Verizon Leaks Customer Conversations, Personal Data Through Flawed Chat Window on Its Website

The American telco Verizon has been found leaking customers’ information, potentially for months, due to a flaw in a chat system on its website.

Verizon has been leaking addresses, phone numbers, account numbers, and other personal information through a chat window on its website that erroneously displayed conversations between the firm’s employees and customers.

The personal details appear when users click on a link to chat with a Verizon representative about the availability of Fios, the telco’s bundled Internet access, telephone and television service that operates over a fiber-optic communications network.

“The transcripts include full names, addresses, phone numbers, account numbers (in the event they already have an account), and various other information,” reports Ars Technica, which alerted the company to the flaw.

The site has published a number of redacted screenshots as evidence of the flawed chat system.

Some of the transcripts viewed by the news outlet reportedly date back to June, meaning the leak has been months in the making.

Ars Technica held off reporting the flaw hoping Verizon would address it in due time. The publication decided to move forward with the story after noticing that the leak was still ongoing almost a week after its discovery. The reason? “To alert people who may use the service that this data is being exposed,” according to the report.

Verizon acknowledged the flaw this week, telling customers, “We’re looking into an issue involving our online chat system that assists individuals who are checking on the availability of Fios services. We believe a small number of users may have seen a name, phone number, and/or a home or building address from an unrelated individual who had previously used this chat system to enter that information. Since the issue was brought to our attention, we’ve identified and isolated the problem and are working to have it resolved as quickly as possible.”

The statement was issued Thursday morning. As of today, the flaw seems to have been addressed.

While some US states, like California, have stringent data protection laws comparable to Europe’s GDPR, most don’t. It will be interesting to see how Verizon will answer to regulatory bodies for this blunder. Had this error occurred under the European Union’s watch, Verizon would have paid through the nose, both financially and reputationally.

Metro Vancouver TransLink hit by Egregor ransomware attack, travellers disrupted

Metro Vancouver TransLink hit by Egregor ransomware attack, travellers disrupted

  • Printers at TransLink churn out ransom demand from attackers
  • Passengers were unable to use credit cards for travel payment

Passengers on Vancouver’s transit system were unable to use their credit and debit cards for ticket payments after the service was badly hit by a ransomware attack.

TransLink, the public transport operator in Vancouver, Canada, first indicated its IT systems were suffering problems on 1 December, when it said it was “investigating an issue.”

That “issue” turned out to be the Egregor ransomware, which hijacked TransLink’s printers and spewed out a ransom note, as documented by news reporter Jordan Armstrong in a tweeted photograph:

In the ransom message, the extortionists warned TransLink that private data was stolen from their systems and that it would begin to be published online if the company did not make contact and make a cryptocurrency payment.

It is not clear just how much money the cybercriminals want TransLink to pay for the delivery of a decryption key to undo the damage done to its data, and the promise that information will not be leaked online. Furthermore, it is unclear whether TransLink is even contemplating paying the ransom.

In a statement, TransLink CEO Kevin Desmond said the organisation took “immediate steps to isolate and shutdown key IT assets and systems in order to contain the threat” upon the ransomware’s discovery. TransLink is now “working to resume normal operations as quickly and safely as possible.”

Desmond went on to reassure customers that TransLink “does not store fare-payment data” as it uses a third party for payment processing.

It says it is limiting further comment because it has called in law enforcement to investigate the attack.

Passengers of Vancouver’s SkyTrain, meanwhile, were forced to take out money at cash machines in order to pay for their tickets, as other quicker forms of payment (such as tapping credit cards at ticket gates) were not available.

Ticket machines and fare gates are said to now be accepting card payments normally.

However, there are reports that employees’ weekly payment may be affected:

Sources tell Global News the company’s payroll operations are down. Employees will still be paid, but using a cash advance, at 65 per cent of their normal pay, but without payroll deductions, sources say.

The same Egregor ransomware haunted printers at South American retail giant Cencosud last month, churning out messages that made it hard to deny that they had suffered a cyber attack.

Not being able to buy items at a high street store is one thing, and clearly inconvenient, but ransomware impacting a city’s transport system is another entirely.

Other victims of Egregor have included Barnes & Noble and Ubisoft.

Ransomware Operators Phone Victims to Announce They’ve Been Hacked

A dental practice in the US state of Georgia has learned its systems were infected with ransomware only after the attackers rang them up to clue them in.

