Cyber Security News Roundup – 11th September 2023

Last week's cyber security news headlines served as a reminder that cyber crime is indiscriminate. Whether you're a public or private, profit making or non-profit organisation, everyone is a target. To learn more about each story, click the headings.

Major data breach leaks passwords of seven million Freecycle users

5/9

Last week, non-profit organisation Freecycle announced that its servers had suffered a data breach on the 30^th of August resulting in the sensitive information of over 7 million users being exposed – representing one of the most significant UK data breaches so far this year. Usernames, user IDs, email addresses and passwords were all included in the stolen data, with Freecycle confirming that the breach has now been closed and reported to the ICO. Despite the breach only recently being discovered, sources indicate that the data has been available for sale since late May, with unknown hackers using the stolen credentials of founder and executive director Deron Beal to access forums and member data. (E&T)

PSNI data breach could cost police force up to £240m, MPs hear

6/9

As a result of extra security requirements for officers and potential legal action, the recent data breach at the Police Service of Northern Ireland could end up costing the service up to £240 million. Of this figure, the Northern Ireland Affairs committee was told that between £24m and £37m accounts for recovery costs, while up to £180m is expected for individual claims for litigation. The suggestion that the data was leaked deliberately was rejected. (BBC News)

Kent school suffers cyberattack, personal data encrypted

8/9

St Augustine’s Academy, a secondary school with over 750 students in Maidstone, Kent, suffered a “serious data breach” last week that saw internal student and parent data encrypted by an “outside criminal organisation”. The school’s IT systems and phone lines were also left down as a result of the attack. With this being the second cyber incident at a UK school in as many weeks, it raises the concern that educational institutions remain a key target for criminal organisations, as a result of the lack of funding that is directed towards cybersecurity measures and procedures. Muhammad Yahya Patel of Check Point Software warned that as phishing and ransomware campaigns increase in volume, attacks like these are expected to be an upwards trend. (Computing)

Dymocks warns customer records may be on dark web after possible data breach

8/9

Dymocks, an Australian bookstore chain, has warned that a data breach discovered last Wednesday could result in customer information being leaked. When Dymocks first detected the breach, their investigation found that an unauthorised party could have accessed their customer records, and that discussions regarding this information have been discovered on the dark web. The stolen information could include email addresses, phone numbers, addresses, genders and dates of birth, as well as any membership details. Once their investigation is complete, Dymocks have stated that they will report the breach to the Office of the Australian Information Commissioner. (The Guardian)

Attempted cyber attacks occur every second, and as we can see from the recent headlines, constantly change in nature. It's critical that your organisation is as protected as possible from all forms of cyber crime, so Contact Celerity to find out how our layered approach to cyber security could protect your business!