Month: December 2023

Mint Mobile, a mobile virtual network operator in the US, has notified its customers of a personal information leak. Mint Mobile is a mobile virtual network operator (MVNO) that offers prepaid mobile phone services. As an MVNO, Mint Mobile doesn’t own its own wireless infrastructure. In March 2023, T-Mobile US announced it would acquire the mobile virtual network operator for up to $1.35 billion.

Mint chose not to publicly disclose the security breach. Instead, it sent personal notification letters to affected individuals. The Verge journalists were the first to notice a Reddit thread where a customer shared details about the email they received.

“We are writing to inform you about a security incident we recently identified in which an unauthorized actor obtained some limited types of customer information. Our investigation indicates that certain information associated with your account was impacted,” the email reads. Customers names, numbers, email addresses, SIM Serial Numbers, IMEI numbers and service plan information were leaked.

No further details regarding the breach have been provided but Mint Mobile

Read more about it here.

Toyota Financial Services (TFS) is warning its customers it has suffered a data breach that exposed sensitive personal and financial data.

Toyota Financial Services, a subsidiary of Toyota Motor Corporation, is a global entity with a presence in 90% of the markets where Toyota sells its cars, providing auto financing and insurance solutions to its customers.

Due to an attack on the systems, unauthorized persons gained access to personal data. Affected customers have now been informed. Toyota Kreditbank’s systems have been gradually restarted since December 1st.” reads a statement published by the company on its website.

German news outlet Heise received a sample of the notices sent by Toyota to German customers, informing that the following data has been compromised:

• Full name
• Residence address
• Contract information
• Lease-purchase details
• IBAN (International Bank Account Number)

Read more about it here.

The European Union Agency for Cybersecurity, ENISA, has published a report on the state of the cybersecurity threat landscape for DoS attacks. The report covers the period of January 2022 to August 2023.

The main highlights of the report are the following:

• A novel classification scheme to categorize DoS attacks based on information about the attacks and the targets, allowing a more systematic analysis approach.
• An analysis of DoS attacks’ motivations and goals as part of the proposed classification, making it possible to analyze not only the technical evolution of the attacks but also the changes in the roots of what triggers the attacks in the first place.
• An analysis of a total of 310 verified DoS incidents – from January 2022 to August 2023. This is not the total number of incidents during that period, however.
• The most affected sector was the public administration sector, receiving 46% of attacks.
• It is estimated that 66% of the attacks were motivated by political reasons or activist agendas.
• Overall, 50% of the incidents were found to be related to the Russian war of aggression against Ukraine.
• The study shows that 56.8% of the attacks caused total disruption in the target.
• This report also highlights the importance of cyber as a force multiplier or supporting vector in warfare, the changes that this brings to the landscape, and that it is vital that organizations prepare prevention and remediation strategies. Furthermore, this report raises awareness of the lack of maturity when it comes to reporting DoS attacks, which have not reached the same level as other types of cybersecurity threats.

Read more about it here.