GM was breached and information stolen after attackers used stolen credentials from previous breaches with the hopes that customers would re-use passwords on multiple sites. In other cybersecurity news, facial recognition firm Clearview AI is being fined in the U.K. over privacy concerns.
Third-party breach compromises Chicago Public Schools
Following a data breach at Battelle for Kids, highly sensitive information for over 500,000 students and employees of Chicago Public Schools has been compromised. The exposed information ranges from 2015 to 2019 and was used mainly for educator evaluations. No identifiable data was exposed on anyone affected. Unfortunately, Battelle for Kids works with hundreds of school districts in a variety of states, and it’s unclear how many of them could also have had their stored information exposed.
GoodWill ransomware forces victims into acts of kindness
Researchers have been tracing the GoodWill ransomware group that is active in New Delhi, India. The ransomware group demands their victims perform a series of tasks that benefit the less fortunate to receive a decryption key for their infected system. Though the group is relatively new, having started operations in March of this year, they appear to be more motivated by making positive social changes than by financial gain. Victims of GoodWill ransomware need to perform simple acts of kindness in their local community and post pictures of the activities to their social media accounts as proof to regain access to their information.
Facial recognition firm fined for privacy concerns
After years of collecting over 20 billion facial images from all over the internet, facial recognition firm Clearview AI is being fined almost 10 million in the U.K. for neglecting to collect consent and violating privacy acts in numerous countries. Along with the fines, the U.K. regulatory agency is demanding that Clearview AI cease collecting new data on U.K. residents and delete all previously obtained data on those citizens. The UK joins France, Italy, Australia and Canada in pushing for sanctions against Clearview AI and their data-gathering practices.
SpiceJet airlines faces ransomware attack
Officials for Indian airline SpiceJet have been working to restore functionality following a ransomware attack that forced several of their systems offline. While they claim to have stopped the attack in its initial stages, many of their website functionalities are not working, and customers state that they are completely unable to reach customer support services. As the second largest airline in India, SpiceJet transports thousands of clients daily, and with delays between 2 and 5 hours, many clients are beginning to look for alternatives.
Data breach exposes GM customer info
Last month, officials for General Motors (GM) identified unauthorized activity in their network that may have accessed sensitive customer information and illicitly redeemed reward points that were stored on user accounts. It’s believed that the attack was the result of a credential stuffing campaign using stolen credentials from a previous breach, in hopes of the victims re-using their passwords on multiple sites.
