Alberta Dental Services Corporation, a government service provider in Canada, had unauthorized access to its data. This ransomware attack exposed its clients, cardholders, brokers, and health benefit providers of over 1.4 million residents. The company quickly responded by engaging cyber security experts, and this involved paying a cryptocurrency ransom to the hackers. Fortunately, the stolen data was of limited value to the hackers, containing mainly names and identification numbers. (ctvnews)
My thoughts: It seems like the corporation paid the ransom relatively quickly. Was this advice from the cyber security experts they consulted? Despite this not being the recommended action, what made them pay the ransom so quickly?
Arion Kurtaj, 18 years old, and another 17-year-old unnamed teen were identified as key members of the international cyber-crime group Lapsus$, responsible for hacking major tech companies like Uber, Nvidia, and Rockstar Games. Lapsus$, described as "digital bandits," primarily consisted of teenagers from the UK and possibly Brazil. They used hacking and con-man tactics to breach multinational corporations like Microsoft and Revolut. Both teenagers will be sentenced later, with Kurtaj in custody and the 17-year-old on bail. (bbcnews)
My thoughts: Imagine huge tech companies such as Uber, Nvidia, and Rockstar Games with huge cybersecurity budgets (in the 10’s of millions) being victims of such attacks. How vulnerable are their cyber security defenses? This just proves, no matter the size… There is risk! Check your company’s current cyber security posture by taking this quiz here.
Duolingo, an educational technology company, had over 2.6 million user accounts exposed on a hacker's forum, with the sensitive data, including emails, phone numbers, courses taken, and usage-related information, being offered for sale at $1,500. While Duolingo claims that the data was gathered through data scraping, the company is still denying any data breach. The hacker also exposed 1,000 user data to prove its authenticity and showcased other hacks it successfully did. (cybersecuritynews)
My thoughts: The hacker exploited an exposed Application Programming Interface (API) to obtain the information. Was this through a 3rd party? This is one of the first times I have seen this happen. I am wondering why this seems to be a less popular method of hacking.
At least 100,000 Nova Scotians were affected by MOVEit’s hacking. The stolen information includes payroll data such as banking details, home addresses, and social insurance numbers. The software patch to fix the vulnerability was applied after the data was stolen. The province has promised to contact affected individuals and offer them credit monitoring services. (therecord)
My thoughts: Dare I say, that third-party breaches continue to be the worst thing to happen to a business. We have seen this happen on repeat this year. Our businesses are so interdependent that we must always keep our safeguards up.
Access monthly conversations with IT & Tech Leaders about the hottest cyber security topics in the industry.