Products
▸
At the end of the month, traditionally, we’ve gathered a selection of high-profile IS incidents. In this issue you’ll find details on the following:
Cards thrown to the wind
What happened: cybercriminals hacked Air Europa and gained access to its customers' credit card information.
How it happened: on 10 October, Air Europa sent letters to customers notifying that the cyberattack may had enabled cybercriminals to access clients’ payment data. The company did not disclose the exact number of affected customers. It is known that cybercriminals gained access to credit card numbers, expiry dates and CCV codes. At the same time, keeping of CCV codes contradicts the rules of the Payment Card Industry Data Security Standard (PCI DSS).
Company representatives reported that suspicious activity in internal systems was detected on 28 August. The airline representatives informed the affected customers about the incident only 41 days later. Air Europa officials claim there hasn’t been confirmed cases of stolen data misuse, but urged customers to block credit cards if they were used to pay for tickets (just in case).
Sincere apology
What happened: an employee of Scottish company Panda Rosa Metals has been sentenced to 40 months in prison for embezzling her employer's money.
How it happened: 55-year-old Colleen Muirhead, an employee of the metals recycling company, had been spending her employer's money on expensive shopping and holidays. The fraud was discovered by a senior partner of the company during a background check. The investigation revealed that the administrative assistant had created several fake accounts to which she transferred corporate funds. In total, the woman made several transfers from company accounts worth $1.8 million.
Colleen Muirhead's colleagues said that the woman could afford to go on an expensive holiday with the whole family (the woman has four children and seven grandchildren), to pay the bill for organizing a banquet at a charity event, to buy cars. The woman pleaded guilty and claimed paying for her son's wedding and buying several vans. Her lawyer revealed that she even tried to apologize to the family that owns Panda Rosa Metals.
The contractor didn't make it in time
What happened: a hacker published in the public domain the data on 8 thousand French retailer Decathlon’s employees.
How it happened: on 7 September, vpnMentor experts found a database on the darknet that contained the following information about Decathlon employees:
According to vpnMentor experts, the hacker published the data that was compromised as a result of the data leak, which occurred in 2021 at the side of Bluenove, which is Decathlon's partner. On 9 March 2021, cyber experts discovered that Bluenove was storing the collected data in improperly configured cloud storage. The experts reported the finding to Bluenove representatives, and the access to the data was prevented on 13 April. But, as it turned out, the company was not able to fix the breach without consequences: at least one attacker had managed to gain access to Decathlon employees’ data before Bluenove experts reconfigured access rights.
Film festival attendees’ data in danger of being leaked
What happened: the data of the International Film Festival of India (IFFI) participants has ended up in the public domain.
How it happened: in September, registration for IFFI, Asia's largest film festival, which will be held in November, was opened. In October, it became known that data on registered attendees of the festival was leaked.
It turned out that any visitor to the official IFFI website at a certain URL could access an unprotected repository with information about the participants. Allegedly, the repository contained the data on 550 participants:
One of the affected participants said that he was more concerned not about the compromise of personal information, but about the fact that anyone could view his piece of work, which was uploaded via closed links to YouTube and Google Drive. Only those users, who have the links can access the festival participants’ videos. Filmmakers do this in order to find producers or publishers who would agree to buy their works later and then publish them in the public domain. Leaking information about a filmmakers’ works reduces their chances of successful participation into IFFI and other film festivals.
After news about the incident broke in the media, IFFI Goa blocked access to the file catalogue on its server.
An experienced insider
What happened: the Japanese telecoms company NTT exposed data on 9 million customers.
How it happened: NTT began investigating the incident in 2022 after several customers complained about a probable data leak. The company conducted an internal investigation but found no wrongdoing. After that, the police officers joined the investigation. It turned out that for 10 years one of the employees had been leaking customers' data for money. The unscrupulous employee had access to a server where the following information about customers was stored:
According to the company representatives, the employee downloaded confidential data to a USB device and then sold it. The company officials also reported that the employee leaked customers' credit card data.
At a press conference on 17 October, NTT West executives apologized to the affected customers. They admitted that the information security methods implemented were ineffective. In some cases, the company's employees failed to comply with even basic security requirements.
International data leak
What happened: Japanese company Casio's customer data became publicly available.
How it happened: The company representatives reported that hackers managed to hack the servers of the ClassPad education platform and gain access to user data. The Japanese company experts detected the incident in October after a glitch in the educational platform. The attackers gained access to the following :
Casio representatives claim that the hackers failed to compromise the database where the bank card data was stored.
In total, cybercriminals gained access to more than 90,000 records with data on Japanese customers and 35,000 records with data on customers from 149 countries.
Data request
What happened: a former Navy IT manager leaked personal data for money.
How it happened: according to court records, in August 2018, IT manager Marquis Hooper took advantage of his official position and opened an account in a company that manages a database on millions of people. The company only grants access to that database upon official request from businesses and government agencies. Hooper told the company that the Navy needed access to the database for military background checks. Once the account was created, the IT manager connected his wife to it, and they then uploaded the personal information of 9,000 people from the database. This information they sold for $160,000 to several darknet users. Some of the data the attackers have already managed to use in fraudulent schemes.
In December 2018, the account of Marquis Hooper was blocked on suspicion of fraud. But this did not stop Hooper, he found an accomplice, to whom he offered for 2500 thousand dollars to open an account allegedly for the needs of the Navy. The accomplice applied to set up the account, but the company requested official authorization with the signature of a supply officer. Hooper provided the accomplice with false documents, but the company still refused to open the new account. The Naval Criminal Investigative Service, the Federal Bureau of Investigation, and Homeland Security Investigations were involved in the investigation of the fraudulent scheme. Marquis Hooper was sentenced to 5.5 years in prison, and his wife is awaiting sentencing. It is reported that the woman could face a sentence of 20 years in prison and a $250,000 fine.