Welcome to this week’s global round-up of the biggest and most interesting news stories.
At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks.
Publicly disclosed data breaches and cyber attacks: in the spotlight
The ‘mother of all breaches’: more than 26 billion records exposed
The security researcher Bob Diachenko and investigators from Cybernews have discovered an open instance with 26 billion data records, mostly compiled from previous breaches – although it likely also includes new data.
The data is more than mere credentials, too – according to Cybernews, most of the exposed data is sensitive. Given the extraordinary scale of the data breach, it’s been dubbed the ‘MOAB’ (mother of all breaches). In total, 3,876 domain names were included in the exposed data set.
Data breached: more than 26 billion records.
Ukrainian cyber attack allegedly wipes 2 PB of data belonging to Russian research centre
The Main Directorate of Intelligence of the Ministry of Defense of Ukraine claims to have destroyed a 2-PB (petabyte) database belonging to Russia’s Far Eastern Research Center for Space Hydrometeorology, or Planeta.
With the caveat that news of state-sponsored attacks against combatants during wartime must be treated with a certain degree of caution, it appears that the cyber attack on Planeta – which receives and processes satellite data on behalf of more than 50 Russian state entities, including the Ministry of War – destroyed 280 servers at a cost of “at least $10 million”.
Data breached: 2 PB.
Mobile network database breach exposes 750 million Indians’ personal data
The Indian security company CloudSEK claims to have found the personal data of 750 million Indians for sale on an “underground forum”. Compromised data includes victims’ names, addresses, phone numbers and Aadhaar numbers (a 12-digit government identification number).
It remains unclear how the data breach occurred, but the attackers apparently suggested it was the result of “exploiting vulnerabilities within government databases of telecommunication systems”.
Data breached: 750 million victims’ personal data.
Publicly disclosed data breaches and cyber attacks: full list
This week, we’ve found 3,154,222,180 records known to be compromised, and 183 organisations suffering a newly disclosed incident. On top of that, we found out about the MOAB this week, affecting 3,876 organisations with more than 26 billion records breached.
Excluding the MOAB, 165 of newly breached organisations this week are known to have had data exfiltrated, exposed or otherwise breached. Only 1 definitely hasn’t had data breached.
We’ve also found 6 organisations providing a significant update on a previously disclosed incident.
| Organisation(s) | Sector | Location | Data breached? | Known records breached |
| 3,876 domain names (the ‘mother of all breaches’ or ‘MOAB’) Source (New) |
Multiple | Multiple | Yes | More than 26,000,000,000 |
| Far-Eastern Center of State Research Center for Space Hydrometeorology (Planeta) Source 1; source 2 (New) |
Public | Russia | Yes | 2 PB |
| Indian mobile network consumer database (probably) Source 1; source 2 (New) |
Telecoms | India | Yes | 750,000,000 |
| Telekom Malaysia Source 1; source 2 (New) |
Telecoms | Malaysia | Yes | Almost 200,000,000 |
| IPL Consulting Source 1; source 2 (New) |
IT services | Russia | Yes | More than 60 TB |
| Public Health Ministry’s Immunization Centre? (9near.org) Source 1; source 2 (New) |
