Criminals have breached the Tatweer Buildings Company in Saudi Arabia and the national university network in Tunisia. Dubai Police, Gulf Bank of Kuwait, and the Nigeria Data Protection Commission have been acting to address security challenges.

Criminals have claimed responsibility for the attack on Saudi Arabia’s Tatweer Buildings Company, a major governmental project management company involved in the construction of infrastructure projects in the Kingdom. There is no statement from officials on the incident, as the investigation is still ongoing.

Criminals published several samples of stolen data to support their claims. Reports confirm that the leak includes internal documents and sensitive operational information. The adversary's profile hints that a double extortion tactic could be applied, as intruders will demand a ransom not only to decrypt sensitive data but also to avoid public exposure of exfiltrated files.

Saudi Arabia is a regional leader with several active megaprojects under the Vision 2030 program. Due to this, many Saudi companies attract the attention of malicious actors. In 2024, Saudi Arabia was among the top three Middle Eastern countries targeted by cyberattacks.

Another governmental agency fell victim to a data breach in Tunisia. The data leak affected the Tunisian National University Network, affecting several systems and datasets.

The Al-Khawarizmi Computing Center, an organization within the Ministry of Higher Education and Scientific Research structure, has made a public statement on the security incident. Officials did not disclose the exact size of the data breach or what types of information were exposed, but they admitted to the leakage. A representative of the Al-Khawarizmi Computing Center stated that the incident was contained as soon as specialists detected unauthorized attempts to access data.

There are reports that data leakage could affect up to 150,000 Tunisian students, exposing the following documents:

• National identity cards,
• Photos,
• Registration certificates,
• Phone numbers,
• And bachelor’s statements.

Educational institutions are a prime target for criminals, as they often store and process vast amounts of sensitive data, including personal information. This data could be misused by criminals to commit various crimes, such as identity theft and personalized fraud.

To address security challenges, organizations implement different measures. For instance, the Dubai Police have launched a new online platform to raise awareness among citizens and foreign visitors. The site provides information on three main topics—how to detect a potential threat, how to report it, and how to stay safe online, including tips for protecting digital identity.

In other cases, businesses could create their own security projects. Gulf Bank of Kuwait officially launched the Vulnerability Disclosure Program and Bug Bounty Program. The initiative assumes active involvement of ethical hackers and information security specialists to preemptively identify and resolve vulnerabilities that may be used to affect the bank and its customers. Officials stated that the launched programs are part of a broader campaign aimed at the implementation of best security practices and ensuring the safety of clients’ data.

In cases of non-compliance with legislative demands, state agencies could enforce financial fines for violators. Recently, the Nigeria Data Protection Commission has found MultiChoice Nigeria, a Nigerian branch of the South African cable television provider MultiChoice, to be guilty of violating data protection laws. According to the official statement, the fine is a result of the investigation that started in the second quarter of 2024. The regulator found out that MultiChoice breached the privacy rights of subscribers and illegally processed cross-border transfers of personal data. As a result, the TV provider has been fined approximately $500,000 and has been instructed to take necessary remedial measures to address the violations.

Some companies still believe that legal compliance is merely a checkbox. These organizations face the risk of financial penalties and other corrective measures in addition to the costs of potential incidents. Reliable protection against threats not only helps prevent penalties but also fosters customer trust and safeguards the company's reputation.

SearchInform offers the Managed Security Service (MSS) tailored to the needs of small and medium-sized businesses. This service combines specialized protective software and the expertise of experienced professionals in a comprehensive package.

MSS is the ideal solution for companies with limited resources or those without an in-house cybersecurity team. The service delivers immediate results, providing effective protection for sensitive data and assisting with legal compliance.

With MSS, businesses don't have to compromise between affordability and efficiency. The low starting cost ensures that even small companies can afford comprehensive protection for their corporate assets.

Start your free 30-day trial now!