****************** DATA THEFT, HACKING AND CYBERSECURITY **************
Scale of Data Breach Revealed
On July 9, 2015, the Office of Personnel Management (OPM) revealed a massive data breach of the government computer system, hitherto unknown, due to hacking, most likely from overseas. The data breach affected nearly 21.5 million people, including 19.7 million people who had applied to get their background checked and 1.8 million others such as spouses and friends related to applicants. The Office of Personnel Management (OPM) conducts the background checks for federal government. This data breach came to light by happenstance as OPM informed the Department of Homeland Security in April 2015 that there was an intrusion of its computer system compromising the private records of 4.2 million current and former employees. OPM then went ahead to work with FBI, and only then the massive data breach of 21.5 million people were detected. The massive data breach was revealed in a conference call by OPM Director Katherine Archuleta, who was adamant that she won't resign.
Personnel Management Chief Quits
As the scale of data breach and its impact began to sink in among the lawmakers and administration officials, the Director of Office of Personnel Management Katherine Archuleta couldn't put up any more defiant attitude in the face of rising demand for her to go, and announced her resignation on July 10, 2015.
OPM Admits Hack of More People's Fingerprints
Office of Personnel Management on September 23, 2015 said that fingerprints of at least 5.6 million people were stolen, almost five times the previous estimate of 1.1 million people.
China Acknowledges Country's Hackers Responsible for Data Breach
An article carried by the state-run Xinhua on December 2, 2015 acknowledged that the data breach, revealed in April 2015, at the White House's Office of Personnel Management that had compromised the personal information of about 21.5 million was carried out by people from China, but denied that it was state-sponsored as accused by some in the U.S. government.
****************** DATA THEFT, HACKING AND CYBERSECURITY **************
Cyberattack Spreading through Europe
A new and highly malignant malware was reported on June 27, 2017 to be spreading through computer systems in Europe and partially affected some parts of the USA, including Merck and Mondelez International, maker of snack brands such as Oreo and Nabisco. Ukraine and Russia were reported to have been affected most severely. June 27, 2017, malware and another May 2017 ransomware shared some common thread: they both used digital lock picks originally created by the National Security Agency, but later hacked and published online by a still-mysterious group known as Shadowbrokers. Both these cyberattacks exploited the so-called EternalBlue, created by the NSA.
Scale of Data Breach Revealed
On July 9, 2015, the Office of Personnel Management (OPM) revealed a massive data breach of the government computer system, hitherto unknown, due to hacking, most likely from overseas. The data breach affected nearly 21.5 million people, including 19.7 million people who had applied to get their background checked and 1.8 million others such as spouses and friends related to applicants. The Office of Personnel Management (OPM) conducts the background checks for federal government. This data breach came to light by happenstance as OPM informed the Department of Homeland Security in April 2015 that there was an intrusion of its computer system compromising the private records of 4.2 million current and former employees. OPM then went ahead to work with FBI, and only then the massive data breach of 21.5 million people were detected. The massive data breach was revealed in a conference call by OPM Director Katherine Archuleta, who was adamant that she won't resign.
Personnel Management Chief Quits
As the scale of data breach and its impact began to sink in among the lawmakers and administration officials, the Director of Office of Personnel Management Katherine Archuleta couldn't put up any more defiant attitude in the face of rising demand for her to go, and announced her resignation on July 10, 2015.
OPM Admits Hack of More People's Fingerprints
Office of Personnel Management on September 23, 2015 said that fingerprints of at least 5.6 million people were stolen, almost five times the previous estimate of 1.1 million people.
China Acknowledges Country's Hackers Responsible for Data Breach
An article carried by the state-run Xinhua on December 2, 2015 acknowledged that the data breach, revealed in April 2015, at the White House's Office of Personnel Management that had compromised the personal information of about 21.5 million was carried out by people from China, but denied that it was state-sponsored as accused by some in the U.S. government.
****************** DATA THEFT, HACKING AND CYBERSECURITY **************
Cyberattack Spreading through Europe
A new and highly malignant malware was reported on June 27, 2017 to be spreading through computer systems in Europe and partially affected some parts of the USA, including Merck and Mondelez International, maker of snack brands such as Oreo and Nabisco. Ukraine and Russia were reported to have been affected most severely. June 27, 2017, malware and another May 2017 ransomware shared some common thread: they both used digital lock picks originally created by the National Security Agency, but later hacked and published online by a still-mysterious group known as Shadowbrokers. Both these cyberattacks exploited the so-called EternalBlue, created by the NSA.