On September 9, Galstan & Ward Family and Cosmetic Dentistry (Galstan & Ward) learned they had been infected with ransomware “when they got a phone call from a group claiming to have attacked them and demanding a ransom,” according to DataBreaches.net.

Drs. Galstan and Ward had noticed some anomalies with their computer system but thought little of it. After calling in an IT vendor to assist with the troubles, they reportedly got the call, then learned that “several files from their server were posted to a website on the dark web.”

The files contained no patient information, according to a note to clients sent on November 13. The notice says Galstan & Ward contacted outside counsel, “who immediately engaged a computer security firm to conduct a forensic analysis and provide remediation services.”

“Their analysis confirmed that the restored server was free from any malware. The security firm could find no evidence that confidential patient data stored in Galstan& Ward’s dental practice software system was accessed or acquired. Additional investigation did not find evidence of acquisition or access of confidential patient information,” the practice teold affected parties.

Because Galstan & Ward stores patient names, Social Security numbers, dates of birth, addresses and dental records, the office is offering all patients who might be impacted free credit monitoring and identity theft restoration services through IDX.

In accordance with the law, the practice has notified HHS of the incident.

In an update to the original post, DataBreaches.net reveals that the ransomware strain used was Conti. The same strain was used in the ransomware attack on Advantech, with the attackers demanding a $14 million ransom from the IoT chipmaker.

Wizard Spider, the cybercriminal gang that developed and distributes the Trickbot Trojan, is believed to be leveraging Conti ransomware the most.

Cyber Criminals Tried to Gain Access to COVID-19 Vaccine ‘Cold Chain’

The COVID ‘cold chain’ is now under attack, likely a nation state, although the identity of the threat actors remains unknown for now, according to an IBM report.

Ever since the start of the research into the COVID-19 pandemic, threat actors have been trying either hamper the efforts into finding cure or tried to steal precious researcher data. Over the course of 2020, numerous attacks directed against pharmaceutical companies and research laboratories have been thwarted, and it looks like this new attempts follows the same lines.

The cold chain is a component of the vaccine supply chain that ensures the safe preservation of vaccines in temperature-controlled environments during their storage and transportation.

Security researchers from IBM discovered a complex phishing campaign directed at the Cold Chain Equipment Optimisation Platform (CCEOP) of Gavi, the international vaccine alliance, according to a BBC report.

“The adversary impersonated a business executive from Haier Biomedical, a credible and legitimate member company of the COVID-19 vaccine supply chain and qualified supplier for the CCEOP program, said IBM. “The company is purportedly the world’s only complete cold chain provider. Disguised as this employee, the adversary sent phishing emails to organizations believed to be providers of material support to meet transportation needs within the COVID-19 cold chain.”

The attackers went after European Commission’s Directorate-General for Taxation and Customs Union, along with organizations within the energy, manufacturing, website creation and software and internet security solutions sectors.

The goal of the attack was to gather credentials that would allow for much wider access to the research and other transport infrastructure data.

“The adversary could gain insight into internal communications, as well as the process, methods and plans to distribute a COVID-19 vaccine. This includes information regarding infrastructure that governments intend to use to distribute a vaccine to the vendors that will be supplying it. However, beyond critical information pertaining to the COVID-19 vaccine, the adversary’s access could extend deeper into victim environments.”

The Cybersecurity and Infrastructure Security Agency (CISA) already issued a warning regarding possible campaigns using this exact vector and it’s likely that threat actors will continue to try and gather credentials and research data, if possible.

Indian Telefraud Boss Gets 20 Years Behind Bars

The US Department of Justice has announced the sentencing of an Indian national for masterminding several India-based call centers that defrauded US victims out of millions of dollars between 2013 and 2016.

Hitesh Madhubhai Patel, aka Hitesh Hinglaj, 44, of Ahmedabad, India, was sentenced to 20 years in prison and three years of supervised release for the charges of “wire fraud conspiracy and general conspiracy to commit identification fraud, access device fraud, money laundering, and impersonation of a federal officer or employee.” Patel was also ordered to pay restitution of $8,970,396 to identified victims of his crimes.

According to a DOJ press release, Patel and his co-conspirators (including some on US soil) perpetrated a complex scheme in which employees from call centers in India impersonated officials from the IRS and US Citizenship and Immigration Services (USCIS).

Phone operators under his command engaged in telephone call scams designed to scare victims into wiring money, “threatening them with arrest, imprisonment, fines or deportation if they did not pay alleged monies owed to the government.”

