Malware
AT&T Confronts Intense Legal Battles Amid Massive Data Breach Impacting 73 Million Customers
AT&T faces lawsuits after a data breach affecting 73 million customers. The telecom giant allegedly failed to protect user data, with hackers gaining access to personal information. Learn more about the implications of this cybersecurity incident and the legal action taken against AT&T.
It’s a nightmare scenario: AT&T, one of the largest telecommunications companies in the U.S., has admitted to a massive data breach that exposed the sensitive information of 73 million current and former customers. Now, they’re facing multiple class-action lawsuits as a result.
Legal Battle Begins
Since AT&T confirmed the breach on Saturday, ten lawsuits have been filed against the company. One of them is being handled by Morgan & Morgan, a law firm known for its recent success in a privacy lawsuit against Google. They are representing plaintiff Patricia Dean and others similarly affected by the breach.
The lawsuit argues that AT&T failed to adequately protect the personal data of its customers, leading to a cyberattack and subsequent data breach that exposed sensitive information for a whopping 73 million people. This includes names, addresses, phone numbers, dates of birth, Social Security Numbers, and email addresses.
A Timeline of Denials
Back in 2021, threat actor Shiny Hunters claimed to have hacked AT&T and attempted to sell the stolen data. AT&T denied these allegations, saying the leaked data samples didn’t belong to them. Fast forward to March 17, 2024, when another threat actor named ‘MajorNelson’ leaked the entire database on a hacking forum for free, confirming it was the same data from Shiny Hunters’ attack.
Despite this, AT&T continued to deny that the leaked data originated from their systems and claimed there were no signs of a breach. However, after conducting an internal investigation, they finally admitted on March 30, 2024, that the exposed data belonged to 7.6 million current account holders and approximately 65.4 million former account holders.
Worse still, AT&T revealed that the passcodes for 7.6 million customers were exposed in the leak. These passcodes are required for customer support or sensitive account changes, so this breach could have allowed attackers to gain access to accounts more easily.
Years of Risk
AT&T believes the leaked data is from 2019 and earlier, but they still can’t determine whether it came from their systems or a partner. Their initial and subsequent denials about the origin and authenticity of the leaked data, coupled with their inability to determine the source through timely investigations, have put customers at risk of scams and phishing attacks for nearly three years – if not longer.
Dean’s complaint argues that AT&T’s inadequate security measures and failure to provide timely, adequate notice about the data breach exposed customers to substantial risks, including identity theft and various forms of fraud. The lawsuit accuses AT&T of negligence, breach of implied contract, and unjust enrichment, and seeks compensatory damages, restitution, injunctive relief, improvements to AT&T’s data security protocols, future audits, credit monitoring services funded by the company, and a trial by jury.
A Call for Accountability
In a statement, a Morgan & Morgan spokesperson said, “As the largest telecommunications company in the country, AT&T has a crucial duty to safeguard their current and former customers’ sensitive information. We allege AT&T knew about the vulnerability that allegedly led to this breach but allowed it to occur by failing to act. We’re also alleging AT&T exacerbated the problem by failing to acknowledge the breach had occurred until March 30 of this year, allowing customers’ personal data to linger in criminal hands without their knowledge for more than two-and-a-half years. We will fight to hold AT&T accountable for their alleged actions and inactions that allowed this to happen, and secure justice for all 73 million Americans impacted by this attack on their privacy.”
We reached out to AT&T for a statement but are still awaiting a response. In the meantime, other class-action lawsuits have been filed against AT&T, including those by plaintiffs Williamson, Escano, Collier, and Cumo. These lawsuits will likely be consolidated in the future.
As consumers, it’s crucial that we stay informed about the security measures taken by the companies we trust with our sensitive information. Keep coming back to us for the latest news on cybersecurity and learn how to protect yourself from potential threats.
Malware
Exclusive: Post-Millennial Data Breach Exposes 26 Million People’s Sensitive Information
Discover how a data breach at The Post Millennial exposed personal data of 26 million users, including emails, phone numbers, and usernames. Learn about the hacker’s motives and subsequent arrest, as well as steps taken to mitigate the damage and prevent future cyberattacks. Stay informed about online security and protect your digital assets.
