At a glance.
- Japanese PM calls for emergency review of glitchy My Number cards.
- CalPERS and CalSTRS impacted in third-party MOVEit breach.
- Extortionists threaten to expose plastic surgery photos.
Japanese PM calls for emergency review of glitchy My Number cards.
In Japan, residents’ “My Number” cards serve as unique IDs, and as part of the government’s push for increased digitization, the NFC chip-equipped cards allow residents access to government services and in future will be used as authentication-as-a-service for private businesses. However, the Register reports that the recent discovery of glitches in the cards has led Japanese prime minister Fumio Kishida to order an emergency review. Reports say individuals have received cards intended for others with similar names, and some recipients’ cards linked to the records of other people. When announcing the emergency investigation, Kishida stated, "Ensuring public trust is essential for the transition to a digital society. The government will make all-out efforts to regain the trust of the people as soon as possible." Kishida has made it a priority to promote the digitization of the nation, especially given that a lack of digital prowess was believed to hamper the nation’s response during the pandemic.
CalPERS and CalSTRS impacted in third-party MOVEit breach.
The effects of the MOVEit bug continue to ripple across the globe as KCRA reports that CalPERS, the California Public Employees' Retirement System, were exposed in the breach of the popular file transfer tool. CalPERS’ vendor PBI Research Services uses MOVEit to identify deaths of retirement plan members and ensure that payments are sent to retirees and their beneficiaries. PBI notified the agency earlier this month that it had been impacted by the vulnerability with its MOVEit Transfer Application. The issue has since been resolved, but not before potentially exposing current and inactive member data like first and last names, dates of birth, Social Security numbers and possibly info on members’ families. CalSTRS, or the California State Teachers' Retirement System, which is the second-largest public pension fund in the United States, said it was also impacted in the breach. PBI stated, "The cyber criminals did not gain access to PBI’s other systems – access was only gained to the MOVEit administrative portal subject to the vulnerability. PBI is working directly with impacted clients to identify impacted consumers and develop notice plans."
Extortionists threaten to expose plastic surgery photos.
The BlackCat (aka AlphaV) ransomware group has been especially busy lately, and it claims its latest victim is Beverly Hills Plastic Surgery, a leading cosmetic surgery center located in the US state of California. Adding the center to its list of compromised organizations, BlackCat says it stole “lots” of sensitive medical records, "including a lot of pictures of patients that they woud [sic] not want out there," and has threatened to publish the images unless the clinic pays the demanded ransom. Emsisoft Threat Analyst Brett Callow told the Register, “This is not the first time a ransomware operation has threatened to release photos of cosmetic surgery photos." And it isn’t even BlackCat’s first attempt at using this extortion method, as in February the ransomware group attacked US healthcare center Lehigh Valley Health Network and stole images of patients undergoing radiation oncology treatment.