Connect with us

Malware

American Express Credit Cards Compromised in Alarming Vendor Data Breach

Discover the details of the recent vendor data breach that exposed American Express credit card information. Learn about the potential risks and how the company is addressing this security issue. Stay vigilant and protect your personal information.

Published

on

Imagine receiving a letter from your credit card company, informing you that your card information has been exposed due to a data breach at one of their service providers. That’s precisely what happened to some American Express customers.

A Third-Party Data Breach Affects American Express

Recently, American Express has been warning its customers that their credit card information may have been compromised in a third-party data breach. The breach occurred at a service provider that works with American Express’ travel services division, American Express Travel Related Services Company.

In their data breach notification, American Express stated: “We became aware that a third party service provider engaged by numerous merchants experienced unauthorized access to its system. Account information of some of our Card Members, including some of your account information, may have been involved.”

It’s crucial to note that American Express’ systems were not compromised, and this notice was provided as a precautionary measure. However, the fact remains that customers’ American Express Card account numbers, names, and card expiration data were accessed by hackers.

Unfortunately, it’s currently unclear how many customers were impacted, which service provider was breached, and when the attack occurred.

IT Services Investigates the Breach

When we asked American Express for more information about the breach, they told us that they don’t disclose details of their business relationships and merchant partners. They also had no further information to share at this time.

However, American Express did confirm that they have notified the required regulatory authorities and are alerting impacted customers. They said, “When we learn about a data security incident that impacts our customers, we promptly begin an investigation and notify the appropriate regulatory authorities, as required. We also work to identify impacted customers and understand the specific impacts, and then notify them as required by applicable laws and regulations.”

Moreover, if an American Express cardmember’s credit card is used to make fraudulent purchases, the company assured us that customers would not be responsible for the charges.

What You Can Do to Protect Yourself

American Express advises customers to review their account statements over the next 12 to 24 months and report any suspicious behavior. Additionally, they suggest enabling instant notifications via the American Express mobile app to receive alerts about fraud and when purchases are made.

Lastly, if your card information was stolen, it may be wise to request a new card number. It’s common for threat actors to sell stolen credit cards on cybercrime marketplaces.

A Call to Stay Informed and Vigilant

This incident serves as a stark reminder of the importance of staying informed and vigilant about protecting your personal and financial information. While companies like American Express work hard to keep your data secure, breaches can still occur.

So, make sure to keep an eye on your account activity, enable notifications, and stay up-to-date on the latest cybersecurity news. And remember, we’re always here to help and provide you with the information you need to stay safe in today’s digital world. Don’t hesitate to reach out and keep coming back to learn more.

Malware

Nexperia Chipmaker Confirms Explosive Data Breach Following Ransomware Gang’s Sinister Leak

Chipmaker Nexperia suffered a cyberattack as ransomware group ‘Grief’ leaked the company’s data. The breach exposed sensitive files, including employee information. Nexperia is working closely with law enforcement and external cybersecurity experts to investigate the incident and mitigate any potential impacts on its partners and customers.

Published

on

Picture this: a leading Dutch chipmaker, Nexperia, experiences a major cyber attack, forcing it to shut down its IT systems and launch an investigation to assess the damage. It’s a real-life scenario that unfolded in March 2024 when hackers breached the company’s network, and a ransomware gang claimed responsibility, leaking samples of supposedly stolen data.

Nexperia is no small fish in the tech pond. As a subsidiary of Chinese company Wingtech Technology, it operates semiconductor fabrication plants in Germany and the UK, producing a staggering 100 billion units that range from transistors and diodes to MOSFETs and logic devices. Employing 15,000 specialists and boasting an annual revenue of over $2.1 billion, this is a company that has a lot to lose.

Immediate Response and Investigation

Upon discovering the unauthorized access to its IT servers, Nexperia released a statement detailing its swift response. The company took action by disconnecting the affected systems from the internet, containing the incident, and implementing extensive mitigation measures.

It didn’t stop there, though. Nexperia enlisted the help of third-party experts and FoxIT to investigate the nature and scope of the breach. Furthermore, the company reported the incident to the police and data protection authorities in the Netherlands.

