Showing again that data is only as secure as its weakest link, years of select Mercedez-Benz buyer records have been compromised because of an improper security implementation at a vendor. In other cybersecurity news, EA is facing criticism in the wake of its latest data breach after it surfaced the gaming giant had ignored cybersecurity warnings highlighting domain vulnerabilities.
Researchers have discovered a trove of LinkedIn data for sale on a known hacker forum. The data was likely gathered through scraping rather than as a result of a full data breach. Though officials have confirmed that no payment card data was included, they aren’t sure if this latest dataset is new or if it includes data that was scraped from the site in April. The data includes contact information for millions of users that experts say could be used in phishing campaigns or other scams. Security professionals are recommending users update their credentials and enable two-factor identification.
Earlier this month, officials at Mercedez-Benz were informed of a data breach stemming from improper security implementation at a vendor. The compromised data mainly consists of payment card information of select January 2014-July 2017 customers. After being informed of the breach, Mercedez-Benz audited 1.6 million records to assess the damage, though it’s still unclear how many customers were affected. Officials have begun alerting customers to possible credit or identity fraud.
Nearly six months after first being informed of critically misconfigured domains, EA had yet to make any changes to tighten up security. Criticism for the lack of action is mounting in light of a recent data breach that compromised 780GB of game data from both FIFA 21 and 22 that is now posted for sale. Fortunately, it does seem that EA has begun resolving some of the vulnerabilities, though having unsecured domains could have been a contributing factor to their data breach.
It was recently revealed that patient data for over 40,000 clients of a Kentucky healthcare provider was incorrectly sent to an external email domain. The owner of the external domain has since confirmed that the data itself was not accessed after being transmitted and has been deleted to prevent any further security issues. All the affected patients have been offered a free year of credit monitoring services, which will notify them of the illicit use of any of the temporarily compromised data.
Last week, it was revealed that the REvil ransomware group had compromised back-end servers belonging to the U.K.-based clothing brand French Connection, and had stolen data on several executives. Alongside FCUK, a Brazilian medical firm called Grupo Fleury was hit with a simultaneous attack on their systems, leaving both companies with the choice of paying a hefty ransom or attempting to restore their crippled systems from available back-ups.