[Security News] Data Leaks from Twilio and Prudential Financial as well as 2 Third-Party Data breaches; Patelco and HealthEquity

Security weekly, security news, Penta Security, Cloudbric, Twilio, Prudential Financial, Patelco, HealthEquity, 3rd party data breaches

July 10, 2024

 

1. Twilio Confirms Data Breach After Hackers Leak 33M Authy User Phone Numbers

Twilio has confirmed that an unsecured API endpoint allowed threat actors to verify the phone numbers of millions of Authy multi-factor authentication users, potentially making them vulnerable to SMS phishing and SIM swapping attacks and the notorious ShinyHunters hackers announced on the relaunched BreachForums website in late June that they were leaking 33 million random phone numbers associated with Twilio’s two-factor authentication(2FA) app Authy. This Data breach may have taken a rather unfortunate extra turn after new reports claim the hackers can single out Authy users from the archives. Knowing which phone numbers are used for Authy opens up new ways for hackers to conduct phishing attacks and bypass their victims’ MFA.

Source : Security Week, Tech Radar, Bleeping Computer, The Hacker News

 

2. Prudential Financial now says 2.5 million impacted by data breach

Prudential Financial has revealed that over 2.5 million people had their personal information compromised in early February data breach by ALPHV (AKA BlackCat). Initially told the SEC that the attack resulted in some customer data being accessed, as well as “a small percentage of company user accounts associated with employees and contractors” and in March, revealed in a filing with the Maine Attorney General’s Office that it notified over 36,000 people whose personal information (including names, driver’s license numbers, and non-driver identification card numbers) was stolen during the breach. However, last week, the company updated the information shared with the Maine Attorney General’s Office regarding the February data breach and now says that the incident impacted 2,556,210 people.

Sources: Bleeping Computer, Tech Radar, Security Affairs, Cyber Security News

 

3. Patelco shuts down banking systems following ransomware attack

Patelco Credit Union has disclosed it experienced a ransomware attack that led to the proactive shutdown of several of its customer-facing banking systems to contain the incident’s impact, hindering banking service access to nearly 500,000 individuals. Patelco engaged with third-party cybersecurity experts to investigate the incident and accelerate the recovery, but no date for return to normal operations has been given yet. The source of the ransomware attack has not been identified and there was no information on whether the personal information of Patelco customers was at risk.

Source : Security Affairs, Bleeping Computer, SC Media, CBS News

 

4. HealthEquity data breach exposes protected health information

HealthEquity has disclosed having some of its members’ personally identifiable data and protected health information exfiltrated following the breach of an account belonging to a third-party business partner earlier this year. The Company says it detected the compromise after detecting ‘anomalous behavior’ from a partner’s personal device and launched an investigation into the incident. The investigation concluded that the Partner’s user account had been compromised by an unauthorized third party, who used that account to access information, and some information was subsequently transferred off the Partner’s systems.

Sources: Tech Radar, Bleeping Computer, Security Affairs, SC Media, The Cyber Express

 

 

Check out Penta Security’s product lines:

Web Application Firewall: WAPPLES

Database Encryption: D’Amo

Identity and Access Management: iSIGN+ 

Car, Energy, Factory, City Solutions: Penta IoT Security

Click here for inquiries regarding the partner system of Penta Security

Check out the product lines of  Cloudbric by Penta Security:

Cloud-based Fully Managed WAAP: Cloudbric WAF+

Agent based Zero Trust Network Access Solution: Cloudbric PAS

Agentless Zero Trust Network Access Solution: Cloudbric RAS

Blockchain: Blockchain Security Solution

Click here for inquiries regarding the partner system of Cloudbric