[Security News] Australian Lender Latitude Suffers Data Breach Impacting 14 Million Customers
March 2023
1. Australian loan giant Latitude suffers serious data breach after cyberattack
Latitude Financial Services, Australia’s largest non-bank loan provider, confirmed that a cyberattack in early March led to a data breach impacting 14 million customers.
The cyberattack was detected on March 16, in which a hacker used an employee’s login credential to gain access to Latitude’s customer data from two of its service providers. IT systems were shut down to contain the attack.
It was later discovered that the hacker exfiltrated 14 million personal records during the attack. This included 7.9 million Australian and New Zealand driver’s licence numbers, with an estimated 40% being active (submitted within the past ten years). 6.1 million additional records dating back to 2005, as well as 53,000 passport numbers were also stolen. Regardless of the validity of the ID, information such as names, dates of birth, addresses, and phone numbers remain relevant indefinitely.
Latitude and law enforcement authorities warned all victims that exposed data could lead to highly targeted phishing attacks. Latitude has offered free identity protection services and promised to reimburse ID replacement fees for those affected.
Sources: Bleeping Computer, The Guardian
2. Newly discovered MacStealer malware infects multiple versions of MacOS
A new info-stealing malware targeting MacOS was discovered on a dark web forum by security researchers at Uptycs. Known as MacStealer, the malware infects multiple MacOS versions from Catalina (10.15) to the latest Ventura (13.2).
Since early March, MacStealer’s developer began operating a malware-as-a-service (MaaS) model by selling prebuilt DMG payloads for $100, claiming that it is still in early development stage with more features to be added.
The malware gets activated when a user gets tricked into executing the .DMG file. Once executed, it is capable of retrieving session details from Chrome, Firefox, and Brave, potentially stealing account passwords and credit card information. It also exfiltrates the iCloud Keychain database, which contains account passwords and private keys. Additionally, the malware can collect system information and credentials from a wide range of cryptocurrency wallets.
MacStealer creates ZIP files of all the stolen information on the victim’s device and sends it to the C2 infrastructure of the attacker, after which it deletes the ZIP files on the device to erase all traces of intrusion.
Sources: Uptycs, Infosecurity
3. ChatGPT vulnerability exposed payment information of subscribers
OpenAI disclosed on March 24 that a data breach may have exposed the personal and payment information of some of its paid subscribers.
Caused by a vulnerability in the Redis client open-source library, the bug allowed some subscribers to view the personal and payment information of another subscriber. During a nine-hour window between 1 am and 10 am (PST) on March 20, some subscribers that clicked into the “Manage my subscription” page were given the information of another subscriber. Such information included full names, email addresses, billing addresses, and the last four digits of credit card numbers and expiry dates.
It is said that this incident affected about 1.2% of ChatGPT Plus subscribers. The bug has been fixed and there is no more risk to user data.
Sources: Infosecurity, SecurityWeek
4. Hacker steals personal data of US Congress members through DC Health Link
DC Health Link, a health insurance marketplace for residents of Washington D.C, suffered a cyberattack on March 6, where the hacker stole sensitive personal records of insurance policyholders. Among them are hundreds of US Congress members, staff, and their families.
The incident was investigated by both the FBI and Capitol Police. It was later identified that the hacker, known as IntelBroker, posted the stolen data for sale on a dark web marketplace, which is now marked as sold. According to the post, IntelBroker claimed to have stolen the personal records of 170,000 healthcare subscribers. These records contained full names, dates of birth, home addresses, Social Security Numbers, benefit types, work emails, and citizenship status.
Despite the seriousness of the breach, the FBI suggested that it has found no evidence showing that the hacker purposefully targeted the Congress. All victims are being contacted.
Sources: SC Media, TechTarget
Check out Penta Security’s product lines:
Web Application Firewall: WAPPLES
Database Encryption: D’Amo
Identity and Access Management: iSIGN+
Car, Energy, Factory, City Solutions: Penta IoT Security