Connect with us

Malware

EquiLend Alert: Employee Data Hijacked by Ruthless Ransomware Gang

Financial services firm EquiLend has alerted employees that their data was stolen in a ransomware attack by the BlackMatter gang. The breach included names, addresses, and Social Security numbers, putting employees at risk of identity theft. EquiLend is working with law enforcement and cybersecurity experts to mitigate the impact and safeguard against future attacks.

Published

on

An image of a hand on a laptop screen displaying Ransomware Gang's acquisition of Employee Data.

Imagine this: You’re an employee at a leading financial technology company, and one day you receive a letter informing you that your personal information has been stolen in a ransomware attack. That’s precisely what happened to employees at New York-based securities lending platform EquiLend Holdings, which recently confirmed a data breach resulting from a ransomware attack in January.

What happened?

On January 22, EquiLend Holdings had to take some of its systems offline to contain a breach. Two days later, the company informed us that a ransomware attack had occurred. Although the identity of the attacker remains unconfirmed, LockBit ransomware claimed responsibility for the breach in a statement to Bloomberg.

By February 2, EquiLend revealed on a dedicated page that the breach was indeed a ransomware attack. Although the company said that all client-facing services were back online and they had no evidence of client transaction data being accessed or exfiltrated, they had to deliver some bad news to their employees.

Bad news for employees

In breach notification letters sent to EquiLend employees, the company confirmed that the attackers had stolen their personally identifiable information (PII), including names, dates of birth, and Social Security numbers. The company said, “At this time, we have no evidence from the investigation that any personal information has been used to commit identity theft or fraud.”

While it’s a relief that no signs of fraudulent activity using the stolen information have been detected yet, the situation is still concerning for those affected. To help mitigate the risk, EquiLend is providing affected employees with two years of free identity theft protection services through Identity Theft Guard Solutions (IDX).

Why should you care?

EquiLend was founded in 2001 by a group of ten global banks and broker-dealers, including Bank of America Merrill Lynch, BlackRock, Credit Suisse, Goldman Sachs, JP Morgan, Morgan Stanley, National Bank of Canada, Northern Trust, State Street, and UBS. Today, the company has over 330 employees and offices in North America, EMEA, and Asia-Pacific. Their services are used by more than 190 firms worldwide, including agency lending banks, hedge funds, and broker-dealers. Participants in the securities finance marketplace also use EquiLend’s Next Generation Trading (NGT) multi-asset securities trading platform for transactions worth more than $2.4 trillion monthly.

The bottom line is this: Cybersecurity threats are everywhere, and even well-established companies like EquiLend are not immune. It’s crucial for businesses to invest in robust cybersecurity measures to protect both their clients and employees from the ever-evolving landscape of cyber threats.

Take action and stay informed

Don’t let your company be the next victim of a ransomware attack. Contact our IT Services team to learn more about how you can protect your organization from cyber threats. And remember, knowledge is power – so keep coming back to learn more about the latest in cybersecurity news and best practices.

Malware

Nexperia Chipmaker Confirms Explosive Data Breach Following Ransomware Gang’s Sinister Leak

Chipmaker Nexperia suffered a cyberattack as ransomware group ‘Grief’ leaked the company’s data. The breach exposed sensitive files, including employee information. Nexperia is working closely with law enforcement and external cybersecurity experts to investigate the incident and mitigate any potential impacts on its partners and customers.

Published

on

Picture this: a leading Dutch chipmaker, Nexperia, experiences a major cyber attack, forcing it to shut down its IT systems and launch an investigation to assess the damage. It’s a real-life scenario that unfolded in March 2024 when hackers breached the company’s network, and a ransomware gang claimed responsibility, leaking samples of supposedly stolen data.

Nexperia is no small fish in the tech pond. As a subsidiary of Chinese company Wingtech Technology, it operates semiconductor fabrication plants in Germany and the UK, producing a staggering 100 billion units that range from transistors and diodes to MOSFETs and logic devices. Employing 15,000 specialists and boasting an annual revenue of over $2.1 billion, this is a company that has a lot to lose.

Immediate Response and Investigation

Upon discovering the unauthorized access to its IT servers, Nexperia released a statement detailing its swift response. The company took action by disconnecting the affected systems from the internet, containing the incident, and implementing extensive mitigation measures.