Public | Thailand | Yes | 55,000,000 |
| Moscow International Higher Business School Source (New) |
Education | Russia | Yes | 27,915,905 |
| loanDepot Source 1; source 2 (Update) |
Finance | USA | Yes | 16,600,000 |
| Trello Source 1; source 2 (New) |
Software | USA | Yes | 15,115,516 |
| Concentra Source 1; source 2 (New) |
Healthcare | USA | Yes | 3,998,162 |
| At Home Group Inc. Source (New) |
Retail | USA | Yes | 2,588,849 |
| Keenan & Associates Source 1; source 2 (Update) |
Insurance | USA | Yes | 1,509,616 |
| AGC Group Source (New) |
Manufacturing | Japan | Yes | 1.5 TB |
| Four Hands Source (New) |
Manufacturing | USA | Yes | 1.5 TB |
| JD Sports Fashion Source (New) |
Retail | UK | Yes | 1,493,344 |
| Microbe&Lab Source (New) |
Healthcare | Netherlands | Yes | 1,285,279 |
| Stemcor Global Holdings Limited Source (New) |
Retail | UK | Yes | 1.2 TB |
| UK forex customers Source (New) |
Finance | UK | Yes | 1,001,214 |
| A.N.S. Computer SPRL Source (New) |
IT services | Belgium | Yes | 1,000,000 |
| AerCap Source (New) |
Transport | Ireland | Yes | 1 TB |
| MBC Law Professional Corp. Source (New) |
Legal | Canada | Yes | 1 TB |
| Double Eagle Development Source (New) |
Real estate | USA | Yes | 904,980 |
| Southern Water Source 1; source 2; source 3 (New) |
Utilities | UK | Yes | 750 GB |
| BuidlersTribe Source (New) |
Professional services | Singapore | Yes | More than 661,000 |
| Dillard’s Inc. Source (New) |
Retail | USA | Yes | 593,688 |
| Mobile Premier League Source (New) |
Leisure | India | Yes | 508,000 |
| Chattanooga Imaging Source 1; source 2 (New) |
Healthcare | USA | Yes | More than 500,000 |
| Schneider Saddlery Source (New) |
Retail | USA | Yes | 451,503 |
| Teen Patti Master Source (New) |
Leisure | India | Yes | 400,000 |
| Lucky Brand Source (New) |
Retail | USA | Yes | 374,482 |
| High Arctic Energy Services Source (New) |
Energy | Canada | Yes | 345 GB |
| Jason’s Deli Source (New) |
Hospitality | USA | Yes | 344,034 |
| Ulta Beauty Source (New) |
Retail | USA | Yes | 327,936 |
| Jay Group Source (New) |
Transport | USA | Yes | 270 GB |
| Corelle Brands Source (New) |
Manufacturing | USA | Yes | 244,108 |
| Daeyang University Source (New) |
Education | Malawi | Yes | More than 224,000 |
| B.TECH Source (New) |
Retail | Egypt | Yes | 203,265 |
| Smith Affiliated Capital Corp. Source (New) |
Finance | USA | Yes | More than 200 GB |
| Planet Home Lending, LLC Source (New) |
Finance | USA | Yes | 199,873 |
| Bonobos Source (New) |
Retail | USA | Yes | 191,721 |
| Draneas Law Source (New) |
Legal | USA | Yes | 189 GB |
| Advance Auto Parts Source (New) |
Retail | USA | Yes | 186,853 |
| HORNE Source 1; source 2 (New) |
Professional services | USA | Yes | 170,052 |
| WEBS – America’s Yarn Store Source (New) |
Retail | USA | Yes | 157,895 |
| The Mike Ferry Organization Source (New) |
Real estate | USA | Yes | 136,221 |
| Toronto Zoo Source 1; source 2 (Update) |
Non-profit | Canada | Yes | 130 GB |
| Urban Barn Source (New) |
Retail | USA | Yes | 122,957 |
| Ace Hardware Corporation Source (New) |
Retail | USA | Yes | 122,452 |
| Skechers Source (New) |
Retail | USA | Yes | 113,753 |
| First Financial Security Source 1; source 2 (Update) |
Insurance | USA | Yes | 105,764 |
| Value City Furniture Source (New) |
Retail | USA | Yes | 104,312 |
| A24Group Medical Staffing Source (New) |
Healthcare | UK | Yes | 10 GB |
