14TH MAR 2024
Three major entities – Stanford University, Nissan Oceania, and Roku – have fallen victim to data breaches this past week. Stanford University grappled with a ransomware attack, while Nissan Oceania warned of a breach after a cyberattack by the Akira ransomware operation. Adding to the fray, Roku discloses a breach affecting over 15,000 customers.
Here are the details regarding the latest cybersecurity news:
Nissan issued a grave warning following a cyber onslaught by the Akira ransomware syndicate, affecting an estimated 100,000 individuals. The assault, which transpired in December 2023, targeted the Japanese automaker's regional arm encompassing operations in Australia and New Zealand.
Initially probing a breach, Nissan refrained from confirming any data compromise but advised heightened vigilance among its clientele. Subsequently, the Akira gang claimed responsibility for the incursion, boasting pilferage of 100GB of sensitive material, spanning personal employee particulars, non-disclosure agreements, project data, and client information. Nissan has now conceded to the theft, acknowledging the compromise of data pertaining to current and former employees, alongside patrons of Nissan, Mitsubishi, Renault, Skyline, Infiniti, LDV, and RAM dealerships in the vicinity.
In an updated statement, Nissan said:
Notably, up to 10% of the affected populace encountered government identification exposure, encompassing Medicare cards, driver's licenses, passports, and tax file numbers.
As the investigation unfolds, Nissan urged affected individuals to exercise heightened caution, leverage provided resources, and promptly report any suspicious activities to the authorities.
Stanford University confronted yet another cybersecurity debacle as it revealed a ransomware attack on its Department of Public Safety (SUDPS) network, compromising the personal information of 27,000 individuals.
The breach, discovered on September 27, 2023, prompted a month-long investigation, ultimately attributing unauthorized access to the SUDPS network between May 12 and September 27.
While Stanford insisted that the breach remained confined to SUDPS systems, the stolen data, disclosed in notifications filed with Maine's Attorney General, contains a trove of personally identifiable information (PII). The exposed data encompasses sensitive details such as Social Security numbers, government IDs, passport numbers, and even biometric data and health information for select individuals.
The university detailed the extent of the breach:
Although Stanford refrained from explicitly linking the incident to a specific ransomware operation, the notorious Akira ransomware gang claimed responsibility in October, purporting to have extracted 430GB of files.
A massive data breach has rocked Roku, with over 15,000 customer accounts compromised, triggering fraudulent purchases and a distressing trade of stolen accounts, BleepingComputer reported. Initially disclosed on Friday, the breach stemmed from a credential stuffing attack, enabling hackers to infiltrate accounts and manipulate user information, including passwords and payment details.
Exploiting this access, threat actors made illicit purchases without notifying legitimate account holders. The breach not only jeopardizes user security but also highlights a wider issue of digital vulnerability, compounded by the sale of hijacked accounts for as little as $0.50 each.
Despite Roku's efforts to secure affected accounts and refund unauthorized transactions, the absence of two-factor authentication leaves users exposed to further exploitation. Concurrently, recent changes in Roku's dispute resolution terms raise concerns, with the company's response to the breach remaining under scrutiny.
Want to catch up on the latest security news? Check out:
American Express Breach, Tesla Phishing, Fake News Websites make headlines
GoldPickaxe, Google Cloud Run, and ChatGPT Security Alert Make Headlines
