Officials for Sydney University in Australia recently announced that they had identified a cybersecurity incident last week that had compromised a significant amount of sensitive information on international students. The type of incident hasn’t been confirmed as a ransomware attack, but staff are working with regulatory and law enforcement agencies on the investigation to determine the initial attack vector. This is the second data breach to impact Sydney University in recent years, after the 2020 breach of the ProctorU platform, which exposed 440,000 student and staff records.
Swedish insurance firm exposes client data for multiple years
The Swedish Authority for Privacy Protection (IMY) has imposed a $3million fine on the insurance provider, Trygg-Hansa, after it was revealed by a client that they were able to access the company’s back-end portal through customer emails. Upon further investigation, IMY was able to confirm that anyone could gain unauthenticated access to Trygg-Hansa's customer database by altering the client ID number within a URL. It is believed that from October of 2018 to February of 2021, anyone could access the database with highly sensitive data for over 650,000 clients.
Forever 21 suffers employee data breach
Following an investigation into a security incident at clothing retailer Forever 21, officials have revealed that there was unauthorized access to their main computer systems for nearly 3 months and may have affected over 500,000 individuals. It is believed that the incident may have been ransomware, though not confirmed, and that the illicitly accessed data belonged to current and former employees. The company is also offering up to 12 months of identity protection for those affected by this security breach.
Callaway golf breach impacts 1.1 million customers
Officials for TopGolf Callaway began contacting nearly 1.1 million customers after identifying a security incident at the beginning of August, that may have exposed sensitive customer information. The incident impacted the e-commerce services of Callaway’s website, and the websites of several other sub-brands, as they all utilize the same platform. Along with the breach notification, officials have also pushed out a mandatory password reset to all affected customers, and a warning to update any other websites that use the same credentials.
Hackers steal $40million from crypto casino
Over the weekend, officials for the Curaçao-based cryptocurrency casino, Stake.com, discovered several unauthorized transactions from two of their cryptocurrency hot wallets, leading to a loss worth $40 million. The unidentified hackers were able to steal an initial $16 million worth of Ethereum before security notifications went off and were able to transfer the funds to external wallets, while the remaining $25.6 million worth of Binance Smart Chain (BSC) was withdrawn shortly after.