| The Company Store Source (New) |
Retail | USA | Yes | 89,007 |
| Kansas Joint & Spine Specialists Source 1; source 2 (New) |
Healthcare | USA | Yes | 83,869 |
| Dooney & Bourke Source (New) |
Retail | USA | Yes | 80,956 |
| Books A Million Source (New) |
Retail | USA | Yes | 69,988 |
| Michigan Orthopaedic Surgeons Source 1; source 2 (New) |
Healthcare | USA | Yes | 67,477 |
| Sam Ash Music Source (New) |
Retail | USA | Yes | 66,991 |
| Nassau Vision Group Source (New) |
Manufacturing | USA | Yes | 63 GB |
| Jerry’s Artarama Source (New) |
Retail | USA | Yes | 56,280 |
| VELUX USA Source (New) |
Manufacturing | USA | Yes | 51,097 |
| BACT Consultation Source (New) |
Professional services | UAE | Yes | More than 44,000 |
| American Signature Inc. Source (New) |
Retail | USA | Yes | 42,771 |
| Havertys Furniture Source (New) |
Manufacturing | USA | Yes | 34,941 |
| BrandSource Source (New) |
Manufacturing | USA | Yes | 35,748 |
| Dollar General Source (New) |
Retail | USA | Yes | 31,699 |
| Mi Argentina Source (New) |
IT services | Argentina | Yes | 31,583 |
| Danto.de Source (New) |
Retail | Germany | Yes | 30,000 |
| Integrity, Inc. Source (New) |
Non-profit | USA | Yes | 25,908.62 MB |
| Ardent Health Services Source 1; source 2 (Update) |
Healthcare | USA | Yes | 23,686 |
| Bake’n Joy Foods, Inc. and CommerceV3 Source (New) |
Manufacturing and IT services | USA | Yes | 21,914 |
| Vans NL Source (New) |
Retail | Netherlands | Yes | 17,761 |
| Saudi car insurance portal Source (New) |
Insurance | Saudi Arabia | Yes | 14,183 |
| Hinley Source (New) |
Manufacturing | USA | Yes | 14,470 |
| National Business Furniture Source (New) |
Manufacturing | USA | Yes | 13,412 |
| Avon Source (New) |
Manufacturing | UK | Yes | 12,861 |
| VistaPrint Source (New) |
Retail | Netherlands | Yes | 11,968 |
| 3Rivers Archery Source (New) |
Retail | USA | Yes | 11,932 |
| ColliShop Source (New) |
Retail | Belgium | Yes | 10,291 |
| Ventura County Credit Union Source (New) |
Finance | USA | Yes | 9,452 |
| Double Eagle Energy Holdings IV LLC Source (New) |
Energy | USA | Yes | 9,088 |
| Brady Martz & Associates Source 1; source 2 (New) |
Finance | USA | Yes | 7,154 |
| Ciudadano Digital Source (New) |
IT services | Argentina | Yes | More than 7,000 |
| Instituto Costarricense de Turismo Source (New) |
Leisure | Costa Rica | Yes | 6,361 |
| HOM Furniture Source (New) |
Manufacturing | USA | Yes | 6,226 |
| Marywood Nursing Care Center Source (New) |
Healthcare | USA | Yes | 6,178 |
| Colorado Ophthalmology Source 1; source 2 (New) |
Healthcare | USA | Yes | 6,020 |
| Cloud South Source (New) |
IT services | USA | Yes | 5,128 |
| Samsonite Source (New) |
Manufacturing | Belgium | Yes | 5,108 |
| Paula’s Choice Skincare Source (New) |
Manufacturing | USA | Yes | 5,065 |
| Lake County Health Department and Community Health Center Source 1; source 2 (New) |
Public | USA | Yes | 5,000 |
| Meyer Cookware Source (New) |
Manufacturing | USA | Yes | 4,260 |
| Valhalla Pure Outfitters Source (New) |
Retail | Canada | Yes | 3,874 |
| INTERPOL Argentina Source (New) |
Public | Argentina | Yes | More than 3,000 |
| Connect Distribution Source (New) |
Retail | UK | Yes | 2,615 |
| PetFlow Source (New) |
Manufacturing | USA | Yes | 2,415 |
| Center for Urban Community Services Source (New) |
Non-profit | USA | Yes | 2,266 |
| Orgain Source (New) |
Manufacturing | USA | Yes | 2,198 |
