Italian supercar manufacturer Ferrari disclosed on March 20, 2023 that it was recently the victim of a ransomware attack that may have disclosed certain personal information about its clients. The company said it was “recently contacted by a threat actos with a ransom demand related to such customer data. As a policy, Ferrari will not be held to ransom”.
The car make said that hackers accessed customers’ names, addresses, email addresses and telephone numbers. Based on its investigation so far, Ferrari said no payment information, bank account numbers or details of Ferrari cars owned or ordered had been stolen.
Ferrari hasn’t disclosed how many customers were impacted by the breach or how or when the company was compromised.
AT&T is notifying 9 million customers of data breach after a third-party vendor hack
Telecom giant AT&T is notifying 9 million of its customers that some of their information was exposed after a third-party vendor was hacked. “We recently determined that an unauthorized person breached a vendor’s system and gained access to your “Customer Proprietary Network Information (CPNI)”, reads the data breach communication sent by AT&T to the impacted customers. “However, please rest assured that no sensitive personal or financial information such as Social Security number or credit card information was accessed”, continues the communication. Passwords or personal information wasn’t breached either.
Exposed CPNI data includes customer first names, wireless account numbers, wireless phone numbers, and email addresses. “A small percentage of impacted customers also had exposure of rate plan name, past due amount, monthly payment amount, various monthly charges, and/or minutes used. The information was several years old”, said AT&T.
In its email to the affected customers, AT&T confirmed that the marketing vendor has fixed the vulnerability. The company has also notified the federal law enforcement agencies about the incident.
Customers are advised to toggle off CPNI data sharing on their accounts, by making a CPNI Restriction Request to reduce exposure risks in the future if AT&T uses it for third-party vendor marketing purposes.
Password management giant LastPass revealed more information on a “coordinated second attack,” where a threat actor accessed and stole data from the Amazon AWS cloud storage servers for two and a half months.
This saga started in August 2022, when LastPass CEO, Karim Toubba, confirmed that an “unauthorized party gained access to portions of the LastPass development environment,” and “took portions of source code and some proprietary LastPass technical information.” This incident had not compromised master passwords. Toubba updated the LastPass incident statement in September 2022 with further details of what the attacker had accessed. On November 30, 2022, Toubba updated that statement again: Company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service were accessed by the attacker. The attacker accessed both unencrypted data, such as website URLs, as well as fully-encrypted sensitive fields, such as website usernames and passwords, secure notes, and form-filled data. This meant that the attacker now had customer password vaults but not the means to open them, unless they tried known passwords from other breaches or weakly constructed master passwords.
On March 1, 2023, the company published another update, saying that threat actor breached “DevOps engineer’s home computer and exploiting a vulnerable third-party media software package, which enabled remote code execution capability and allowed the threat actor to implant keylogger malware. The threat actor was able to capture the employee’s master password as it was entered, after the employee authenticated with MFA, and gain access to the DevOps engineer’s LastPass corporate vault.”
LastPass ultimately detected the anomalous behavior through AWS GuardDuty Alerts, when the threat actor attempted to use Cloud Identity and Access Management (IAM) roles to perform unauthorized activity.
The complete list of the customer data that was breached is posted on this support page.
