Data Breach - Securezoo

Uber provides updates on cybersecurity incident

Authentication, Data Breach, Data Privacy / By Frank Crast / September 20, 2022 September 20, 2022 / Data Breach, hacking, Lapsus$, Privacy, Uber

Uber provided new details regarding a cybersecurity incident that resulted in a data breach of its network systems.

T-Mobile to pay $350 million over 2021 data breach

Cybersecurity Attacks, Data Breach, Data Privacy, Mobile Security / By Frank Crast / July 26, 2022 July 26, 2022 / Data Breach, Privacy, T-Mobile

T-Mobile has agreed to pay $350 million and invest another $150 million in data security improvements to settle litigation over the 2021 data breach that impacted over 76 million T-Mobile customers.

Okta investigating reports of data breach by Lapsus$ ransomware cybercriminal group (updated)

Authentication, Data Breach, Data Privacy, Identity & Access Management / By Frank Crast / March 22, 2022 March 23, 2022 / authentication, Breach, Data Breach, Okta

Identity and authentication services firm Okta is investigating reports that the firm has been breached by the Lapsus$ ransomware cybercriminal group.

Panasonic confirms breach of file server

Cybersecurity Attacks, Data Breach, Data Privacy / By Frank Crast / December 1, 2021 December 1, 2021 / Data Breach, Panasonic, Privacy

Panasonic confirms breach of a file server by an unauthorized third party.

Morgan Stanley confirms breach of customer SSNs via an exploit of vendor’s Accellion FTA vulnerability

Cybersecurity Attacks, Data Breach, Vulnerabilities & Exploits / By Frank Crast / July 10, 2021 July 10, 2021 / Accellion, FTA, Morgan Stanley

Morgan Stanley has confirmed a data breach of some customer SSNs and other personal data via one if its vendor’s vulnerable Accellion FTA systems.

Threat actors breach South Korean atomic research institute via VPN vulnerability

Cybersecurity Attacks, Data Breach, Network Security, Vulnerabilities & Exploits / By Frank Crast / June 22, 2021 June 22, 2021 / Atomic Energy, KAERI, South Korea, VPN

Threat actors from suspected North Korea APT group Kimsuky breached a South Korean atomic research institute via a VPN vulnerability.

Alibaba leaks billions of data points via Chinese web crawler

Cybersecurity Attacks, Data Breach, Data Privacy / By Frank Crast / June 17, 2021 June 17, 2021 / Alibaba, Chinese, Data Breach, Privacy, Retail, Taobao

Alibaba’s Chinese online shopping platform Taobao has suffered a data breach of over a billion data points that include usernames and mobile phone numbers.

Personal data on 533 million Facebook users posted online

Cybersecurity Attacks, Data Breach, Data Privacy / By Frank Crast / April 5, 2021 April 5, 2021 / Data Breach, Facebook, Privacy

A hacker has leaked personal data on an estimated 533 million Facebook users, to include phone numbers and Facebook account details. The data was leaked on a publicly accessible hacking forum.

Energy giant Shell latest victim in Accellion FTA cyberattacks

Cybersecurity Attacks, Data Breach, Security Updates & Patches, Vulnerabilities & Exploits, Zero-days / By Frank Crast / March 24, 2021 March 24, 2021 / Accellion, CVE-2021-27101, CVE-2021-27102, CVE-2021-27103, CVE-2021-27104, Cyberattack, EOL, FireEye, FTA, Mandiant, Zero-day

Energy giant Shell was the latest victim in a series of cyberattacks on customers of Accellion’s legacy File Transfer Appliance (FTA) product used to transfer large files.

Microsoft open sources CodeQL queries to scan for Solarwinds-like Solorigate activity

Application Security, Cybersecurity Attacks, Data Breach / By Frank Crast / February 26, 2021 February 26, 2021 / AppSec, CodeQL, GitHub, IOC, Microsoft, Open Source, Solarigate, SolarWinds, Source Code, Supply Chain

Microsoft has open sourced CodeQL queries used to scan for Solorigate malware activity that matches the SolarWinds supply-chain attack.