Evolve Data Breach Impacted Upward of 7.64 Million Consumers
A recent data breach at Evolve Bank & Trust impacted over 7.64 million consumers, with critical customer information accessed and downloaded by the LockBit group in a ransomware attack. The breach occurred in February but was only discovered in May, leading to unauthorized access to customer data. Evolve Bank & Trust refused to pay the ransom demanded by the threat actor, took steps to enhance security controls, and offered affected customers free identity theft protection services.
Advance Auto Parts Data Breach Affects 2.3M Customers
A data breach at Advance Auto Parts compromised personal information of over 2.3 million customers, including names, Social Security numbers, and driver’s licenses. Threat actors had unauthorized access to the company’s Snowflake cloud environment for over a month before being discovered in June. Advance Auto Parts is providing credit monitoring and identity restoration services to affected individuals while enhancing security measures to prevent future breaches.
Apple Warns iPhone Users in 98 Countries of More Spyware Attacks
Apple has issued warnings to iPhone users in 98 countries about potential mercenary spyware attacks, targeting individuals based on their identity or activities. This is the second alert since April, with recipients advised to take the threat seriously and avoid disclosing sensitive information. The spyware, such as Pegasus developed by NSO group, aims to compromise iPhones remotely, prompting Apple to emphasize caution in order to evade detection by threat actors.
Dallas County: Data of 200,000 Exposed in 2023 Ransomware Attack
Dallas County experienced a ransomware attack in October 2023, exposing personal data of over 200,000 individuals to cybercriminals. The stolen data included full names, medical information, and health insurance details. Dallas County has taken steps to enhance its cybersecurity measures, such as deploying Endpoint Detection and Response solutions and offering credit monitoring services to those whose sensitive information was compromised.
Two online PDF makers, PDF Pro and Help PDF, have leaked over 89,000 user-uploaded documents, including passports, driving licenses, and other sensitive personal information due to an exposed Amazon S3 bucket. Multiple attempts to alert the service providers were ignored, and users continue to upload documents unaware of the ongoing data breach. Cybersecurity professionals are advised to restrict public access to the bucket, change access control policies, set objects to private, and enable server-side encryption to mitigate the leak and prevent future incidents.
Report Reveals That Three Quarters of UK Businesses Have Been Impacted by AI-powered Cyber Threats
A recent report indicates that over 75% of UK businesses have been affected by AI-powered cyber threats, including sophisticated phishing campaigns and deepfake attacks. The study highlights that many organizations are unprepared to counter these advanced threats, with 92% of respondents noting an increase in cyberattacks and 95% reporting growing sophistication in these attacks. Cybersecurity professionals are urged to adopt proactive measures, including AI-driven defenses, to mitigate the risks posed by these evolving threats.
Fujitsu Suffers Worm-Like Attack From Something That Wasn’t Ransomware
Fujitsu recently suffered a significant cyberattack where several of its systems were infected by malware, leading to a potential data breach involving sensitive customer information. The company confirmed that personal and customer data could have been exfiltrated, though they have not disclosed specifics about the attack vector, the type of malware used, or the duration of the infection. Fujitsu has isolated the compromised systems and is investigating the breach, but no misuse of the stolen data has been reported yet.
The American Radio Relay League (ARRL) confirmed that some employees’ data was stolen in a ransomware attack in May, which was described as a ‘sophisticated incident.’ ARRL took impacted systems offline, hired forensic experts, and notified individuals whose data was stolen. While no evidence of misuse was found, ARRL decided to provide affected individuals with 24 months of free identity monitoring as a precaution.
Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.