“Member
State” Cyberattack on Federal Agencies Reported
Reuters first reported on December 13, 2020 that
U.S. Treasury, Commerce and other federal agencies were hacked by a “member
state”. The scope of cyber-espionage was so broad that a meeting of the National
Security Council had been called to discuss the cyberattack on December
12, 2020. The Washington Post identified the hackers as affiliated
with APT29 of the Russian Foreign Intelligence Service, or SVR.
The hackers are reported to have taken advantage of vulnerabilities of a widely
used networking software made by SolarWinds. SolarWinds’ networking
software is used by more than 300,000 organizations, including federal
government agencies, NASA and Pentagon. The revelation of hacking against the
government agencies came days after a breach of the cybersecurity firm FireEye.
In that breach, hackers from the same Russian unit, APT29, hackers took
control of Red Team, or the tool used by FireEye, to run a mock attack and
assess the preparedness of clients’ status in the space of cybersecurity.
CISA Calls the Latest Intrusion a "Grave Risk"
U.S. government's Cybersecurity and Infrastructure Security Agency, or CISA, on December 17, 2020 gave the detailed assessment of the latest cyberattacks as reported the past weekend. CISA called the cyberattacks that had targeted government agencies and private sectors as "grave". The intrusion had started in March 2020, and continued unnoticed for several months. According to CISA, the intrusion was of great "sophistication and complex tradecraft" and posed a "grave risk" to US' "critical infrastructure". Although CISA didn't name who was behind the attack, the cybersecurity experts agreed that it was APT29, a group affiliated with the Russian Foreign Intelligence Service, or SVR.
President
Trump Disputes His State Secretary on Cyberattack; Speculates It may be China
Two
days after the U.S. Secretary of State Mike Pompeo on December 18, 2020 told
a Fox Radio host, Mark Levin, that it was “pretty clear” that Russia was
behind the recent cyberattack that launched a malicious code to piggyback on a widely
used network-management software from an Austin-based company, SolarWinds,
and infected about 18,000 organizations and government agencies worldwide from March
2020 to June 2020, President Donald Trump on December 20, 2020
dismissed his own secretary of state’s suggestions and floated, without
evidence, that it might be China that had launched cyberattack. The scale and lethality
of the cyberattack is so alarming and the number of cybersecurity experts is so
insufficient that authorities now believe that it will take months to kick out hackers
from all the infected systems.
Top Treasury Officials' e-mails Accessed, Senator Says
After a December 21, 2020, briefing by Treasury and IRS officials to the Senate Finance Committee headed by Senator Charles Grassley, R-IA, panel's ranking Democrat Sen. Ron Wyden, D-Oregon, said that hackers had accessed the e-mail system of top Treasury officials. Apparently, the cyberattack began in March 2020 and continued for months until FireEye recently caught the breach after the cybersecurity firm itself was attacked allegedly by attackers affiliated with Russian Foreign Intelligence Service, or SVR. The malicious code was inserted into a software update for a network-management software, Orion, owned by SolarWinds. SolarWinds' network-management software products are used by tens of thousands of organizations, including several government agencies. On December 21, 2020, Attorney-General William Barr joined the chorus of administration officials, including Mike Pompeo, in blaming Russian operatives for the latest cyberattack, countering the president, who falsely claimed that it was China, not Russia, which might have attacked.
Biden Admin Slaps Sanctions on Russia
In response to alleged effort to interfere in the 2020 election and cyberattacks on federal agencies and other U.S. interests, Biden administration on April 15, 2021 imposed sanctions against a host of Russian companies and individuals. In addition, White House ordered 10 Russian diplomats to leave the United States. The sanctions are being expected for quite some time as U.S. intelligence agencies have been mulling over it related to SolarWinds breach. Six Russian companies have been targeted for cyberespionage and 32 others--16 individuals and 16 entities--have been slapped with sanctions for election interference.
AT&T
Info on 73 million Accounts Put on Dark Web
AT&T disclosed on March 30, 2024 that the sensitive information on 73 million--7.6 million current customers and 65.4 million former customers--account holders were shared in the web's dark corner last week. The telecommunication behemoth assured the consumers that it would provide the complementary credit check for the afflicted customers.
