At a glance.
- The price of fashion.
- Third-party MOVEit exploitation impacts US insurance company.
The price of fashion.
Over half a million individuals have been impacted in a data breach at US-based fast fashion retailer Forever 21. According to a data breach notice shared with the Office of the Maine Attorney General, the company first learned of the attack in March, and an investigation revealed that the intruders had access to Forever 21’s networks starting in January. The compromised data include current and former employees’ full names, Social Security numbers, dates of birth, bank account numbers, and company health plan info. The company told Bleeping Computer that no customer data were exposed. The company also issued a statement saying, “Forever 21 has taken steps to help assure that the unauthorized third party no longer has access to the data.” Although it has not been confirmed that the attack involved ransomware, TechCrunch speculates this wording could mean the company might be in negotiation talks with a ransomware attacker. It’s worth noting that this is the clothing giant’s second data breach in recent years, as in 2017 hackers stole customer credit card numbers from store point-of-sale machines.
Tyler Farrar, CISO at Exabeam, offered some informed speculation about the Forever 21 data breach, “What do ransomware, phishing, advanced persistent threats and the like all have in common? Access. An all-too-important area to watch out for that often gets missed is initial access brokers. Initial access brokers are individuals or groups that resell credentials in the criminal marketplace. In turn, other adversaries can use the information to cause further damage for a company, often going undetected — which is likely what happened in the case of Forever 21. The key to stopping the most popular attack methods used by adversaries today is to control access points and reduce overall dwell time. One of the simplest ways for organizations to achieve this is by preventing compromised credentials incidents — which is the reason for a majority of breaches today — and monitor user behavior. Doing so provides the necessary context needed to restore trust and react in real time to protect user accounts -- halting malicious access in its tracks.”
Third-party MOVEit exploitation impacts US insurance company.
Continental Casualty Company, an insurance company based out of the US state of Illinois, has suffered a third-party data breach related to the mass-hack of the popular MOVEit file transfer app. JDSupra explains that Pension Benefit Information (PBI), which provides audit and address research services for Continental, learned that an intruder accessed the company’s MOVEit server over the course of two days in May, during which the hacker downloaded sensitive customer data. Further investigation revealed that Continental’s clients were impacted, and that Social Security numbers were among the exposed data. Continental’s systems were never directly breached, and PBI has disseminated data breach letters to the victims on behalf of Continental.