August 2021 has been a ‘quiet’ month with very few reported cyber-attacks and data breaches, compared to some previous months. August only saw 84 incidents accounting for 60,865,828 breached records, and that figure would be a lot less if not for the attack on T-Mobile. The T-Mobile incident was  originally reported as only affecting 7.8 million customers and 40 million records; however, a week later that figure rose to 53 million:

T-Mobile hit by huge Cyberattack

On 20 August T-Mobile US Inc revealed that there is an ongoing investigation into a data breach, as hackers were able to access customers’ personal details. Originally reported as 7.8million customers, the number has now risen to more than 53 million customers. Data taken included addresses, dates of birth and phone numbers of customers. T-Mobile has said that there is no indication that financial information has been taken.

This attack has resulted in some T-Mobile customers suing the company for damages in Seattle federal court, saying that the cyberattack violated their privacy and exposed them to a higher risk of fraud and identity theft. T-Mobile has had 6 other data breaches in the past 4 years. This shows how vulnerable their IT systems are and is beginning to worry customers.

There has been a number of big cyberattacks on large companies in the US, because hackers have been exploiting weaker user system privacy and security due to people working from home due to the pandemic. It has never been so easy to hack into larger businesses. We recommend identity monitoring that searches the web and dark web to identify any of your leaked data.

Isle of Wight Schools Hit by Ransomware Attack

A ransomware attack affected six schools in the Isle of Wight, preventing staff from accessing their systems. The Isle of Wight Education Federation said its IT systems were compromised by a ransomware attack which has encrypted its data. The council said the affected schools were Carisbrooke College, Island 6th Form, Medina College, Barton Primary, Hunnyhill Primary and Lanesend Primary. The Federation said it was working with police and Isle of Wight Council to identify how this attack occurred and how to prevent this from happening again in the future.

Education is often an easy target for breaches, either through human error, or direct attack. We have a range of tools to specifically help protect education systems, so speak to our team on 01453 700 800 for more information.

Cyberattack on Indiana COVID Tracing Survey

Nearly 750,000 Indiana residents had personal records taken after the Indiana State Department of Health had the state’s online contact tracing survey hacked into. The personal information included names, addresses, email, gender, ethnicity and race, and birth dates but no medical or social security information was taken.

This attack took place on 2 July and the State took immediate steps to resolve the issues, correcting the software configuration that had allowed the breach. The hackers didn’t return records until 4 August when this hacking was announced. The State and the hackers have signed a “certificate of destruction” to confirm that the company had destroyed the data and had not given it to anyone else.  Indiana state officials are now offering one year of free credit monitoring to those who have been affected.

Cryptocurrency Hackers Steal $600 Million

$600 million (£433m) was stolen in August, in what looked to have been one of the biggest cryptocurrency heists ever. Poly Network, a blockchain site explained that the hackers exploited its system and took thousands of digital tokens such as Ether. Poly Network wrote a letter, published on Twitter, which asked the hackers to “establish communication and return the hacked assets.” Shortly after the hack, the attackers started to return the money, first in small amounts then gradually building up. In scale, the hack is on par with huge recent breaches at exchanges such as Coincheck and Mt Gox.

The amount hacked was of the biggest in decentralised finance history. Poly Network said a preliminary investigation found a hacker exploited a “vulnerability between contract calls”. It asked different exchanges to block deposits of the coins, as millions of dollars in tokens got transferred to separate cryptocurrency wallets. While initially looking like a straightforward heist, the hacker in question subsequently returned the majority of the money, highlighting that their intention was to highlight system vulnerabilities and security flaws. Not all of the money has yet been returned, although early indications are that they will be.

Data Breach at the University of Kentucky

A data breach at the University of Kentucky has revealed personal information of thousands of students and staff. It was caused by a vulnerability in a server associated with the University’s College of Education database. More than 355,000 email addresses were exposed in the security incident, with victims from all over the world.

