Recently, a threat actor managed to download non-public files from a misconfigured public-facing DevHub portal. Although this sounds alarming, we want to reassure you that the exposed documents do not contain information that could be exploited in future breaches of our systems.

What exactly was exposed?

Upon analyzing the exposed documents, we found that their contents include data that we publish for customers and other DevHub users. However, files that shouldn’t have been made public were also available, some belonging to CX Professional Services customers.

“So far, in our research, we’ve determined that a limited set of CX Professional Services customers had files included and we notified them directly,” we said.

Our teams have worked diligently to assess the content of those files. We want to emphasize that we have not identified any information in the content that an actor could have used to access any of our production or enterprise environments.

What actions have we taken?

We have since corrected the configuration and restored public access to the DevHub site. Additionally, we’ve confirmed that web search engines did not index the exposed documents.

This update comes after we confirmed last month that we took our public DevHub site offline (a resource center for customers where we publish software code, templates, and scripts) after a threat actor leaked what we described at the time as “non-public” data.

It’s important to note that we found no evidence that any financial data or personal information had been exposed or stolen from the public DevHub portal before it was taken offline.

What about the alleged access to a developer environment?

The threat actor behind the leak, IntelBroker, claimed that they also gained access to a Cisco JFrog developer environment through an exposed API token. While we maintain that our systems haven’t been breached, information shared by the threat actor indicates that they also breached a third-party development environment, allowing them to steal data.

We’ve been contacted with further questions about IntelBroker’s claims, but we have not replied as of yet.

What’s the takeaway from all of this?

While the exposure of non-public files is a concern, we want to reiterate that the information contained within those files does not put our systems at risk for future breaches. We have taken the necessary steps to correct the configuration issues and restore access to our DevHub site, ensuring that such an incident doesn’t occur again.

As always, your security is our top priority. We encourage you to reach out to us with any questions or concerns, and keep coming back to learn more about how we’re working to protect your data and keep you safe.

Imagine waking up one day to find out your personal information has been stolen by hackers. That’s precisely what happened to millions of customers of Free, a major internet service provider (ISP) in France. Over the weekend, the company confirmed that its systems were breached, and customer data was stolen.

Free is no small player in the telecommunications industry. With over 22.9 million mobile and fixed subscribers at the end of June, it’s the second-largest telecommunications company in France and a subsidiary of the Iliad Group, Europe’s sixth-largest mobile operator by the number of subscribers. That’s a lot of people potentially affected by this breach!

The company has taken action by filing a criminal complaint with the public prosecutor and notifying the French National Commission for Information Technology and Civil Liberties (CNIL) and the National Agency for the Security of Information Systems (ANSSI) of the incident.

What happened and who is affected?

According to a Free spokesperson, the hack targeted a management tool that exposed subscribers’ data. Thankfully, the attackers failed to access customer passwords, bank card information, and communications content (including “emails, SMS, voice messages, etc.”). However, the data that was stolen is now being auctioned on BreachForums to the highest bidder.

The threat actor responsible for the breach, known as “drussellx,” claims that the breach impacts almost a third of France’s population. They say that the data breach affects 19.2 million customers and contains over 5.11 million International Bank Account Numbers (IBANs). It affects all Free Mobile and Freebox customers and includes the IBANs of all 5.11 million Freebox subscribers.

How can you protect yourself?

Free has assured its customers that the stolen IBANs are “not enough to make a direct debit from a bank.” However, it’s essential for subscribers to be vigilant against phishing attempts. Never communicate your access codes or bank card information, whether by email, SMS, or during a call. If you notice an unusual direct debit that doesn’t correspond to any known invoice amount or date, inform your bank, as they’re obliged to reimburse you for fraudulent charges.

So, what can we learn from this incident? Cybersecurity threats are real and can affect anyone, even major telecommunications companies. It’s crucial to stay informed about potential risks and take steps to protect our personal information.

Stay informed and stay protected

As your trusted IT Services provider, we’re here to help you stay informed about cybersecurity threats and keep your information safe. Our team of experts is always on the lookout for the latest cybersecurity news, trends, and best practices. So don’t hesitate to contact us for guidance and advice on how to keep your data secure. And remember, knowledge is power – the more you know about cybersecurity, the better equipped you’ll be to protect yourself and your information.

It’s official: over 100 million people had their personal information and healthcare data stolen in the Change Healthcare ransomware attack, making it the largest healthcare data breach in recent years. UnitedHealth, the parent company of Change Healthcare, has finally confirmed this staggering number.

Just imagine that: “maybe a third” of all Americans’ health data was exposed in this attack, as UnitedHealth CEO Andrew Witty warned during a congressional hearing in May. This is a massive breach that has affected a “substantial proportion of people in America.”

So, what exactly was stolen during this ransomware attack? According to data breach notifications sent by Change Healthcare, the sensitive information includes health insurance details, medical history, billing and payment info, and other personal data like Social Security numbers and driver’s license numbers. Not everyone’s complete medical history was exposed, but still, the sheer scale of this breach is alarming.

How did the Change Healthcare ransomware attack happen?

In February, the UnitedHealth subsidiary Change Healthcare fell victim to a ransomware attack that led to widespread outages in the U.S. healthcare system. The culprits? The BlackCat ransomware gang, aka ALPHV, who used stolen credentials to breach the company’s Citrix remote access service, which did not have multi-factor authentication enabled.

During the attack, the criminals stole a whopping 6 TB of data and encrypted computers on the network. This caused the company to shut down IT systems to prevent further damage. In the aftermath, doctors and pharmacies were unable to file claims, and patients were forced to pay full price for medications because pharmacies couldn’t accept discount prescription cards.

UnitedHealth Group ended up paying a ransom demand of allegedly $22 million to receive a decryptor and ensure the stolen data would be deleted. However, the ransomware gang pulled a fast one: they suddenly shut down and stole the entire payment for themselves, leaving Change Healthcare’s data in the hands of a rogue affiliate.

As if that wasn’t enough, the affiliate partnered with a new ransomware operation named RansomHub and began leaking some of the stolen data, demanding an additional payment for the data not to be released. It’s unclear whether United Health paid a second ransom demand, as the entry for Change Healthcare on RansomHub’s data leak site disappeared a few days later.

The financial toll of this attack has been enormous. UnitedHealth reported in April that the ransomware attack caused $872 million in losses, which increased to an expected $2.45 billion for the nine months to September 30, 2024, as part of their Q3 2024 earnings.

What can we learn from this massive breach?

This incident highlights the importance of strong cybersecurity measures, especially in the healthcare industry. We must prioritize the protection of sensitive data and invest in robust security systems to prevent future attacks. It’s time for all of us to take cybersecurity seriously.

Stay informed and keep coming back to learn more about the latest cybersecurity news, threats, and best practices. Together, we can work towards a safer digital landscape. If you have any questions or concerns about your organization’s security, don’t hesitate to reach out to us. We’re here to help.