December saw 74 publicly known security incidents, which is slightly less than the previous month. These December incidents accounted for 219,310,808 breached records.
Another Cyber Attack on T-Mobile
After suffering a cyber-attack in August 2021, T-Mobile has been rocked by another big data breach in December. This attack saw customers accounts being accessed, according to documents posted by The T-Mo Report.
The report stated that customers either fell victim to a SIM swapping attack (which allows someone to bypass SMS-powered two-factor authentication), had personal information taken, or both. Information that was stolen included customers’ billing account name, phone and account number, information about their plan, containing how many lines were attached to their account.
The attack in August exposed almost 50 million customer’s data, however this attack is said to be ‘less sensitive’ and customers who had their SIM’s swapped have regained access. It is not reported yet how many customers this December attack affected. T-Mobile has said that they are taking ‘immediate action’ to prevent this from happening, though they did say that with the August data breach as well.
Government fined for New Year’s Honours Data Breach
The government has been fined £500,000 for mistakenly sharing the postal addresses of more than 1,000 New Year Honours recipients online. On 27 December 2019 the Cabinet Office, the government department which handles honours, published a file on the gov.uk website showing the un-redacted addresses of 1,097 people receiving New Year honours for 2020. This included celebrity names such as Sir Elton John, Gabby Logan, Ben Stokes and Nadiya Hussain. The breach happened in 2019 as a result of “complacency”, but the details are only being released now. Officials became aware of the situation very quickly and removed the web link and file, however it was still cached and available online to people typing in the exact web address. This meant the data was online for two hours and 21 minutes and was accessed 3,872 times.
In December 2021, The Information Commissioner’s Office (ICO) concluded their investigation and found that the Cabinet Office had failed to put adequate measures in place to avoid such data breaches. The government apologised for the data breach and said there are now measures in places to avoid this from happening again.
COVID-19 Vaccination Data Disappears from Brazilian Ministry of Health
Brazil’s Ministry of Health (MoH) suffered a major ransomware attack on 10 December 2021, that resulted in COVID-19 vaccination data for millions of citizens, becoming unavailable. All of websites, including ConecteSUS, which tracks residents in the public healthcare system, became unavailable. This includes the COVID-19 digital vaccination certificate, which is available via the ConecteSUS app.
Lapsus$ Group has claimed responsibility for the incident and 50TB worth of data has been extracted from the MoH’s systems and deleted. They contacted MoH and said “Contact us if you want the data returned” as well as providing contact details for the authors of the attack. Images with the message left by the hackers were removed, but the websites remained inaccessible.
The day after the attack the Brazilian health minister, Marcelo Queiroga, said his department holds a backup of the data allegedly copied and deleted from the national health service’s databases. Systems are back up and running and an investigation is underway to how attacks keep occurring, because this is not the first major security issue faced by Brazil’s Ministry of Health over the last few months.
Gumtree Suffers Data Leak
Gumtree.com suffered a data leak on 11 November, however it took them a month to fix the issue, and they only announced this breach on 6 December 2021. The data leak was discovered after a security researcher revealed that he could access sensitive, personally identifiable data of advertisers, simply by pressing F12 on the keyboard. When F12 is pressed in a web browser, it opens the developer tools console, which allows you to view a website’s source code, monitor network requests, and view error messages produced by the website. It is considered a primary security measure to make sensitive data not publicly viewable when using a website, even if you view its source code. However, security researcher Alan Monie found that he could see the PII of sellers, simply by viewing the HTML source code of the advertising shown on Gumtree’s website.
In a report he published Alan explained “The site was super leaky. Every advert on the site included the seller’s postcode or GPS coordinates – even if the seller requested the map of their location to be hidden. It leaked the sellers email address, and their full name was available via a simple IDOR vulnerability.” Leaked users could be targeted by phishing attacks that use this information to try and harvest more sensitive information.
Sellers on Gumtree had their PII exposed for almost a month, if not longer, and Gumtree users have been told to keep an eye on their accounts and treat all incoming communications with caution.
Quest’s ReproSource Faces Patient Lawsuit Over Data Breach
ReproSource Fertility Diagnostics had data leaked in August and notified the 350,000 patients that they had their protected health information taken. In December, it was revealed that the company is being sued by patients over alleged security failings.
