Tag: data breach

TSMC Says Its IT Hardware Supplier Targetted in Cyberattack

Taiwan Semiconductor Manufacturing said on Friday that a cybersecurity incident involving one of its IT hardware suppliers has led to the leak of the vendor’s company data.

“TSMC has recently been aware that one of our IT hardware suppliers experienced a cybersecurity incident which led to the leak of information pertinent to server initial setup and configuration,” the company said.

TSMC confirmed in a statement to Reuters that its business operations or customer information were not affected following the cybersecurity incident at its supplier Kinmax.

The TSMC vendor breach is part of a larger trend of significant security incidents affecting various companies and government entities.

Victims range from U.S. government departments, UK’s telecom regulator, to energy giant Shell, all affected since a security flaw was discovered in Progress Software’s MOVEit Transfer product last month.

TSMC said it has cut off data exchange with the affected supplier following the incident.

TSMC also announced in April that it will release new software this year to help customers working on advanced computer chips for cars take advantage of its newest technologies more quickly.

TSMC is the world’s biggest contract manufacturer of semiconductors. Many of the automotive industry’s biggest chip suppliers such as NXP Semiconductor and STMircoelectronics NV tap TSMC to make their chips.

But automotive chips must meet a higher bar for ruggedness and longevity than the chips that go into consumer electronics. TSMC has special manufacturing processes for the automotive industry that typically arrive a couple years after similar processes for consumer chips.

In the past it has then taken automotive chip firms extra time to create chip designs for those specialised manufacturing lines. The result was that car chips could be years behind those in the latest smartphone.

© Thomson Reuters 2023
 

(This story has not been edited by NDTV staff and is auto-generated from a syndicated feed.)

Affiliate links may be automatically generated – see our ethics statement for details.

Check out our Latest News and Follow us at Facebook

Original Source

Data Breach in US Exposes Personal Information of 2,37,000 Federal Employees

The personal information of 237,000 current and former federal government employees has been exposed in a data breach at the US Transportation Department (USDOT), sources briefed on the matter said on Friday.

The breach hit systems for processing TRANServe transit benefits that reimburse government employees for some commuting costs. It was not clear if any of the personal information had been used for criminal purposes.

USDOT notified Congress Friday in an email seen by Reuters that its initial investigation of the data breach has “isolated the breach to certain systems at the department used for administrative functions, such as employee transit benefits processing.”

USDOT said in a statement to Reuters the breach did not affect any transportation safety systems. It did not say who might be responsible for the hack.

The department is investigating the breach and has frozen access to the transit benefit system until it has been secured and restored, it said.

The maximum benefit allowance is $280 (roughly Rs. 23,000) per month for federal employee mass transit commuting costs. The breach impacted 114,000 current employees and 123,000 former employees.

Federal employees and agencies have been target of hackers in the past.

Two breaches at the US Office of Personnel Management (OPM) in 2014 and 2015 compromised sensitive data belonging to more than 22 million people, including 4.2 million current and federal employees along with fingerprint data of 5.6 million of those individuals.

Suspected Russian hackers who used SolarWinds and Microsoft software to burrow into US federal agencies breached unclassified Justice Department networks and read emails at the Treasury, Commerce and Homeland Security departments. Nine federal agencies were breached, Reuters reported in 2021.

© Thomson Reuters 2023

Google I/O 2023 saw Google tell us repeatedly that it cares about AI, alongside the launch of its first foldable phone and Pixel-branded tablet. This year, the company is going to supercharge its apps, services, and Android operating system with AI technology. We discuss this and more on Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.
Affiliate links may be automatically generated – see our ethics statement for details.

Check out our Latest News and Follow us at Facebook

Original Source

1.2 Crore WhatsApp Users, 17 Lakh Facebook Users Targeted in India’s Massive Data Theft

A massive data breach that has implications for national security was unearthed by Cyberabad Police here, who arrested seven people of a gang allegedly involved in the theft and sale of sensitive data of the government and important organisations, including details of 2.55 lakh defence personnel as well as the personal and confidential data of about 16.8 crore citizens across the country.

The accused persons were found selling more than 140 different categories of information, which include sensitive information such as details of defence personnel and the mobile numbers of citizens and NEET students, among others, Cyberabad Police Commissioner M Stephen Raveendra told reporters here on Thursday.

Seven data brokers were arrested from Delhi, police said adding that the accused had been operating through three companies (call centres) in Noida and other places. So far it has been found that the accused sold data to at least 100 fraudsters, who used it for committing cyber crimes. Investigations are still on, police said.

Sensitive data of defence personnel containing their ranks, email ids, place of posting, was found available with the accused, Commissioner Raveendra said.

“This will have serious national security implications. The data of defence and government employees can be used for espionage; to impersonate them and commit serious offences that may jeopardise national security. We are in the process of finding out how this data got leaked and who are the insiders who are doing it,” he added.

