Security News

Chicago-based wireless carrier UScellular started informing customers last week that their personal information may have been accessed and their phone numbers ported as a result of a cybersecurity breach. Since employees were already logged into the CRM system, the attackers were able to access the CRM with the employee credentials and access wireless customer accounts and phone numbers.

Threat intelligence platform provider HackNotice has analyzed more than 60,000 breach reports over the last three years, and finds some disturbing results including the rate of increase in breaches and a relative decline in the number of official breach notifications. Leak reports containing data from a breached company as disclosed by hackers.

Mobile network operator USCellular suffered a data breach after hackers gained access to its CRM and viewed customers' accounts. In a data breach notification filed with the Vermont attorney general's office, USCellular states that retail store's employees were scammed into downloading software onto a computer.

The Woodland Trust, a peaceful British charity that looks after trees, was struck by a "Cyber attack" before Christmas. Members of the trust, which says it has planted 43 million trees since its foundation in 1972, were informed last night of what was inevitably described as a "Sophisticated, high level cyber-incident."

Gay dating app Grindr faces a fine of more than $10 million from Norwegian regulators for failing to get consent from users before sharing their personal information with advertising companies, in breach of stringent European Union privacy rules. The Norwegian data privacy watchdog said Tuesday that it notified Grindr LLC of its draft decision to issue a fine for 100 million Norwegian krone, equal to 10% of the U.S. company's global revenue.

Email security company Mimecast has confirmed today that the threat actor behind the SolarWinds supply-chain attack is behind the security breach it disclosed earlier this month. "Our investigation has now confirmed that this incident is related to the SolarWinds Orion software compromise and was perpetrated by the same sophisticated threat actor," Mimecast said.

The Australian Securities and Investments Commission on Monday disclosed a security incident that involved Accellion software. An independent commission of the Australian government, ASIC is the national corporate regulator, overseeing enterprise and financial services and also tasked with the enforcement of laws designed to protect consumers, creditors, and investors in Australia.

I think this is the largest data breach of all time: 220 million people. EDITED TO ADD: I seem to be conflating two stories, one current and one from last year.

The ShinyHunters hacking group offer a raft of information, from location and contact info to dating preferences and bodily descriptions, as a free download. More than 2.28 million members of the online dating site MeetMindful have reportedly been caught up in a wide-ranging data breach that exposes everything from Facebook tokens to physical characteristics. The ShinyHunters hacking group has stolen and published the personally identifiable data of MeetMindful users, according to a report from ZDNet.

UPDATE. SonicWall said a zero-day in its SMA 100 series 10.x code was targeted by "Highly-sophisticated" attackers. "On Sunday, January 31, 2021, the NCC Group alerted the SonicWall Product Security Incident Response Team about a potential zero-day vulnerability in the SMA 100 series. Our engineering team confirmed their submission as a critical zero-day in the SMA 100 series 10.x code," said SonicWall in an updated statement.