With suffering their fourth data breach in the last three years, the Federal Trade Commission (FTC) has decided to step in and sue the educational technology company citing a lack of security. In other cybersecurity news, the largest copper producer in Europe suffered a cyberattack that forced them to shut down their systems.
Vodafone Italia reveals reseller data breach
One of the commercial resellers for Vodafone Italia confirmed a number of their servers were compromised in a cyberattack that exposed sensitive telecom subscriber details. It is believed that the attack on FourB occurred at the beginning of September, which is around the time that a hacker group posted a 310GB data trove for sale that they alleged was stolen from Vodafone Italia. While the company remained firm that they had no evidence of any unauthorized activity, they still sent out a warning to customers about potential phishing attempts.
Ransomware attack shuts down Osaka Hospital
Officials for the Osaka General Medical Center were forced to shut down substantial portions of their systems after a ransomware attack. The attack blocked access to all patients' medical records and left the hospital with only emergency services available with staff resorting to paper documentation for records and prescriptions. Medical organizations continue to be popular targets for cyber-criminals, as they tend to rely on legacy hardware and software and they store massive quantities of valuable personal data.
Dropbox-owned Github repositories compromised
By impersonating staff from a third-party company, CircleCl hackers were able to successfully steal GitHub credentials from Dropbox employees and gain access to 130 of the company’s private code repositories. Amongst the accessed data was contact information for current employees, past employees and customers as well as developer API keys. The incident was first identified on October 13 by GitHub staff that had noticed unusual activity taking place in the Dropbox organization repositories and reported it to Dropbox the next day.
FTC sues educational tech company, Chegg, after 4 data breach
Following the fourth data breach in 3 years at the educational technology company Chegg, the FTC has filed a lawsuit over their lack of protection for the sensitive data of millions of students. Since 2017, Chegg has fallen victim to 3 phishing attacks that have compromised customer data, and an additional breach by a former employee into an Amazon S3 bucket that contained significant amounts of sensitive information. The lawsuit claims Chegg’s continued negligence over the storage protocols for the information they collected also lead to some of it being illicitly sold on a dark web forum.
Cyberattack takes Europe’s largest copper producer offline
The largest producer of copper in Europe, Aurubis, has confirmed that their IT systems had been taken offline following a cyberattack late last week. The overall extent of the damage caused by this attack is still being determined, and the company has no indication as to when they will be able to restore normal functionality again, though many facilities are still able to operate manually.
