Pacific City Bank is a California based bank that provides financial services and caters mainly to the Korean-American community. The bank started its operations in 2003, and currently has 12 branches and 8 loan offices.
On September 4, 2021, the AVOS Locker gang broke into Pacific City Bank’s systems and extracted some sensitive files. They then published a screen shot as proof of the successful attack. The screen shot is showing human resources documents and a phone directory, and threatened to leak it.
It isn’t clear yet how much the gang was asking, and whether the ransom was paid.
The US Securities and Exchange Commission (SEC) Office of Investor Education and Advocacy is warning investors to be “extremely wary” of potential investment scams related to Hurricane Ida. Scams may be promoted through email and social media posts, promising high returns for small, thinly-traded companies that supposedly will reap huge profits from recovery and cleanup efforts. Fraudsters may likely target individuals receiving compensation from insurance companies
One of the best ways to avoid investment fraud is to ne skeptical and ask questions. Individuals should ask anyone approaching them with an investment opportunity if they’re licensed and if their investment is registered with the SEC or with a US state securities regulator. This can be easily checked by contacting the SEC or the state securities regulator. “Know that promises of fast and high profits, with little or no risk, are classic signs of fraud” says the SEC alert.
Telecommunications giant T-Mobile has issued a warning that following a security breach, personal data of more than 50 million customers has been compromised. The data includes names, dates of birth, phone numbers, addresses, US Social Security Numbers, and driver’s license information of customers.
The seller was asking for 6 bitcoin (around $270,000) for a subset of the data containing 30 million Social Security Numbers and driver’s licenses, and said that they were looking to sell the remaining information privately.
T-Mobile said that the data breach affected about 7.8 million current customers and 40 million records of former or prospective customers. Both prepaid and postpaid customers were affected.
Global IT and consulting giant Accenture has allegedly been hit by a LockBit 2.0 ransomware attack. Accenture acknowledged in an internal memo that on July 30, 2021, attackers stole client information and work materials in “security incident.”
The ransomware cybercriminals have stolen databases containing over 6TB of data, are demanding a $50M ransom. They further claim that the hack was the result of an insider job.
Accenture did not initially disclose the ransomware attack, and later downplayed it. Accenture said it “fully restored” the affected servers from backups.
The city of Joplin, Missouri, US, announced a few days ago that it was hit in July by a ransomware attack. Computer servers and programs that operated the city’s online services were closed down on July 7, 2021. Joplin’s internet-based telephone system was restored two days later. Cybersecurity firms hired to recover the city’s information technology systems have restored nearly every system needed to resume normal operations, including the city’s COVID-19 dashboard, online utility payments and court functions, Edwards said.
“An insurer has paid $320,000, to someone not identified, to keep any sensitive information obtained as a result of the cyberattack from being exposed”, said City Manager Nick Edwards in the statement.
“No additional information about the breach will be disclosed now because making more information available to the public could harm the investigation and expose the city to future risks or attacks”, the statement said.
Clubhouse is a social audio app for iOS and Android, where users can communicate in voice chat rooms that host groups of thousands of people.
On July 24, 2021, leading cybersecurity expert Jiten Jain wrote on Twitter that a database of 3.8 billion phone numbers (cellphones, fixed, private, and professionals numbers) of Clubhouse users is up for sale on the Darknet. The screenshot on the tweet claimed that “Clubhouse is connected in real time to all their users’ phonebooks meaning each time you add a new phone number in your phonebook, the number is automatically added into the secret database of Clubhouse. Each number is ranked by a score (the score corresponds to the number of Clubhouse users who have this specific phone number in their phonebook). With this score we are able to evaluate the level of network of each phone number in the world”.
In response, Clubhouse denied these claims, and said: “There has been no breach of Clubhouse. There are a series of bots generating billions of random phone numbers. In the event that one of these random numbers happens to exist on our platform due to mathematical coincidence, Clubhouse’s API returns no user-identifiable information. Privacy and security are of the utmost importance to Clubhouse and we continue to invest in industry-leading security practices.”
Several security experts have denied the hacker’s claims. Security researcher Rajshekhar Rajaharia said that the list of phone numbers can be generated very easily, and the data leak claim appears fake.
ENISA, the European Union Agency for Cybersecurity, published a guide for Subject Matter Experts, containing 12 practical, high level steps on how to better secure their systems and their business.
Popular online employment LinkedIn has been the victim of what’s called a data-scraping attack. Data scraping occurs when a computer program extracts data from a web site
As a result of the data scraping of LinkedIn, security experts say the information of 700 million users, or about 92 percent of LinkedIn users, have been posted for sale on the dark web.
The exposed records include email addresses full names, phone numbers, physical addresses, geolocation records, LinkedIn username and profile URL, personal and professional experience/background, genders, and other social media accounts and usernames. Passwords are not included in the archive, but security experts warn there’s enough information out there for criminals to create a fake identity of a person.
There are several ways you can protect yourself from identity theft, including making sure you have secure passwords on all your devices, using two-factor authentication where it’s offered, and other tips.
Wegmans Food Markets, the upscale grocery store that operates in the mid-Atlantic and Northeastern US, notified its customers in an e-mail this past week that some of their personal information was exposed due to a security data breach.
Wegmans operates 106 stores in New York, Pennsylvania, New Jersey, Virginia, Maryland, Massachusetts, and North Carolina. The store chain was founded in 1916, and is one of the largest private companies in the US, having over 50,000 employees.
Wegman said that two of its cloud databases used to keep internal customer data were “inadvertently left open to potential outside access.” Customer information included names, addresses, phone numbers, birth dates, Shoppers Club numbers, e-mails, and passwords for accessing Wegman.com accounts. The passwords were “hashed” and “salted”, meaning that the actual password characters were not contained in the databases. Social security numbers and banking data were not exposed, company officials said.
The configuration issue began in 2018, although Wegmans said that it didn’t find out about the breach until it was brought to its attention by a third-party security researcher on or about April 19, 2021.
Wegman corrected the issue, and is now recommending to its customers to update their Wegman.com accounrd password, as well as any other account that uses the same password.
McDonald’s, the largest fast food restaurant chain by revenue in the world, has disclosed a data breach that impacted customers and employees in the US, South Korea, and Taiwan.
In the US, the hackers compromised the system of the company and stole business contact information belonging to US employees and franchises. The hackers also stole personal information from customers in South Korea and Taiwan, including names, emails, phone numbers, and delivery addresses. McDonald’s stated that only a small number of customers was impacted, and their financial data was not exposed. Customer payment information wasn’t compromised in this data breach.
