At a glance.
- Nearly half a million USS members exposed in Capita attack.
- Data breach at TRANServe.
- Joint investigation into the Latitude breach.
- Philippines investigates GCash user complaints.
Nearly half a million USS members exposed in Capita attack.
As we discussed earlier this month, London-based outsourcing firm Capita recently confirmed that a March cyberattack likely exposed the personal data of a “limited” number of its pension clients. On Friday, the Guardian reports, the Universities Superannuation Scheme (USS), which is managed by Capita, indicated that that number might not be quite so limited, announcing the data of its 470,000 active, deferred, and retired members might have been stolen in the attack. Capita manages USS’s pension system and support, and the potentially compromised data include members’ titles, initials, names, dates of birth, National Insurance numbers, and pension fund membership numbers. USS said in a statement, “While Capita cannot currently confirm if this data was definitively ‘exfiltrated’ (i.e., accessed and/or copied) by the hackers, they recommend we work on the assumption it was.” USS added that they’re waiting for additional details from Capita, and that any members impacted will be notified.
Data breach at TRANServe.
A data breach impacting the US Transportation Department (USDOT) TRANServe benefits program exposed the personal data of 237,000 current and former federal government employees, the Economic Times reports. In an email sent Friday, USDOT informed Congress that an initial investigation "isolated the breach to certain systems at the department used for administrative functions,” including the TRANServe program, which reimburses government employees for commuting costs. They did not disclose who might be responsible for the attack, but did confirm that no transportation safety systems were impacted. Access to the TRANServe program has been temporarily shut down until the system can be secured.
Joint investigation into the Latitude Breach.
As we previously noted, Australian financial services firm Latitude disclosed in March it had suffered a sophisticated and malicious cyber attack. It has since been determined that the incident exposed the data of 14 million Australians and New Zealanders, including driver's license and passport details. Newshub reports that a joint privacy investigation into the attack has been launched by New Zealand’s Office of the Privacy Commissioner and the Office of the Australian Information Commissioner (OAIC). The probe, the first in which the two countries have combined forces, will examine how the intruders infiltrated Latitude’s systems and whether Latitude took reasonable steps to protect the data in question. New Zealand Deputy Privacy Commissioner Liz MacPherson stated, “This information will help us to establish whether Latitude's actions or inaction enabled the cyber-criminals and contributed to the scope and impact of the breach. Establishing these facts will be critical to our ability to make decisions about the individual complaints that are made to us by impacted Latitude customers.” MacPherson went on to urge victims to contact her office regarding how they’ve been harmed by the breach, and she warned anyone who encounters the stolen data not to share it. “Report it to the New Zealand Police. Report it to us or you can report it to CERT,” she stated. “No one should contribute to its dissemination and increase the anxiety and distress of the affected individuals."
Philippines investigates GCash user complaints.
In another data breach investigation, the Philippines' National Privacy Commission (NPC) has announced a probe into a potential exposure of user accounts on digital payments platform GCash. Since May 9th, many users of GCash have been complaining on social media of unauthorized account deductions, as well as extended system outages that have disrupted use of the platform. INQUIRER.net says the NPC’s Complaints and Investigation Division has been closely monitoring the reports over the past week and officially announced the investigation on Saturday.