A threat actor continues to attack Middle Eastern companies. Criminals exfiltrated information from the HR department of Mediclinic in the UAE. Also, Jordan Kuwait Bank fell victim to the breach of employees’ data. Adidas has confirmed the exposure of customer data, including customers from Türkiye and South Africa.

Jordan Kuwait Bank (JKB), one of Jordan's leading financial institutions, has fallen victim to a cyberattack. As a result of the incident personally identifiable information (PII) belonging to employees of Jordan Kuwait Bank (JKB) was exposed.

 Jordan Kuwait Bank is a leading financial institution known for its technological expertise, having been the first bank in Jordan to offer electronic delivery and service channels. Yet, criminals were able to expose around 12GB of internal company data. Sensitive data of 1,003 employees was exposed in this incident. Preliminary exfiltrated records include such information as

• Names and dates of birth,
• Personal and business contact information,
• Bank account records,
• And other personal data.

Firstly, personal data can be used for identity theft and financial fraud. Criminals, with the help of stolen records, can also enhance the effectiveness of spear phishing attacks and create new, highly targeted attacks to gain access to bank systems.

The Jordan Kuwait Bank has not issued an official statement on the incident. Yet, this attack stays in line with recent attacks on companies in the Middle East. Threat actors are alleged to have gained access to information from human resources departments of various companies.

Previously, criminals had compromised the systems of Coca-Cola Al Ahlia Beverages and the Abu Dhabi Department of Culture and Tourism, which led to similar incidents.

Another organization that has recently been breached is Mediclinic, a private international hospital group that provides services in several regions, including South Africa, Namibia, and the UAE, among others. The annual revenue of the company exceeds $5 billion.

Reports about the security incident have come from the United Arab Emirates and South Africa. Criminals claim that they have stolen the personal data of 1,000 employees and 4 million confidential documents and demand a ransom. The uploaded sample includes:

• Job details such as weekly hours, nursing classifications, and company ID numbers,
• Financial data such as pay types, payslips, and salary amounts.

Mediclinic provided an official statement about the incident. Company representatives assured that no patient data has been affected and said that the breach happened earlier this year. Mediclinic took steps to contain the incident: compromised systems were isolated, access credentials were reset, and a third-party investigation has been started.

There is no official information about the results of the investigation. But independent researchers made an assumption that all victims of recent data breaches were using one SAP SuccessFactor service provider. It’s too early to make any conclusion about this series of incidents. Yet, a third-party compromise is a major security risk for any business.

In line with previous news, the sportswear giant Adidas has acknowledged a security incident where a threat actor exposed customers' data in a third-party breach. The company has not specified which region's customers are affected by this incident. There is preliminary information that Adidas started to inform clients in several regions, including Türkiye and South Africa.

Adidas representatives stated that exposed data doesn’t include passwords, credit cards, or any other payment-related information. The breach affected clients that were contacting the company’s customer service center until 2024. Compromised records include:

• Contact information,
• Names, birthdates,
• And other personal belongings.

This incident continues a series of data breaches that affected several retail giants like Victoria’s Secret and Mark & Spencer. It is unknown if there is a single threat actor behind attacks on fashion companies. Recent attacks emphasize a need for a robust oversight mechanism to prevent such third-party data breaches in the future.

Implementation of powerful security solution is not enough to ensure the safety of company’s data. You also need the expertise of skilled information security specialists to make the software work effectively. Yet, it can be a challenging task to ensure the safety of your digital assets, especially for small or medium-sized businesses. The Managed Security Service (MSS) is the solution to address this challenge.

MSS provides a complete solution that combines security software with the expertise of seasoned InfoSec professionals, all in a single, convenient package. The service cuts customers’ expenses, required for a purchase of expensive hardware and lucrative software licenses. As a result, the service combines affordable prices with advanced, customized protective tools and highly skilled cybersecurity experts. SearchInform provides 360-degree protection, allowing you to focus on growing your business while they take care of the security aspects.

Start your free 30-day trial now.