(In)secure digest: data leaks with mileage, refuse to use AI and hack of an account

The time has come for our traditional gather of so-called classic and extraordinary information security incidents, which were reported by mass media. In this digest we’ll reveal details on the following incidents:
•    Data incident, which had lasted for ten years
•    Hack of account of the employee, who hasn’t even set to work
•    Unexpected cyber holidays.

Let’s do places 

Situation: Toyota Motor had been leaking data on users/clients for more than 10 years. The incident affected more than 2 million company clients, who were registered on the cloud services.

Case study:  Toyota Motor representatives claimed that data on 2,15 million clients had been publicly available due to a human mistake. As it was revealed, since the November 2013 a cloud based corporate system could had been accessed by third party users. 

It’s known that T-Connect ecosystem users were affected as the result of the incident. T-Connect is used for keeping owners informed about their vehicles’ location and some other issues. What’s more, users of G-Link, the similar system, developed for Lexus cars owners were affected as well.

Data on vehicle locations and identification numbers of vehicle devices was kept in the cloud system. However, Toyota representatives claimed, that still there hasn’t been any evidence that the data compromised was obtained by intruders. 

Toyota representatives told that access to the confidential data was blocked as soon as the problem was detected. The company officials also promised to implement the system for audit of cloud services settings and the system for permanent monitoring of settings. What’s more, Toyota’s employees in charge are planning to educate employees more precisely in terms of working with valuable data.

Exposed or not?

Situation: personal data and medical history on 100.000 Hong Kong OT&P Healthcare patients was stolen as the result of a cyberattack.

Case study: OT&P Healthcare IT department employees noticed suspicious activity in the IT-infrastructure and asked for third party cyber experts assistance. The specialists offered PT&P Healthcare employees to immediately disable the corporate system. 

The company CEO claimed that intruders didn’t manage to obtain patients’ financial data or bank details. However, unfortunately, ID and passport numbers of some patients were kept in the system and thus were obtained by intruders.

OT&P Healthcare representatives notified Police and other Regulators on the incident. In turn, the Department of Health representatives claimed that there is no evidence that any data on patients from electronic health record was exposed.

Say no to AI

Situation: usage of AI technology was prohibited for Samsung employees because of data leak related risks.

Case study: it was reported that the memorandum, which prohibited employees to use generative AI, such as ChatGPT, was published. The document was developed in order to prevent uploads of confidential corporate data to external servers. In April there was an incident when Samsung engineers accidentally leaked corporate source code by uploading it to ChatGPT.
According to Bloomberg, Samsung notified employees of a key department that they mustn’t use AI tools. Employees, who use AI on private devices were warned not to upload there any data, related to the company’s business processes or any other information which endangers Samsung intellectual property.

Had a good rest and lost data

Situation: the French tourist company La Malle Postale clients’ data and its employees’ correspondence with clients was leaked.

Case study: Cybernews experts found a publicly available data storage, containing more than 4 GB of personal data, belonging to the company’s clients. The following data on approximately 90,000 of employees was exposed:
•    Names
•    Email addresses
•    Telephone numbers.

What’s more, data storage contained more than 13,000 SMS messages sent between the company and its customers.

The Cybernews experts tried to get in touch with the company representatives for a few times but haven’t received a reply. The experts told that third parties could have accessed the storage since the end of April. Besides the La Malle Postale clients’ personal data, company drivers and administrator’s data (emails, passwords, authentication tokens) were also compromised. 

Cybernews experts believe that leak of employees’ credentials can put the company employees at risk of targeted cyber attacks. Malicious actors may use the data to access company’s network and steal confidential data. 

Target not achieved

Situation: cybercriminals attacked Dragos company, which protects industrial facilities against cyber attacks.

Case study: Dragos representatives told that on the 8th of May a hacker group attempted to attack the company’s IT-infrastructure. According to the official statement, intruders didn’t manage to hack the internal systems, however they accessed the SharePoint cloud platform and obtained 25 intel reports.

It turned out that hackers compromised the new employee’s account (besides, the employee didn’t even set to work that time). Intruders had access to the employee’s account for about 16 hours, however, they didn’t manage to access messaging, financial, marketing and other crucial systems. They also sent a ransomware demand to the company executives. Then, the Dragos experts disabled the compromised account and blocked access to company’s systems. Dragos experts believe that thanks to the implementation of role-based access control (RBAC) intruders didn't access important internal systems and, thus, didn’t manage to spread ransomware.

Cubic meters of data

Situation: 500,000 clients of Italian water supply company Alto Calore Servizi were affected as a result of a cyber attack.

Case study: according to the official statement, published on the company web site, as a result of hack all the company’s IT systems were temporarily unavailable. The Medusa hacker group claimed responsibility for the attack on the Alto Calore Servizi. The malicious actors shared the stolen data samples with the company’s executives and demanded extort. They suggested two options: 
•    Conduct a $10,000 payment to extent the extort term for one day. 
•    Pay $100,000, then intruders promised to delete all the data stolen.

The cybercriminals claimed they had managed to access clients’ personal data and internal documents (contracts, reports etc.). Alto Calore Servizi representatives refused to comment on ransomware payment.

Technical support didn’t support

Situation:  Discord users’ data was exposed as a result of technical support account compromise.

Case study:  the data leak happened because of the third party technical support specialist’s account compromise. As a result of the incident, the attackers obtained e-mail addresses, the content of calls to technical support and attachments that were added by the Discord users. The company representatives claimed that the employees in charge responded immediately to the incident and blocked the compromised account. Discord is now sending notifications to users whose data was compromised as a result of the incident. In their messages, the company representatives ask customers to pay attention to any suspicious activity, as it may be fraudulent.
Company officials don’t reveal details on the amount of data stolen.

So, it’s time for cyber holidays, isn’t it?

Situation: a few educational institutions had to close due to a cyberattack.

Case study: on May 15, all schools in Virginia had to close due to a ransomware cyber incident. The superintendent of the school district told that classes in schools were canceled for safety reasons, she also said that in terms of security internal school systems were disabled. Schools are now actively working with law enforcement and the FBI to establish the details of the cyber attack.

Subscribe to get helpful articles and white papers. We discuss industry trends and give advice on how to deal with data leaks and cyberincidents.