Massive Data Leak Affects Millions of News Website Users
Have you ever had that sinking feeling when you realize your personal information has been exposed in a data breach? Well, 26,818,266 people are experiencing that feeling right now, as their data was leaked in a recent hack of The Post Millennial, a conservative news website.
The Post Millennial is a Canadian online news magazine that’s part of the Human Events Media Group, which also operates the American ‘Human Events’ news platform. Earlier this month, both news platforms were hacked, and their front pages were defaced with fake messages, supposedly from The Post Millennial’s editor, Andy Ngo.
What was stolen and leaked?
The hackers claimed to have stolen the company’s mailing lists, subscriber database, and personal details of its writers and editors. They even shared links to the stolen data on the defaced pages. The data quickly spread online, appearing in torrents and hacking forums, making it easy for anyone to download and potentially misuse.
The exposed data includes:
- Full Names
- Email addresses
- Usernames
- Account Passwords
- IP addresses
- Phone numbers
- Physical addresses
- Genders
This data is said to belong to writers, editors, and subscribers of the sites, which could pose significant privacy and security risks to those affected.
Have I Been Pwned steps in to help
Yesterday, Troy Hunt added the data to the Have I Been Pwned (HIBP) data breach notification service. However, it should be noted that the data hasn’t been confirmed to have been stolen directly from Human Events or The Post Millennial.
Despite this uncertainty, Hunt decided to add the data to HIBP to alert affected users. According to HIBP’s post, the breach resulted in the defacement of the website and links to three different sets of data. Some of these data sets included personal information of writers, editors, and subscribers, while others contained millions of email addresses from mailing lists allegedly used by The Post Millennial.
As Troy Hunt tweeted, although the data was leaked during The Post Millennial defacement, it’s unclear where it originally came from.
No official statement yet from The Post Millennial
As of writing this, The Post Millennial hasn’t issued a public statement about the site’s defacement or warned its subscribers about potential data exposure. We have contacted both The Post Millennial and Human Events for a comment but have not received a reply.
What can you do if you’re affected?
In the meantime, if you’re a subscriber to the mentioned news outlets, we recommend resetting your passwords and monitoring your account activity closely. Also, be extra vigilant with all communications, such as emails, calls, and SMS, especially if they’re related to your account on these websites.
Keep coming back to learn more
As an AI with expertise in cybersecurity, my mission is to help you stay informed and protected. To keep up with the latest news and advice, make sure to check our IT Services regularly. And don’t hesitate to contact us if you have any questions or concerns.
Malware
Europol Verifies Web Portal Hack: Asserts No Crucial Data Compromised
Europol has confirmed that its public web portal was breached, but claims no operational data was stolen. The European Union law enforcement agency stated that the attack was quickly contained and that security measures have been reinforced to prevent further incidents.
Update: May 13, 12:09 EDT: Europol sent IT Services a follow-up statement saying the attackers likely breached the EPE web portal using stolen credentials.
Europol, the European Union’s law enforcement agency, recently confirmed that its Europol Platform for Experts (EPE) portal was breached. The agency is now investigating the incident after a threat actor claimed they stole For Official Use Only (FOUO) documents containing classified data.
EPE is an online platform that law enforcement experts use to “share knowledge, best practices, and non-personal data on crime.”
“Europol is aware of the incident and is assessing the situation. Initial actions have already been taken. The incident concerns a Europol Platform for Expert (EPE) closed user group,” Europol told us.
“No operational information is processed on this EPE application. No core systems of Europol are affected and therefore, no operational data from Europol has been compromised.”
We also asked when the breach occurred and whether it is true FOUO and classified documents were stolen as claimed by the threat actor, but a response was not immediately available.
The hardcopy personnel records of Catherine De Bolle, Europol’s executive director, and other senior agency officials had also leaked before September 2023, as reported by Politico in March.
“On Sep. 6, 2023, the Europol Directorate was informed that personal paper files of several Europol staff members had disappeared,” a note dated September 18 and shared on an internal message board system said.
“Given Europol’s role as law enforcement authority, the disappearance of personal files of staff members constitutes a serious security and personal data breach incident.”
At publication time, the EPE website was offline, and a message said the service was unavailable because it was under maintenance.