“The database is part of a free resource program known as the Digital Driver’s License for training and test-taking used by K-12 schools and colleges in Kentucky and other states,” said the University of Kentucky’s chief information officer, Brian Nichols, in a statement. The university revealed that the database also included personal information belonging to students and teachers “in all 50 states and 22 foreign countries.” However, the university has confirmed that no financial, health or social security information was exposed. University officials said that they have notified the school districts impacted by the data breach and informed the appropriate legal authorities.

Even though the university has invested $13m in cybersecurity over the past five years this attack was still able to happen. To help prevent a similar incident from occurring, the University of Kentucky’s Information Technology Services will be investing an additional $1.5m to fund cybersecurity defences. A further safety measure that will be rolled out is that the university will deactivate accounts for students and employees who leave the university.

Cream Finance loses $25 million in their Second Attack in 6 months

For the second time in six months, Cream Finance has suffered another attack due to a “reentrancy bug,” according to blockchain security and data analytics company, PeckShield. The incident was confirmed on Twitter, saying that AMP tokens and Ether (ETH) were lost. It was said the hacker did it to re-borrow assets during its transfer.

Cream Finance confirmed this, saying that the hacker stole 418,311,571 in AMP and 1,308.09 in ETH, which is estimated to be around $25 million. Meanwhile, the Cream team said they have suspended supply and borrow on AMP, to stop and fix the issue and reassured users that no other markets were affected.

Previously, they were attacked in February, which resulted in the loss of about 13,000 ETH, equivalent to $24 million at the time of the attack. The price of the Cream token dropped by 30 percent as a result. This August attack didn’t constitute any significant drop in the price of the AMP token. The token was trading at $0.05234 – an 11.7 percent drop in a 24-hour chart. The Cream token was also trading at 5.18 percent at $166.64.

Ransomware attack on Eye Clinic in Singapore

A ransomware attack earlier this month has affected the personal data and clinical information of nearly 73,500 patients of a private eye clinic. Names, addresses, identity card numbers, contact details and clinical information such as patients’ clinical notes and eye scans were exposed on the 25 August. The clinic has said that no credit card or bank account information was accessed or compromised.

The Ministry of Health in Singapore are investigating the incident, carrying out a thorough review of its systems and work with the Cyber Security Agency (CSA) to “take immediate mitigating actions to strengthen its cyber defences”.

Ford bug exposed customer and employee records from internal systems

A bug on Ford Motor Company’s website allowed for accessing sensitive systems and obtaining data, such as customer databases, employee records, and internal tickets. The incident stemmed from a misconfiguration of Pega Infinity customer engagement system running on Ford’s servers. The vulnerability was discovered by Robert Willis and break3r, with further validation and support provided by members of Sakura Samurai ethical hacking group. The issue is caused by CVE-2021-27653, an information exposure vulnerability in improperly configured Pega Infinity customer management system instances. The attack happened in February 2021 but was only revealed in August. Ford is still sorting all the issues this bug has caused.

Chase Bank Leaks Customer information to other customers

A large bank in the US, Chase Bank, has admitted to the presence of a technical bug on its online banking website and app that allowed accidental leakage of customer banking information to other customers. Personal details of Chase bank customers including statements, transaction lists, names, and account numbers were potentially exposed to other Chase banking members. It is believed the incident was between 24 May to 14 July 2021, but only published now. The incident impacted online banking and Chase Mobile app customers who shared similar information. The bank blames a technical issue for the incident.

Affected customers are now being offered free credit monitoring. Although there is no indication of data misuse associated with this incident so far, individuals should remain vigilant and be on the lookout for any “Chase” phishing emails they may receive in the near future.

Gelre Hospital Attacked by Cyber Criminals for Weeks

In August, for three weeks, hackers tried to break into the ICT environment of Gelre hospitals. They failed to loot privacy-sensitive data or other information. However, as a precaution, the healthcare institutions have increased the security measures. IT staff noticed the attack attempt early on, which therefore allowed them to react quickly and repel most of the attacks. The hackers only managed to get into a few employee mailboxes and the IT staff have said “no data has been sent or downloaded from the accounts.” The Board of Directors of Gelre hospitals ‘strongly’ regrets that this incident took place and the hospital say they now working with ‘renowned security software’ and are doing everything they can to prevent incidents like this again.