AT&T Facing 10 Class Action Lawsuit
The Dallas Morning News reported on April 6, 2024 that AT&T was slapped with 10 Class Action lawsuits over data breach of 73 million existing and former customers.
CROWDSTRIKE
Faulty Software Update Leads to Thousands of Worldwide Flight Cancellations, Massive Disruptions
A faulty security update auto-pushed by Austin-based cybersecurity firm CrowdStrike had spiraling effect on July 19, 2024 morning, disrupting government services, shutting down parts of Starbucks' transaction system, adversely affecting many banking services and cancelling thousands of U.S. and international flights. The security update is meant for the Windows operating system, leading to a broad swath of industry covered by the scope and scale of the outage. CrowdStrike CEO George Kurtz, appearing on the NBC's Today Show on July 19, 2024, apologized for the faulty software and said that the fixes were on the way. The massive disruption shows how digitized world can be torpedoed and trounced when there are only few actors in the marketplace and a faulty software update from even one of them scales up multidimensionally and brings down the power of economic engine in vast domains of the economy.
JPMORGAN CHASE
Massive Data Theft at Chase Rankles the Financial World
The revelation of data theft at JP Morgan Chase came as a shock and surprise to many because it was granted that most of the financial institutions, left alone the nation's the biggest bank, would have near full-proof security against data theft. In a security filing on October 2, 2014, Chase admitted that the accounts of 76 million households and 7 million small businesses were compromised as of date. The overseas hackers were able to obtain names, addresses and phone numbers, but account numbers and social security numbers remained safe.
NEIMAN MARCUS
Neiman Marcus disclosed on late January 22, 2014 that 1.1 million credit and debit cards used at its stores might have been compromised in last year's security breach. The breach occurred through a malware that had collected payment card data from July 16, 2013 through October 30, 2013.
TARGET
One of the largest credit and debit card breaches in recent memory took place at Target during November 27 through December 15, 2013, in which at least 40 million credit and debit card accounts were stolen, according to a December 19, 2013, announcement by the company. The breach marked the second-largest to date, the largest breach took place in 2007 involving 90 million records at TJX Co.
Target on January 10, 2014 admitted that the breach might have affected more than what the company disclosed on December 19, 2013, and the number of customers affected could go as high as 70 million.
On January 16, 2014, a Dallas security company, iSight Partners, that often works in tandem with the US Secret Services and the Department of Homeland Security released a report, hinting that the breach that had happened at Target stores between November 27, 2013 and December 15, 2013 was part of a broader scam. The target breach impacted 40 million credit and debit card accounts, and personal information such as e-mail addresses and names of more than 70 million customers were stolen. (Source: The Dallas Morning News)
It's not only Target that was adversely impacted by the security breaches, another retailer which acknowledged in recent days about the security breaches is Neiman Marcus, the Dallas-based upscale clothing retailer. On January 13, 2014, Neiman said that the breach might have started in July 2013, and fully contained only by January 12, 2014.
YAHOO
Massive Hacking at Yahoo Reported
About 500 million user accounts are reported to have been hacked by a state sponsor, according to Yahoo on September 22, 2016. The reported hacking dates back to late 2014, and user names, passwords, date of birth information and addresses have reportedly been stolen. The scale of the Yahoo hacking that is now being investigated by the FBI dwarfs other recent hackings such as Target's nearly 100 million user accounts in 2014, e-bay's 148 million user accounts in 2014 and Anthem's 70 million accounts in 2015.
Additional Massive Hacking Reported
Yahoo on December 14, 2016 reported that about 1 billion user accounts had been reportedly hacked in 2013 in addition to 500 million user accounts hacked in 2014.
EQUIFAX
Personal Information of 147 million Customers Stolen; Equifax Settles for $700 million
The credit rating company Equifax in 2017 acknowledged that more than 147 million customers' personal information had been hacked. In the third week of July 2019, Equifax settled this case with the U.S. regulators for $700 million.
