Hack

Uber links breach to Lapsus$ group, blames contractor for hack

Sergiu Gatlan reports: Uber believes the hacker behind last week’s breach is affiliated with the Lapsus$ extortion group, known for breaching other high-profile tech companies such as Microsoft, Cisco, NVIDIA, Samsung, and Okta. The company added that the attacker used the stolen credentials of an Uber EXT contractor in an MFA fatigue attack where the contractor was flooded with two-factor authentication...

IHG hack: ‘Vindictive’ couple deleted hotel chain data for fun

Joe Tidy reports: Hackers have told the BBC they carried out a destructive cyber-attack against Holiday Inn owner Intercontinental Hotels Group (IHG) “for fun”. Describing themselves as a couple from Vietnam, they say they first tried a ransomware attack, then deleted large amounts of data when they were foiled. They accessed the FTSE 100...

Starbucks Singapore hit by data breach affecting rewards program customers

CNA reports: Starbucks Singapore has been hit by a data breach affecting customers of its rewards membership programme. In an email sent to customers on Friday (Sep 16), Starbucks said it discovered “some unauthorised access” to user details such as name, gender, date of birth, mobile number, email address and residential address. Read more...

Aeries Software settles claims over 2019 data breach

There’s an update to a 2019 data breach involving Aeries Software that impacted more than 150 school districts. Top Class Actions reports that Aeries has agreed to pay $1.75 million to resolve claims that the breach compromised personal information of San Dieguito Union High School students. The case is Gupta, et al. v. Aeries...

Bits ‘n Pieces (Trozos y Piezas)

Ransomware attacks continue This week, LockBit added four entities related to South America: Chile, Colombia, and Venezuela: Comision Nacional de Acreditación in Chile CNA is a public entity that seeks to evaluate and accredit the quality of the Institutions of Higher Education in Chile. DataBreaches sent an email to them yesterday to ask them...

Uber responding to “cybersecurity incident” following reports of significant data breach

Michael Hill reports: Ride-hailing giant Uber has confirmed that it is responding to a cybersecurity incident as reports emerge that the firm has suffered a significant network data breach forcing it to shut down several internal communications and engineering systems. Attacker announces Uber breach through compromised Slack account In a statement on Twitter, Uber...

Cyber Criminals Targeting Healthcare Payment Processors, Costing Victims Millions in Losses

IC3.gov PIN 20220914-001 14 September 2022 TLP: WHITE Summary The FBI has received multiple reports of cyber criminals increasingly targeting healthcare payment processors to redirect victim payments. In each of these reports, unknown cyber criminals used employees’ publicly-available Personally Identifiable Information (PII) and social engineering techniques to impersonate victims and obtain access to files,...

Kansas school district pulls messaging app after data breach

KWCH reports: Andover Public Schools said it has pulled the popular messaging app, Seesaw after the app was hacked. According to the Seesaw website, the app is used by 10 million teachers, students and family members, but the company declined to say how many users were affected by the hack. In a letter to...