There were 81 publicly disclosed cyber security incidents in November 2021 totalling 223,615,390 breached records. With only one month to go in the year the annual running total of compromised records is just shy of 5 billion.

Labour Party hit by Cyber Attack

Members of the Labour Party were involved in a cyber attack on the 29 October 2021, which was only revealed to the public on the 2 November 2021. They said that they had been affected by the event via a third-party firm that handled membership data on its behalf, and “a significant quantity” of party data was “rendered inaccessible on their systems”.

The Information Commissioner’s Office and National Cyber Security Centre are still looking into the incident. In a statement, Labour explained that they are working with both authorities, as well as the National Crime Agency, to find out what had happened.

The party also said it was “working closely and on an urgent basis with the third party in order to understand the full nature, circumstances and impact of the incident”, but that its own data systems were unaffected. Labour is still yet to reveal who the third party is, the scale of the incident or what type of data was affected, but it did say the incident involved information provided to the party by its “members, registered and affiliated supporters, and other individuals who have provided their information”.

‘Highly sophisticated’ Cyber Attack on Kent School Files

Hackers have leaked private information from some Kent schools onto the dark web in a cyber-attack. A “limited” number of files from a small number of county schools was posted. It comes only a few months after the Kent Learning Zone, part of an education network run by Cantium, was subjected to a “highly sophisticated” cyber-attack in June 2021. Kent police are now involved and have informed Cantium that data has been uploaded on a part of the internet, which is not accessed through search engines, known as the dark web.

Investigations are being carried out as a “matter of urgency” to establish the precise nature of any impacted data and the identity of any affected users. The incident has been reported to the UK’s Information Commissioner’s Office. A spokesman for Cantium said: “We are working closely with the relevant authorities and the Information Commissioner’s Office to establish what happened. A new helpline has been set up so that any Kent schools concerned about the breach can talk to an adviser.

For any schools needing help and support with their cybersecurity, ask us about our dedicated school protection service.

GoDaddy hit by data breach

Web hosting giant GoDaddy has reported a data breach and warns that data on 1.2 million customers may have been accessed. GoDaddy’s chief information security officer Demetrius Comes said the company detected unauthorised access to its systems where it hosts and manages its customers’ WordPress servers. The unauthorised person managed to use a compromised password to gain access to GoDaddy’s systems on 6 September, but the breach was not discovered until the 17 November 2021. It’s not clear if the compromised password was protected with two-factor authentication. The breach is likely to have affected 1.2 million active and inactive managed WordPress users, who had their email addresses and customer numbers exposed.

GoDaddy said this exposure could put users at greater risk of phishing attacks. The web host also said that the original WordPress admin password created when WordPress was first installed, which could be used to access a customer’s WordPress server, was also exposed.
GoDaddy has reset its customer WordPress passwords and private keys and is in the process of issuing new SSL certificates.

Angling Direct website hit by big cyber attack

Angling Direct, a big fishing equipment retailer suffered a cyber-attack this month, which meant they had to shut their website down. Angling Direct detected ‘unauthorised activity and immediately shut down their website, while cyber security experts investigated what had happened. Their social media accounts also appear to have been compromised. The Angling Direct twitter feed had a post which stated: “Our site has been sold to MindGeek the founders of Pornhub. Your data has already been transferred and PornHub premium will be available for your account for a period of one year.” Another, complete with spelling error, stated: “PRESS ENQUIRES TO THE SAME INBOX!!!!!”

The company is understood to have informed the Information Commissioner’s Office which logs and investigates data breaches. According to an article in Retail Gazette, the company says it does not hold customer financial data as website transactions are handled by third parties.

Robinhood Data Breach

Robinhood Markets Inc. caught criticism last year for its shortcomings in customer support. However, on 3rd November 2021 they had a bigger issue within the customer support department. A customer service representative mishap allowed a hacker to steal the personal information of about 7 million users. The California-based brokerage app is reeling from the largest hack in its history, which compromised the private details of about one-third of its users. A company statement said the breach hinged on a phone call where the hacker duped a customer support staffer. It didn’t provide details on how exactly the culprit gained entry.

As a result, the hacker accessed email addresses of about 5 million Robinhood users, as well as full names for a separate group of about 2 million. They then demanded an extortion payment. For some customers, even more personal data was exposed, including names, birth dates and ZIP codes of about 310 people, and more extensive information belonging to a group of about 10. Robinhood said it believes no Social Security, bank account or debit-card numbers were exposed in the hack, nor that customers incurred financial losses.

