Cyber attacks and data breaches in review: December 2020

Much like the rest of 2020, the final month of the year had a familiarly bleak tone, as we recorded our highest ever number of cyber attacks and data breaches.

We found 134 security incidents in total in December, which accounted for 148,354,955 breached records.

As always, we look at some of the most notable incidents affecting European organisations in this blog.

And, in case you missed it, you can check out our cyber security review of 2020:

Millions of Ho Mobile customers’ data was stolen in cyber attack

The Italian phone service provider Ho Mobile suffered a security incident last month that affected more than 2.5 million customers.

Bank Security reported that the breached information, which includes dates of birth, phone numbers, physical addresses and email addresses, was being sold on the dark web, putting customers at risk of sophisticated attacks.

One of the biggest dangers is SIM swapping, which can be used for a variety of attacks, including financial theft.

Once attackers have certain details about a victims’ phone account, they can effectively take control of their phone number.

This enables them to bypass phone-based two-factor authentication security, potentially giving them access to users’ most heavily protected accounts, such as online banking.

Ho Phone, which is owned by Vodafone, initially refuted claims that it had been hacked, but later confirmed that it had been breached.

In a statement, the organisation said that “some data of part of the customer base have [sic] been illegally stolen with reference only to the personal and technical data of the SIM”.

It added that no data relating to text messages or web activities had been compromised, nor had customers’ financial information.

However, unless customers are quick to adjust their two-factor authentication settings on related accounts, criminals may be able to access sensitive information.

Anyone who thinks they might have been affected should review their bank accounts and, where possible, set up a different authentication method to log in to online banking.

European Court of Human Rights suffers cyber attack

The European Court of Human Rights was targeted by cyber criminals last month, after it published a ruling regarding the fate of an incarcerated Turkish political leader.

Bloomberg reported that the attackers knocked the Court’s website offline on 22 December for approximately 16 hours.

In a statement, the Court wrote:

Following the delivery of the Selahattin Demirtas v. Turkey (no. 2) judgment on 22 December, the website of the European Court of Human Rights was the subject of a large-scale cyberattack which has made it temporarily inaccessible.

The Court strongly deplores this serious incident. The competent services are currently making every effort to remedy the situation as soon as possible.

The incident was likely politically motivated, given that it came shortly after the Court published its ruling demanding that Turkey release Selahattin Demirtaş, the former leader of the pro-Kurdish Peoples’ Democratic Party.

Demirtaş had been arrested after helping the party win enough seats to end the parliamentary majority of Recep Tayyip Erdoğan’s Justice and Development Party in the 2015 general election.

He was indicted on terrorism-related offenses, and subsequently jailed after parliamentary immunity for politicians was revoked in Turkey.

The Court found that the detention of Demirtaş goes against “the very core of the concept of a democratic society”.

The criminal hacking group Anka Neferler Timi (The Turkish Hacker Team) claimed responsibility for the attack in a Twitter post.

Stay up to date with cyber security news

Are you looking for regular updates on the latest cyber attacks and data breaches?

Subscribe to our Weekly Round-up to learn what’s happening in the cyber security industry and receive tips on the steps you should take to protect your organisation.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.