| New Balance Source (New) |
Manufacturing | USA | Yes | 2,093 |
| True Alliance Source (New) |
Retail | Australia | Yes | 1,764 |
| The Brick Source (New) |
Retail | USA | Yes | 1,744 |
| PostWorks New York Source (New) |
Media | USA | Yes | 1,559 |
| DiscountMags Source (New) |
Retail | USA | Yes | 1,420 |
| Hale Groves Source (New) |
Manufacturing | USA | Yes | 1,417 |
| Enterprise Bank & Trust Source (New) |
Finance | USA | Yes | 1,307 |
| Naturepedic Source (New) |
Manufacturing | USA | Yes | 1,284 |
| Nautica Source (New) |
Retail | USA | Yes | 1,168 |
| Ricardo Defense Inc Source (New) |
Manufacturing | USA | Yes | 1,149 |
| Pittman & Davis, LLC Source (New) |
Retail | USA | Yes | 1,136 |
| Suja Organic Source (New) |
Retail | USA | Yes | 1,111 |
| Mount Vernon Dental Smiles Source 1; source 2 (New) |
Healthcare | USA | Yes | 1,069 |
| PowerBar Source (New) |
Retail | USA | Yes | 952 |
| Walker Therapeutic & Educational Programs Source 1; source 2 (New) |
Non-profit | USA | Yes | 846 |
| Catholic Heath Initiative Trinity Medical Center Source 1; source 2 (New) |
Healthcare | USA | Yes | 797 |
| Smartpress Source (New) |
Retail | USA | Yes | 566 |
| FedEx Corporation Group Health Plan Source (New) |
Insurance | USA | Yes | 553 |
| Covenant Care California, LLC Source 1; source 2; source 3 (Update) |
Healthcare | USA | Yes | 501 |
| Daleville Dental LLC Source 1; source 2 (New) |
Healthcare | USA | Yes | 500 |
| FootJoy Source (New) |
Retail | USA | Yes | 445 |
| Student.com Source (New) |
Real estate | UK | Yes | 414 |
| National Right to Work Committee Source (New) |
Non-profit | USA | Yes | 325 |
| Mexican government Source (New) |
Public | Mexico | Yes | More than 300 |
| American Medical ID Source (New) |
Manufacturing | USA | Yes | 248 |
| GC Services Source (New) |
Finance | USA | Yes | 180 |
| Drazin and Warshaw, P.C. Source (New) |
Legal | USA | Yes | 163 |
| Newington Fire Department Source (New) |
Public | USA | Yes | 127 |
| M&T Bank Source (New) |
Finance | USA | Yes | 43 |
| First Century Bank Source (New) |
Finance | USA | Yes | 23 |
| Tanga Source (New) |
Retail | USA | Yes | 16 |
| The Hartford Source (New) |
Finance | USA | Yes | 15 |
| Latham Centers, Inc. Source (New) |
Healthcare | USA | Yes | 1 |
| Justicia Córdoba Source (New) |
Legal | Argentina | Yes | Unknown |
| Ministerio de seguridad Source (New) |
Public | Argentina | Yes | Unknown |
| Deknudt Frames Source (New) |
Manufacturing | Belgium | Yes | Unknown |
| Accolade Group Inc. Source (New) |
Retail | Canada | Yes | Unknown |
| GAMEE Source (New) |
Blockchain | Czech Republic | Yes | Unknown |
| CARRI Systems Source (New) |
Professional services | France | Yes | Unknown |
| Mercedes-Benz AG Source (New) |
Manufacturing | Germany | Yes | Unknown |
| S&A Law Offices Source (New) |
Legal | India | Yes | Unknown |
| Gadot Biochemical Industries Ltd. Source (New) |
Manufacturing | Israel | Yes | Unknown |
| Neafidi Società Cooperativa di garanzia collettiva fidi Source (New) |
Finance | Italy | Yes | Unknown |
| CloudFire Source (New) |
IT services | Italy | Yes | Unknown |
| High National Elections Commission Source (New) |
Public | Libya | Yes | Unknown |
| DENHAM the Jeanmaker Source (New) |
Retail | Netherlands | Yes | Unknown |
| 2 Togolese journalists Source (New) |
Media | Togo | Yes | Unknown |
| Ducon Industries FZCO Source (New) |
Construction | UAE | Yes | Unknown |
