After alumni and other affiliates of The University of Pennsylvania received a strange email from official email addresses belonging to the university, Penn’s staff immediately locked down systems and began investigating.
The offensive email, which told recipients to stop giving the school money, slammed the university and claimed “all your data will be leaked.” The breach was the result of a social engineering attack and it has been confirmed that personal information was compromised during the incident, though it’s not clear exactly what information was affected and how many people have had their information compromised.
An anonymous employee of the university said that students, staff, and alumni are required to use MFA, but some high-ranking officials have been granted exemptions to these requirements, implying that these exceptions could be what allowed the hackers to gain access to the school’s systems.
(–Source: TechCrunch
Read More: University of Pennsylvania confirms hacker stole data during cyberattack | TechCrunch )
Earlier this year, Beverly Hills Oncology Medical Group detected unauthorized access to its systems and promptly launched an investigation with the help of outside cybersecurity professionals.
The investigation concluded in mid-October with findings that personal information may have been accessed and exfiltrated. The compromised information varies per individual but may include full names, SSNs, driver’s license or other government ID numbers, financial account information, including credit and debit card info, health insurance information, including treatment plans, diagnoses, prescriptions, and more.
Though there has not been any indication that stolen info has been used for identity theft, the medical provider urges affected individuals to exercise caution and has offered complimentary credit monitoring services.
(–Source: Newsweek on MSN
Read More: Beverly Hills Oncology Medical Group Data Breach Under Investigation )
Hyundai AutoEver America (HAEA) based in Orange County, the in-house It and software company for the American branch of Hyundai, discovered unauthorized access to its IT systems in March of this year, which led the company to launch an investigation into the matter.
The investigation concluded that the hackers had access to the company’s systems for about a week, accessing personal information within the network during this time. It’s unclear if this information was exfiltrated; however, the accessed information includes names, SSNs, and driver’s license numbers of an undisclosed number of individuals.
(–Source: Security Week
Read More: Automotive IT Firm Hyundai AutoEver Discloses Data Breach – SecurityWeek )
After a cyberattack on the state of Nevada affected the state’s systems throughout August and September and left many people with questions about the attack, the answers have finally arrived.
The unauthorized access, which was the result of an employee downloading malware from a spoofed website, may have begun months before the ransomware was deployed by the hackers. Throughout the duration of the attack, hackers accessed critical servers and information, retrieving login credentials and some personal information. There is currently no evidence that indicates that the information has been posted online.
(–Source: KTNV
Read More: Previously unknown details about Nevada cyberattack revealed in report )
An issue with Klarna’s credit application form appears to expose sensitive information belonging to other users of the buy now, pay later platform. Klarna has confirmed the issue but has not revealed the extent of it.
(–Source: Forbes
Read More: Klarna Confirms Customer Data Leak But Won’t Reveal Extent )
Without much information at this time due to an ongoing investigation, the US Congressional Budget Office has confirmed a cybersecurity incident that may have exposed emails between the CBO and Senate.
The compromised email communications may include office chat logs containing information that could be used to create “highly targeted phishing campaigns that appear to be legitimate CBO communications.” The government agency is urging offices to be cautious with any communication coming from CBO email addresses.
(–Source: Reuters on MSN
Read More: US Congressional Budget Office hit by cybersecurity incident )
