From time to time (more often, than not) data breaches are disclosed regarding widely used or well-known products, platforms, and organizations. Individually, each notice may seem less significant to report on in the sea of cyber threats and vulnerabilities, but nonetheless may be important for general awareness. Some data breaches may be associated with or an update to a prior cyber attack notification, such as data that was discovered/confirmed stolen after a ransomware attack.
The importance of being aware of such data breaches is largely for organizations and individuals to be extra vigilant regarding follow-on activity like phishing attacks, identity theft, and/or additional data leakage, especially for those using the product or platform, or otherwise conducting business with the compromised entity. Members are encouraged to review the referenced links for more details.
Going forward, WaterISAC will endeavor to capture notable data breaches and include them along with a brief synopsis in this digest. This list is not meant to be inclusive/comprehensive, but is intended to provide a high-level of awareness for impacts to products, platforms, and organizations that you may utilize or are utilized by your staff. Likewise, if you feel we’ve missed a notable data breach, please reach out to us at [email protected] to have it added to the list.
Individuals are encouraged to consider reviewing Troy Hunt’s Have I Been Pwned (HIBP) tool to check if personal or business emails or phone numbers have been included in a data breach.
About HIBP: Have I Been Pwned was created by Troy Hunt as a free resource for anyone to quickly assess if they may have been put at risk due to an online account having been compromised or “pwned” in a data breach. Review the FAQs for more about HIBP, including how data is captured and stored.
DISCLAIMER
While HIBP is an extremely credible tool, the resource is being provided “as is” for informational purposes only. WaterISAC does not endorse or imply endorsement, recommendation, or favoring of any open source tools or resources unless otherwise explicitly stated.
January 5, 2023
- Wabtec – Rail giant Wabtec discloses data breach after Lockbit ransomware attack. U.S. rail and locomotive company Wabtec Corporation has disclosed a data breach that exposed personal and sensitive information.
- Slack – Slack Says Hackers Stole Private Source Code Repositories. Enterprise communication and collaboration platform Slack has informed customers that hackers have stolen some of its private source code repositories, but claims impact is limited.
- Twitter – 200 million Twitter users' email addresses allegedly leaked online. A data leak described as containing email addresses for over 200 million Twitter users has been published on a popular hacker forum for about $2.
- CircleCI – CircleCI warns of security breach — rotate your secrets! CircleCI, a software development service has disclosed a security incident and is urging users to rotate their secrets.
- Five Guys – Burger Chain Five Guys Discloses Data Breach Impacting Job Applicants. US burger chain Five Guys has disclosed a data breach impacting job applicants, and the company may be facing a lawsuit over the cybersecurity incident.
- Deezer – Data of over 200 million Deezer users stolen, leaks on hacking forum. Music-streaming service Deezer has owned up to a data breach, after hackers managed to steal the data of over 200 million of its users.