| The Gainsborough Bath Spa Source (New) |
Hospitality | UK | Yes | Unknown |
| Caravan and Motorhome Club Source 1; source 2 (New) |
Leisure | UK | Yes | Unknown |
| Covanta Source 1; source 2 (New) |
Environmental | USA | Yes | Unknown |
| Full Circle Electronics Source 1; source 2 (New) |
Environmental | USA | Yes | Unknown |
| Veolia North America Source (New) |
Environmental | USA | Yes | Unknown |
| Dawson James Securities, Inc. Source (New) |
Finance | USA | Yes | Unknown |
| First Mid Source (New) |
Finance | USA | Yes | Unknown |
| Mordfin Group Source (New) |
Finance | USA | Yes | Unknown |
| Aria Care Partners Source 1; source 2 (New) |
Healthcare | USA | Yes | Unknown |
| Des Moines Orthopaedic Surgeons Source 1; source 2 (New) |
Healthcare | USA | Yes | Unknown |
| Moses Lake Community Health Center Source 1; source 2 (New) |
Healthcare | USA | Yes | Unknown |
| Signature Performance, Inc. Source (New) |
Healthcare | USA | Yes | Unknown |
| Hewlett Packard Enterprise Source 1; source 2 (New) |
IT services | USA | Yes | Unknown |
| Sirius Federal Source (New) |
IT services | USA | Yes | Unknown |
| UICGS/Bowhead Family of Companies Source (New) |
IT services | USA | Yes | Unknown |
| Total Air Solutions, LLC Source (New) |
Professional services | USA | Yes | Unknown |
| Kansas City Area Transportation Authority Source 1; source 2 (New) |
Public | USA | Yes | Unknown |
| Phastar Source 1; source 2 (New) |
Research services | USA | Yes | Unknown |
| David’s Bridal Source (New) |
Retail | USA | Yes | Unknown |
| Yesway Source (New) |
Retail | USA | Yes | Unknown |
| Anthropic Source (New) |
Software | USA | Yes | Unknown |
| Kahua Source 1; source 2 (New) |
Software | USA | Yes | Unknown |
| PowerReviews Source (New) |
Software | USA | Yes | Unknown |
| Concentric.fi Source (New) |
Crypto | Unknown | Yes | Unknown |
| BUKA Magazin Source (New) |
Media | Bosnia and Herzegovina | Unknown | Unknown |
| USAID Colombia Source (New) |
Public | Colombia | Unknown | Unknown |
| RailTel Corporation of India Ltd Source (New) |
Telecoms | India | Unknown | Unknown |
| Lev Cinemas Source (New) |
Leisure | Israel | Unknown | Unknown |
| Sveriges Riksbank Source (New) |
Finance | Sweden | Unknown | Unknown |
| The Misbourne Source 1; source 2; source 3 (New) |
Education | UK | Unknown | Unknown |
| Naftogaz of Ukraine Source (New) |
Energy | Ukraine | Unknown | Unknown |
| Monobank Source (New) |
Finance | Ukraine | Unknown | Unknown |
| Ukrtransbezpeka Source (New) |
Public | Ukraine | Unknown | Unknown |
| Ukrposhta Source (New) |
Transport | Ukraine | Unknown | Unknown |
| Bakersfield College Source (New) |
Education | USA | Unknown | Unknown |
| EquiLend Source 1; source 2 (New) |
Finance | USA | Unknown | Unknown |
| BrightStar Care Source (New) |
Healthcare | USA | Unknown | Unknown |
| Bucks County Source 1; source 2 (New) |
Public | USA | Unknown | Unknown |
| Nevada Gaming Control Board Source 1; source 2 (New) |
Public | USA | Unknown | Unknown |
| U.S. Department of Health and Human Services Source (New) |
Public | USA | Unknown | Unknown |
| Washington County Source (New) |
Public | USA | Unknown | Unknown |
| Tesla Source (New) |
Manufacturing | USA | No | 0 |
Note 1: ‘New’/‘Update’ in the first column refers to whether this breach was first publicly disclosed this week, or whether a significant update was released this week. The updated data point is italicised in the table.
