We might call it the week of the breaches – a handful of well-known brands admitted to being hacked, leaving tens of millions of customers exposed.
Here's this week's recap – a brief summary of hacks observed by Cybernews starting January 16.
US wireless carrier T-Mobile said it was investigating a breach involving the accounts of 37 million of its cell phone users. Only basic information, such as customer names, billing addresses, emails, and phone numbers were compromised during the incident, the company said.
T-Mobile has suffered nearly half a dozen large-scale attacks within the past few years, and this one is also expected to cost the company millions.
A 2021 attack affecting over 76 million customers eventually cost the company roughly half a million dollars between security upgrades, government fines, and legal fees.
Cyberattack forces restaurant closures
Yum, the owner of the Pizza Hut chain, KFC, and Taco Bell, was forced to close around 300 restaurants following a cyber incident. The company didn’t specify which restaurants were affected.
The company said a ransomware attack impacted certain IT systems, forcing restaurants to close. They are now operational.
Hackers accessed thousands of PayPal accounts during a credential-stuffing attack in December 2022.
“Earlier in December, our security team identified and resolved a data incident that affected a small number of PayPal customer accounts. PayPal’s payment systems were not impacted, and no financial information was accessed. We have contacted affected customers directly to provide guidance on this matter to help them further protect their information,” PayPal told Cybernews.
An unauthorized third party was able to view and potentially acquire some personal information.
Affected accounts had their passwords automatically reset by the company.
PayPal urged customers to change the passwords for any account using the same login credentials as their PayPal account and, most importantly, to enable 2-step verification.
Nissan exposes client data
Nissan disclosed a data breach that affected close to 18k of the company’s clients. User data leaked via a third-party vendor that provided software development services to the automaker.
According to the company, the leaked data included the company’s users’ names, dates of birth, and Nissan Motor Acceptance Company (NMAC) number.
Even though Nissan first learned about the breach in late June, the company only disclosed the breach on January 16, 2023, almost six months later.
Nissan’s sluggish behavior mimics other companies lagging to inform people somebody has stolen their data.
Email marketing company MailChimp said it had suffered another breach after attackers conducted a social engineering attack on the firm’s employees and contractors.
It’s the second time in six months the company was raided.
MailChimp said in a statement that hackers accessed an internal support and account administration tool, and this allowed the attackers to access the data of at least 133 customers.
MailChimp had already suffered a security breach that compromised more than 200 accounts back in August 2022. The attack targeted the firm’s customers in the cryptocurrency industry.
Subscribe to our newsletter