Enter Dunghill Leak

On April 10, the extortion site ‘Dunghill Leak’ announced its breach of Nexperia, claiming to have stolen a whopping 1 TB of confidential data. The site leaked samples of allegedly stolen files, including microscope scans of electronic components, employee passports, non-disclosure agreements, and more. It’s important to note, however, that the authenticity of these samples has not been confirmed by Nexperia.

So, what’s at stake? If the ransom demand isn’t met, Dunghill claims it will leak a vast array of sensitive data, such as design and product data, engineering data, commercial and marketing data, corporate data, client and user data, and various files and miscellaneous data, including email storage files. Some big-name brands like SpaceX, IBM, Apple, and Huawei are potentially at risk.

The Dark Angels Connection

Dunghill Leak is linked to the Dark Angels ransomware gang, which uses the data leak site to pressure attacked organizations into paying a ransom. In September 2023, we reported that Dark Angels breached building automation giant Johnson Controls and encrypted the company’s VMWare and ESXi virtual machines. The gang threatened to publish the stolen data on the Dunghill Leak website, but it never materialized.

As of now, the Dunghill Leak extortion site lists twelve victims, with data for eight either fully or partially released, while two are marked as ‘sold on the dark web.’

Stay Informed and Stay Protected

The Nexperia breach is yet another reminder of the importance of cybersecurity in today’s technologically driven world. By staying informed about the latest cyber threats, you can better protect yourself and your organization.

If you’re curious to learn more about cybersecurity and how it affects you, don’t hesitate to contact us. Keep coming back for more insights and updates on the ever-evolving world of cybersecurity. We’re here to help you stay safe in the digital age.

Continue Reading

Malware

Cisco Duo Alert: Third-Party Data Breach Unveils SMS MFA Logs – Protect Your Privacy Now!

Cisco Duo has warned customers of a third-party data breach that exposed SMS multi-factor authentication (MFA) logs, potentially compromising user security. Learn about the breach, its implications, and how to safeguard your accounts using MFA methods.

Published

on

Imagine this: you’re using a highly secure multi-factor authentication (MFA) service like Cisco Duo to protect your business, and then you find out that hackers have accessed your VoIP and SMS logs. Sounds like a nightmare, right? Well, that’s precisely what happened to some Cisco Duo customers recently.

What Went Wrong?

Cisco Duo, an MFA and Single Sign-On service used by companies for secure access to their networks and applications, serves over 100,000 customers and handles more than a billion authentications every month. But even this security giant wasn’t immune to a cyberattack on one of its telephony providers.

On April 1, 2024, an unnamed provider responsible for handling Cisco Duo’s SMS and VoIP MFA messages fell victim to a breach. The hackers obtained employee credentials through a phishing attack, gaining access to the provider’s systems and subsequently downloading SMS and VoIP MFA message logs associated with specific Duo accounts between March 1 and March 31, 2024.

What Information Was Compromised?

Thankfully, the hackers didn’t access the content of the messages or use their access to send messages to customers. However, the stolen logs did contain data that could be exploited in targeted phishing attacks to obtain sensitive information, like corporate credentials. This data included employee phone numbers, carrier information, location data, dates, times, and message types.

How Has the Situation Been Handled?

Upon discovering the breach, the affected provider immediately invalidated the compromised credentials, analyzed activity logs, and notified Cisco. They also implemented additional security measures to prevent similar incidents in the future.

Cisco Duo received all of the exposed message logs from the vendor, which customers can request by emailing [email protected] to better understand the breach’s scope, impact, and appropriate defense strategies.

What Should You Do If You’re Impacted?

If you’re one of the customers affected by this breach, it’s crucial to be vigilant against potential SMS phishing or social engineering attacks using the stolen information. Cisco’s Data Privacy and Incident Response Team advises contacting affected users and advising them to be vigilant and report any suspected social engineering attacks.

Additionally, it’s essential to educate your users on the risks posed by social engineering attacks and investigate any suspicious activity.

Not an Isolated Incident

This breach isn’t an isolated event. Last year, the FBI warned that threat actors were increasingly using SMS phishing and voice calls in social engineering attacks to breach corporate networks. In 2022, Uber experienced a similar breach after a threat actor performed an MFA fatigue attack on an employee and then contacted them on WhatsApp, pretending to be IT help desk personnel.

