Information of 8.2 million Cash App users was released by a former employee who accessed customer financial reports as an act of revenge against the company after their termination. A class action lawsuit was filed against the mobile payments company over “negligent” behavior. Read more about the Cash App attack.
Mailchimp confirmed a data breach after malicious actors accessed an internal company tool used by the company’s customer support and account administration teams. After a successful social engineering attack, the hackers exported audience data, targeting customers in the cryptocurrency and finance sectors. Learn how hackers breached Mailchimp.
Microsoft confirmed that it was breached hours after LAPSUS$, a cyber extortion group, published a torrent file containing Bing, Bing Maps, and Cortana source code. Read how LAPSUS$ stole Microsoft source code.
GiveSendGo was breached by politically motivated threat actors that released the personal information of 92,000 donors to the Freedom Convoy, an activist group of truck haulers based in Canada that protested COVID restrictions. The fundraising site was then redirected to another site that condemned the truckers — a case of a DDoS attack. Read more about the GiveSendGo attack.
News Corporation (News Corp)
Mass media and publishing giant News Corporation (News Corp) reported that it was the target of a persistent cyberattack that allowed an unauthorized third party to access personnel and journalists’ emails and business documents, which contained personal information. See how the WSJ and NY Post were attacked.
Oittaking and Mabanaft Group
German oil companies Oittaking and Mabanaft Group endured a cyberattack that threatened the gas supply of nearly 2,000 German Shell stations alone. Oittaking declared force majeure, which excuses the company from meeting contractual obligations in an extraordinary event that is beyond its control, for most of its supply activities. Read how Oittaking and Mabanaft Group operations were disrupted.
Okta experienced a breach by LAPSUS$, a cyber extortion group, which chose to publish a screenshot that establishes their alleged access. LAPSUS$ accessed two active customer tenants in the Okta environment and had control for 25 consecutive minutes. See the details on the Okta breach.
Crypto.com admitted that hackers stole $36.45 million worth of cryptocurrency by bypassing its 2FA system. This incident led to the introduction of the company’s Worldwide Account Protection Program (WAPP) that would reimburse “qualifying users” in “select markets” with up to $250,000 after unauthorized withdrawals. Learn more about Crypto.com’s bitcoin and Ether heist.>
International Committee of the Red Cross
The International Committee of the Red Cross (ICRC) experienced a breach that resulted in the data of more than 515,000 vulnerable people being compromised. The attack was highly targeted, using a piece of code that had been written purely to be executed on the ICRC’s servers. Read more on the Red Cross cyber attack.
Online appointment company FlexBooker discovered a second data breach originating from its AWS account that exposed personal files belonging to 3.7 million users, which were distributed to the dark web. Get the details on Flexbooker’s data compromise.