It didn’t stop there, though. Nexperia enlisted the help of third-party experts and FoxIT to investigate the nature and scope of the breach. Furthermore, the company reported the incident to the police and data protection authorities in the Netherlands.

Enter Dunghill Leak

On April 10, the extortion site ‘Dunghill Leak’ announced its breach of Nexperia, claiming to have stolen a whopping 1 TB of confidential data. The site leaked samples of allegedly stolen files, including microscope scans of electronic components, employee passports, non-disclosure agreements, and more. It’s important to note, however, that the authenticity of these samples has not been confirmed by Nexperia.

So, what’s at stake? If the ransom demand isn’t met, Dunghill claims it will leak a vast array of sensitive data, such as design and product data, engineering data, commercial and marketing data, corporate data, client and user data, and various files and miscellaneous data, including email storage files. Some big-name brands like SpaceX, IBM, Apple, and Huawei are potentially at risk.

The Dark Angels Connection

Dunghill Leak is linked to the Dark Angels ransomware gang, which uses the data leak site to pressure attacked organizations into paying a ransom. In September 2023, we reported that Dark Angels breached building automation giant Johnson Controls and encrypted the company’s VMWare and ESXi virtual machines. The gang threatened to publish the stolen data on the Dunghill Leak website, but it never materialized.

As of now, the Dunghill Leak extortion site lists twelve victims, with data for eight either fully or partially released, while two are marked as ‘sold on the dark web.’

Stay Informed and Stay Protected

The Nexperia breach is yet another reminder of the importance of cybersecurity in today’s technologically driven world. By staying informed about the latest cyber threats, you can better protect yourself and your organization.

If you’re curious to learn more about cybersecurity and how it affects you, don’t hesitate to contact us. Keep coming back for more insights and updates on the ever-evolving world of cybersecurity. We’re here to help you stay safe in the digital age.

Continue Reading

Malware

Cisco Duo Alert: Third-Party Data Breach Unveils SMS MFA Logs – Protect Your Privacy Now!

Cisco Duo has warned customers of a third-party data breach that exposed SMS multi-factor authentication (MFA) logs, potentially compromising user security. Learn about the breach, its implications, and how to safeguard your accounts using MFA methods.

Published

on

Imagine this: you’re using a highly secure multi-factor authentication (MFA) service like Cisco Duo to protect your business, and then you find out that hackers have accessed your VoIP and SMS logs. Sounds like a nightmare, right? Well, that’s precisely what happened to some Cisco Duo customers recently.

What Went Wrong?

Cisco Duo, an MFA and Single Sign-On service used by companies for secure access to their networks and applications, serves over 100,000 customers and handles more than a billion authentications every month. But even this security giant wasn’t immune to a cyberattack on one of its telephony providers.

On April 1, 2024, an unnamed provider responsible for handling Cisco Duo’s SMS and VoIP MFA messages fell victim to a breach. The hackers obtained employee credentials through a phishing attack, gaining access to the provider’s systems and subsequently downloading SMS and VoIP MFA message logs associated with specific Duo accounts between March 1 and March 31, 2024.

What Information Was Compromised?

Thankfully, the hackers didn’t access the content of the messages or use their access to send messages to customers. However, the stolen logs did contain data that could be exploited in targeted phishing attacks to obtain sensitive information, like corporate credentials. This data included employee phone numbers, carrier information, location data, dates, times, and message types.

How Has the Situation Been Handled?

Upon discovering the breach, the affected provider immediately invalidated the compromised credentials, analyzed activity logs, and notified Cisco. They also implemented additional security measures to prevent similar incidents in the future.

Cisco Duo received all of the exposed message logs from the vendor, which customers can request by emailing [email protected] to better understand the breach’s scope, impact, and appropriate defense strategies.

What Should You Do If You’re Impacted?

If you’re one of the customers affected by this breach, it’s crucial to be vigilant against potential SMS phishing or social engineering attacks using the stolen information. Cisco’s Data Privacy and Incident Response Team advises contacting affected users and advising them to be vigilant and report any suspected social engineering attacks.

Additionally, it’s essential to educate your users on the risks posed by social engineering attacks and investigate any suspicious activity.

