Recent Cyber Incidents reported in the past week!

It has been a tumultuous week marked by a series of concerning cyberattacks. Firstly, the financial advisory firm Kroll, a financial advisory firm, has recently experienced a data breach. The firm is handling bankruptcy proceedings for DeFi companies FTX, BlockFi, and Genesis Global Holdco. Kroll said that on August 19, bad actors targeted a T-Mobile account belonging to an employee and gained access to it. The hackers then gained access to files containing the personal information of bankruptcy claimants in the matters of BlockFi, FTX and Genesis. The company was quick to make it clear that the damage is restricted to only those three matters.

https://www.bleepingcomputer.com/news/security/kroll-data-breach-exposes-info-of-ftx-blockfi-genesis-creditors/

Additionally, Paramount Global disclosed a data breach after its systems got hacked and attackers gained access to personally identifiable information (PII). Paramount said in breach notification letters that the attackers had access to its systems between May and June 2023. In the attack, bad actors stole some customers’ names, date of birth, Social Security number or other government-issued identification number (such as driver’s license number or passport number) and information related to their relationship with Paramount. Paramount claims that about 100 people were impacted in this incident which remains under investigation.  

https://www.bleepingcomputer.com/news/security/paramount-discloses-data-breach-following-security-incident/

Another major breach occurred when the National Safety Council inadvertently leaked nearly 10,000 emails and passwords belonging to their members. The U.S. National Safety Council (NSC), a non-profit that works to improve driving and workplace safety training, has admitted that a glitch in its’ website left information about some of the world‘s largest companies unprotected for five months. In total, the unsecured website leaked nearly 10,000 emails and passwords of their members, exposing information and leaked credentials for about 2000 organizations, including governmental organizations like the U.S. Department of Justice (DoJ), U.S. Navy, The Occupational Safety and Health Administration (OSHA) as well as big corporations like Tesla, Siemens and Exxon. NSC says that it has fixed the problem. 

Furthermore, clothing retailer Forever 21 disclosed a data breach to the Office of the Maine Attorney-General, revealing that personal information of over 500,000 individuals was compromised in a cyberattack that occurred in March 2023. The breach allowed malicious actors to gain access to employee data, including full names, social security numbers (SSNs), dates of birth, bank account numbers, and health plan information related to Forever 21 employees. The company has taken the step of enlisting a specialist firm to conduct a thorough investigation into the incident.

https://nextdoorsec.com/recent-cyber-incident-hits-forever-21/