At a glance.
- Could US college data leaks become a Thanksgiving tradition?
- New York county breach compromises driver’s license data.
- Report: WhatsApp disputes claims that it sustained a data leak.
Could US college data leaks become a Thanksgiving tradition?
As Americans gathered for their Thanksgiving festivities, Cincinnati State College, located in the US state of Ohio, was added to the leak site of ransomware group Vice Society, the Record by Recorded Future reports. Just two days before the leak, the school said it was continuing the investigation of a cybersecurity incident that occurred earlier this month and that it was making “progress towards restoring many systems and services.” Classes have been uninterrupted and email services are back up, but many of the school’s online services have been shut down, including voicemail, financial aid, and department share drives, as the school works to restore its IT systems.
Vice Society is known for targeting the US education sector, having attacked dozens of schools across the country including the massive attack on the Los Angeles Unified School District in September. The threat group was the subject of a September security alert issued by the Federal Bureau of Investigation, Cybersecurity and Infrastructure Security Agency, and other government agencies. Emsisoft threat analyst Brett Callow stated, “Groups are opportunistic and make a buck whenever and wherever they can, with no preference for any particular sector. Vice Society is the only group I can think of that does seem to have a preference.” Also over the holiday weekend, Hive ransomware group added North Carolina school Guilford College to its list of victims, and the BianLian gang added Centura College in Virginia.
New York county breach compromises driver’s license data.
Suffolk County, located in the US state of New York, announced Wednesday that the driver's license numbers of approximately 470,000 residents may have been compromised in a recent cyberattack that occurred nearly three months ago. The data belong to individuals who were issued moving violations by the Suffolk County Police Department between 2013 and Sept. 8, 2022, as well as those who attempted to pay traffic tickets by credit card at the county’s Traffic and Parking Violations Agency in Hauppauge. The county, in partnership with cybersecurity and identity theft protection firm Kroll, has set up an identity theft protection webpage for possible victims. Suffolk County Executive Steve Bellone told News 12 Long Island, "Early on, we had indications that the traffic violations agency server was accessed,” referencing the fact that two traffic tickets were posted on a hacking site not long after the initial attack. Legislative Presiding Officer Kevin McCaffrey says the county waited to inform the public because they wanted to determine if there had been a larger breach. "We had identified which server it came from. You have to go through each server and each file to find those tickets. Once we did, we looked at it and said it could be possible that there could be others out there," McCaffrey said.
Report: WhatsApp disputes claims that it sustained a data leak.
Earlier this month a user on a well-known hacking community forum posted an ad claiming they were selling a 2022 database containing the mobile numbers of 487 million users of leading messaging platform WhatsApp. Allegedly, the dataset includes WhatsApp user info spanning eighty-four countries, with the top three most impacted nations being Egypt (45 million user records), Italy (35 million) and the US (32 million). The threat actor told Cybernews the US data would be sold for $7,000, while the UK’s 11 million users could be obtained for $2,500, and Germany’s set for $2,000. The seller shared a sample of the data, and Cybernews was able to verify that all of the individuals contained were in fact WhatsApp users. Though it’s unclear how the data were obtained (the hacker would only reveal they “used their strategy”), experts speculate the info could have been collected via data scraping, a practice that violates WhatsApp’s Terms of Service.
WhatsApp is denying any leak has occurred, claiming that CyberNews has no substantial evidence to prove the data belong to WhatsApp and that the firm had not found any proof of a breach on the platform’s servers. A WhatsApp spokesperson today told the Deccan Herald, "The claim written on Cybernews is based on unsubstantiated screenshots. There is no evidence of a ‘data leak’ from WhatsApp." The spokesperson added that there are many methods of obtaining user phone numbers from the web.