U.S. Charges Four Chinese Military Officials on Equifax Breach
Four Chinese military officials were charged on February 10, 2020 on charges of hacking the credit rating agency Equifax' database and stealing personal information of roughly 147 million consumers. The severity of the breach has stirred political rage and renewed call for protecting consumer information with tight compliance and protocols. Unveiling the charges against the four unnamed conspirators, who will most likely be outside the reach of U.S. authorities, Attorney-General William Barr said that the "scale of the theft was staggering". Last year, Equifax reached a $700 million settlement.
CAPITAL ONE
Capital One Reports Massive Data Breach
Capital One on July 29, 2019 made public that credit card applications of more than 100 million consumers were accessed by a hacker and social security numbers and other personal information for tens of thousands were stolen. A Seattle area transgender woman, Paige Thompson, was taken to custody related to the Capital One data breach. Capital One CEO and Chairman Richard Fairbank apologized, saying "I am deeply sorry for what has happened". The company said that the data breach might cost the financial services company $100 million to $150 million in near term.
U.S.
Warns against Ransomware Attacks against Hospitals Days before Election
Just
five days before the U.S. Presidential Election, U.S. Department of Homeland
Security, Department of Health and Human Services and U.S. Cybercommand
are issuing warning, according to an October 29, 2020, report carried by
The Associated Press, that Russian-speaking cybercriminals have
unleashed a ransomware, Ryuk, by leveraging a network of Zombie
computers known as Trickbot that Microsoft has tried to counter in early
October 2020. Ryuk aims at hospital data of patients and scrambles them
into gibberish formats, making them unusable by the hospitals. The hackers then
demand ransoms to help the hospitals unlock the gibberish data.
******************** RANSOMWARE ATTACK ON COLONIAL PIPELINE *********************
Ransomware Cripples Operation at One of the Largest Pipeline Operators
A ransomware attack on May 7, 2021 against Colonial Pipeline that carries about 45% of fuel from refineries in the Gulf Coast to the East Coast consumers has forced the operator to shut off critical functions within hours. In a statement released in the aftermath of ransomware attack on May 7, 2021, Colonial Pipeline said that the ransomware attack had been launched against parts of its IT or business network systems, and out of abundance of caution, it "took certain systems offline to contain the threat". The Washington Post reported on May 8, 2021 that an Eastern Europe-based group, DarkSide, was behind the ransomware attack. A White House statement issued on May 8, 2021 said that President Joe Biden had been apprised of the incident in the morning. The executive director of the Cybersecurity and Infrastructure Security Agency, a DHS agency tasked to oversee the country's cyber-defense preparedness, said that "this underscores the threat that ransomware poses to organizations regardless of size or sector". Eric Goldstein added further that every organization should "take action to strengthen their cybersecurity posture to reduce their exposure to these types of threats". Federal officials and the private security firm Mandiant, a division of the cybersecurity company FireEye, were probing the ransomware attack on the Colonial Pipeline's Information Technology and business network systems.
Gas Shortage Looming in the East Coast
Because of a May 7, 2021, ransomware attack on parts of the information technology and business network systems of Colonial Pipeline that has forced the shutdown of critical operation of the pipeline company, drying up about 1.2 million barrels per day to the consumers of the East Coast, and subsequent incremental restoration of the functions that will take at least four or five days for normal shipment to resume, there is a wide-spread shortage of fuels in gas stations across states from Florida to North Carolina to New York. Airlines are adjusting their long-haul flights accordingly, making a stop to refuel at airports outside the Eastern Seaboard. American Airlines has decided to convert a non-stop Charlotte to Hawaii flight into one-stop at DFW International Airport for refueling. As of May 11, 2021, Colonial Pipeline is back to fraction of its normal operational capacity.
Colonial Restarts Pipeline, but Normal Delivery of Fuel yet to Pick up
On May 12, 2021, Colonial Pipeline restored the operation of the nation's largest pipeline after days of long lines and fuel shortages in the Southeast. Colonial issued a press release, stating that "all lines, including those lateral lines that have been running manually, will return to normal operations". However, the delivery to reach normal levels will take few more days.
Colonial Pipeline's Normal Delivery Hits the Market; Company Reported to have Paid Ransom
Colonial Pipeline that had resumed operation on May 12, 2021 reported on May 15, 2021 to have achieved the feat of normalized delivery in the retail market during the day as The Associated Press reported that Atlanta-based pipeline company had paid $5 million in cryptocurrency for decryption key.
