Morgan Stanley Agrees to $6.5 Million Settlement with Six States Over Data Breach
Global financial services giant Morgan Stanley has reached a settlement of $6.5 million with six North American states for its failure to safeguard customer data, resulting in a compromising data leak. Residents of New York, Connecticut, Florida, Indiana, Vermont, and New Jersey will receive compensation in the form of benefits due to the company’s inability to prevent a data breach, which could have been averted with enhanced security measures.
In 2016, Morgan Stanley outsourced some of its work environment systems to a third-party vendor, which subsequently subcontracted the auction process to others. These subcontractors sold the systems without deleting customer data loaded onto them. In the following year, during the decommissioning process, the company overlooked an encryption flaw on 42 servers containing customer information, potentially allowing unauthorized access by third parties.
In both instances, the company’s failure to implement adequate data security measures resulted in information security breaches, leading to the leakage of customer information.
Samsung UK Notifies Customers of Data Breach
Samsung Electronics is alerting its customers to a data breach that may have exposed personal data to unauthorized parties. The breach encompasses individuals who purchased electronics from various UK stores between July 2019 and June 2020. Samsung identified the breach in November, attributing it to a hacker infiltrating a computer network through a software vulnerability. The leaked information includes email addresses, postal codes, phone numbers, and names, with no financial details compromised.
Samsung clarified that this recent breach is unrelated to the March 2022 security incident, where the Lapsus$ Ransomware gang hacked into the Samsung network to steal sensitive information, including the source code of Samsung Galaxy smartphones.
Booking.com Falls Victim to Phishing Attack
Amsterdam-based company Booking.com has fallen victim to a phishing attack, with cybercriminals breaching its servers. While specific details are still under investigation, the company has assured the public that no financial details were accessed by hackers. Booking.com leased out such services to a third party, and evidence suggests that the servers of the third party remained unaffected.
Russian GRU Hackers Target Denmark’s National Infrastructure
Russia’s GRU Intelligence-funded threat actors orchestrated the largest cyber-attack in Denmark’s history, targeting critical infrastructure. The Sandwork hacking group is suspected of taking down the infrastructure of approximately 22 Danish energy companies by exploiting a software flaw in the firewalls designed to defend against cyber threats. SektorCERT has released a statement on its website, affirming that the government is actively working to mitigate such risks from adversaries.