Cyber Bites

In January, Mimecast reported that a certificate compromise took place following the SolarWinds espionage campaign. However, Mimecast has recently confirmed that the firm’s source code repositories were also stolen during the attack. Initially, it was thought that the SolarWinds attackers had only stolen a small amount of Mimecast's customers' personal data, such as email addresses and certain hashed credentials. Now, it has emerged that the attacks did in fact also steal a "limited" number of...

The FBI has recently released their annual report on cybercrime in the US for 2020. The report has revealed that there has been a rise in complaints and financial losses due to cybercrime in 2020. The Internet Crime Complaint Center (IC3) has seen an increase of 69% in complaints relating to cybercrime since 2019, with 791,790 complaints issued in 2020. The report also claims that there has been over $4.2 billion lost to cybercrime in the...

Eastern Health has temporarily taken down its IT systems following a cyber incident earlier this week. The measures have been taken as a precaution, while the healthcare group attempts to understand and rectify the situation. It has also reassured the public that patient safety had not been compromised. The Incident has affected the healthcare provider's ability to perform less urgent medical procedures, though urgent elective surgeries are going to continue as planned. In a statement...

OCBC Bank in Singapore has turned on a face recognition feature at eight ATMs across the country. This bypasses the need for ATM cards, although access is still limited to viewing balance. There are plans to add cash withdrawals "progressively" at a future stage, with no specific timeline as to when this would be. Only eight ATMs currently include this feature in the city-state, including the local bank's main branch in Tampines, in CBD and...

Google has been accused by DuckDuckGo, a privacy-focused web browser, of spying on its users after Google published details of the personal data it has gathers from it's customers. A number of technology companies have been adding App Privacy labels to their apps, outlining what data they gather from their users in accordance with Apple’s App Store guidelines. Google took longer than other technology firms to release their privacy labels, resulting in accusations that it...

A threat actor has leaked data from the now-defunct WeLeakInfo data breach site, including payment and customer information. Last Thursday, the hacker published am archive of payment processing data used by the strip of a hacking forum known as RaidForums. The WeLeakInfo site offered paid subscriptions to users for searchable access to a database, which stored 12.5 billion user records; records stolen during data breaches. Included in this information were email addresses, names, phone numbers,...

The Spanish Data Protection Agency (AEPD) issued Vodafone Spain with the highest ever fine for failing to protect user data and using aggressive telemarketing tactics. Two of the fines relate to the EU's General Data Protection Regulation (GDPR), the third for breaching Spanish laws on digital rights and telecommunications and the fourth for violations of a Spanish law regarding cookies. The final fine totalled to $9.72m. The AEPD's decision came after 191 complaints were filed...

Google is being accused of collecting data from users who are browsing in "incognito mode". The lawsuit, brought against the tech giant in 2020, is said to go ahead and alleges that users' data was still being gathered by Google tools; even with the data collection turned off. A complaint claimed that: "Google tracks and collects consumer browsing history and other web activity data no matter what safeguards consumers undertake to protect their data privacy....

A former caseworker, contracted by Victoria's Department of Health and Human Services (DHHS) between April 2016 and September 2017, had access to the sensitive data of vulnerable children for a year after leaving their job. A report filed by OVIC (Office of the Victorian Information Commissioner) found that throughout their employ at DHSS the caseworker had access to a government computer system known as CRISSP. This system stores and manages files related to disability, family...