Latest security breaches
America’s second largest insurance company Prudential Financial has reported a security breach that leaked corporate and user data. In an 8-K regulatory filing with the US Securities and Exchange Commission (SEC), Prudential said it detected the cyber incident on February 5, 2024a day after the threat actor gained access to certain internal systems.
A Chinese-backed threat group is stealing biometric data from bank clients so it can mimic them and illegally access their bank accounts. Group-IB, which unveiled the research, claims that it’s the first attack of this kind to use deepfakes. GoldPickaxe, believed to be an offshoot of Chinese-speaking threat group GoldFactory, is described as as “a previously unknown iOS trojan capable of collecting identity documents, facial recognition data, and intercepting SMS.”
Advania, a Nordic information technology provider serving the public and private sectors, has suffered a cybersecurity incident affecting at least 60 of its customers in Sweden.
About 57,000 Bank of America customers are being warned that their personal information may have been exposed during a November cyberattack on bank service provider Infosys McCamish Systems. The data breach, attributed to the LockBit ransomware group, occurred on Infosys McCamish’s system on November 3 and was reported to Bank of America on November 24. However, consumers whose data may have been compromised were not notified of the security failure until February 1, or about 90 days after the breach was discovered, potentially violating state notification laws.
A Verizon insider data breach has impacted employee data of 63,206 employees, the company has disclosed in a regulatory filing.
Around 37 million T-Mobile customers recently had their personal information compromised in the company’s second major hack in less than two years. Hackers were additionally able to see customers’ emails, phone numbers and details about their plans, including account numbers, T-Mobile said in a regulatory filing.