Cyber Security News Roundup – 16th October 2023
By Emily Davidson
16 October 2023
From significant data breaches to regulatory fines, last week more organisations faced the consequences of falling victim to cyber crime. To learn more about each story, click the headings.
Air Europa data breach: Customers warned to cancel credit cards
10/10
Last week the third largest airline in Spain, Air Europa, began warning customers to cancel credit cards after attackers accessed customer card information in a recent cyber attack. The stolen details are highly sensitive, including card numbers, expiration dates, and the 3-digit CVV (Card Verification Value) code. Air Europa has not yet disclosed how many customers were affected by the data breach, the date its systems were breached, and when the incident was detected. (Bleeping Computer)
MOVEit hack: credit union discloses 100K victims
11/10
Months later, the victim count for the now infamous MOVEit campaign continues to grow; last Tuesday University Federal Credit Union became the latest organisation to admit a data breach at the hands of Cl0p. Following a four month investigation the Union confirmed that a data breach had occurred, notifying the attorney general in Maine of a breach that exposed financial account and payment card numbers, and potentially affected 102,650 people. (Cyber News)
Shadow PC Suffers Breach After Hacker Baits Employee With Malicious Game
12/10
Cloud gaming provider Shadow has announced that it suffered a data breach, emailing customers on Wednesday to notify them of data theft which included email addresses, dates of birth, and billing addresses.
The "highly sophisticated attack" began on Shadow's Discord platform, following a social engineering attack on a company employee; the individual downloaded an undisclosed malware strain disguised as a Steam video game, in doing so unintentionally giving remote computer access to an unauthorised third party.
A user in a popular hacking forum is now claiming to have the access to the stolen data, listing the information - allegedly totalling 533,624 users - for sale and claiming that Shadow have ignored an "amicable settlement". (PC Magazine)
Equifax hit with £11.2m fine for mass data breach
14/10
The UK's Financial Regulator, the FCA, has fined credit rating agency Equifax £11.2 million following a six year investigation into its 2017 cyber attack. After suffering one of the largest data breaches in history, exposing the information of 13.8 million British individuals, the FCA found that Equifax had failed to manage and monitor the security of UK consumer data that it outsourced to Equifax Inc, its parent company in the United States.
The FCA stated that the attack “was entirely preventable", adding that Equifax “failed to provide sufficient oversight of how data it was sending was properly managed and protected” as it did not treat its relationship with its parent company as outsourcing. “There were known weaknesses in Equifax Inc’s data security systems and Equifax failed to take appropriate action in response to protect UK customer data.” (The Times)
Attempted cyber attacks occur every second, and as we can see from the recent headlines, constantly change in nature. It's critical that your organisation is as protected as possible from all forms of cyber crime, so Contact Celerity to find out how our layered approach to cyber security could protect your business!
Latest resources

How to build operational resilience in your organisation
Operational resilience is the framework that businesses and institutions use to assess their capacity to prevent, withstand, mitigate, and recover from disruptive incidents such as cyber-attacks and IT outages. This is with the goal of reducing downtime, reputational damage, and financial impact. A misconception about operational resilience is that it’s not an essential consideration. However, […]

Five signs your business needs cyber security as a service
The importance of cyber security cannot be overstated for business continuity, protecting your reputation, and saving costs (as well as avoiding fines). It’s why 75% of businesses and 63% of charities report that cyber security is a high priority for their senior management. That’s where cyber security as a service comes into play, offering expert […]

How to find the right managed IT services first time
There are no two ways about it- selecting your IT service provider is a business-critical decision. Ultimately, you’re trusting your organisations’ cyber security, software management, data security, and IT systems over to a third party- it’s a huge decision to make. The good news? We have made this decision slightly easier for you. We’ve […]