Officials for the insurance giant Geico are warning millions of customers about possible fraudulent activity after their driver’s license numbers were compromised. Plus, Pulse Secure VPNs targeted by zero-days. That and more in this week’s Cyber News Rundown.
Geico reveals data breach that leaked millions of driver’s license numbers
Officials for Geico have announced their systems were compromised for the first three months of 2021 and many of their 17 million clients may be at risk of fraudulent activity involving their driver’s license numbers. Stolen customer data is believed to have been used to submit fraudulent unemployment requests for supplemental benefits from local government agencies. The company recommends customers contact authorities if they receive any mail pertaining to such claims.
University of Portsmouth suffers ransomware attack
Nearly a week after discovering a ransomware attack that forced the University of Portsmouth to take their IT systems offline, officials are still working to restore systems to normalcy and have been forced to postpone the beginning of term. With computer systems offline, the itself has been closed to students until a resolution can be reached. This attack just adds to the long list of higher education institutions that have fallen victim to info stealing or ransomware attacks in the past few years.
Pulse Secure VPNs major boon for hackers
Multiple zero-day vulnerabilities involving Pulse Secure VPNs are being exploited by cybercriminals looking to access systems belonging to large corporation. State-backed actors targeting U.S. government agencies and major infrastructure facilities are believed to be among those targeting flaws in the VPN’s code. While several vulnerabilities have received patches, Pulse Secure has a history of being targeted, a trend that’s likely to continue.
Thousands of Eversource Energy customers exposed in data breach
Officials for Eversource Energy, the largest energy company in the Northeastern U.S., have begun notifying customers of a breach of highly sensitive information. Social security numbers, payment card information and other personally identifiable information that could be used to commit fraud make up the leaked data. The data is believed to have leaked via a misconfigured cloud server. Eversource is offering identity monitoring services to affected customers.
Data leaked after Florida school district refuses to pay ransom
Following a Conti ransomware attack in March, in which the Broward County School District refused to pay a cryptocurrency ransom of roughly $40 million, attackers have made nearly 26,000 student and employee files available to the public. The data ranged from 2012 to March of this year and included financial records, invoices from several utilities and other confidential documents.