5.8 million people exposed with this ONE breach & Facebook makes history with the largest FINE

Thanks to all 17,567 subscribers. It really takes a community to fight against cyberattacks. Help us with our mission of helping 100,000 organizations become cyber-resilient by sharing this newsletter with your network!

In this week's Cyber Weekly:

1. 5.8 million people exposed
2. Facebook's biggest fine
3. Eyewear under attack
4. A cyber security win?
5. Are you in Montreal?

1.PharMerica breach exposes data of 5.8 million people...

‍

Pharmacy network PharMerica disclosed a data breach that exposed the data of over 5.8 million people including the information of some deceased people. Information stolen included names, addresses, birth dates, Social Security numbers, health insurance, and medication information. PharMerica operates over 2,500 facilities across the US and offers more than 3,100 pharmacy and healthcare programs. They started issuing emails explaining the incident when their stolen data appeared on online forums. At the moment, it is unknown how they were breached. (securityweek)

‍

My thoughts: Companies will need to come forward when they suffer an attack. Covering it up or keeping it a secret cannot be an option. Too many attacks and too many people have been impacted. Only a matter of time before legislation and penalties become heavy across the board.

‍

2.Facebook gets fined 1.2 billion euros

‍

Ireland regulators announced that Meta was fined a record 1.2 Billion Euros for transferring European Facebook user data to the US which goes against GDPR. Facebook has been using standard contractual clauses (SCC) and have been given until October 2023 to update their methods of transferring data and become compliant with GDPR. This is Facebook’s 5th fine for not complying with GPDR. (informationsecuritybuzz)

‍

My thoughts: Facebook is a large enough organization to used as an example for other organizations who don’t comply to data privacy regulation. Other companies who are fined don’t often make the news . For anyone interested, here is a tracker for entities fined for failing to comply to GDPR.

‍

3.Did we see this coming?

‍

Luxottica is the eyewear company that creates every glasses brand you could think of. They were hacked twice in 2020. In November 2022, they found out that a a 3rd party vendor was hacked and exposed the information of over 70 million people. However, they only confirmed the breach this month because the stole database was posted on a hacking forum. (bleepingcomputer)

‍

My thoughts: There is so much wrong with this story.

1. How were they not fined?
2. Why did they only confirm the breach months after they found out about it?
3. Why isn’t this story getting more coverage?
4. They have the information of a large portion of people who need glasses.
5. They clearly haven’t done a great job securing their organization or customers. It would be nice to see what their plan is going forward. Transparency would be very helpful in these cases?

‍

4.US charged Russian Man for involvement in Ransomware crimes

‍

US Authorities have charged Mikhail Pavlovish Matveev for allegedly being pat of three ransomware gangs that extorted over $200 million from victims. His victims include hospitals, governments and schools.

‍

“These international crimes demand a coordinated response,” said Assistant Attorney General Kenneth A. Polite, Jr. of the Justice Department’s Criminal Division in the DOJ’s statement. “We will not relent in imposing consequences on the most egregious actors in the cybercrime ecosystem.” (cryptopotato)

‍

My thoughts: This criminal was allegedly part of the Hive Ransomware Gang that was taken down earlier this year. It seems that once a group is taken down, the authorities can start identifying people in the criminal organizations. This is good news!

‍

‍