[Security News] Data breach targeting companies handling user information
June 19, 2024
1. Keytronic confirms data breach after ransomware gang leaks stolen files
PCBA manufacturing giant Keytronic is warning it suffered a data breach after the Black Basta ransomware gang leaked 530GB of the company’s stolen data two weeks ago. Last month, Keytronic disclosed in an SEC filing that it had suffered a cyberattack on May 6 that disrupted its operations, limiting access to business applications that supported corporate activities. The threat actors claim that human resources, finance, engineering, and corporate data were stolen in the attack, sharing screenshots of employees’ passports and social security cards, customer presentations, and corporate documents.
Source : Bleeping Computer, Tech radar, SC Media
2. Kulicke and Soffa admit data breach from LockBit attack
Kulicke and Soffa Industries, Inc. (K&S), a leading semiconductor packaging and electronic assembly solutions provider, has disclosed a data breach that has compromised approximately 12 million files. Initially detected on May 12, 2024, the breach raised concerns about the security of sensitive information, including source code, engineering data, business partner information, and personally identifiable information (PII). On the day of the breach, K&S’s cybersecurity team swiftly took action to contain and isolate the affected servers in collaboration with top-tier third-party cybersecurity experts. The company highlighted potential disruptions, breaches, or failures in its IT systems and network infrastructures that could impact future results.
Source : SC Media, Cyber Security News, Cyber News
3. Life360 Targeted in Extortion Attempt, Customer Data Exposed
Life360 Inc has recently disclosed that it was the victim of a criminal extortion attempt involving stolen customer data. Life360 revealed that an attacker breached a Tile customer support platform and gained access to names, addresses, email addresses, phone numbers, and device identification numbers. No additional details regarding the means of compromise or the extent of the incident were provided by Life360. However, the attackers reportedly accessed a Tile system using compromised login credentials for an administrator account.
Sources: Bleeping Computer, SC Media, Security Week, The Cyber Express
4. 23andMe data breach under investigation in UK and Canada
Privacy authorities in Canada and the United Kingdom have launched a joint investigation to assess the scope of sensitive customer information exposed in last year’s 23andMe data breach. The attackers used credentials stolen from other data breaches or compromised online platforms to breach 23andMe accounts. The company disclosed in data breach notification letters sent to impacted individuals that some stolen data was posted on the BreachForums hacking forum and the unofficial 23andMe subreddit. The leaked information included the data of 4.1 million people living in the United Kingdom and 1 million Ashkenazi Jews.
Sources: Bleeping Computer, SKY News, Global News
Check out Penta Security’s product lines:
Web Application Firewall: WAPPLES
Database Encryption: D’Amo
Identity and Access Management: iSIGN+
Car, Energy, Factory, City Solutions: Penta IoT Security
Click here for inquiries regarding the partner system of Penta Security
Check out the product lines of Cloudbric by Penta Security:
Cloud-based Fully Managed WAAP: Cloudbric WAF+
Agent based Zero Trust Network Access Solution: Cloudbric PAS
Agentless Zero Trust Network Access Solution: Cloudbric RAS
Blockchain: Blockchain Security Solution
Click here for inquiries regarding the partner system of Cloudbric