[Security Weekly] Washington Leaks 1.6 Million Unemployment Claims Due to Software Vulnerability

1st Week of February 2021

 

1. Washington exposes 1.6 million unemployment claims due to software vulnerability

The Office of the Washington State Auditor (SAO) disclosed a data breach that may have compromised the personal data of 1.6 million residents who claimed unemployment benefits.

The attackers gained access to the data by exploiting a zero-day software vulnerability in Accellion’s legacy file transfer application, which the SAO uses to share sensitive files with external stakeholders. Even though the attack took place in December 2020, Accellion only notified SAO of the incident in late January.

The compromised files belonged to the Employment Security Department (ESD) of Washington State. Personal details such as names, social security numbers (SSN), and employer names were among the exposed data.

A number of Accellion’s customers were affected by the zero-day vulnerability. Over the past two months, hackers exploited this vulnerability and successfully breached the Reserve Bank of New Zealand, the Australian Securities and Investments Commission (ASIC), as well as Harvard Business School.

A logical web application firewall (WAF) like WAPPLES can effectively detect and block a large number of zero-day exploits, thanks to its sophisticated detection rules created by AI. Click here to learn more about WAPPLES.

Sources: Bleeping Computer, OPB

 

2. UScellular leaks customer info after hackers gain remote access to CRM system

UScellular, the fourth-largest telecommunications service provider in the US with more than 5 million customers, disclosed a data breach that may have leaked its customers’ personal data, after hackers gained remote access to its customer relationship management (CRM) system.

According to UScellular, the intrusion took place on January 4, where unknown hackers used phishing techniques to lure its employees into downloading malware on their computers. The malware allowed the hackers to remotely access the computers and thus navigate through the CRM system.

The exposed information included the customers’ names, PINs, mobile phone numbers, home addresses, and usage and billing information. Fortunately, UScellular reassured its customers that their SIN numbers and credit card numbers were not accessible from the CRM.

Cyberattacks on telecom companies are on the rise. Over the past two months, both T-Mobile and Italian-based Ho. Mobile suffered data breaches. These are apart from Hezbollah’s hacking campaign which breached dozens of telecom firms across over seven countries.

Sources: Tech Times, Bank Info Security, Forbes

 

3. UK Research and Innovation suspends services after ransomware attack

UK Research and Innovation (UKRI), a public agency funded by the UK’s Department for Business, Energy and Industrial Strategy, disclosed a ransomware attack in late January that halted some of its critical services. Consisted of nine councils, UKRI provides professional support and grants for innovative startups. 

The ransomware operators encrypted parts of UKRI’s IT system, which resulted in the shutdown of two major services. One of them is a portal that is used to provide information to subscribers, while the other is an extranet used to process peer reviews.

It remains unclear whether parts of the data in the encrypted server were exfiltrated before they got encrypted. The data exposed to the attackers included grant applications, peer reviews, and expense claims. Both services have remained offline for over a week.

Sources: ZDNet, Bleeping Computer

 

4. British real estate agency Foxtons leaks 16,000 customer card details, report claims

On February 3, a local newspaper reported that over 16,000 payment card details of Foxtons’ customers were found to have been published on the dark web. Foxtons is a real estate agency based in London, England, and traded on the London Stock Exchange.

According to the report, a customer discovered that the payment card details and billing addresses of over 16,000 Foxtons customers were uploaded on the dark web in October 2020. Even though the data only included customers prior to 2010, roughly one-fifth of the payment card information still works today, as shown from a sample test. The post has been viewed over 15,000 times in the past three months.

Foxtons responded to the news by saying that it did suffer a malware attack that affected some of its services back in October 2020 and filed the case with ICO. However, at the time, it was not aware of any leakage of sensitive customer data and thus was not required to disclose the incident to the public. 

It is not clear exactly how many customers were affected, since the data published could have only included a portion of the full data. Experts advise customers of Foxtons to watch out for potential payment card fraud.

Sources: Infosecurity, Property Industry Eye

 

Check out Penta Security’s product lines:

Web Application Firewall: WAPPLES

Database Encryption: D’Amo

Identity and Access Management: ISign+ 

Car, Energy, Factory, City Solutions: Penta IoT Security