How safe is your organization? Data breaches are happening more often than ever exposing all the highly sensitive personal information. A recent study claims that there is a new victim of identity theft every 2 seconds. Following are some top notch data breaches of this year so far:
The Citrix Breach
The cloud computing giant, Citrix data breach is thought to have been perpetrated by Iranian hackers in a group called IRIDIUM, which is believed to have ties to the country’s government. These international cyber criminals specialize in attacking foreign nations, aiming at the confidential information of government agencies and major players in the economy. They have been active for over a decade and have hit at least 200 organizations during that time. The Iranian hackers appear to have forced their way in with a tactic known as password spraying, a technique that exploits weak passwords.
Using strong passwords as well as multi-factor authentication can avoid such data breaches.
In Japan, Toyota Data Breach affected 3.1 million customer data. The Japanese parent company said that on 21 March attackers gained “unauthorized access on the network” which led them to customer data belonging to eight sales subsidiaries in the country.
Toyota said it is still investigating what data might have been breached, or even whether any data has been breached:
We have not confirmed the fact that customer information has been leaked at this time, but we will continue to conduct detailed surveys, placing top priority on customer safety and security. The information that may have been leaked this time does not include information on credit cards.
It is advisable for all Toyota customers to be vigilant to avoid any further phishing attacks on their personal account using the hacked information.
Dunkin’s Donuts Credential stuffing attack
Earlier this year, Dunkin’s Donuts had become a victim of a credential stuffing attack during which hackers gained access to customer accounts. This was the second time within 3 months that the coffee shop chain data had been compromised.
In a security notification released on February 8th, 2019, Dunkin’ Donuts states that their internal systems did not suffer a data breach, but that users of their DD Perks reward program were targeted by a credential stuffing attack. This attack could have allowed third-parties to gain access to the user accounts and see information that was stored within them.
Always keep a hawk’s eye on network traffic and systems throughout the clock. A significant increase in network inquiries, access, or slowdowns may indicate an attack. Run security software to find and remove malware infection.
Indian outsourcing consulting giant Wipro is investigating reports that its own internal IT systems have been hacked. Sources told Krebs On Security that adversaries are using Wipro’s systems to launch attacks against “at least a dozen” of the firm’s customers.
Wipro has come under fire before: In 2017, UK based ISP TalkTalk was fined after data belonging to 21,000 customers was exposed by rogue staff after the firm hired Wipro to resolve complaints and network problems.
Wipro says it is investigating following an advanced phishing campaign targeting its employees. Wipro spokesperson said “We detected a potentially abnormal activity in a few employee accounts on our network due to an advanced phishing campaign. Upon learning of the incident, we promptly began an investigation, identified the affected users and took remedial steps to contain and mitigate any potential impact. ”
Logix since 1999, is a committed and acknowledged provider of managed services, solutions and products in the Cyber security space with a dedicated team of nearly 20+ professionals supporting Business enterprises across PAN India from Banks, Government entities to Financial Institutions. With a strong focus on research and innovation, we have built extensive capability around Big Data for Security Analytics, Response, and Security Automation.