“Those who fell victim were instructed how to provide payment, including by purchasing general purpose reloadable (GPR) cards or wiring money,” according to admissions in Patel’s plea agreement. “Upon payment, the call centers would immediately turn to a network of ‘runners’ based in the United States to liquidate and launder the fraudulently obtained funds.”

Patel admitted to operating and funding several call centers from which the fraud was perpetrated, including the HGLOBAL call center.

“Patel corresponded by email and WhatsApp messaging frequently with his co-defendants to exchange credit card numbers, telephone scam scripts, and call center operations instructions,” the DOJ explains.“The scripts included IRS impersonation, USCIS impersonation, Canada Revenue Agency impersonation, Australian Tax Office impersonation, payday loan fraud, U.S. Government grant fraud, and debt collection fraud,” according to the news release.

Patel admitted that he is solely responsible for the “reasonably foreseeable loss of more than $25 million but less than $65 million,” based on the government’s evidence against him.

The DOJ has set up a website to assist potential victims with information about the case. If you think you are a victim of telefraud scam phone calls, contact the Federal Trade Commission here.

422 Individuals Arrested in Global Money Laundering Scheme, According to Europol

More than 400 people have been arrested following a three-month global investigation into money laundering schemes, Europol disclosed today.

The European Money Mule Action ‘EMMA 6’ identified 4,031 money mules and 227 money mule recruiters, and resulted in 422 individual arrests between September and November 2020.

“During the span of the operation, 1 529 criminal investigations were initiated,” Europol said. “With the support of the private sector including more than 500 banks and financial institutions, 4 942 fraudulent money mule transactions were identified, preventing a total loss estimated at €33.5 million.”

What is a money mule?

Transferring illegally obtained money between bank accounts can be a problem for cybercriminals who wish to cover their tracks, so they recruit unsuspecting individuals to do the dirty work for them. The recruitment phase may involve romance scams, remote job listings, and even easy-money advertisements on social media platforms.

The duped or “hired” individual will then receive money in their bank account from the scammer, and asked to transfer the funds to another party or make withdrawals that are later passed to others.

The law enforcement agency also said that, “although some COVID-19 related cases have been reported, payment process compromise and romance scams continue to be the most recurrent schemes,” with a particular increase in the use of cryptocurrencies by money mules.

Making matters worse, even if the money mules only unwittingly aid the criminals in their money laundering schemes, they may still face criminal charges. Additionally, the money mule may endanger himself financially by providing personal information, or suffer physical attacks and threats if they stop cooperating with the perps.

Europol recommends individuals who suspect they might be part of such an illegal operation “stop transferring money and notify your bank and your national police immediately.”

Cyber Attack at US Mental Health Services Provider Exposes Sensitive Info of Over 290,000 Individuals

Attackers stole protected health information (PHI) and personally identifiable information (PII) of 295,617 patients of Colorado Springs-based mental healthcare provider AspenPointe in a data breach, the company said.

According to a letter sent to victims, the criminals gained access to the organization’s network in September 2020.

“We recently discovered unauthorized access to our network occurred between September 12, 2020 and approximately September 22, 2020,” the letter reads. “We immediately launched an investigation in consultation with outside cybersecurity professionals who regularly investigate and analyze these types of situations to analyze the extent of any compromise of the information on our network.”

Following the investigation, which ended November 10, AspenPointe claims that the attackers exfiltrated highly sensitive  patients’ data, including full names, date of birth, Social security numbers, Medicaid ID numbers, last visit dates, admission dates, discharge dates and diagnosis codes.

Although AspenPointe is “not aware of any reports of identity fraud or improper use of your information as a direct result of this incident,” patients are advised to place fraud alerts or a security freeze on their credit files and closely review their financial account statements for fraud.

The data breach has also forced AspenPointe to implement immediate password changes, additional endpoint protection, increased monitoring and firewall changes to their network.

“We continually evaluate and modify our practices and internal controls to enhance the security and privacy of your personal information,” AspenPointe added.

Additionally, the nonprofit organization said it will provide free 12-month identity-theft protection service for all impacted individuals, including credit monitoring and a $1 million insurance reimbursement policy. The data breach could have a serious psychological and financial impact on victims. Cyber thieves may use stolen healthcare records to make fake medical claims and steal insurance, attempt extortion by researching the victims or opening new credit lines using Social Security numbers and names.

Check now if your personal info has been stolen or made public on the internet, with Bitdefender’s Digital Identity Protection tool.

Posts navigation

1 2 3 4 5
Scroll to top