Colonial CEO Acknowledges Paying Ransom
In an interview with The Wall Street Journal on May 19, 2021, Colonial Pipeline CEO Joseph Blount said that he had given authorization for paying $4.4 million to the hackers as he had wanted badly to get the fuel running to the gas stations as soon as possible and minimize the sufferings of people along the Eastern Seaboard.
******************** RANSOMWARE ATTACK ON COLONIAL PIPELINE *********************
****************************** RANSOMWARE ATTACK ON JBS SA **************************
Ransomware Attack Idles Parts of Meat-Processing Giant's N. American and Australian Operations
A ransomware attack affected the company's servers supporting the North American and Australian operations, according to a May 30, 2021, statement issued by JBS. This is the second time a ransomware attack idled parts of a vital network of an industry--this time it's a meat-processing company--days after a similar attack on the Colonial Pipeline forced a run on gas stations along the country's eastern seaboard.
Meat-Processing Company Resumes Operations
After a weekend of ransomware attack targeting the company's servers that support Australian and North American operations, world's largest meat processing company, JBS, is back online in almost all of its facilities, according to a June 2, 2021, report by The Associated Press. JBS notified the U.S. authorities that the ransomware attack had been launched by REvil, a cyber-hacking group, believed to be operating from Russia. JBS issued a press statement late June 1, 2021, saying that it had made "significant progress" and all of its operation would be online by June 3, 2021.
****************************** RANSOMWARE ATTACK ON JBS SA **************************
************************ RANSOMWARE ATTACK AGAINST KASEYA ************************
Ransomware Spreading Rapidly across Globe in the 4th July Weekend
The cybersecurity experts and corporations across the world are alarmed by the latest ransomware attack whose presence first came to light on July 2, 2021. The ransomware targeted the software firm Kaseya, using its network-management package as a vehicle to spread through the cloud-service providers. Kaseya CEO Fred Voccola said in a statement that the software firm was working to "release" a "patch as soon as possible to get our customers back up and running". Although Voccola said that less than 40 of the company's customers were affected by the latest ransomware, many cybersecurity experts believe, that numerous clients--many of them are small businesses--of Kaseya's customers have been affected too. The cybersecurity firm ESET has said that the ransomware victims span across 17 nations, including United Kingdom, South Africa, Canada, Argentina, Mexico and Spain. Swedish grocery chain Coop on July 3, 2021 have been unable to open its cash registers at 800 of its stores, according to the Swedish public broadcaster SVT. Swedish State Railways was also affected as of July 3, 2021. A Russian-speaking syndicate, REvil, is thought to be behind the latest ransomware attack that encrypts a company's network until it pays ransom to get a decryption key. John Hammond of the security firm Huntress Labs said that a number of managed-service providers--firms that host IT infrastructure for multiple customers--had been hit by this ransomware. Fred Voccola, CEO of Kaseya, said that only the company's "On-Premise" customers, with their own data centers, were hit by the ransomware. Kaseya's cloud-based services have not been affected by the ransomware. But, out of abundance of caution, the company has shut down the servers that support its cloud-based services.
FBI, Homeland Security Investigating the Ransomware Attack
As companies are scrambling to contain the spread of one of the largest ransomware attacks, FBI has said on July 4, 2021 that it has joined the Cybersecurity and Infrastructure Security Agency, an arm of the Department of Homeland Security, in investigating into the ransomware attack which has taken advantage of Kaseya's network-management package and has used it as a conduit to spread through the cloud-service providers. Kaseya's customers provide IT services to multiple small and medium businesses across the world, and it is these set of small and medium businesses which are now scrambling to defend their networks. U.S. President Joe Biden said on July 3, 2021 that intel agencies would carry out a "deep-dive" analysis to see whether Kremlin was at all involved. Last month, Biden told Putin during their first summit to shut down the cybergangs who had been working from Russia with impunity.
************************ RANSOMWARE ATTACK AGAINST KASEYA ************************
Coordinated Condemnation of China over Microsoft Cyberattack
U.S., E.U., NATO and other world powers issued a joint statement on July 19, 2021, holding responsible China's Security of State and hackers linked to it for Microsoft Exchange server software attack that had happened earlier this year. Microsoft announced in March 2021 that its e-mail server software were hacked by Chinese hackers. This is the first time NATO has joined officially in blaming China so forcefully in a cyberattack.