In a separate episode last year, almost 2,000 Robinhood accounts were compromised in a hacking spree, where customer accounts were looted. Some complained there was no one available to call. It is so important to keep customers informed if a company has been hacked. They are now investigating how both incidents occurred and how they can improve their systems.

Centara Hotels & Resorts hit within ten minutes after recovering from first ransomware attack

The Desorden hacking group reportedly hacked a group of luxury hotels again, moments after a deal to pay a $900,000 ransom collapsed. It was said to have happened in October but has only been revealed this month. The hacking group said it had satisfied all the hotel’s demands, including providing samples of every database stolen before the management pulled out of the deal on Tuesday. Desorden hacking group claimed to have breached the hotels again within 10 minutes and exfiltrated 400GB of files, including personal details and the company’s corporate information

The hackers had accessed some customer information but not credit card and financial information. The company added that it had commenced an investigation into the data breach and would provide more information when it becomes available. Desorden claims to have exfiltrated hundreds of gigabytes, affecting millions of customers worldwide, after compromising the hotel’s entire network. The group did not disclose whether the incident was a ransomware attack.

Desorden is developing a hacking pattern that involves mocking the victim and apparently executing follow-up attacks to make a point. However, the success of the initial and follow-up attacks seems to bolster Desorden’s credibility.

Singapore’s Largest Ever Data Breach

The personal data of nearly 5.9 million Singaporean and South-east Asian customers of hotel booking site RedDoorz was found to have been leaked, in what the Government has called Singapore’s largest data breach. The Personal Data Protection Commission (PDPC) has fined local firm Commeasure, which operates the website, $74,000. This is much lower than the combined $1 million fine imposed on SingHealth and Integrated Health Information Systems for the 2018 data breach which affected 1.5 million people.

The information taken included customer’s name, contact number, e-mail address, date of birth, encrypted password to his RedDoorz account and booking information. As customer passwords were encrypted, the hackers will not be able to use them unless they find a way to decode the passwords. The stolen data was put up for sale on a hacker forum before it was later taken down.

Retailer S&R hit by Data Breach

Big American retailer S&R Membership Shopping was hit by a data breach on 14 November 2021, which affected thousands of customers. They informed the public a week after the incident. The National Privacy Commission (NPC) was told by S&R about the breach on the 15 November and has explained that around 22,000 customers were affected, but they did not provide any other information.

The lack of information from both the NPC and S&R since the breach was offset by viral Facebook posts made by social media influencer and convicted scammer Christian “Xian” Gaza, who was slapped by a Malabon court with a five-year jail sentence in 2018 after being found guilty of violating the Bouncing Check Law. The NPC have declined to comment on Gaza’s claims.

Under NPC rules, S&R had to inform the affected shoppers about the breach within 72 hours of discovering the incident. They informed their customers on 21 November. The company are now looking on how they can improve their IT security systems.

290,000 Israeli Medical Records Leaked

The Black Shadow hacking group managed to gain access to a full database of personal information from Israel’s Machon Mor medical institute, including medical records of some 290,000 patients. This included patients’ blood tests, treatments, appointments for gynaecologists, CT scans, ultrasounds, colonoscopies, vaccinations for flights abroad, and more.

The group uploaded the file to a channel on the Telegram messaging app, after a ransom demand of $1 million in digital currency to prevent the leak was apparently not paid. They said, in broken English, “48 hours ended! Nobody send us money. This is not the end; we have more plan.” Cyber experts immediately warned people not to download any files on the website that the group had released. Hours later, the group said it had not been contacted by authorities or CyberServe, so it released another trove of information, including what it said was data pertaining to clients of the Dan transportation company and a travel agency. The authorities are still investigating the incident.

Sonoma County residents exposed during data breach

The personal information of more than 1,300 Sonoma County residents may have been exposed during a data breach involving a contractor earlier this year. The announcement of this incident comes 3 months after being detected by the Seneca Family of Agencies, which provides mental health, counselling, and family engagement services for three county departments. Information hacked includes names, Social Security numbers, addresses, phone numbers, email addresses, medical record numbers, diagnosis and treatment information, health insurance information, Medicare or Medicaid numbers, provider names, prescription information, driver’s license or state identification numbers, and digital signatures, according to the county’s announcement.

Seneca said it has uncovered no evidence to indicate that any of the information accessed has been misused because of the breach. However, it has been criticised how long it has taken to notify residents that have been affected. Also, in response to the incident they have reset account passwords and implemented additional security measures to further protect information.