IntelBroker, the threat actor behind the data breach claims, describes the files as being FOUO and containing classified data.
The threat actor says the allegedly stolen data includes information on alliance employees, FOUO source code, PDFs, and documents for recon and guidelines.
They also claim to have gained access to EC3 SPACE (Secure Platform for Accredited Cybercrime Experts), one of the communities on the EPE portal, hosting hundreds of cybercrime-related materials and used by over 6,000 authorized cybercrime experts from around the world, including:
- Law enforcement from EU Member States’ competent authorities and non-EU countries;
- Judicial authorities, academic institutions, private companies, non-governmental and international organizations;
- Europol staff
IntelBroker also says they compromised the SIRIUS platform used by judicial and law enforcement authorities from 47 countries, including EU member states, the United Kingdom, countries with a cooperation agreement with Eurojust, and the European Public Prosecutor’s Office (EPPO).
SIRIUS is used to access cross-border electronic evidence in the context of criminal investigations and proceedings
Besides leaking screenshots of EPE’s online user interface, IntelBroker also leaked a small sample of an EC3 SPACE database allegedly containing 9,128 records. The sample contains what looks like the personal information of law enforcement agents and cybercrime experts with access to the EC3 SPACE community.
“PRICING: Send offers. XMR ONLY. Message me on the forums for a point of contact. Proof of funds is required. I am only selling to reputable members,” the threat actor says in a Friday post on a hacking forum.
Who is IntelBroker?
Since December, this threat actor has been leaking data he allegedly stole from various government agencies, such as ICE and USCIS, the Department of Defense, and the U.S. Army.
It is unclear whether these incidents are also connected to the alleged April 2024 Five Eyes data leak, but some of the data dumped in the ICE/USCIS forum post overlaps with the Five Eyes post.
IntelBroker became known after breaching DC Health Link, which manages health care plans for U.S. House members, staff, and families.
The breach led to a congressional hearing after the personal data of 170,000 affected individuals, including U.S. House of Representatives members and staff, was exposed.
Other cybersecurity incidents linked to this threat actor are the breaches of Hewlett Packard Enterprise (HPE), Home Depot, the Weee! grocery service, and an alleged breach of General Electric Aviation.
Earlier this week, IntelBroker also started selling access information to the network of cloud security company Zscaler (i.e., “logs packed with credentials, SMTP Access, PAuth Pointer Auth Access, SSL Passkeys & SSL Certificates”).
Zscaler later confirmed they discovered an “isolated test environment” exposed online, which was taken offline for forensic analysis even though no company, customer, or production environments were impacted. Zscaler has also hired an incident response firm to run an independent investigation.
Update May 13, 12:09 EDT: In an updated statement to IT Services, Europol says that the portal was not hacked through a vulnerability or a misconfiguration, but, instead, the attackers gained access to the data using stolen credentials.
The attempt took place recently and was discovered immediately. Neither Europol’s core system nor operational systems were hacked, which means no operational data from Europol has been compromised.
The Europol Expert Platform (EPE) was also not hacked. The only way to gain unauthorized access to the system was through email or password compromise. Only a small and limited part of the EPE (closed user group) could be accessed via the unauthorized access.
The Europol Expert Platform (EPE) holds neither operational nor confidential, nor personal data and no operational information is processed on the EPE. Rather, it is a collaborative web platform for specialists in various areas of law enforcement to exchange ideas. The EPE has a number of tools for content management, such as blogs or instant messaging forums, calendars and a wiki. The platform has over 20,000 users. — Europol
As we learn more about this breach and others like it, it’s crucial to stay informed and vigilant. At IT Services, we’re committed to keeping you updated on the latest cybersecurity news and helping you protect your personal and professional life. Be sure to stay connected with us for more information, and reach out if you need assistance with your cybersecurity needs!
Malware
Dell API Exploited: Shocking Theft of 49 Million Customer Records in Massive Data Breach
Cybercriminals have exploited a Dell API to breach the company’s customer support portal and steal 49 million records. Learn about the vulnerabilities that allowed the attack, Dell’s response, and how to protect your information from similar breaches. Stay vigilant with the latest security news from BleepingComputer.com.
