Stock-trading platform Robinhood Markets yesterday disclosed that it sustained a databreach on November 3rd. A customer support employee was inveigled ("socially engineered") into granting an unauthorized outsider access to certain company data. The data exposed include email addresses for about five-million Robinhood users, the full names of a different set of roughly two-million users, and more extensive personal information (name, date of birth, and zip code) for some three-hundred users. The data theft apparently represented an extortion attempt. The Wall Street Journal reports that Robinhood has brought in Mandiant to investigate the incident.
Germany-based multinational electronics retailer Media Markt has seen operations disrupted by a ransomware attack, according to BleepingComputer. The ransomware strain is said to be Hive, and the criminal operators' opening position was to demand $240 million. Retail Detail says that store employees in Belgium, Germany, and the Netherlands have been told to take point-of-sale systems offline.
Yesterday's Europol announcement that a Romanian-led investigation leading to the arrest of suspected REvil ransomware operators has not only netted several difficult-to-apprehend criminals, but also lent some credence to the impression that ransomware gangs in particular have grown a bit skittish about their vulnerability to arrest. The US Justice Department also seized $6.1 million in cryptocurrency from a REvil operator who remains at large. The US Treasury Department sanctioned Chatex (which describes itself as "a full-fledged cryptobank”), SecurityWeek reports, for its role in processing cryptocurrency transactions allegedly on behalf of the gangs. Three other firms that supported Chatex were also sanctioned.