The Rundown Aug 20

Aug 20, 2024
David Harris
u-haul settlement
us citizen data leak
adt security breach
netflix data breach
google drawings phishing
ransoms for breaches
The Rundown Aug 20

U-Haul $5 Million Data Breach Settlement

U-Haul customers can now claim a share of a multi-million dollar settlement following two data breaches at the company.

If you’ve used U-Haul’s services to move or store your belongings in recent years, you might be eligible to receive part of a $5 million payout. This comes after the company agreed to settle a class-action lawsuit resulting from data breaches that occurred in 2022 and 2023, which may have impacted you if you were a customer during that time.

The lawsuit, Anderson, et al. v. U-Haul International Incorporated, alleges that the breaches compromised customer information, including names and driver’s license numbers. Although U-Haul denies any wrongdoing, the company has agreed to pay over $5 million to affected customers. The most recent breach in 2023 is estimated to have affected around 67,000 customers in the U.S. and Canada. The 2022 breach allowed unauthorized access to sensitive data for five months.

To be eligible for a share of the settlement, you must:

  • Be a California resident

  • Have had personal information compromised due to the 2022 or 2023 data breaches

If eligible, you can file a claim through the official settlement website, where you might need your settlement ID, received via email or postcard. If you don’t have an ID, contact the settlement administration team through the site. Those who do not wish to participate must opt out by September 16, 2024. The expected payout is around $100, varying by claimant. Claims must be submitted by October 15, 2024, and the final court hearing is scheduled for October 23, 2024. Payments are expected to be distributed after this date if no objections are raised.

T-Mobile Settles for $60 Million Over Data Breach Allegations Linked to Sprint Merger

T-Mobile has agreed to pay $60 million to settle allegations that it failed to disclose and address unauthorized access to internal data following its 2020 merger with Sprint. This marks the largest fine ever imposed by the Committee on Foreign Investment in the U.S. (CFIUS).

The Wall Street Journal reported that T-Mobile’s failure to disclose the data breach violated a national security agreement tied to its $26 billion merger with Sprint, delaying CFIUS’s efforts to address potential risks. A T-Mobile spokesperson cited technical issues during the integration with Sprint that affected data sharing with the law enforcement.

Typically, CFIUS does not name companies involved in such disputes, making this settlement with T-Mobile unusual.

T-Mobile has faced data issues before, including a 2023 hack that compromised the personal data of 37 million customers and a 2022 settlement of $350 million for previous breaches affecting 76 million customers.

Millions of Social Security Numbers Leaked

Nearly 2.7 billion records of U.S. residents, including names, social security numbers, and all known addresses, were leaked on a hacking forum. The data includes 272 Million unique social security numbers and 137 Million unique email addresses. The data also includes 70 Million rows of data from the database of criminal records. The data pertains to people born before 2002 and the average age of a person in this data breach is 70 years old. Many of the people in the leaked database are deceased.

In April, a threat actor named USDoD claimed to be selling 2.9 billion records stolen from National Public Data, affecting individuals in the U.S., U.K., and Canada. Initially, the data was offered for $3.5 million, claiming to include records for every individual in those countries.

The stolen data originates from National Public Data, a company that compiles personal information for background checks, criminal records, and private investigations. National Public Data is believed to collect this information from public sources.

This data breach has led to multiple class-action lawsuits against Jerico Pictures, the company believed to operate as National Public Data, for failing to adequately protect personal information. All of this could have been avoided if the company conducted periodic penetration tests.

ADT Security Breach Exposes Customer Data

ADT, a security company, revealed in an SEC filing that hackers accessed “some limited customer information,” including email addresses, phone numbers, and postal addresses. The breach occurred after hackers accessed certain databases containing ADT customer order information.

A seller on a cybercrime forum claimed last week to have obtained over 30,000 ADT customer records. ADT believes that only a “small percentage” of its six million customers were affected and has notified those impacted. The company insists that home security systems, credit card data, and banking information were not compromised.

Netflix is Leaking Unreleased Shows

Netflix is dealing with a significant data breach that has resulted in the online leak of numerous unreleased shows and movies.

Over the past two days, Netflix has been working to address the massive security breach that has impacted several anticipated projects, including the critically acclaimed shows "Arcane" and "Heartstopper." There are unconfirmed reports that "Stranger Things" has also been affected.

Netflix revealed that the breach was caused by a targeted attack on one of its post-production partners. The company is aggressively pursuing those responsible and working to remove the leaked material from the internet.

"Heartstopper" season 3 and "Arcane" season 2 are among the most affected, with full but unfinished episodes circulating online. The leaked episodes are marked with “for internal use” and “property of Netflix” watermarks and lack completed visual and sound effects. This breach is a major setback for Netflix, especially for the teams who worked on these projects.

Phishing Scam Exploits Google Drawings and WhatsApp Links

Cybersecurity researchers have uncovered a new phishing campaign that uses Google Drawings and WhatsApp shortened links to bypass detection and trick users into providing sensitive information.

The phishing attack begins with an email directing recipients to what appears to be an Amazon account verification link. However, the graphic, hosted on Google Drawings, is designed to evade detection. The attackers used well-known websites like Google and WhatsApp to host parts of the attack and an Amazon look-alike site to harvest victims’ information, exemplifying a Living Off Trusted Sites (LoTS) threat.

Why Some Companies Pay Ransoms After Data Breaches

Some companies are increasingly opting to pay ransom demands following data breaches, despite advice from authorities against doing so.

As cybercriminals continue to target organizations holding personal information, some companies find it necessary to consider ransom payments. Mark Lance from GuidePoint Security explains that certain circumstances, such as the loss of access to critical data, might compel companies to pay a ransom. His firm’s report indicates nearly 2,200 ransomware attacks on businesses nationwide this year.

Although paying ransoms is generally discouraged, large organizations sometimes comply to recover encrypted data or minimize damage. However, the FBI advises against paying ransoms, as there’s no guarantee that data will be restored, and ransom payments feed the ransomware problem to grow bigger.

Ransomware victims have paid $459,800,000 to cybercriminals in the first half of 2024, a new record this year if ransom payments continue at this level.

Last year, ransomware payments reached a record $1.1 billion

We now stand at approximately 2% higher than 2023's record-breaking trajectory from the same period despite significant law enforcement operations that disrupted large ransomware-as-a-service operations, such as LockBit.

2024 has seen the largest ransomware payment ever recorded at approximately $75 million to the Dark Angels ransomware group.

It is unclear who paid the massive $75 million ransom payment, but it was allegedly made by a company in the Fortune 50 for an attack in early 2024.

A clear indicator that ransomware actors target bigger organizations is a significant increase in the median ransom payment, which moved from under $199,000 in early 2023 to $1,500,000 in June 2024.

In terms of how many victims yield to the threat actors' blackmail and choose to pay the ransom in exchange for a decryptor and a promise not to leak stolen data, the positive trend continues, with fewer organizations succumbing to the extortion.

The Rundown Nov 17
11/17/2024
David S. Harris
The Rundown Oct 25
10-25-2024
David S Harris
The Rundown Oct 11
October 11, 2024
David Harris
The Spider's Web: Unraveling the MGM Grand Cyber Assault and Safeguarding the Future
The Spider's Web: Unraveling the MGM Grand Cyber Assault and Safeguarding the Future
Oct 10, 2023
James McGill
Zacks Data Breach: What We Know So Far
Zacks Data Breach: What We Know So Far
August 3, 2023
James McGill
Razer Data Breach: What We Know So Far
Razer Data Breach: What We Know So Far
August 2, 2023
James McGill