Not an Isolated Incident

This breach isn’t an isolated event. Last year, the FBI warned that threat actors were increasingly using SMS phishing and voice calls in social engineering attacks to breach corporate networks. In 2022, Uber experienced a similar breach after a threat actor performed an MFA fatigue attack on an employee and then contacted them on WhatsApp, pretending to be IT help desk personnel.

Although Cisco has not disclosed the supplier’s name or the number of customers impacted by this incident, it serves as a stark reminder that no system is entirely immune to cyberattacks. Stay vigilant, educate your users, and always be on the lookout for suspicious activity.

Stay Informed and Protected with Our IT Services

Don’t let your business become another statistic in the ever-growing list of cyberattack victims. Keep coming back to learn more about the latest threats and how to protect your company. And if you need assistance with your cybersecurity strategy, don’t hesitate to contact us – we’re here to help.

Continue Reading

Malware

Hacker Exposes Massive Giant Tiger Data Breach, Unleashes 2.8M Records Online

A hacker claims to have breached the Canadian retail chain Giant Tiger, leaking 28 million records online, including customers’ personal data. The hacker, known as ‘ZeroTwo’, shared a sample of the stolen data on a popular hacking forum, with details like names, addresses, and phone numbers. Giant Tiger has not yet confirmed the breach.

Published

on

Canadian retail chain Giant Tiger disclosed a data breach in March 2024.

A threat actor has now publicly claimed responsibility for the data breach and leaked 2.8 million records on a hacker forum that they claim are of Giant Tiger customers.

Data breach monitoring service HaveIBeenPwned has added the leaked database to its website to make it easy for users to check if their information was compromised.

The discount store chain operates over 260 stores and employs 8,000 people across Canada.

2.8 Million Customer Records Leaked Online

On Friday, we noticed a post titled “Giant Tiger Database – Leaked, Download!” surfacing on a hacker forum.

The threat actor behind the post claims to have uploaded the “full” database of Giant Tiger customer records stolen in March 2024.

“In March 2024, the Canadian discount store chain Giant Tiger Stores Limited… suffered a data breach that exposed over 2.8 million clients,” states the threat actor.

“The breach includes over 2.8 million unique email addresses, names, phone numbers, and physical addresses.”

The stolen data in the dump, claims the threat actor, additionally includes the “website activity” of Giant Tiger customers.

“I finally opened 60 of the 60 pages of the database section!” replied one forum member to the post, with others requesting to preview a sample of the data set. The threat actor obliged and posted a small snippet.

The data set has been leaked essentially for free. Although the download link to the set has to be unlocked by spending “8 credits,” such credits are typically trivially generated by forum members by, for example, commenting on existing posts or contributing new posts.

Threat actors often breach companies and steal sensitive data to blackmail them and extort money. Failing successful extortion, a threat actor may deliberately leak the stolen data online or sell it off on dark web marketplaces to buyers interested in conducting identity theft and phishing attacks.

Breach Caused by a Third-Party Vendor

We have not verified the authenticity of the data set, however, we did reach out to Giant Tiger with questions regarding the leak.

Without commenting on the authenticity of the leaked data, a spokesperson responded:

“On March 4, 2024, Giant Tiger became aware of a security concern related to a third-party vendor we use to manage customer communications and engagement,” a Giant Tiger spokesperson told us.

“We determined that contact information belonging to certain Giant Tiger customers was obtained without authorization. We sent notices to all relevant customers informing them of the situation.”

“No payment information or passwords were involved.”

Giant Tiger declined to share the name of the third-party vendor in question.

Records Added to HaveIBeenPwned

As of April 12th, the leaked data set has been added to the “Have I Been Pwned?” database.

HaveIBeenPwned (HIBP) is a free online service that allows users to check if their data was compromised in known data breaches.

The number of breached records associated with this incident added to the HIBP database is 2,842,669, with the service stating that 46% of these records were already in its database.

Giant Tiger customers should be wary of any suspicious emails or incoming communications that claim to be from the retailer. These could very likely be targeted phishing attempts from threat actors.

Although no payment information or passwords were exposed in this breach, signing up for an identity monitoring service could be beneficial to customers in preventing them from becoming victims of identity theft.

To stay informed and protected, keep coming back to learn more about cybersecurity and how it impacts you. Don’t hesitate to contact us if you have any questions or concerns about your online security.

Continue Reading

Trending