Although Cisco has not disclosed the supplier’s name or the number of customers impacted by this incident, it serves as a stark reminder that no system is entirely immune to cyberattacks. Stay vigilant, educate your users, and always be on the lookout for suspicious activity.

Stay Informed and Protected with Our IT Services

Don’t let your business become another statistic in the ever-growing list of cyberattack victims. Keep coming back to learn more about the latest threats and how to protect your company. And if you need assistance with your cybersecurity strategy, don’t hesitate to contact us – we’re here to help.

Continue Reading

Malware

Hacker Exposes Massive Giant Tiger Data Breach, Unleashes 2.8M Records Online

A hacker claims to have breached the Canadian retail chain Giant Tiger, leaking 28 million records online, including customers’ personal data. The hacker, known as ‘ZeroTwo’, shared a sample of the stolen data on a popular hacking forum, with details like names, addresses, and phone numbers. Giant Tiger has not yet confirmed the breach.

Published

on

Canadian retail chain Giant Tiger disclosed a data breach in March 2024.

A threat actor has now publicly claimed responsibility for the data breach and leaked 2.8 million records on a hacker forum that they claim are of Giant Tiger customers.

Data breach monitoring service HaveIBeenPwned has added the leaked database to its website to make it easy for users to check if their information was compromised.

The discount store chain operates over 260 stores and employs 8,000 people across Canada.

2.8 Million Customer Records Leaked Online

On Friday, we noticed a post titled “Giant Tiger Database – Leaked, Download!” surfacing on a hacker forum.

The threat actor behind the post claims to have uploaded the “full” database of Giant Tiger customer records stolen in March 2024.

“In March 2024, the Canadian discount store chain Giant Tiger Stores Limited… suffered a data breach that exposed over 2.8 million clients,” states the threat actor.

“The breach includes over 2.8 million unique email addresses, names, phone numbers, and physical addresses.”

The stolen data in the dump, claims the threat actor, additionally includes the “website activity” of Giant Tiger customers.

“I finally opened 60 of the 60 pages of the database section!” replied one forum member to the post, with others requesting to preview a sample of the data set. The threat actor obliged and posted a small snippet.

The data set has been leaked essentially for free. Although the download link to the set has to be unlocked by spending “8 credits,” such credits are typically trivially generated by forum members by, for example, commenting on existing posts or contributing new posts.

Threat actors often breach companies and steal sensitive data to blackmail them and extort money. Failing successful extortion, a threat actor may deliberately leak the stolen data online or sell it off on dark web marketplaces to buyers interested in conducting identity theft and phishing attacks.

Breach Caused by a Third-Party Vendor

We have not verified the authenticity of the data set, however, we did reach out to Giant Tiger with questions regarding the leak.

Without commenting on the authenticity of the leaked data, a spokesperson responded:

“On March 4, 2024, Giant Tiger became aware of a security concern related to a third-party vendor we use to manage customer communications and engagement,” a Giant Tiger spokesperson told us.

“We determined that contact information belonging to certain Giant Tiger customers was obtained without authorization. We sent notices to all relevant customers informing them of the situation.”

“No payment information or passwords were involved.”

Giant Tiger declined to share the name of the third-party vendor in question.

Records Added to HaveIBeenPwned

As of April 12th, the leaked data set has been added to the “Have I Been Pwned?” database.

HaveIBeenPwned (HIBP) is a free online service that allows users to check if their data was compromised in known data breaches.

The number of breached records associated with this incident added to the HIBP database is 2,842,669, with the service stating that 46% of these records were already in its database.

Giant Tiger customers should be wary of any suspicious emails or incoming communications that claim to be from the retailer. These could very likely be targeted phishing attempts from threat actors.

Although no payment information or passwords were exposed in this breach, signing up for an identity monitoring service could be beneficial to customers in preventing them from becoming victims of identity theft.

To stay informed and protected, keep coming back to learn more about cybersecurity and how it impacts you. Don’t hesitate to contact us if you have any questions or concerns about your online security.

Continue Reading

Trending