SIM card swap led to a Kroll data breach, supplier hack led to a London police data theft, and more.
Welcome to Cyber Security Today. It’s Monday, August 28th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.
 |
 |
 |
Kroll Inc., which specializes in advising organizations about cyber risks, has been the victim of the theft of personal data. That data is the information it’s holding of claimants in the bankruptcies of three cryptocurrency firms. In a statement Friday, Kroll said one of its staff was the victim of a SIM swapping scam, where a smartphone SIM card gets switched to a phone controlled by a crook. Usually the goal is to get the multifactor authentication code on the phone to help break into a target’s email or corporate account. Sometimes a victim falls for a phishing scam and is unwittingly part of the swap. Other times a wireless carrier gets tricked into believing the request for a change is made by a real subscriber. That’s what apparently happened here. Kroll said American carrier T-Mobile changed the registration of its employees’ SIM card without any permission from or contact with its staffer. What the hacker was then able to get was customer information Kroll was holding in the huge bankruptcy of the FXT cryptocurrency exchange, and on those with money in crypto lenders BlockFi and Genesis. The three companies went under in November. Those with crypto assets are waiting to see if they will get any of their money back. The ultimate goal of the hack might have been to get customers’ crypto passwords or security keys. However, Kroll didn’t have those. But investors in those companies should be wary of emails purporting to be from Kroll or another source allegedly involved in the bankruptcies trying to trick them into giving up their passwords.
FTX co-founder Sam Bankman-Fried and others are facing criminal charges in the U.S. in connction with the collapse of FTX.
Listeners may recall that earlier this month the U.S. Cyber Safety Review Board reported on carriers and companies being unprepared for the Lapsus$ gang’s successful use of SIM swapping to carry out their data thefts.
The Ohio History Connection, a historical society, is notifying 7,600 people that their data was stolen in a ransomware attack last month. Those affected include current and former employees, people who did contract work for the society and possibly financial donors. That’s because the attackers may have accessed images of cheques given by members and contributors. The attackers demanded millions of dollars to prevent the data from being publicly exposed. The society made a counter-offer, but it was rejected.
An Arizona school district is finally officially notifying employees and students of a January data breach and ransomware attack. The Tucson Unified School District is sending letters to almost 29,000 people about the breach, which had been known since February. At that time a district official said there was no proof sensitive data had been leaked. But in May Bloomberg News reported that confidential data from the theft had been posted on a criminal site. The August 25th letter from the school district said that after a forensic investigation finished in July it realized that personal information was involved.
In international news, London police are on alert after a hacker got hold of some information of the entire 47,000-member force. According to a news story the hacker got into the IT systems of a contractor responsible for printing police warrant cards and staff passes. What they got were the names, ranks, photos, vetting levels and pay numbers for police officers and staff. This comes after a police staffer in Northern Ireland earlier this month accidentally divulged similar information about 10,000 police there after giving more than what was asked for in an access-to-information request.
A database of 10 million job seekers in France held by the government’s employment agency is being offered for sale on the dark web after a recent data breach. The stolen data includes names, the equivalent of Social Security numbers, telephone numbers and email addresses.
Poland’s train network was disrupted on Friday and Saturday, with trains being signal to stop. At first there was suspicion this was a cyber attack. But an expert told Wired.com he believes the attackers stopped the trains by issuing simple commands over an unencrypted radio network.
Finally, in somewhat ironic news a Portuguese language mobile spyware app called WebDetetive used by employers, parents or suspicious lovers to spy on other people’s Android devices has been hacked. According to TechCrunch, the attackers say they exploited several vulnerabilities to compromise the developer’s server and access the web dashboard to download user information. Then, apparently to protest the use of spyware, the attacker claims they deleted the connection between the app and the management servers, rendering the app useless..
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.
