We’re almost halfway through the first month of Q3 and so much has already happened this quarter! Here’s what you might have missed on the security side of things this week:
Following investigation into the December 2024 data breach on benefits and payroll provider, Kelly Benefits, it appears that the incident is a lot worse than originally thought.
Originally, it was believed that the incident affected 32,234 individuals, but after months of investigation and number revisions, it looks like the incident affected around 553,660 people. The attack consisted of hackers gaining access to the company’s internal systems and downloading sensitive files containing customer information.
(–Source: Tom’s Guide on MSN
Read More: Over half a million people impacted by major data breach — full names, SSNs, financial data and more exposed )
Over 100,000 Americans have been impacted by a new data breach targeting Medicare and Medicaid that was discovered after fraudulent accounts began being opened on the Medicare.gov website using personal data from the Medicare systems.
Beneficiaries received notices in the mail of new accounts being created that they did not initiate, prompting calls to the Medicare call center. Investigation revealed that hackers had been fraudulently creating these new accounts as early as 2023 using valid beneficiary information.
Affected individuals are being notified via mail and will be sent new Medicare cards and numbers soon.
(–Source: The Daily Hodl
Read More: Medicare and Medicaid Data Breach Hits 103,000 Americans As Fraudulent Accounts Opened Using Victims’ Personally Identifiable Information )
McDonald’s uses an AI chatbot from Paradox.ai for hiring new employees and two security researchers were easily able to fully hack into the backend of the chatbot in less than an hour.
The researchers were able to find a login link for Paradox.ai’s staff on the popular fast food chain’s hiring website while chatting with the AI hiring manager. The password for administrator access, which was “123456”, and the username were able to be guessed in two tries. With this simple guesswork a newfound admin access, the researchers discovered they could randomize applicant ID numbers to find information of up to 64 million applicants.
Paradox.ai acknowledged the incident, stating that the issue was resolved immediately and was not discovered by any malicious actors, only the researchers.
(–Source: The Daily Beast on MSN
Read More: Hackers Used Simple Password to Access McDonald’s AI Hiring Bot Applicant Data )
Police investigating the massive cyberattack on British retailer Marks & Spencer that went on for weeks and cost the company millions in profits have arrested four people on suspicion of Computer Misuse Act offenses, blackmail, money, laundering, and participating in an organized crime group.
While investigation into the incident is still ongoing and the retailer is still experiencing the effects of the attacks, the head of the NCA’s National Cyber Crime Unit has called these four arrests a “significant step” in the investigation process.
(–Source: BBC on MSN
Read More: Four arrested in connection with M&S and Co-op cyber attacks )
