Tag Archives: Data Breach

Posted on Author Atlantic Computer Services Categories Blog

Employee Information Was Leaked At Cookware Company Meyer

Meyer Corporation is a California-based company and a giant in the cookware industry. Meyer is the latest victim in a seemingly never-ending parade of hacking attacks. The full extent of the attack has not yet been disclosed because an investigation into the matter is ongoing. However, we do know at this point that the attackers made off with at least one database containing the personal information of thousands of Meyer employees.

The company issued a breach notification and has filed papers with the Attorney General office in both Maine and California.  Notification letters have already been sent to individuals impacted by the breach.

The notification reads in part, as follows:

“Meyer was the victim of a cybersecurity attack by an unauthorized third party that impacted our systems and operations. Upon detecting the attack, Meyer initiated an investigation with the assistance of our cybersecurity experts, including third-party forensic professionals. On or around December 1, 2021, our investigation identified potential unauthorized access to employee information.

The types of personal information that may have been accessed during this incident will depend on the types of information you have provided to your employer, but may include: first and last name; address; date of birth; gender; race/ethnicity; Social Security number; health insurance information; medical condition(s) and diagnoses; random drug screening results; COVID vaccination cards and status; driver’s license, passport, or government-issued identification number; Permanent Resident Card and information regarding immigration status; and information regarding your dependents (including Social Security numbers), if applicable that you may have provided to the company in the course of your employment.”

The company has not confirmed that the attack was a ransomware attack. However, the Conti gang who makes heavy use of ransomware successfully breached the company’s defenses last November (in 2021).  Their leak site contained nearly 250 MB of data which represented about 2 percent of the total data stolen from the company during that attack.

It’s not much of a silver lining. At least in this case, unless you work for the company, your personal information does not appear to be at risk.  Even if you are one of the unfortunate people who received a notification letter from Meyer you will be offered two years’ worth of free identity protection.  That’s small consolation but it’s something.

0
Posted on Author Atlantic Computer Services Categories Blog

Puma Sportswear Recently Impacted By A Data Breach

We have recently learned that Puma Sportswear was impacted by a data breach in the waning days of 2021.

It’s important to note that Puma’s networks were not attacked directly.  The attack was made against Kronos which is one of the company’s North American workforce management service providers.

In a recently filed data breach notification it was disclosed that the still unidentified attackers stole a variety of personal information belonging to Puma employees and their dependents from the Kronos Private Cloud. In addition, they deployed ransomware on the Kronos network.

The investigation into the breach is ongoing but it presently appears that nearly half of Puma’s employees were impacted.  Kronos sent a letter to all impacted individuals.  Unfortunately, the letter was terse and contained little in the way of actionable information.

The letter states:

“On January 7, 2022, Kronos confirmed that some of your personal information was among the stolen data. We notified PUMA of this incident on January 10, 2022.”

All impacted individuals have been offered two free years of Experian IdentityWorks, which includes credit monitoring, identify theft insurance, and identity restoration.

This is the second hacking incident involving Puma in recent months.  Back in August of 2021 the company’s network was breached and source code for an internal application was stolen and put up for sale on the Dark Web.

The company stressed that no customer data was compromised and that the stolen information was connected solely to the company’s employees.

This attack underscores the risks and dangers inherent in our increasingly interconnected world.  A data breach on a trusted vendor’s network can impact your company in ways you never even imagined. That means no matter how much you spend on your own IT security, you may still be vulnerable if one of the vendors you rely on doesn’t take security as seriously as your firm does.

0
Posted on Author Atlantic Computer Services Categories Blog

This Plugin Could Put Your WordPress Site At Risk

The WP HTML Mail plugin has been installed on more than 20,000 websites. If you’ve built a WordPress site for your business and you use that plugin,  be aware that you are at risk.  A high severity security flaw was recently discovered in the plugin that could allow an attacker to perform a code injection style attack that allows the attacker to send phishing emails to the site’s registered users.

The plugin is popular because it is compatible with a wide range of other plugins including BuddyPress, Ninja Forms, WooCommerce, and others.  The plugin isn’t as wildly popular as many others and doesn’t boast an overly impressive number of total installations. However, many of the sites that do use it have large audiences which means that this flaw puts more people at risk than first meets the eye.

