We’re very pleased to announce that the Retail & Hospitality ISAC Podcast has joined the CyberWire Podcast Network. Join host Luke Vander Linden for chats with members of the InfoSec community to discuss the latest challenges, opportunities, and best practices unique to cybersecurity in the retail and hospitality industry. Tune in and subscribe.
Stanford University suffered a data breach after files containing information on admissions to the Economics Ph.D. program were stolen from its website between December 2022 and January 2023. "On January 24, 2023, Stanford was notified that a folder containing the 2022-23 application files for admission to Stanford's Department of Economics' Ph.D. program was available through the department's website because of a misconfiguration of the folder's settings," the university told nearly nine hundred affected individuals last week. Bleeping Computer reports that the compromised data consist of applications and accompanying materials submitted by program hopefuls including names, dates of birth, street addresses, phone numbers, email addresses, race and ethnicity info, citizenship details, and gender. For some individuals, health data were also exposed. It’s worth noting that this is Stanford’s second cyberincident in recent years, as in April 2021 School of Medicine was impacted in the infamous Accellion File Transfer Application data breach.
In an effort to maximize profits from poker machines, Australian pubs and clubs are deploying surveillance technology and data analytics to track the activities of gambling patrons, the Sydney Morning Herald reports. A recent report found that New South Wales (NSW) gamblers lost $2.1 billion to the machines in the final quarter of 2022, and pub owners have increasingly targeted gamblers with purpose-built gaming rooms, with over 75% of large clubs’ “core operational revenue'' now coming from poker machine losses. The Wesley Mission, a Christian charity group, says that pub and club operators are following in the footsteps of casinos by using sophisticated retail surveillance systems equipped with number plate and player recognition, CCTV, heat mapping, and crowd counting to capitalize on patron data harvesting. “The business model for pubs and clubs is centred on having more people spend more time at poker machines and spending more money on them,” Wesley chief executive Reverend Stu Cameron stated. However, club owners say the data derived from the surveillance tech will only be used to exclude known problem gamblers. A spokesperson for ClubsNSW, the representational body for the NSW club industry, stated that the body “is not aware of any club being in breach of their privacy obligations.”
News Corporation (News Corp) has divulged that attackers responsible for a previously reported breach had access to the American mass media giant’s systems for two years. Notification letters sent to affected employees explain that the breach, initially disclosed last year, actually started back in February 2020. Bleeping Computer reports that the threat actors had access to an email and document storage system used by several News Corp businesses, compromising personal and health information from a number of the conglomerate’s publications (including the Wall Street Journal, the New York Post, and its UK news operations). When the breach was first reported, cybersecurity firm Mandiant’s VP of incident response David Wong stated, “Mandiant assesses that those behind this activity have a China nexus, and we believe they are likely involved in espionage activities to collect intelligence to benefit China's interests."
News Corp says state hackers were on its network for two years (BleepingComputer) Mass media and publishing giant News Corporation (News Corp) says that attackers behind a breach disclosed in 2022 first gained access to its systems two years before, in February 2020.
Hackers accessed News Corp's network for two years (Computing) The company says the unauthorised access does not appear to have been targeted towards exploiting personal information
‘Limited number’ of News Corp employees sent breach notification letters after January cyberattack (The Record from Recorded Future News) Employees of News Corp are being sent breach notification letters this week following a January 2022 breach.
LockBit leaks Royal Mail's data, renews ransom demand (Computing) Most of the leaked data is made up of technical program files and administrative business data, according to Royal Mail
Telus says it’s investigating claims employee information was posted on ‘dark web’ (Global News) The telecom is probing claims that a 'small amount of data' including employee information was posted online. Telus says it has not identified any customer data in the incident.
Stanford University discloses data breach affecting PhD applicants (BleepingComputer) Stanford University disclosed a data breach after files containing Economics Ph.D. program admission information were downloaded from its website between December 2022 and January 2023.
Pubs and clubs target data and surveillance in race to win pokie profits (The Sydney Morning Herald) In the battle for profits, clubs are investing in number plate, CCTV and player recognition and crowd counting in the hunt for what has been dubbed “untapped gold” from pokie machines.
15M records allegedly belonging to Peruvian tax authority exposed on a forum (SafetyDetectives) The SafetyDetectives cybersecurity team recently discovered a database shared on a clear web forum for free, presumably belonging to the Peruvian governmental e
