The U.S. Federal Trade Commission issued their fine against CafePress after a years-long investigation of the 2019 data breach affecting 23 million customers. In other cybersecurity news, the Lithuanian government’s computer networks faced DDos attacks following the passing of a tax on Russian goods.
Ukrainian cybercrime force arrests phishing group members
Officials for the Ukrainian Cybercrime Force arrested nine members of a phishing group responsible for operating over 400 phishing sites and stealing millions from victims. With the assistance of a local Ukrainian bank, law enforcement tracked stolen funds and perform multiple raids on residences to find evidence of the group’s activities. If convicted of fraud and interference with computers, individuals face up to 15 years in prison for their actions.
Wiltshire Farm Foods suffers cyberattack
One of the UK’s largest frozen food producers, Wiltshire Farm Foods, has fallen victim to a possible ransomware attack though the company has yet to confirm the breach. Customers of the company are being told that deliveries are suspended while they work to restore their systems to normal operation, though not in any direct method, as they currently cannot access client contact details. It is still unclear how long the outages may last, or if the company is facing a ransom demand to restore their systems.
Lithuanian government facing Russian DDoS attacks
Shortly after legislation passed imposing an increased tax on Russian railway goods, many of the Lithuanian government’s computer networks were forced offline after facing severe DDoS attacks. Government officials expect these types of attacks to be ongoing, as the Cyber Spetsnaz hacking group posted a list of DDoS victims last week that laid out plans to target critical infrastructure in Lithuania. Along with increasing the taxes on railway goods, Lithuania has also imposed a blockade for other Russian goods into Kaliningrad.
FTC fines CafePress $500,000 for 2019 data breach
After 3 years of investigations and deliberation, the FTC has issued a fine of $500,000 on CafePress for their lack of security implementation which resulted in a data breach that affected 23 million customers. Along with the fines for storing personally identifiable information (PII) in plain text, the parent company for CafePress now must implement multi-factor authentication, data encryption and set up policies for data retention.
Vice Society ransomware targets Medical University of Innsbruck
Early last week, IT staff at the Medical University of Innsbruck discovered some unusual activity on their network, which was later found to be a ransomware attack. The Vice Society ransomware group is taking responsibility for the attack and has posted the stolen data from the Austrian university on their dark web leak site. Officials for the university have confirmed that the published data is legitimate, though any discussion of ransom demands or payment has yet to be verified.