The flaw is being tracked as CVE-2022-0218 and was discovered on December 23rd of last year (2021).  As of now the plugin’s developer has released a patch that addresses the issue.

If you use the plugin check your version number. If you’re using anything earlier than 3.1 update to 3.1 or later right away to protect yourself, your reputation, and the customers who have registered on your site.

The last thing you want is for your company to get a black eye when your customers start complaining about a flood of scam emails that start hitting their inboxes right after they create an account on your site.

Although the plugin developer took nearly a month to address the issue they did address it and we give them kudos for that.  Here’s hoping that if additional security flaws are found in their product they’ll have an even faster response that will help keep their users and the customers of their users safe.

0
Posted on Author Atlantic Computer Services Categories Blog

Top 10 Brands That Phishing Attackers Use To Scam Users

Scammers delight in impersonating government agencies and well-known brands to lure email recipients into giving up their personal information. That information is then either exploited directly or sold to the highest bidder on the Dark Web.

Have you ever wondered which agencies, companies or brands are the most imitated by these attackers?

Whether you have or not it should come as no surprise that someone is tracking that.  Security firm Checkpoint is tracking it to be precise.

Quite often Microsoft tops the list but this year they’ve been dethroned by shipping company DHL. That may not be surprising given the realities of the pandemic and the rise in popularity of online shopping.

Here is the list of the top ten for this year from their report:

  1. DHL (impersonated in 23 percent of all phishing attacks, globally)
  2. Microsoft (20 percent)
  3. WhatsApp (11 percent)
  4. Google (10 percent)
  5. LinkedIn (8 percent)
  6. Amazon (4 percent)
  7. FedEx (3 percent)
  8. Roblox (3 percent)
  9. Paypal (2 percent)
  10. Apple (2 percent)

The specific lure used in each of these cases varies wildly.  For instance, when a scammer spoofs a shipping company the email is typically some variation of “we’re trying to deliver a package to you but are having problems, press this button for more information.”

While PayPal scams typically go the route of “Your account has been temporarily suspended.  Please click here to verify your information.”

Microsoft and Google are commonly spoofed in various software giveaway schemes. Or in the case of Google some variation of “click here to claim your free Chromebook.”

Now that you are armed with a list of the most often imitated brands you at least have a list of things to be on the lookout for.  The best defense is vigilance just like always.  If it sounds too good to be true it probably is and don’t ever click on embedded links even if you think you know and trust the sender.

0
Posted on Author Atlantic Computer Services Categories Blog

Apple Safari Bug May Leak Personal Information And History

There was a recently discovered issue with the way the IndexedDB API was implemented in Safari’s WebKit engine.

This is giving IT professionals who work in an environment dominated by Apple products heartburn. The faulty implementation allows or could allow an attacker to intercept leaking browser activity in real time including the user IDs associated with vulnerable machines.

Indexed DB is a commonly used API that has a robust client-side storage system with no capacity limits.  Normally it is used for caching web application data so users can view it offline at a later date but of course, it can also be used to store sensitive information.

To prevent data leaks IndexedDB developers followed the “same-origin” policy which controls which resources are allowed to access each piece of data.

Unfortunately, researchers at FingerprintJS discovered that the IndexedDB API doesn’t follow the same-origin policy used by Safari 15 on macOS and the difference in policy could lead to the disclosure of sensitive information.

In order to be impacted by this issue a user has to log onto websites like YouTube and Facebook or visit service portals like Google Keep or Google Calendar.  Doing so creates a new IndexedDB database and appends the Google Username.

According to the researchers who first discovered the bug:

“We checked the homepages of Alexa’s Top 1000 most visited websites to understand how many websites use IndexedDB and can be uniquely identified by the databases they interact with. 

The results show that more than 30 websites interact with indexed databases directly on their homepage, without any additional user interaction or the need to authenticate.  We suspect this number to be significantly higher in real-world scenarios as websites can interact with databases on subpages, after specific user actions, or on authenticated parts of the page.”

Worst of all is there’s no good mitigation strategy here.  Disabling all JavaScripts would work but would almost certainly cause other applications to fail that your organization relies on. So we’re waiting on Apple to provide a fix.  The good news is that they’ve got a solid reputation for responsiveness so we should not have to wait long.

0
1 3 4 5 6 7 19