cybercriminals to gain access to much more data than in the past. In fact, more records were exposed in 2020 than in the previous 15 years combined. Research shows companies are still under-investing in cybersecurity and haven't made security a top priority when adapting their business processes to the pandemic.
“Cybersecurity must be front and center of digital plans, otherwise there will be a mass extinction of organizations, which will threaten the post-COVID-19 economic recovery,” said Canalys Chief Analyst Matthew Ball in a statement. “A lapse in focus on cybersecurity is already having major repercussions, resulting in the escalation of the current data breach crisis and acceleration of ransomware attacks.”
Another major breach in 2020
Hackers continue to take advantage of security vulnerabilities putting businesses and ultimately, individuals, at risk.
IT management company SolarWinds recently experienced a cyberattack, leading to data breaches at several federal agencies, including the Department of Energy and the Department of Homeland Security. The hack is under investigation by U.S. officials, and it's suspected that Russian-linked hackers are behind the breach.
SolarWinds has indicated that as many as 18,000 of its customers may have been running software containing the vulnerability that allowed the attack. With a client list compromising more than 300,000 customers globally — including Fortune 500 companies and education institutions — many other organizations outside of the government sector may have been compromised.
Mashable security incident leads to data breach
On November 8, 2020, news and entertainment platform Mashable announced they were a victim of a security incident that exposed some users’ data. The organization learned of the breach when a hacker posted a copy of a Mashable database online.
The security incident stemmed from a feature that allowed users to sign in using a social media profile. According to Mashable, the compromised data included users’ names, email addresses, genders, IP addresses, and the month and date of their births.
Shopify announces breach, stolen customer data
Canadian eCommerce platform Shopify confirmed an internal breach that occurred between August 15 and September 15, 2020, when two of its employees allegedly stole customer data from nearly 200 merchants.
The two employees were subsequently fired, and Shopify reports it has contacted the FBI. Stolen customer data included names, postal addresses, order details, and the last four digits of customers' payment card, but the company says no other financial data was compromised.
Shopify has not indicated the total number of customer records that were stolen, but stated they have discovered no evidence that the stolen data was ever used. Shortly after the breach was discovered, Shopify notified the merchants affected by the breach.
Razer leaks personal details of 100,000 customers
A security researcher discovered gaming hardware vendor Razer leaked more than 100,000 customers' personal data by leaving a database exposed. The database was not only unprotected, it was also indexed in public search engines.
Razer has acknowledged the leak and says that no passwords or credit card numbers were among the exposed information. However, the database did include customer email addresses, physical addresses, and phone numbers, along with information about the items customers purchased.
Data breaches that do not include passwords or credit card information may seem less alarming, but it's important to take them seriously. Even without access to a credit card number or a password, cybercriminals could use other stolen personal information to increase the precision of targeted phishing attacks or engage in synthetic identity fraud.
If your data was involved in a breach, we're here to help you protect yourself. For more information on what to do if you think you've been exposed, check out our blog.
New Experian breach affects millions
Credit reporting agency Experian has experienced another data breach. While Experian has not revealed how many victims were affected, the non-profit South African Banking Risk Information Center (SABRIC) has indicated as many as 24 million South African customers and nearly 800 thousand businesses have had their data compromised.
Experian claims the exposed records contained data that was already publicly available and did not include consumer credit or financial information. The credit agency noted that the individual responsible for the breach has had their "hardware" confiscated and any stolen information has been secured and deleted.
For more information on what to do if you think you've been exposed in a data breach, check out our article.
Latest Twitter hack might be biggest to date
Several major companies, as well as a number of high profile political and technology figures, like Elon Musk, were recently targeted in a widespread hacking operation that some experts are calling the biggest Twitter hack to date.
The hack appears to be part of a cryptocurrency scam devised to steal money from Twitter users. Cybercriminals hacked into high-profile verified accounts and posted fraudulent messages promising financial gain if users "invest" in Bitcoin by sending it to the scammers' accounts.
Before the scam was detected, the hackers stole more than $100,000 in Bitcoin through hundreds of transactions. Twitter and the FBI are currently investigating the hacking.
It can be difficult to confirm the identity of someone you may be communicating with on social media. Even verified public accounts could be hacked. Stay alert on social media and be careful responding to any requests for money or personal details, even from "official" or verified accounts.
For more tips on staying safe on social media, take a look at our article, How criminals use social media to steal your information.
Popular children's learning app Mathway breached
In January 2020, the math learning app Mathway was breached. A cybercriminal stole 25 million Mathway user email addresses and passwords, most of them likely belonging to children. The user records were posted for sale on a dark web marketplace for $4,000 in cryptocurrency and have subsequently appeared on other dark web sites. Mathway acknowledged the breach in a recent statement and promises to notify all impacted users.
With the increase in use of online learning apps and websites, it's important to protect children's personal data which may be more vulnerable to exposure. For more information on kids' digital privacy and to see our tips for protecting your kid’s data online, check out How to protect your child’s identity.
Twitter confirms customer data breach
On June 23, 2020, Twitter confirmed some business customers had their personal details exposed. An official spokesperson would not confirm the total number of customers involved, but she did state that Twitter notified victims. The personal data compromised includes names, phone numbers, and even the last 4 digits of the credit card on record.
Unemployment fraud spikes as 38.6 million Americans file claims
At the time of publishing, nearly 40 million people have filed for unemployment benefits due to the impact of COVID-19 — and many Americans are now learning they’re the victims of unemployment-related identity theft. This places not only victims at risk but their former employers as well. Based on how unemployment benefits are funded, fraudulent claims significantly increase the employer’s unemployment tax.