Note 2: For incidents where we only know the file size of the data breached, we use the formula 1 MB = 1 record. Given that we can’t know the exact numbers, as it depends on the types of records included (e.g. pictures and medical histories are considerably larger files than just names and addresses), we err on the side of caution by using this formula. We believe that this underestimates the records breached in most cases, but it is more accurate than not providing a number at all.
AI
Final draft of EU Artificial Intelligence Act leaked
Luca Bertuzzi, the technology editor of Euractiv, has shared the final draft of the EU’s AI Act, “ahead of a discussion within the Telecom Working Party, a technical body of the EU Council, on Wednesday and formal adoption at the ambassador level (i.e. COREPER) on 2 February”.
European Commission launches AI innovation package to support startups and SMEs
Following the political agreement on the AI Act, the European Commission has launched a package of measures to help European startups and small to medium-sized organisations develop AI that “respects EU values and rules”.
UK NCSC warns of rise in AI-enabled ransomware
The UK’s NCSC has warned that AI, which is already being used to facilitate cyber crime, “will almost certainly increase the volume and impact of cyber attacks – including ransomware – in the near term”. Its report concludes that AI lowers the barrier of entry to would-be attackers, enabling the relatively unskilled to carry out more effective campaigns.
US NAIRR to partner with AI developers
The US National Science Foundation, alongside 10 other federal agencies and 25 private-sector, non-profit and philanthropic organisations, has launched the NAIRR (National Artificial Intelligence Research Resource), with the aim of democratising the future of AI research and development. NAIRR will “provide access to advanced computing, datasets, models, software, training and user support to U.S.-based researchers and educators”.
Enforcement
UK, US and Australia sanction “Russia-based cyber hacker”
The UK, US and Australia have sanctioned the Russian national Aleksandr Ermakov, following his identification as a key actor in the cyber attack on Australia Medibank in 2022. The attack saw 9.7 million customers’ personal data leaked on the dark web.
CNIL fines Amazon France Logistique €32 million for GDPR breach
France’s supervisory authority, the CNIL, has fined Amazon France Logistique, the division that manages the Amazon group’s French warehouses, €32 million for monitoring employee behaviour in breach of the EU GDPR.
SolarWinds seeks dismissal of SEC cyber security lawsuit
SolarWinds Corp. and its CISO, Tim Brown, have filed a dismissal motion at New York federal court, denying SEC allegations of fraud and internal control failures relating to its cyber security practices following the cyber attack it suffered from 2019 to 2020.
Other news
Three new cyber security reports published
The Securonix 2024 Insider Threat Report looks at internal security risks, while the Malware Trends Overview Report: 2023 from Any Run examines the most prevalent malware types of 2023 and Coveware examines the latest ransomware trends.
To mark this year’s Data Protection Day, the privacy rights campaign group noyb surveyed more than 1,000 data protection professionals in the EU. According to the resulting report, GDPR: a culture of non-compliance?, 35.8% of respondents agree that “the ‘deterring effect’ of the GDPR has been lost over the last five years”, 70.9% “think that we need more clear decisions by [data protection authorities] and courts to improve compliance” and 74.4% “assume relevant violations at an average company”.
Key date
19 March 2024 – UK government calls for views on Cyber Governance Code of Practice
The UK government is calling for views on its draft Cyber Governance Code of Practice, which aims to help organisations manage cyber risks. Responses must be submitted by 11:59 pm on Tuesday, 19 March 2024.
That’s it for this week’s round-up. We hope you found it useful.
We’ll be back next week with the biggest and most interesting news stories, all rounded up in one place.
In the meantime, if you missed it, check out last week’s round-up. Alternatively, you can view our full archive.
Security Spotlight
To get news of the latest data breaches and cyber attacks straight to your inbox, subscribe to our weekly newsletter: the Security Spotlight.
Every Wednesday, you’ll get a 4-minute email with:
- Industry news, including this weekly round-up;
- Our latest research and statistics;
- Interviews with our experts, sharing their insights and expertise;
- Free useful resources; and
- Upcoming webinars.
The post The Week in Cyber Security and Data Privacy: 22 – 28 January 2024 appeared first on IT Governance UK Blog.
