At a glance.
- Update on the Booz Allen Hamilton data breach.
- Hackers leak more Medibank patient data.
- World Cup is not all fun and games, privacy experts warn.
Update on the Booz Allen Hamilton data breach.
As we noted last week, US management and information technology consulting firm Booz Allen Hamilton suffered a data breach after a now-former employee downloaded a copy of an internal report that was improperly stored on an internal SharePoint site. TechCrunch explains that the report contained data on active employees as of March 29, 2021, which means it potentially contained the personal data of tens of thousands of employees, many of whom are contracted to government, military, and intelligence agencies and hold high-level security clearances. According to the data breach notice filed with the California attorney general’s office, the compromised personal information was obtained on April 14, 2022, but Booz Allen spokesperson Jessica Klenk said the company only learned of the exposure months later in October.
Hackers leak more Medibank patient data.
The Guardian reports that cybercriminals have leaked a fifth database containing about fifteen hundred records of patient information stolen in the massive breach of Medibank, Australia’s leading insurance provider. On Sunday, Medibank chief executive David Koczkar confirmed the data had been published on the dark web following the company’s refusal to meet the hackers’ $10 million ransom demand. Medibank confirmed the exposed data included patient details on chronic conditions such as heart disease, as well as cancer, dementia, other mental health conditions, and infections. 7NEWS notes that while the attackers claimed the data also included information on HIV and other sexually transmitted diseases, it is believed the file does not contain any such info. Koczkar said Medibank is still verifying the validity of the data in the latest leak, as some previously released data did match the company’s records. Koczkar added, “The Australian Federal Police have said law enforcement will take swift action against anyone attempting to benefit, exploit or commit criminal offenses using stolen Medibank customer data. We continue to work closely with the Australian Federal Police who are focused, as part of Operation Guardian, on preventing the criminal misuse of this data.”
World Cup is not all fun and games, privacy experts warn.
As the first matches of the 2022 FIFA World Cup kicked off in Qatar over the weekend, privacy experts continue to advise attendees against downloading the event’s required apps: official World Cup app Hayya, and infection-tracking app Ehteraz. POLITICO reports that on Tuesday, the German data protection authority issued a statement warning that the apps, which many are labeling as spyware, require more access to user data than the apps’ privacy notices indicate. The DPA stated, “One of the apps collects data on whether and with which number a telephone call is made…The other app actively prevents the device on which it is installed from going into sleep mode. It is also obvious that the data used by the apps not only remain locally on the device, but are also transmitted to a central server.”
Last Monday, Norway’s data protection regulator issued a similar statement, explaining, “There is a real possibility that visitors to Qatar, and especially vulnerable groups, will be monitored by the Qatari authorities.” France’s influential regulator CNIL said fans should take “special care” with photos and videos stored on their devices, and recommends travelers install the apps just before departure and delete them as soon as they return home. Despite the French government’s close ties to Qatar, Junior Minister for Digital Jean-Noël Barrot backed CNIL’s statement, tweeting, "In France, thanks to the [General Data Protection Regulation], all applications must guarantee the fundamental rights of individuals and the protection of their data. This is not the case in Qatar.”
Meanwhile, privacy experts have expressed worries that threat actors could target World Cup attendees by mimicking event officials in order to steal personal data. Insikt Group, intelligence firm Recorded Future's threat research division, has released their analysis of the Cup’s cyber threat landscape, and they found that potential threats include “state-sponsored cyber operations, financially motivated cyber threats, influence operations, and physical security threats.” They note that although they identified no imminent, planned, or ongoing state-sponsored cyber operations linked to known advanced persistent threat (APT) groups targeting the event, state-sponsored threat actors (especially those linked to Russia) aiming to collect foreign intelligence would likely see the World Cup lucrative target for espionage and surveillance against foreign government officials and businesspeople.
The report references Qatar’s complicated geopolitical ties as a motivator for potential threats, stating, “Iran and Russia have also sought to highlight divisions and exacerbate tensions between Qatar and Western countries that have been critical of the tournament being hosted in Qatar due to human rights concerns in the country.” The analysts also indicate that financially motivated threat actors see international sporting events like the Cup as perfect opportunities to launch tournament-related phishing attacks like fake ticket giveaways, game streaming services, and betting websites, as well general travel-related scams concerning visas, hotel reservations, and restaurant bookings.