South
Africa’s Port and Rail Company Hit by Ransomware
Transnet, company that runs South Africa’s ports and
rail operations, declared force majeure in the aftermath of a ransomware
attack on July 22, 2021, forcing the company to transition from
computerized to manual mode of handling cargo at Durban and other ports. The
ransomware attack is believed to have been orchestrated by hackers from Eastern
Europe and Russia.
Cybersecurity
Firm Blames Russian State Actors
A
California-based cybersecurity firm, RiskIQ Inc., on July 30, 2021
issued a report that said of some 30 command and control servers—used by
Cybercriminals to send messages and orders to the compromised networks—associated
with the APT29, or Cozy Bear, a state-sponsored hacking group. APT
stands for “Advanced Persistent Threat”. The RiskIQ report, released
on July 30, 2021, accused APT29 hackers of unleashing a malicious
ransomware, WellMess. In July 2020, intelligence agencies from the U.S.,
U.K. and Canada agreed that APT29 was part of the Russian intelligence services.
The group was accused of stealing the COVID-19 research-related data and other
relevant information. The same group was blamed for stealing information from
DNC in the 2016 Presidential Election.
MANDIANT: Cybersecurity Firm Blames Belarus for Sowing Discord in Europe
A report issued on November 16, 2021 by Mandiant, a revered and renowned cybersecurity firm and cyber-sleuthing practitioner, that closely works with the western law enforcement agencies, points to the involvement of Belarus actors in the activities of Ghostwriter, a hacking group that is active in propagating falsehood, stealing personal information and profiteering from illicit cyber operation. Mandiant report said that it had the forensic proof of the linkage between Belarus and Ghostwriter. Hackers compromised accounts of German lawmakers and other European entities to sow discord among European nations, especially targeting the Eastern European nations.
Iran Link to Cyber Hack Reported, A Separate Microsoft Report Confirms Iran Link
A joint advisory by the U.S., U.K. and Australia issued on November 17, 2021 tied Iran-based hackers to a broad range of cybersecurity intrusions in recent months in transportation, healthcare and public health sectors in the U.S. The advisory added that the initial hacking allowed the hackers to further compromise the targeted entities through exfiltration, ransomware and extortion.
Separately, Microsoft said on November 16, 2021 that it had found that six different groups backed by Iran had been carrying out cyber attacks in the past one year. One group befriends its target before hacking, said James Elliott, a member of Microsoft Threat Intelligence Center.
Kate Blankenship, a threat analysis director of the cybersecurity firm Crowdstrike, said that Iran had mastered the so called low-cost "lock and leak" model, involving locking the network by ransomware followed by stealing information and leaking them publicly.
DOJ-launched Perseus Destroys Russian Malware Snake
Cyberhackers linked to a unit of Russia's Federal Security Services, or FSB, have been targeting government institutions in NATO member nations, including the U.S., through a malware called Snake. U.S. cybersecurity experts are following the malware, Snake, over the past decade. The Department of Justice said in court papers on May 9, 2023 that the [U.S.] government had foiled a recent spurt of cyberattacks launched from FSB's Ryazan office. A unit of FSB, known as Turla, has recently refined and improved the quality of Snake to evade detection. However, this week, according to the May 9, 2023, DOJ filing, a tool known as Perseus was able to inflict a fatal blow to Snake through a self-destruction mechanism.
Hacking on U.S. Government Agencies Prior to Blinken's China Visit
The Dallas Morning News reported on July 13, 2023 that a hacking group backed by the Chinese authorities had accessed the U.S. government agencies' data prior to Secretary of State Anthony Blinken's China trip. The officials targeted by the hacking group Storm-0558 include Commerce Secretary Gina Raimondo and other officials involved in the China-related policymaking. The hackers exploited vulnerabilities in the Microsoft Outlook system and used impersonation to access and steal the data. None of the hacked, or stolen, data included any classified information, according to the report. On July 12, 2023, Microsoft disclosed the hacking, saying that a state-backed, espionage-focused Chinese hacking group's intrusion came to its attention on June 16, 2023.
