July 2024 – Guard Well Identity Theft Solutions

888-966-4827

110 Million AT&T Call & Text Logs Stolen

16 July 2024
by: Catherine Lennon
in: Cybercrime,Data Breach,Identity Theft,In The News
Tags: Adobe, ATT, cryptocurrency, cyber attack, Mastercard, Pfizer, snowflake, telecommunications, U.S.
note: no comments

Last Friday, July 12th, Telecom giant AT&T revealed that they experienced a data breach impacting nearly all of their wireless customers. The company announced on April 19th, that “hackers exfiltrated records of customer call and text interactions from May 1, 2022 to October 31, 2022” and also on January 2, 2023.

AT&T is in process of notifying nearly 110 million account holders of the cyber crime. Compromised records identify other phone numbers their customers interacted with including call duration, text counts and numbers texted. Although the hacker reportedly demanded $1,000,000 ransom, SecurityWeek reported that approximately $370,000 in bitcoin was wired in May to prevent the data from getting leaked.

The U.S. telecommunications company said that the FBI is investigating and at least one person has been arrested after data was copied from its workspace on a third-party cloud platform, Snowflake. Snowflake is a company with 9,800+ global customers, including Adobe, Honeywell, Mastercard and Pfizer and has been in the news frequently of late. Learn More

Guard Well Identity Theft Solutions exists to provide you, your family and your employees from the damages of identity theft. Please don’t hesitate to reach out if you need help or have any questions or concerns. We are available for you 24/7/365 at 888.966.4827 (GUARD) and [email protected].

Photo courtesy credit: markus-spiske-FXFz-sW0uwo-unsplash

Millions Potentially Exposed by Neiman Marcus Breach

12 July 2024
by: Catherine Lennon
in: Cybercrime,Data Breach,Government,Identity Theft,In The News,nationwide,Ransomware,Scams,Trending
Tags: alert, dallas, Data Breach, Hack, neiman marcus, security, snowflake
note: no comments

Dallas-based Neiman Marcus Group (NMG), a luxury department store chain that includes Bergdorf Goodman, recently learned that an unauthorized party gained access to a cloud database platform used by NMG that is provided by a third party named Snowflake. The company notified Maine’s Attorney General’s Office that the breach has impacted more than 64,000 customers. The company started mailing notification letters on June 24th. This is not the first cybersecurity incident for Neiman Marcus. Previous breaches are known to have occurred in 2013, 2015 and 2020 for the high-end retailer.

NMG disclosed the incident just as a hacker announced the sale of the database. According to SecurityWeek, although a ransom was demanded, the retailer refused to pay. SecurityWeek also reported that the database sold for $150,000 and allegedly includes information on 180 million users which is far more than the 64,000+ NMG reported. The hacker is now advertising 70 million transactions, 50 million customer email addresses, 12 million gift card numbers and six billion rows of customer shopping records, employee data and store information.

Campaigns have targeted at least 165 organizations associated with Snowflake cloud storage systems, such as Advance Auto Parts, Allstate, Anheuser-Busch, Mitsubishi, Progressive, State Farm and Ticketmaster. We expect to see a heightened volume of cybersecurity incidents surrounding Snowflake and will notify you as soon as we hear any further news. Learn More

Gamers Hit with Social Engineering Attack

07 July 2024
by: Catherine Lennon
in: baiting,Cybercrime,Dark Web,Data Breach,Email Scams,gaming,honeytrap,Identity Theft,Identity Theft Protection,Imposter Scam,In The News,Online Safety,Phishing Scam,pretexting,Scams,tailgating,Trending,Uncategorized,Website Safety
Tags: baiting, Cybersecurity, Fraud Prevention, gaming, honeytrap, Identity Theft, identity theft protection, in the news, Online Safety, phishing, Scams, Tips
note: no comments

Our security teams have recently discovered that Shadow.tech, a cloud computing service developed by the French company Blade and later acquired by OBHcloud founder Octave Klaba in 2021 has been breached. Its technology is based on Window 10 server executing video games or other Windows software applications remotely. The breach origin date is October, 2023 and involves the data of 545,013 account users including their email addresses, full names, physical addresses and birth dates.

The public acknowledgement of the company states that they were a victim of a social engineering attack targeting one of their employees. Shadow.tech CEO said, “This highly sophisticated attack began on the Discord platform with the downloading of malware under cover of a game on the Steam platform, proposed by an acquaintance of an employee, himself, a victim of the same attack.” Learn More

If the term ‘social engineering attack’ is new to you … you are not alone.

Social engineering is a type of cyberattack that uses psychology to obtain personal identifying information (PII). It is impossible to prevent. This type of attack is a huge threat to cybersecurity because it begins on a very personal level with each victim. It invokes fear. It invokes urgency. If the device is being used for gaming and is part of a corporate network, login credentials can be compromised and harming of the network can occur.

Social engineering attacks can include many different formats: whaling, honeytrapping, tailgating … If you or a family member are into the gaming industry specifically, these are four social engineering attacks you need to be on the lookout for:

– Phishing: fraud, impersonation and old-fashioned blackmail.

– Baiting: fraudsters use fake websites, such as for not legit gaming add-ons and so-called “freebies.”

– Pretexting: this is a newer term and format. It includes a fabricated identity (or situation) where a victim may need to divulge PII. Example types of of impersonation could be a talent agency, a law enforcement officer, a major sweepstakes company.

– Spear Phishing: this is a very targeted email attack on specific employees (or sometimes organizations as a whole).

Tips:

– Only click on URLs that begin with https.

– Enable multi-factor authentication when available.

– Use a spam filter.

– Use a pop-up blocker.

– Do your research and check if a website or contact is legit.

– Never insert a USB into your device unless you know and trust exactly who it is from.

– If a request comes in and is marked URGENT, that is a red flag that it could be a scam.

Learning and following best cybersecurity practices are essential to safeguarding your PII. Guard Well Identity Theft Solutions exists to provide you, your family and your employees from the damages of identity theft. Please don’t hesitate to reach out if you need help or have any questions or concerns. We are available for you 24/7/365 at 888.966.4827 (GUARD) and [email protected].

Image courtesy credit: bermix-studio-wJ7atxTNeQE via unsplash.com