The attacker hacked into the ReproSource network in early August and the security team detected it two days later when the ransomware was deployed, but not before the attacker had possibly accessed or exfiltrated certain patient health information already. The data leaked included medical histories, test reports, CPT and diagnosis codes, and other data provided to the physician, as well as billing and further health data. The investigation is still ongoing, and it is sunclear how the lawsuit will proceed, as no actual harm has been presented as a direct result of the breach outside of time spent on defending against identity theft.
Residents have Wages and Personal Information Exposed
A huge data breach with sensitive information of salaries and personal information of 637,138 residents working in the private and public sectors in Albania, has raised alarm bells within the country. The Tirana Prosecutor’s Office is investigating the leak, that appears to have come from the tax administration in the form of a spreadsheet file, containing detailed data on people who file taxes in Albania, including foreign citizens. The leaked file began circulating online, WhatsApp and the Albanian media has been given access to it too. The file contained full names, ID numbers, monthly salaries, positions, and employer names for the month of January 2021.
Investigations have now begun into the leak; however, this is the second big attack in Albania, with a similar attack in April 2021 leaking nearly one million Albanians’ personal information. Researchers believe Albania is a good target for data breaches, because it is a smaller country with weaker security systems. Smaller countries are becoming bigger targets.
Virginia IT Agency Hit with Ransomware Attack
The information technology agency that serves Virginia’s legislature was hit by a ransomware attack in December, that has significantly affected its operations. A spokesperson confirmed the attack on Virginia’s Division of Legislative Automated Systems. They said the governor had been briefed on the matter and directed executive branch agencies to offer help in “assessing and responding to this ongoing situation.” The Division of Legislative Automated Systems, or DLAS, is the General Assembly’s IT agency. This is the agency’s first ever attack. All the agency’s internal servers, including those for bill drafting, the budget system, and the General Assembly voicemail system, were affected. The incident has now been resolved, but it does show no one is safe from a ransomware attack.
Media Company Shut Down by a “Serious” Cyberattack
Amedia, the largest local news publisher in Norway, announced that in the middle of December it suffered a “serious” cyber-attack, which shut down all its central computer systems. Amedia publishes more than 90 newspapers and other publications that reach more than 2.5 million Norwegians, according to the company’s website.
The incident prevented the company from printing that week’s physical newspapers, and press continued to be halted until the issues were resolved. The hack also impacted the company’s advertising and subscription systems, preventing advertisers from purchasing new ads and stopping subscribers from ordering or canceling subscriptions. The company has said it is unclear if any personal information has been compromised, such as customers names, passwords, and financial information. “We are in the process of gaining an overview of the situation, but do not yet know the full potential for damage” said Executive Vice President of Technology, Pål Nedregotten in a translated statement on the company’s website.
Bitmart hacked – estimated loss of $200M
Crypto exchange firm Bitmart suffered a large-scale hack incurring a total loss of approximately $200 million. Security analytics entity Peckshield Inc first raised the alarm of the breach. Peckshield sent out the tweet detailing the suspicious number of outflows of a range of tokens that are valued at tens of millions of dollars, to an address called ‘Bitmart Hacker’. The stolen funds have been siphoned off from a hot wallet ,using decentralized exchange aggregator 1inch to swap the assets and deposit into harder-to-trace privacy solution Tornado Cash. Initially Bitmart representatives refuted the news, terming the reports as ‘fake’ and claimed that the outflows were just routine withdrawals. However, later founder and CEO Sheldon Xia admitted the incident to be a ‘large-scale security breach.’ He explained that they were now conducting a thorough security check.
Cyberattack hits Maryland Health Department
Maryland Health Department was hit by a big cyber attack the first weekend of December. A spokesperson said that “the Maryland Security Operations Center is investigating a network security incident involving the Maryland Department of Health.” The Department of Health’s website was rerouted to the state’s flagship webpage, www.maryland.gov, as officials went through individual systems to determine whether any information had been stolen. Also, lots of health department services and resources were unavailable, including pages that invited Maryland residents to apply for Medicaid, or get data on local nursing home safety. Certain systems had to be taken offline out of an abundance of caution and other precautions had to be taken. The spokesperson explained that the investigation is still ongoing.