At a glance.
- COVaxON data breach victims notified.
- Study shows India most impacted by data theft on bot market.
- Update on AirAsia ransomware attack.
- Data breach at online retailer reported.
COVaxON data breach victims notified.
A little over a year ago approximately 360,000 residents of Ontario, Canada were impacted in the data breach of COVaxON, the province’s COVID-19 vaccination booking system. The Peterborough Examiner states that the victims are being notified this week and are advised to contact the Ontario Provincial Police (OPP) if they lost money as a result of the incident. The notification explains the one-year delay by stating, “In recent months, as a result of the investigation conducted by the OPP, the ministries (of service delivery and health) received a list of people impacted by this privacy breach based on evidence seized.” For over 95% of the victims, only names and phone numbers were exposed, but for the remaining residents more personal data including email addresses, dates of birth, and vaccine clinic location were also revealed. Six days after the breach, the OPP charged two individuals, one of whom worked in the COVaxON booking center, with unauthorized use of a computer, and an investigation into the scope of the breach was launched soon thereafter.
Study shows India most impacted by data theft on bot market.
A study conducted by NordVPN has revealed that approximately five million people globally have had their data stolen and sold on the bot market since it was launched in 2018. The stolen data included 667 million cookies, 81,000 digital fingerprints, 538,000 auto-fill forms, and device screenshots and webcam snaps. Reuters reports that with 600,000 residents impacted, India is the most affected country. After several far-reaching recent cyberattacks, Indian officials tightened the country’s cybersecurity rules earlier this year, with the Indian Computer Emergency Response Team (CERT) making it mandatory for tech companies to report data breaches within six hours of detection and to maintain IT and communications logs for six months. Leading bot markets the Genesis market, the Russian Market, and 2Easy were investigated in NordVPN’s study, and stolen logins included those from Google, Microsoft and Facebook accounts. Marijus Briedis, chief technology officer at NordVPN stated, "What makes bot markets different from other dark web markets is that they are able to get large amounts of data about one person in one place. And after the bot is sold, they guarantee the buyer that the victim's information will be updated as long as their device is infected by the bot."
Update on AirAsia ransomware attack.
As we reported last month, Malaysia’s leading airline AirAsia suffered a ransomware attack at the hands of the Daixin Team hacking gang that compromised the data of five million customers and all of its employees. Malaysia’s Communications and Digital Minister Fahmi Fadzil says investigations into the attack are ongoing, the Straits Times reports. “Early investigations show that the cyberattack on the AirAsia server on Nov 12 was caused by an unpermitted access into the system. This led to the ransomware attack which could potentially cause a data leak,” Mr. Fahmi stated. AirAsia owner Capital A has been ordered to share related documentation and evidence to assist with the investigation. Fahmi also stated that due to legal complications, details about the probe cannot yet be shared with the public.
Data breach at online retailer reported.
An online database belonging to a China-based online retailer, Vevor, is reported to have been exposed to the Internet without password protection. Website Planet has an account of the data exposure. Exposed databases are an old and familiar problem, as Roger Grimes, data-driven defense evangelist at KnowBe4, observed: "This is a very, very common problem and has been since the cloud became the cloud. Even the vendor's non-response and hesitancy in dealing with the problem are all too common, unfortunately. These events are so normal that I might even be more surprised hearing that a company did it right and responded quickly. Every vendor using publicly accessible resources should do frequent permission audits to make sure that overly permissive permissions are not given. Each resource should be assigned a resource owner and that resource owner should be responsible for ensuring the correct permissions are enabled from the start, ensuring that change procedures are followed when permissions changes are required, and that auditing of all permissions to public-accessible assets are checked on a semi-annual basis. Not doing these recommendations is just asking for trouble."