The arrested accused were selling the data through a contact details directory service provider and similar platforms, police said, adding that during the course of the investigation it was found that the accused had sold data of 50,000 citizens for as low as Rs. 2,000.

Notices will be sent to the service providers and they will be examined and legal action will be initiated against them also, police said.

“When any individual calls the toll-free numbers of service providers for any sector or category related confidential data of individuals, their query is listed and sent to that category of service providers. Then these fraudsters contact the clients and send them samples. If the client agrees to purchase, they make payment and are provided the data,” police said, explaining the modus operandi.

The accused had aggregated the data leaked from different organisations and, having registered themselves as service delivery agents, sold the data to cyber criminals, police said.

DCP (Cybercrime Wing) Ritiraj said a complaint was lodged with the Cyber Crime wing of Cyberabad Police about the sale and purchase of confidential and sensitive data, even as police had also been investigating how cyber criminals were getting access to data. Police have been working on the case for the past two months.

Deputy Commissioner of Police (Crimes) Cyberabad Police Kalmeshwar Shingenavar said that during investigations it was found that private organisations are collecting data both with consent and without the knowledge of individuals. There is no data privacy or protection policy offered by most of these private organisations who possess and process the data of individuals, he said.

The accused were also found selling information in categories such as Energy and Power sector, PAN card data, Government employees, Gas and Petroleum, HNIs (High Net-worth Individuals), demat accounts, student databases, women databases, data of people who have applied for loans and insurance, and credit card and debit card holders (of private banks), WhatsApp users, Facebook users, IT organisation employees, frequent flyers etc.

The data of NEET students, with their names, mobile number and their residential address, was also found with the accused. A PAN card database containing sensitive information on the income, email ids, phone numbers, address of citizens was also found.

As many as 1.2 crore WhatsApp users and 17 lakh Facebook users had also been targeted in the data theft, police said. Police also found data pertaining to two crore students, 12 lakh CBSE Class 12 students, 40 lakh jobseekers, 1.47 crore car owners, details of 11 lakh government employees and 15 lakh IT professionals among others.

Further, a mobile number database of three crore individuals, probably leaked from telecom service providers, was also found, the Commissioner said.

The sensitive data that has been leaked can be used for unauthorised access to important organisations and institutions. The data related to PAN card can be used to commit serious financial offences. It is being used to commit a large number of cyber crimes whereby the perpetrators gain the confidence of victims by disclosing such information, police added.

After facing headwinds in India last year, Xiaomi is all set to take on the competition in 2023. What are the company’s plans for its wide product portfolio and its Make in India commitment in the country? We discuss this and more on Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.
Affiliate links may be automatically generated – see our ethics statement for details.

Check out our Latest News and Follow us at Facebook

Original Source

Uber Investigating Cybersecurity Incident After Alleged Data Breach: All Details

Uber Technologies on Friday said that it is responding to a cybersecurity incident involving a breach of its network. The ride-hailing company confirmed that it has reached out to law enforcement after a hacker allegedly breached its network that forced Uber to take several internal communications and engineering systems offline on Thursday. The hacker reportedly compromised the account of an employee’s workplace messaging app Slack and used it to send a message to Uber employees announcing that the company had suffered a data breach.

As per a report by The New York Times that cited an Uber spokesperson, a hacker compromised an employee’s workplace messaging app Slack and used it to send a message to Uber employees saying that the company had suffered a data breach. The hacker reportedly got access to other internal systems later and posted an explicit photo on an internal information page for employees.

Uber via a tweet on Friday acknowledged the data breach saying that it has reached out to law enforcement for investigating the incident. The company assured that it will post additional updates on Twitter as they become available.

The San Francisco-based company’s Slack communication system was taken offline on Thursday afternoon after employees received the message from the hacker, the report adds citing two employees.

According to the report, the person who claimed responsibility for the hack said he gained access through social engineering. He reportedly sent a text message to an Uber worker claiming to be a corporate information technology worker and persuaded the employee to hand over a password that gave them access to Uber’s systems.

Back in November 2016, a data breach affected 57 million passengers and drivers of the ride hailing service.

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Honor Pad X8 Tablet With 10.1-Inch Display, MediaTek Helio G80 SoC Launched: All Details



Check out our Latest News and Follow us at Facebook

Original Source

Samsung Discloses Breach of US Systems in July, Says Personal Information Was Exposed

Samsung on Friday disclosed that it had recently detected a cybersecurity breach that resulted in the exposure of personal information of customers. The incident took place in late July, according to the South Korean firm, when an unauthorised third party compromised the company’s US systems. Samsung says that as part of an ongoing investigation, the company hired a cybersecurity firm and is coordinating with law enforcement. The company previously revealed that it had been affected by a data breach in March, where hackers managed to steal source code for Samsung smartphones. 