While fraud is spiking across the nation, some states have been hit harder than others. This is especially true for Washington, where officials have experienced “hundreds of millions of dollars” in unemployment-related losses. By contrast, the Employment Security Department reports that it lost just $1.4 million in the prior month.
See our tips for avoiding COVID-related tax and stimulus fraud.
As COVID-19 pandemic continues, identity fraud soars
Cybercriminals are taking full advantage of the COVID-19 pandemic and economic crisis. The Federal Trade Commission reports it received four times as many identity fraud complaints in early April as it received in the previous three months combined. Experian recently discovered a new cache of stolen personal data, exposing 3 million people to potential fraud. And Google reports it intercepted 18 million COVID-19 scam emails in just one week.
With many people losing their jobs and facing precarious financial situations, it's more important than ever to protect your personal information and preserve your access to critical government economic support.
Learn how you can help avoid tax-related identity theft and stimulus fraud and get tips on preventing phishing attacks.
Zoom hack compromises more than 500,000 accounts
Cybersecurity agency Cyble discovered cybercriminals selling over 500,000 stolen Zoom credentials for very low prices — even giving away some for free — on hacker forums. The stolen information included Zoom user passwords, personal meeting room URLs, and meeting host ID numbers.
Experts believe the hackers gained access to these accounts because they were created with re-used passwords. Password re-use can put your security at risk. It's important to create a new, unique password for each of your online accounts.
For more tips on protecting your Zoom account, you can check out our recent article on Zoombombing.
COVID-19 phishing scams on the rise
The Centers for Disease Control (CDC) and the World Health Organization (WHO) are both warning the public about new phishing attempts. Readers are urged to click links promising the latest Coronavirus news and reports. These emails can appear convincing, with some including the organizations' logos. In reality, the emails are designed to steal a victim’s information, download harmful files onto their computer, or — in some instances — both.
It’s important to remember the CDC and WHO will never email, call, or text you about the Coronavirus or to request a donation.
MGM Resorts guests' personal data found on hacker forum
On February 19, 2020, MGM Resorts confirmed a data breach that exposed 10.6 million guests' personal information. The compromised data, which was reportedly uploaded to a hacker forum the same week, includes guests' first and last names, addresses, phone numbers, and dates of birth. MGM reports that no financial information or passwords were exposed.
Once the breach was discovered — during the summer of 2019 — the company says it began working with two cybersecurity forensic firms to internally investigate, review, and remediate the incident. They then notified guests potentially impacted by the incident and took steps to strengthen their network security.
As of yet, it’s unclear who was behind the MGM Resorts hack.
New details emerge in 2017 Equifax data breach
Back in 2017, Equifax experienced one of the largest data breaches in recorded history. Nearly 150 million Americans had their personal information, like home addresses and Social Security numbers, exposed.
For years, many details of the breach remained unclear, including answers to the most obvious questions: who did it and why? That changed on February 10, 2020, when the Department of Justice indicted four members of the Chinese military for their role in the Equifax hack. The hackers’ efforts appear to be part of China’s well-documented effort to obtain as much information on U.S. citizens and businesses as possible.
On February 11, 2020, China denied playing a role in the Equifax breach.
Millions of Microsoft customer records compromised
On January 22, 2020, Microsoft announced a security incident that exposed around 250 million customer service records and support logs. Microsoft says personally identifiable information (PII) was redacted prior to the incident. However, there are a few exceptions — like when data entries contained a non-standard format (e.g. an email address containing spaces).
Still, security experts fear criminals might use victims’ case details from the customer service records and support logs to more successfully perpetrate fraud. For tips on identifying and avoiding Microsoft technical support scams, you can view this article.
Facebook users’ data found on the dark web
On December 14, the personal details of 247 million Facebook users were discovered in a public database. The sensitive data included users’ names, phone numbers, and user IDs — which cybercriminals can decode to reveal a victim’s username and other sensitive profile information.
According to the researchers who discovered the database, the data was accessible for nearly two weeks before Facebook restricted access. They believe it was enough time for hackers to upload its content to at least one dark web forum.
A Facebook spokesperson says the company is actively researching the breach, though the data was likely harvested prior to changes the company made to better protect user information.
This marks the latest in a long line of Facebook incidents involving user data, including the Cambridge Analytica breach, a Facebook API loophole that exposed the personal details of more than 50 million Americans, and the alleged logging of some users’ texts and calls.
Cybercriminals targeting state and local governments
Earlier this year, the state of Louisiana was forced to make two emergency declarations due to widespread cyberattacks causing outages that disabled many government agencies and services. Now, there's been a third incident.
Last week, New Orleans' emergency alert twitter account, "NOLA ready," warned that there had been "suspicious activity" on city networks. The city has activated its Emergency Operations Center and is working with the FBI, Secret Service, and National Guard to investigate. It's unclear how widespread this attack is or which local agencies and services have been affected, but additional tweets from the "NOLA ready" account confirm emergency services and emergency communications have not been affected.
Ransomware attacks on local governments also continue to occur, with evidence of previous attacks this year in Atlanta, Baltimore, Tallahassee, and other major cities. These ransomware attacks often involve cybercriminals using tools to lock computer networks, affect city services, and demand a ransom from state or local governments.
Telcom breaches are on the rise
Earlier this month, a contractor for a major cell phone provider reportedly exposed hundreds of thousands of customers' cell phone bills from multiple cell phone carriers.
Over 261,300 documents, dated as far back as 2015, were held online in cloud storage without password protection, making the contents accessible to anyone online. The bills were stored as part of a promotion to encourage users to switch to a new cell phone service.
The exposed information included account holders’:
- Bank statements
- Cell phone account PINs.