******** RANSOMWARE ATTACK AGAINST CITY OF DALLAS AND DALLAS COUNTY *********
More than 26,000 People's Private Information Hacked in the City of Dallas Ransomware Attack
That a prominent city like Dallas can be so vulnerable to cyberattack has become visible in recent months as Royal, a ransomware group, has launched one of the most concerted, comprehensive and vicious cyberattacks, targeting the city of Dallas and marking the worst attack among any of the Texas cities to date. City of Dallas first informed the public on May 3, 2023 about the cyberattack, without divulging the details. City of Dallas contends that the hackers may have attacked the servers and accessed the related information dating back to April 7, 2023. The city authorities gave bits and pieces of information about the attack since then. However, the city communicated to the state AG's Office last week that 26, 212 people, including city employees and citizens, had been affected by the hacking. The private information compromised include name, social security number, birth date and other vital information, according to a front page article carried by The Dallas Morning News on August 9, 2023. Under the existing law, any organization has 60 days to officially inform the OAG related to any cyberattack. City of Dallas took 97 days, leveraging the few exceptions embedded in the law. A legislation--Senate Bill 768--was passed in this year's session and signed by Governor Gregg Abbott that would cut down the wait time from 60 days to 30 days. Sen. Tan Parker, R-Flower Mound, authored the bill that will be effective on September 1, 2023. The SB 768 will apply to any cyberattack affecting 250 or more people.
Ransomware Attack against Dallas County Reported
The Dallas Morning News print edition reported on October 31, 2023 that a ransomware group, Play, claimed in a dark internet site that they had accessed the information stored in the Dallas County system. The county knew about the ransomware attack since at least October 19, 2023, and engaged with an outside cybersecurity firm. At least 72 local governments were subjected to cyberattacks this year alone. In April 2023, a separate hackers group, Royal, stole 80,000 files from the City of Dallas system.
Separately, Royal locked the Dallas Appraisal Department's website with a ransomware attack in November 2022 and extracted $170,000 in ransom to unlock the appraisal system.
Dallas County Claims to Have Thwarted Cyberattack
Dallas County on October 30, 2023 issued a statement, saying that it stopped a cybersecurity attack earlier in the month. A ransomware group, Play, though, claimed in the past weekend on a dark corner of the internet that it had stolen information from the Dallas County computer system.
Dallas County Bilked out of $2.4 million
Cybercriminals defrauded Dallas County to the tune of $2.4 million by posing as a bona fide vendor, according to The Dallas Morning News' December 5, 2023, front-page news article. The county authorities became aware of the stealing on November 18, 2023, and launched an investigation in response to the fraud. Later the investigation was handed over to the FBI. This is the latest of the long streak of computer and network security breakdown experienced by the Dallas County. In January 2023, the county authorities auctioned off its old computers that inadvertently contained personal information of people. In April 2023, Dallas County Auditor's Office rolled out a new finance software without much testing and putting enough guardrails, leading to missed and delayed payments to employees and vendors. In some cases, invoices remained unaddressed for months. In May 2023, Dallas County had a rocky rollout of a new criminal case management system, Odyssey, leading to less than transparent and clear communication among prosecutors, public defenders, DA's Office, Sherriff's Office and multitude of county offices. On the top, there was cyberattack by a group called the Play in October 2023. The hackers stole personal information of the people and made them public in dark websites.
******** RANSOMWARE ATTACK AGAINST CITY OF DALLAS AND DALLAS COUNTY *********
******************************** ONLINE PRIVACY BILL ***********************************
Bipartisan Bill to Protect Online Consumer Privacy
A bipartisan compromise to protect online privacy of consumers was unveiled on April 7, 2024 by Senate Commerce Committee Chair Maria Cantwell, D-Washington, and her Republican counterpart in the House, House Energy and Commerce Committee Chair Cathy McMorris. The bill is the first ever try by the lawmakers to introduce the new criteria on the federal baseline for what data the firms can collect, transfer and retain.
******************************** ONLINE PRIVACY BILL ***********************************
******************************** CYBERATTACK ON CAR DEALERS ***********************
One-Two Punches of Cyberattacks Startle Dealers
Since June 19, 2024, two instances of compromises have occurred targeting the sole vendor that manages payroll, sales, management and marketing work-streams of more than 15,000 car dealers. CDK Global breach represents one of the most consequential data breach cases in the vital domain of car sales, resales and trade market.
******************************** CYBERATTACK ON CAR DEALERS ***********************
No comments:
Post a Comment