University of Pennsylvania Data Breach Claimed by Hacker
University of Pennsylvania Data Breach Claimed by Hacker
A hacker has claimed responsibility for a data breach at the University of Pennsylvania (Penn), alleging they stole records belonging to approximately 1.2 million students, alumni, and donors after gaining full access to an employee’s PennKey Single Sign-On (SSO) account. The initial incident was publicly noted when the attacker used a compromised Salesforce Marketing Cloud account to send offensive mass emails, but the breach’s actual scope is much wider, granting the hacker access to systems like Salesforce, Qlik, SAP, and SharePoint. The stolen data is highly sensitive, including names, dates of birth, addresses, phone numbers, estimated net worth, donation history, and demographic details, with the attacker claiming their primary motivation was to obtain the university’s donor database. The University of Pennsylvania reported the breach to FBI.
Source: TechCrunch, Bleeping Computer
Nikkei Reports Data Breach Impacting 17,000 Employees and Partners
Japanese publishing giant Nikkei announced a data breach that compromised its Slack messaging platform, exposing the personal information of over 17,000 employees and business partners. The cause of the breach was attackers gaining access to employee Slack accounts using authentication credentials stolen after an employee’s computer was infected with malware. The exposed data includes the names, email addresses, and chat histories for the impacted individuals. The outcome/status is that Nikkei discovered the breach in September and took immediate security measures, including mandatory password changes, and voluntarily notified Japan’s Personal Information Protection Commission despite determining the exposed data did not fall under mandatory reporting laws.
Source: Bleeping Computer
10.5 Million Affected From Conduent Data Breach
BPO giant Conduent confirmed a data breach, which was linked to a cybersecurity incident earlier in 2024 claimed by the Safepay ransomware gang, resulting in the compromise of records belonging to over 10.5 million people nationwide, with the largest group reported in Oregon. The breach, which involved unauthorized file theft from Conduent’s systems, exposed sensitive personally identifiable information, including individuals’ name, Social Security Numbers, full date of birth, health insurance policy or ID number, and medical information belonging to customers and clients of the business process outsourcing firm, which provides digital services to governments and enterprises.
Source: Infosecurity Magazine, Bleeping Computer
EY’s 4TB SQL Server Backup Exposed on Microsoft Azure
A massive 4TB SQL Server backup file belonging to the global accounting firm Ernst & Young (EY) was discovered publicly exposed on Microsoft Azure cloud storage. The incident was a data leak caused by an Access Control List (ACL) error rather than a direct cyberattack. The exposed backup file, a standard .BAK format, typically contains a full database dump that could include highly sensitive information such as schemas, user data, API keys, credentials, and authentication tokens. The data belonged to a subsidiary that was part of a 2020 acquisition, but no widespread misuse or malicious download was reported, as the exposure was found and responsibly disclosed by cybersecurity firm Neo Security, who noted that EY’s internal CSIRT (Computer Security Incident Response Team) responded swiftly to remediate the issue within a week.
Source: Cyber Security News, Security Affairs
Click here to subscribe our Newsletter
Click here for inquiries regarding the partner system of Penta Security
Check out Penta Security’s product lines:
Web Application Firewall: WAPPLES
Database Encryption: D.AMO
Check out the product lines of Cloudbric by Penta Security:
Cloud-based Fully Managed WAAP: Cloudbric WAF+
Agent based Zero Trust Network Access Solution: Cloudbric PAS
Agentless Zero Trust Network Access Solution: Cloudbric RAS
Click here for inquiries regarding the partner system of Cloudbric