Category: Data Breaches & Incidents

Is This Bigger than SolarWinds? Researchers Expose Critical Systems Vulnerable to Attack via Abandoned Storage Servers

SECITHUB

A Grave Threat Found in Amazon S3 Storage Systems A new discovery by security researchers from watchTowr has exposed a severe vulnerability in the cloud storage systems of Amazon S3. Over the course of their investigation, the researchers were able to take control of approximately 150 abandoned data repositories left behind by large organizations. What’s more alarming is that many systems continued to attempt automatic access to these abandoned storage buckets, potentially opening the door to devastating cyberattacks. Findings of the Study The research team tracked activity over two months…

Read More

Severe Data Breach at AngelSense: Personal and Medical Data of Thousands Exposed

SECITHUB
Glowing "DATA BREACH" warning on a backlit keyboard

Unprotected Database Leaks Sensitive User Information AngelSense, an Israeli-American technology company that develops GPS tracking devices for individuals with disabilities, has suffered a major data leak exposing sensitive personal and medical records of thousands of users.Cybersecurity researchers from UpGuard discovered that an AngelSense database was left publicly accessible online without any security protection. Scope of the Data Leak Company Response AngelSense has responded to the incident with the following statements: The Risk of Exposed GPS and Medical Data A data breach involving real-time location tracking is particularly concerning, as it…

Read More

Japanese Auto Parts Manufacturer HIKARI SEIKO Targeted by Qilin Hacker Group

SECITHUB
Mysterious hooded figure with red digital glitch effect

Cyberattack on HIKARI SEIKO: Sensitive Data Allegedly Stolen The Qilin hacker group has claimed responsibility for a cyberattack against HIKARI SEIKO, a leading Japanese auto parts manufacturer operating since 1947. The attackers allege they have stolen over 500GB of sensitive corporate data from the company’s systems. Allegedly Stolen Data Qilin’s Claims and Threats According to the hacker group, HIKARI SEIKO has: As proof of their breach, Qilin has leaked five sample images and claims to possess 332,535 files from the company’s internal systems. The Growing Threat to Automotive Supply Chains…

Read More

UnitedHealth Confirms Massive Data Breach Impacting 190 Million Americans

SECITHUB
Data breach interface with padlocks and digital code.

UnitedHealth Group has officially confirmed a massive data breach involving Change Healthcare, affecting the personal and medical data of 190 million Americans. This breach, considered one of the largest in healthcare history, raises significant concerns about data privacy, cybersecurity vulnerabilities, and the growing threat landscape in the healthcare sector. Breach Details and Scope The cyberattack, which targeted Change Healthcare, a subsidiary providing healthcare billing and data services, compromised a vast amount of sensitive information, including: UnitedHealth acknowledged the breach after an extensive investigation, stating that attackers had gained unauthorized access…

Read More

TalkTalk Investigates Alleged Data Breach Affecting Millions of Customers

SECITHUB
Data Breach TalkTalk neon logo with glowing lines.

British telecommunications provider TalkTalk has confirmed it is investigating claims of a significant data breach following allegations by a hacker known as “b0nd.” The hacker asserts that they have gained access to sensitive information belonging to 19 million customers, a figure that the company strongly disputes. The breach allegedly occurred through a third-party service provider earlier this year. Details of the Incident According to initial reports, the hacker infiltrated a third-party vendor’s system in early January, potentially compromising the following customer data: TalkTalk has stated that while it acknowledges a…

Read More

HPE Investigates Alleged Data Breach by IntelBroker Threat Group

SECITHUB
Data breach interface with padlocks and digital code.

Hewlett Packard Enterprise (HPE) is currently investigating claims of a significant data breach allegedly orchestrated by the IntelBroker cyber threat group. The attackers claim to have gained access to HPE’s internal systems, exposing sensitive data, including API keys, source code, and confidential information stored in GitHub repositories. This breach highlights the ongoing challenges organizations face in safeguarding their intellectual property and protecting their critical infrastructure from persistent threat actors. According to reports, the attackers infiltrated HPE’s systems and exfiltrated proprietary data, potentially putting the organization at risk of operational disruptions…

Read More

Otelier Data Breach Raises Serious Concerns Over Hospitality Cybersecurity

SECITHUB
Medical professional with a holographic cybersecurity display.

Otelier, a prominent hotel management platform, has suffered a major data breach that has exposed the personal information and booking details of millions of guests. The breach, which affected leading hotel chains such as Marriott, Hilton, and Hyatt, has sparked significant concerns regarding cybersecurity within the hospitality industry. Initial reports indicate that the breach occurred between July and October 2024, with cybercriminals gaining unauthorized access to Otelier’s Amazon S3 cloud storage. Hackers reportedly exfiltrated approximately 8 terabytes of sensitive data, including names, addresses, phone numbers, reservation details, and partial payment…

Read More

Fortinet Confirms Authenticity of Leaked Configuration Files Stolen in 2022

SECITHUB
Advanced Persistent Threats concept with hacker and network overlays.

Cybersecurity firm Fortinet has confirmed that configuration files recently leaked by the hacker group known as Belsen are authentic. However, the company emphasizes that these files were stolen during a zero-day attack in 2022, not as part of a new security breach. Company’s Position Background of the Incident In October 2022, Fortinet identified a critical vulnerability, designated as CVE-2022-40684, which allowed unauthorized access to FortiOS, FortiProxy, and FortiSwitchManager products. The company promptly released patches and advisories to address the issue. Despite these efforts, the Belsen group recently resurfaced the stolen…

Read More