Fudo Security Weekly, November 26th – 30th, 2018

05.12.2018 13:33

Uber fined for breach by ICO/GDPR

After being hit by a cyberattack, Uber fumbled the attack both in the failed preventative measures and the way it conducted itself afterwards. The UK’s data protection regulator as well as the Dutch fined Uber for the incident. With the breach affecting over 2.7 million customers and drivers and compromising names, phone numbers and email addresses; it goes without saying this was a significant attack.

Uber even kept the whole incident under wraps which does not bode well for the big tech company. The attack occurred in 2016 before GDPR went into effect, and suffice it to say the repercussions and fines would have well exceeded the fee Uber had to pay this time around. Read more. 

India’s cybersecurity startups boom as attacks rise

As cyber attacks continue to mount across the world and affect every sector, there are those that are jumping into the breach to stem the tide. According to a tech report from the Economic Times in India there are over 200 cybersecurity startups in India, with over 50 new ventures and projects founded in recent times. Many of them are gaining serious traction and are focused in the financial services sector as demand booms. Find out more.

Atrium Healthcare breached, over 2.65 million patients affected

A third party billing vendor has been breached and personal information of millions of patients has been compromised at Atrium Health in Charlotte. Details that have been stolen include: insurance policy information, medical record numbers, invoice data, and social security numbers. The breach shows again how vulnerable healthcare is as the attack affects over 44 hospitals in three US states.

Marriott Starwood breached, over 500 million clients affected

This marks one of the biggest corporate breaches in history. One of the world’s largest hotel chains with 6,700 properties in over 129 countries has been breached affecting over 500 million customers when Starwood’s reservation database was attacked. Hotels included in the incident range from the St Regis, Westin and Sheraton after the group acquired these in 2016. The breach goes back over 4 years yet the company only became aware of the cyber breach last week.

Personal information that has been compromised includes: names, addresses, phone numbers, email addresses, passport info, and credit card details. Given the massive scale of this, the big question remains will GDPR apply?

US indicts 2 Iranians for cyberattacks in Atlanta and Newark

A unique case of justice, as the US Justice Department indicts two Iranian nationals for digital extortion of Atlanta, Newark as well as other local government agencies and companies. The cyber attacks in the form of hacking and ransomware resulted in over $30 million in damages, and have seriously exposed municipal authorities.

It gives us a unique example of a new form of cyber criminal, where money isn’t simply the only motive. This was a concerted effort to not only extort vulnerable services such as healthcare organizations and schools but also to embarrass key infrastructure in the US. Read more here.

 

We hope you’ll enjoy this week’s info bundle. Stay safe!

And if you are interested in receiving hottest cybersecurity news to join Fudo Security Weekly click here.