Western Australian bank P&N suffered a data breach in the course of a server upgrade, ZDNet reports. The bank says the information was stolen, not merely exposed, and that names, addresses, email addresses, phone numbers, customer numbers, ages, account numbers, and account balances were among the data at risk. Records of the banks interactions with customers may also have been compromised. Elad Shapira, Head of Research for Panorays says, “The cyber incident at P&N Bank illustrates how organizations can be susceptible to data breaches through their third parties. In this case, the bank was performing a server upgrade when attackers stole data through a hosting provider.... Cyberattacks such as this one, demonstrate why it’s not enough for organizations to assess their own systems; they must also assess the risk posed by connecting with third parties.”
A ransomware attack should now be treated as a data breach until proven otherwise. Ransomware operators are increasingly stealing files before they encrypt them, and they're threatening to release those files publicly as a way of pressuring the victims to pay. The Nemty ransomware gang is the latest to do so. According to BleepingComputer, Nemty will follow the example set by Maze and Sodinokibi. The extortionists say they've set up a site where they can dump files stolen from victims who don't pay quickly enough.
Hackers are also moving immediately to extortion when they obtain medical information. HealthIT Security reports that patients of the Center for Facial Restoration, located in Florida, are being shaken down for the return of their stolen medical data. The clinic itself is also the target of extortion.
The news may originate in Norway, but Consumer Reports thinks it should be taken seriously everywhere: popular dating apps are sharing "intimate details" of their users. The sharing isn't salacious; it's commercial. The data are going to big advertising platforms who use the information so obtained not for the delectation of their watchstanders, but rather to enable them to serve up ads targeted with rifleshot accuracy at the frisky or lovelorn.