Data breaches (2)

Columbia University revealed that hackers breached its network on May 16, stealing personal data from nearly 870,000 current and former students, applicants, and employees. The stolen information includes names, Social Security numbers, birth dates, contact details, academic records, and financial aid information.

The university discovered the breach after experiencing a technical outage on June 24. Working with cybersecurity experts, they found that an unauthorized actor had accessed their systems and stolen 460GB of data.

While there's no evidence the stolen data has been misused yet, Columbia isn't ruling out future misuse. The university is offering two years of free credit monitoring through Kroll and urging affected individuals to monitor their accounts for suspicious activity.

Source: Dark Reading

Luxury fashion house Chanel notified customers of a data breach discovered July 25, affecting a subset of US client care contacts. Hackers accessed names, email addresses, mailing addresses, and phone numbers through a compromised third-party Salesforce provider.

The breach is part of a larger wave targeting Salesforce customers since March, using voice phishing tactics to trick employees into authorizing malicious apps. Other luxury brands hit include Adidas, Dior, and Tiffany & Co.

Threat actors identifying as ShinyHunters typically follow up with extortion demands, giving victims 72 hours to pay Bitcoin ransoms or face data publication on underground forums.

Source: Dark Reading

Cybercriminals have created over 250 fake Android and iOS apps targeting Korean users, disguising spyware as legitimate dating, social media, and file-sharing services. These convincing copycats feature professional logos and fake five-star reviews to trick users into downloading them. Once installed, the malware steals contacts, photos, messages, and device data.

Attackers then escalate to personal blackmail, as happened to one victim who downloaded a fake dating app after a breakup. The hacker contacted his family members with threats after luring him into compromising situations. Researchers from Zimperium discovered 88 domains behind the campaign, with 25 indexed by Google search results.

Source: Dark Reading

Hackers accessed personal data belonging to most of Allianz Life's 1.4 million U.S. customers on July 16 through a social engineering attack on a third-party cloud system. The Minneapolis-based insurance company discovered the breach the next day and immediately contacted the FBI.

While Allianz Life's own systems weren't compromised, the attackers obtained personally identifiable information from customers, financial professionals, and some employees. The company is offering affected individuals 24 months of free identity theft protection and credit monitoring. This incident only impacts the U.S. subsidiary, not other Allianz entities worldwide.

Source: CBS News

Nippon Steel Solutions confirmed hackers breached its systems by exploiting a zero-day vulnerability in network equipment, potentially exposing customer, partner, and employee data. The stolen information may include names, job titles, email addresses, and phone numbers, though the company hasn't found the data circulating on dark web markets yet.

NS Solutions has isolated affected devices, restricted external network access, and is contacting individuals under Japan's Personal Information Protection Act. The breach follows a separate February incident where the BianLian ransomware group claimed to steal data from Nippon Steel USA, though it's unclear if the attacks are connected.

Source: Dark Reading