Cyber attacks and data breaches in review: December 2019

In some respects, 2019 ended on a positive note, with a comparatively low 486,720 breached records.

That’s about a third of the monthly average, and ensures that the year accounted for only 12.7 billion breached records.

Over the next few weeks, we’ll analyse the information we’ve tracked throughout 2019 and produce an infographic summarising the year’s figures.

In the meantime, here are three notable incidents from December affecting European organisations. 

 

More than 460,000 Turks’ card details put up for sale on the dark web

Christmas came early for a group of cyber criminals who got their hands on a stash of Turkish residents’ payment card details. 

463,378 records were put up for sale on Joker’s Stash, the dark web’s largest payment card marketplace. 

Security researchers at Group-IB noted that card details from Turkey are a rarity on the dark web and should net the criminal hackers more than $500,000 (about €450,000). 

The dump includes both credit and debit cards from various banks, which suggests that the data came from a source that handles payments. 

However, the fact that the compromised data contained email and phone numbers means that it couldn’t have come from the usual suspects – skimming devices on ATMs and PoS (point-of-sale) systems. 

Dmitry Shestakovhead of Group-IBсyber crime research unitbelieves that the breach originated from a phishing scam, malware or a JavaScript-based skimmer that stole the data as users entered it on a hacked online store. 

 

Allianz Partners loses strongbox containing sensitive information

Insurance company Allianz Partners recently disclosed that someone stole a strongbox containing sensitive customer information of 160,000 Belgian customers. 

The strongbox housed data on 160,000 Belgian customers who had filed claims related to disasters or breakdowns under their assistance contracts or travel insurance. 

The breach relates to the theft of a strongbox in August that was initially thought to have affected 250,000 customers. However, an audit has revealed that an additional batch of information was compromised. 

Allianz Partners says the box was kept in a secure location outside the company’s premisesyet someone was able to steal it. 

Physical theft is often the result of employees either forgetting to follow protocol, leaving the information exposed, or misappropriating the information for their own use. For example, they might use personal details to commit fraud or sell the data on the dark web. 

 

Dutch politician faces jail for hacking iCloud and leaking nudes

Prosecutors in the Netherlands have requested a three-year prison sentence for a local politician who hacked into the iCloud account of more than 100 women and leaked sexually explicit pictures and videos of them. 

Mitchel van der Krogt targeted acquaintances as well as celebrities, such as hockey player Fatima Moreira de Melo. 

His actions are thought to be part of 2014’s Celebgate, in which private content of almost 500 celebrities were leaked by criminal hackers. 

Many of the attackers were identified and charged by the FBI. Meanwhile, van der Krogt was tracked by Dutch law enforcement, which was investigating the leak of images belonging to YouTuber Laura Ponticorvo. 

He admitted that he’d leaked her images but claimed that other criminal hackers forced him to carry out the attack, threatening to release personal data from his accounts if he didn’t. 

Prosecutors didn’t believe his explanation. They pointed to the fact that half of the victims were his personal acquaintances, and it would be extremely unlikely that another group of criminal hackers wanted him to leak their information. 


Subscribe to our weekly newsletter

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.