Cyber Security News Roundup – 4th September 2023

August is now behind us, but news of widespread cyber crime remains constant. Last week, multiple organisations announced that they had suffered data breaches. To learn more about each story, click the headings.

Specialist print supplier at centre of Met data breach

29/8

Another UK police force has suffered a data breach, with the Met police falling victim to hackers that gained unauthorised access to a third party supplier’s IT systems, and stole staff information including names, ranks, photos, vetting levels, and salary information. The breached supplier, who has not been named by the force, is responsible for printing warrant cards and staff passes. Described as “a staggering security breach that should never have happened”, all 47,000 of the force’s employees have been notified with many working “some of the most difficult and dangerous roles imaginable”.  The breach has been reported to the National Crime Agency and Information Commissioner’s Office, with the ICO promising to make enquiries. (Print Week)

Forever 21 discloses data breach: 500K+ affected

30/8

Last week, a data breach affecting over 500,000 individuals was confirmed by Forever 21, a US based fast fashion retailer. In its investigation the company found that during the data breach, which was discovered on the 20^th of March, an unauthorised third party managed to gain access to a limited number of systems between the 5^th of January and 21^st of March. In the data breach notice, it is stated that 539,207 individuals could have been affected, with compromised data including a variety of sensitive information. Forever 21 have stated that there is no evidence that any information has been copied, shared, retained or misused, and that steps have been taken to ensure that the threat actors no longer have access to the data. (Cyber News)

Paramount confirms data breach, user personal data compromised

31/8

Entertainment giant Paramount, with annual revenue of $30.15 billion in 2022, has announced that it suffered a data breach between May and June. In the attack, unknown cyber criminals managed to successfully exfiltrate sensitive data including names, dates of birth, Social Security or other identification numbers, and information detailing the victims' relationships with Paramount. The company has been in contact with the affected individuals, of whom there are “less than 100”; it is not known whether these individuals are employees or customers. On discovery, Paramount introduced third-party cyber security experts, notified law enforcement, and began work to upgrade its security posture. (TechRadar)

Golf gear giant Callaway data breach exposes info of 1.1 million

1/9

One of the world’s largest golf brands, Topgolf Callaway, suffered a data breach at the start of August that exposed the personal information of over 1 million customers. In their notification letter, Callaway explained that an IT system incident that occurred on the 1^st of August affected its e-commerce services, and exposed sensitive customer information including names, addresses, and phone numbers to an unauthorised third party. With the incident affecting 1,114,954 individuals, Callaway stated that they detected the breach early on and immediately contained it; all users are now being asked to reset passwords to prevent any unauthorised access of their customer accounts. (Bleeping Computer)

Attempted cyber attacks occur every second, and as we can see from the recent headlines, constantly change in nature. It's critical that your organisation is as protected as possible from all forms of cyber crime, so Contact Celerity to find out how our layered approach to cyber security could protect your business!