On Friday, Samsung disclosed the security breach via its security response centre, revealing that the attackers may have gained access to personal information of customers, including name, contact and demographic information, date of birth, and product registration information.

According to Samsung, the data exposed in the breach did not include customers’ Social Security numbers or credit and debit card details. While the company is yet to specify the number of users and regions that were affected, the notice appears to suggest that US customer details were exposed in the incident.  

“We have taken actions to secure the affected systems, and have engaged a leading outside cybersecurity firm and are coordinating with law enforcement,” Samsung said on its website, adding that it has notified customers of the incident.

Samsung says that it has reached out to customers that it has identified as being affected by the issue and will contact users it has not yet reached out to, if further notifications are required during its investigation. 

According to the company, users should remain cautious of unsolicited communications asking for personal information, avoid clicking on links or downloading attachments from suspicious emails, and review their accounts for suspicious activity. The company says its consumer devices were not affected during the incident. 

Back in March, Samsung revealed that it had suffered a cybersecurity breach, which resulted in the exposure of internal company data. The leaked data included source code for Samsung Galaxy smartphones, but Samsung had stated that the personal data of customers or its employees was not affected. The Lapsus$ hacking group had previously claimed responsibility for the breach, and the company stated at the time that it had taken measures to prevent breaches in the future.

Affiliate links may be automatically generated – see our ethics statement for details.

Check out our Latest News and Follow us at Facebook

Original Source

Celsius Users Under Phishing Risks as Already Troubled Firm Now Faces Data Breach Scandal

Celsius Network has disclosed to its community that it has suffered a data breach, warning users against threats of phishing attacks. An unnamed employee of Celsius’ third-party social media handler Customer.io accessed a list of Celsius client email addresses and transferred those to a third-party. Customer.io handles the market communications for both, Celsius as well as OpenSea. In June, OpenSea also reported a data breach. At the time, Customer.io had informed Celsius that its user data was safe.

After firing the concerned employee, Customer.io conducted internal analysis through the month of July, and later warned Celsius about the data breach incident.

Celsius, the crypto lending firm is now in the process of informing its users about this breach, asking them to be alert and not share sensitive information with unverified strangers.

It looks like tough days are nowhere near an end for Celsius. The company, struck by the recent crypto slump, has filed for bankruptcy.

As per Celsius, only a list of its client email addresses saved with Customer.io was leaked by the now terminated engineer, and no other information is expected to have become part of the breach.

Customer.io has also published a blog post addressing the incident.

“Despite the many precautions taken to protect our customer data, the employee’s role enabled specific access to these email addresses. This employee has been terminated, all access has been revoked and we have reported this employee to law enforcement,” the company wrote.

In June, when OpenSea NFT marketplace suffered the data breach, its users had complained about being bombarded with emails that resembled phishing attempts.

Phishing is a category of cyber-attack in which specific emails are directed at potential victims in an attempt to lure them into clicking malicious links, or download malware to mine or steal their crypto holdings.



Check out our Latest News and Follow us at Facebook

Original Source

OpenSea NFT Marketplace Suffers Data Breach Leaking Email IDs of Users: Here What You Need to Know

OpenSea, the largest non-fungible token (NFT) marketplace by trading volume, has suffered a data breach after an employee at the platform’s email delivery partner – Customer.io – leaked user data. In a blog post on Thursday, the marketplace said that an employee of Customer.io “misused their employee access to download and share email addresses – provided by OpenSea users and subscribers to our newsletter – with an unauthorised external party.” According to OpenSea, all customers who have shared their email with the platform in the past should assume they have been impacted by the breach.

In a blog post, OpenSea’s head of security Cory Hardman said that an employee of Customer.io, OpenSea’s email delivery vendor, abused their access by downloading and externally sharing customer data.

“If you have shared your email with OpenSea in the past, you should assume you were impacted,” he wrote. “We are working with Customer.io in their ongoing investigation, and we have reported this incident to law enforcement.”

The company further warned customers might face phishing attacks — attempts by cybercriminals posing as credible institutions with the aim to obtain sensitive information — by using a domain name similar to the official “opensea.io,” such as “opensea.org” or “opensae.io.”

Hardman also shared a set of safety recommendations that would help defend against phishing attempts advising them to be suspicious of any emails trying to impersonate OpenSea, not to download and open email attachments, and to check the URLs of pages linked in OpenSea emails.

Users are also urged never to share or confirm their passwords or secret wallet phrases and never to sign wallet transactions if prompted directly via email.

Some customers took to Twitter to share screenshots showing that OpenSea contacted them by email to inform them about the breach.

A similar incident occurred in March, when hackers breached third-party marketing vendor HubSpot to target large crypto stakeholders. NYDIG, Pantera Capital, BlockFi, Circle and Swan Bitcoin were among the affected companies.



Check out our Latest News and Follow us at Facebook

Original Source

Exit mobile version