Over the weekend, the threat actors behind the Daixin Team ransomware group posted stolen data belonging to Omni Hotels & Resorts to their dark web leak site, thus claiming responsibility for the cyberattack that forced Omni staff to take many IT systems offline. It is believed that the resulting data breach leaked sensitive customer information dating back to 2017 and includes over 3.5 million booking records.
Researchers find unsecured taxi passenger database
Security researchers have recently discovered a database belonging to the Dublin-based taxi management provider, iCabbi, which was publicly exposed to the internet with no authentication. The database included 22,745 records and exposed highly personal information for over 300,000 customers from Ireland and the UK. Fortunately, staff for iCabbi worked quickly to remove the exposed data after being notified of the incident.
Credential stuffing attacks compromise 576,000 Roku accounts
In the last month, officials for Roku identified suspicious activity on over 15,000 accounts, which were illicitly accessed by hackers in a credential stuffing attack. By using automation and lists containing usernames and passwords, these hackers were later able to compromise an additional 576,000 accounts in a second incident, though the source of the credentials is still unclear.
Canadian retailer suffers major data leak
At the beginning of March, officials for the Canadian retailer, Giant Tiger, revealed that they had identified a security incident at one of their third-party vendors, which had compromised a significant amount of sensitive customer data. The data has since been leaked on a known hacker forum, and contains records of 2.8 million Giant Tiger customers, though there does not seem to be any financial or payment data included in the leak.
Dunghill ransomware group breaches global chipmaker
Following reports of a cyber-attack on their IT systems, officials for the global chipmaker, Nexperia, confirmed that they had spotted some unauthorized activity which resulted in a data breach. The threat actors behind the Dunghill ransomware group have claimed responsibility for the attack and have added Nexperia to their dark web leak site, with the threat of fully releasing the stolen data if the demanded ransom is not paid.
