Verizon customer data hit the black market, several of the nation's largest law firms were breached, another college campus was compromised and Adele's private moments were shared for all to see. All this and more in The Month in Hacks.
Verizon Data for Sale
NBC News reported on March 25 that an underground crime syndicate member was offering up data on 1.5M Verizon customers for $100k, or in smaller blocks of 100k for $10K each. Fortunately, the hacker did not access the Customer Proprietary Network Information, a database that includes detailed call history and network type. The vulnerability that allowed the breach has been repaired, and Verizon is notifying affected customers.
Prominent Law Firms Attacked in “Limited Breach”
International Business Times reported on March 30 that Cravath Swaine & Moore and Weil Gotshal & Manges were among the major law firms targeted by a hack that occurred late last summer. The FBI and the Manhattan U.S. Attorney's Office are investigating the attack. It's still not clear whether any of the information stolen from Fortune 300 companies or Wall Street banks has been used for insider trading.
Community College Employee Data Stolen
SC Magazine reported on March 28 that hackers had stolen personal information belonging to 3,000 employees at Tidewater Community College in Norfolk, VA in a phishing scam. The names, Social Security numbers, earnings and tax withholding information of former and current employees was stolen. Fortunately, dates of birth, bank data and email addresses were not compromised. The college has implemented cybersecurity training and is notifying affected workers.
Even Terrorists Gets Hacked
In a breach that shows how, “a single insider can obliterate the data security of even the most secretive organizations,” an ISIS defector allegedly leaked the personal information of over 22,000 ISIS fighters. As reported by WIRED, that personal information includes names, phone numbers, hometowns and even blood types. It's a unique case in which a breach is a good thing as this information is expected to help security agencies around the world in the fight against terrorism.“
Broken Chain of Custody With Confidential Data” for American Express
According to a Security Week post on March 17, American Express informed customers that their payment card information may have been compromised--and that their accounts are now being monitored--after a third-party service provider suffered a data breach (which was dated 12/7/13 on the website of California's attorney general). Experts are recommending that AMEX card holders turn on immediate notifications for their cards so they can be notified when a purchase is made or when the card is not present.
DC Hospital Held Ransom by Malware
MedStar Health, which operates hundreds of hospitals in the DC Metro area, was the victim of a ransomware attack, reported NBC News on March 31. Ransomware encrypts an organization's own data, with scammers demanding payment in order to unlock the files. The hospital system was forced to shut down computers at 10 locations. Patients were asked to arrive with a list of current medications and allergies, or had their doctor visits cancelled, as physicians were unable to access medical histories. MedStar has stated that it is gradually getting back online.
Hello, It's a Hacker
Grammy-award-winning singer Adele's personal pregnancy photos, ultrasound images and newborn pictures of her son, Angelo, were stolen and posted to a fanpage on Facebook, reported ABC News on March 21. The hacker responsible reportedly accessed the photos by fraudulently accessing the email of Adele's boyfriend. A fan came across the photo dump and alerted Adele's management team, saying “I was appalled and upset for Adele when I saw the pictures. They are really private and should not be passed around.”