Here we go again: 2023’s badly handled data breaches
Reading Time: 3 minutesLast year, we compiled a list of 2022’s most poorly handled data breaches looking back at the bad behavior of corporate giants when faced with hacks and breaches. That included everything from downplaying the real-world impact of spills of personal information and failing to answer basic questions.
Turns out this year, many organizations continue to make the same mistakes. Here’s this year’s dossier on how not to respond to security incidents.
Electoral Commission hid details of a huge hack for a year, yet still tight-lipped
The Electoral Commission, the watchdog responsible for overseeing elections in the United Kingdom, confirmed in August that it had been targeted by ‘hostile actors’ that accessed the personal details — including full names, email addresses, home addresses, phone numbers and any personal images sent to the Commission — on as many as 40 million U.K. voters.
While it may sound like the Electoral Commission was upfront about the cyberattack and its impact, the incident occurred in August 2021 — some two years ago — when hackers first gained access to the Commission’s systems. It took another year for the Commission to catch the hackers in the act. The BBC reported the following month that the watchdog had failed a basic cybersecurity test around the same time hackers gained entry to the organization. It has not yet been revealed who carried out the intrusion — or if it is known — and how the Commission was breached.
Samsung won’t say how many customers hit by year-long data breach
Samsung has once again made it onto our badly handled breaches list. The electronics giant once again took its typical tight-lipped approach when faced with questions about a year-long breach of its systems that gave hackers access to the personal data of its U.K.-based customers. In a letter sent to affected customers in March, Samsung admitted that attackers exploited a vulnerability in an unnamed third-party business application to access the unspecified personal information of customers who made purchases at its U.K. store between July 2019 and June 2020.
Hackers stole Shadow data, and Shadow went silent
French cloud gaming provider Shadow is a company that lives up to its name, as an October breach at the company remains shrouded in mystery. The breach saw attackers carry out an ‘advanced social engineering attack’ against one of Shadow’s employees that allowed access to customers’ private data, according to an email sent to affected Shadow customers.
Lyca Mobile refused to say what kind of cyberattack hit
Lyca Mobile, the U.K.-headquartered mobile virtual network operator, said in October that it had been the target of a cyberattack that caused widespread disruption for millions of its customers. Lyca Mobile later admitted a data breach, in which unnamed attackers had accessed ‘at least some of the personal information held in our system’ during the hack.
MGM Resorts still hasn’t said how many customers had data stolen after hack
The breach of MGM Resorts is one of the most memorable of 2022; the incident saw hackers associated with a gang known as Scattered Spider compromise the company’s systems to cause weeks of disruption across MGM’s Las Vegas hotels and casinos. MGM said that the disruption will cost the company at least $100 million.
MGM first disclosed that it had been targeted by hackers on September 11. But it wasn’t until October that the company confirmed in a regulatory filing that the attackers had obtained some personal information belonging to customers who transacted with MGM Resorts prior to March 2019. That includes customer names, contact information, gender, dates of birth, driver license numbers, and Social Security numbers and passport scans for some customers.
Dish breach may affect millions — potentially a lot more
Back in February, satellite TV giant Dish confirmed in a public filing that a ransomware attack was to blame for an ongoing outage and warned that hackers exfiltrated data from its systems that may have included customers’ personal information. However, Dish hasn’t provided a substantive update since, and customers still don’t know if their personal information is at risk.
CommScope late to tell its own employees that their data was stolen
Reference: https://techcrunch.com/2023/12/29/badly-handled-data-breaches-2023/
Ref: techcrunch
MediaDownloader.net -> Free Online Video Downloader, Download Any Video From YouTube, VK, Vimeo, Twitter, Twitch, Tumblr, Tiktok, Telegram, TED, Streamable, Soundcloud, Snapchat, Share, Rumble, Reddit, PuhuTV, Pinterest, Periscope, Ok.ru, MxTakatak, Mixcloud, Mashable, LinkedIn, Likee, Kwai, Izlesene, Instagram, Imgur, IMDB, Ifunny, Gaana, Flickr, Febspot, Facebook, ESPN, Douyin, Dailymotion, Buzzfeed, BluTV, Blogger, Bitchute, Bilibili, Bandcamp, Akıllı, 9GAG