Week of breaches: PayPal, Nissan, and T-Mobile compromised


We might call it the week of the breaches – a handful of well-known brands admitted to being hacked, leaving tens of millions of customers exposed.

ADVERTISEMENT

Here's this week's recap – a brief summary of hacks observed by Cybernews starting January 16.

T-Mobile hack

US wireless carrier T-Mobile said it was investigating a breach involving the accounts of 37 million of its cell phone users. Only basic information, such as customer names, billing addresses, emails, and phone numbers were compromised during the incident, the company said.

T-Mobile has suffered nearly half a dozen large-scale attacks within the past few years, and this one is also expected to cost the company millions.

A 2021 attack affecting over 76 million customers eventually cost the company roughly half a million dollars between security upgrades, government fines, and legal fees.

ADVERTISEMENT

Cyberattack forces restaurant closures

Yum, the owner of the Pizza Hut chain, KFC, and Taco Bell, was forced to close around 300 restaurants following a cyber incident. The company didn’t specify which restaurants were affected.

The company said a ransomware attack impacted certain IT systems, forcing restaurants to close. They are now operational.

PayPal breach

Hackers accessed thousands of PayPal accounts during a credential-stuffing attack in December 2022.

ADVERTISEMENT

“Earlier in December, our security team identified and resolved a data incident that affected a small number of PayPal customer accounts. PayPal’s payment systems were not impacted, and no financial information was accessed. We have contacted affected customers directly to provide guidance on this matter to help them further protect their information,” PayPal told Cybernews.

An unauthorized third party was able to view and potentially acquire some personal information.

Affected accounts had their passwords automatically reset by the company.

PayPal urged customers to change the passwords for any account using the same login credentials as their PayPal account and, most importantly, to enable 2-step verification.

Nissan exposes client data

ADVERTISEMENT

Nissan disclosed a data breach that affected close to 18k of the company’s clients. User data leaked via a third-party vendor that provided software development services to the automaker.

According to the company, the leaked data included the company’s users’ names, dates of birth, and Nissan Motor Acceptance Company (NMAC) number.

Even though Nissan first learned about the breach in late June, the company only disclosed the breach on January 16, 2023, almost six months later.

Nissan’s sluggish behavior mimics other companies lagging to inform people somebody has stolen their data.

MailChimp hack

Email marketing company MailChimp said it had suffered another breach after attackers conducted a social engineering attack on the firm’s employees and contractors.

ADVERTISEMENT

It’s the second time in six months the company was raided.

MailChimp said in a statement that hackers accessed an internal support and account administration tool, and this allowed the attackers to access the data of at least 133 customers.

MailChimp had already suffered a security breach that compromised more than 200 accounts back in August 2022. The attack targeted the firm’s customers in the cryptocurrency industry.


Editor’s choice:

Netflix gets ready for account-sharing crackdown

Personal information of 9m+ people exposed in Indian HR data leak

EU’s plans to combat online child abuse pose risk to encryption – interview

Tech totalitarianism: are we close to the point of no return?

Despite Norton’s woes, passwords may not quite be done just yet

Pro-Russian hackers say they breached Samsung

Subscribe to our newsletter

ADVERTISEMENT