HALOCK Breach Bulletin

Data Breach Victims Eligible for Compensation in $3.25M Settlement

Description

See Tickets, a global ticketing services company, detected suspicious activity on several of its e-commerce platforms in May of 2023. A subsequent investigation revealed that cybercriminals had injected malicious code into the company’s checkout pages. This unauthorized code enabled the attackers to capture customer information transactions processed between February 28, 2023, and July 2, 2023. The compromised data included names, addresses, zip codes, payment card (more…)

$200,000 Fraudulent Scheme Forces Finance Director to Step Down

Description

The mayor of Plymouth, Connecticut reported on the mayor’s office Facebook page that the town had fallen victim to a sophisticated social engineering scam. Cybercriminals had compromised the accounts of one of the town’s vendors a month earlier, gaining access to information about an ongoing project for the town. Using this knowledge, the scammers sent fraudulent invoices to the town’s financial department. While the (more…)

Misconfigured Settings Exposes Social Security Numbers of Aviation Industry Users

Description

FlightAware, based in Houston, Texas, is renowned for delivering real-time, historical, and predictive flight insights to various segments of the aviation industry, including airlines, airports, and air traffic control. On July 25, the company identified a configuration error in its backend systems that had exposed personal user information for over three years, allowing unauthorized access. In response, the company’s President issued a letter to (more…)

City in Ohio Avoids Devastating Ransomware Attack

Description

The city of Columbus, Ohio, had its communication and digital services impacted for almost two weeks following a cybersecurity incident that was detected on July 18, 2024. City officials clarified that the incident is entirely unrelated to the CrowdStrike incident that occurred during the same period. Email services have been completely down, and some computer services affecting public safety, utilities, and public health were (more…)

AT&T Data Breach Spurs Lawsuit and Action from Washington

Description

AT&T announced on July 12, 2024, that it had been a victim of a data breach. The company learned of the breach in April but delayed disclosing it at the request of federal investigators. The attack is attributed to unauthorized access to an AT&T workspace on a third-party cloud platform. Snowflake is a well-known data warehousing (more…)

Intuit Faces Lawsuit in Relation to 2024 Data Breach

Description

Intuit, a global financial technology company known for brands like TurboTax, Credit Karma, and QuickBooks, faced a significant data security incident in early 2024. The company discovered unauthorized access to its systems on February 27, 2024, with the breach period spanning from December 23, 2023, to February 21, 2024.

On April 27, 2024, Intuit began notifying affected customers that their accounts had been temporarily frozen for (more…)

One Security Breach Cripples 15,000 Car Dealers

Description

CDK Global is a leading Software-as-a-Service (SaaS) provider of integrated technology solutions to the automotive retail industry. According to a 2023 cybersecurity report published by CDK that focused on automobile dealerships, 17% of dealers reported experiencing a cyberattack or incident in 2023. That is an increase of 13% over the year prior. Of those that reported an attack, 46% said their business was impacted either (more…)

Live Nation Faced with Suit after Recent Data Breach

Description

A hacker group known as ShinyHunters, claims to have breached Ticketmaster’s systems and exfiltrated a staggering 1.3 terabytes of data belonging to approximately 560 million customers worldwide. Ticketmaster is an event ticket broker owned by the global entertainment company, Live Nation. The compromised data included names, addresses, phone numbers, credit card information, and other payment details dating back to 2011. ShinyHunters is reportedly demanding a (more…)

Elaborate Email Deception Scam Swindles $445,000 from Victim

Description

The town of Arlington, Massachusetts, discovered firsthand how well-organized cybercriminal organizations on the other side of the world can steal money from unsuspecting victims. On June 5, 2024, the Town Manager published a letter to the community outlining how the local municipality had fallen victim to a business email compromise (BEC) email scheme attack in which more than $445,000 was diverted to an account in control (more…)

Go to Top