Cyber Security News Roundup – 16th October 2023

From significant data breaches to regulatory fines, last week more organisations faced the consequences of falling victim to cyber crime. To learn more about each story, click the headings.

Air Europa data breach: Customers warned to cancel credit cards

10/10

Last week the third largest airline in Spain, Air Europa, began warning customers to cancel credit cards after attackers accessed customer card information in a recent cyber attack. The stolen details are highly sensitive, including card numbers, expiration dates, and the 3-digit CVV (Card Verification Value) code. Air Europa has not yet disclosed how many customers were affected by the data breach, the date its systems were breached, and when the incident was detected. (Bleeping Computer)

MOVEit hack: credit union discloses 100K victims

11/10

Months later, the victim count for the now infamous MOVEit campaign continues to grow; last Tuesday University Federal Credit Union became the latest organisation to admit a data breach at the hands of Cl0p. Following a four month investigation the Union confirmed that a data breach had occurred, notifying the attorney general in Maine of a breach that exposed financial account and payment card numbers, and potentially affected 102,650 people. (Cyber News)

Shadow PC Suffers Breach After Hacker Baits Employee With Malicious Game

12/10

Cloud gaming provider Shadow has announced that it suffered a data breach, emailing customers on Wednesday to notify them of data theft which included email addresses, dates of birth, and billing addresses.

The "highly sophisticated attack" began on Shadow's Discord platform, following a social engineering attack on a company employee; the individual downloaded an undisclosed malware strain disguised as a Steam video game, in doing so unintentionally giving remote computer access to an unauthorised third party.

A user in a popular hacking forum is now claiming to have the access to the stolen data, listing the information - allegedly totalling 533,624 users - for sale and claiming that Shadow have ignored an "amicable settlement". (PC Magazine)

Equifax hit with £11.2m fine for mass data breach

14/10

The UK's Financial Regulator, the FCA, has fined credit rating agency Equifax £11.2 million following a six year investigation into its 2017 cyber attack. After suffering one of the largest data breaches in history, exposing the information of 13.8 million British individuals, the FCA found that Equifax had failed to manage and monitor the security of UK consumer data that it outsourced to Equifax Inc, its parent company in the United States.

The FCA stated that the attack “was entirely preventable", adding that Equifax “failed to provide sufficient oversight of how data it was sending was properly managed and protected” as it did not treat its relationship with its parent company as outsourcing. “There were known weaknesses in Equifax Inc’s data security systems and Equifax failed to take appropriate action in response to protect UK customer data.” (The Times)

Attempted cyber attacks occur every second, and as we can see from the recent headlines, constantly change in nature. It's critical that your organisation is as protected as possible from all forms of cyber crime, so Contact Celerity to find out how our layered approach to cyber security could protect your business!