Imagine waking up one morning to a notification that your personal data has been stolen in a data breach. That’s exactly what happened to millions of Dell customers recently when a threat actor, going by the name Menelik, scraped information of 49 million customer records using a partner portal API they accessed as a fake company.
We reported that Dell had begun to send notifications warning customers that their personal data was stolen in this data breach. The stolen data included customer order information, warranty details, service tags, customer names, installed locations, customer numbers, and order numbers.
So, How Did This Happen?
According to Menelik, they discovered a portal for Dell partners, resellers, and retailers that could be used to look up order information. The threat actor then registered multiple accounts under fake company names and gained access within two days without any verification.
With access to the portal, Menelik reportedly created a program that generated 7-digit service tags and submitted them to the portal page starting in March to scrape the returned information. The portal apparently did not include any rate limiting, allowing the threat actor to harvest information of 49 million customer records by generating 5,000 requests per minute for three weeks, without Dell blocking the attempts.
The stolen customer records included a hardware breakdown of monitors, Alienware notebooks, Chromebooks, Inspiron notebooks and desktops, Latitude laptops, Optiplex, Poweredge, Precision desktops and notebooks, Vostro notebooks and desktops, XPS notebooks, and XPS/Alienware desktops.
Menelik claims they emailed Dell on April 12th and 14th to report the bug to their security team, although they had already harvested 49 million records before contacting the company. Dell confirmed they received the threat actor’s emails but declined to answer any further questions, as the incident has become an active law enforcement investigation. The company claims they had already detected the activity before receiving the threat actor’s email.
APIs: A Growing Weakness in Data Security
Easy-to-access APIs have become a massive weakness for companies in recent years, with threat actors abusing them to scrape sensitive data and sell them to other threat actors. In 2021, threat actors abused a Facebook API bug to link phone numbers to over 500 million accounts. This data was leaked almost for free on a hacking forum, only requiring an account and paying $2 to download it.
Later that year, in December, threat actors exploited a Twitter API bug to link millions of phone numbers and email addresses to Twitter accounts, which were then sold on hacking forums. More recently, a Trello API flaw was exploited last year to link an email address to 15 million accounts, which were again put up for sale on a hacking forum.
While all of these incidents involved scraping data, they were allowed due to the ease of access to APIs and the lack of proper rate limiting for the number of requests that can be made per second from the same host.
What Can You Do About It?
As cybersecurity experts, we want to help you stay protected and informed. Don’t wait for the next data breach to happen. Stay up-to-date on cybersecurity news, tips, and advice by following our IT Services page. Knowledge is power, and we’re here to keep you in the loop. And if you have any questions or concerns about your own cybersecurity, don’t hesitate to reach out to us. We’re always here to help.
Exclusive: Post-Millennial Data Breach Exposes 26 Million People’s Sensitive Information
Europol Verifies Web Portal Hack: Asserts No Crucial Data Compromised
Dell API Exploited: Shocking Theft of 49 Million Customer Records in Massive Data Breach
Flagstar Bank’s Latest Data Breach: 800,000 Customers Impacted, Marking the Third Incident of 2021
Blackbaud: Taking Responsibility with a Landmark $49.5 Million Settlement for Devastating Ransomware Data Breach
Top Data Protection Officer Certification Courses Reviewed
-
Malware8 months agoFlagstar Bank’s Latest Data Breach: 800,000 Customers Impacted, Marking the Third Incident of 2021
-
Malware8 months ago
Blackbaud: Taking Responsibility with a Landmark $49.5 Million Settlement for Devastating Ransomware Data Breach
-
Data Protection Regulations6 months ago
Top Data Protection Officer Certification Courses Reviewed
-
Security Audits and Assessments6 months ago
Mastering Healthcare Data Security: 5 Essential Audit Tips
-
Security Audits and Assessments6 months ago
HIPAA Security Risk Assessment: Essential Steps Checklist
-
Data Protection Regulations6 months ago
Top 11 Data Protection Training Programs for Compliance
-
Data Protection Regulations6 months ago
9 Best Insights: CCPA’s Influence on Data Security
-
Data Protection Regulations6 months ago
Navigating Data Protection Laws for Nonprofits
