Cyber attacks and data breaches in review: June 2021

According to our figures, there were at least 7.8 million publicly disclosed data breaches and cyber attacks in June 2021.

You can find the full list of incidents on our sister site, but as always, we delve into some of the notable incidents affecting European organisations here.

Two pizzerias come under attack

The pizzeria business isn’t a renowned target for cyber criminals, but two different restaurants came under attack in June.

New York Pizza, one of the Netherlands’ largest pizza restaurants, was the first to fall victim, after a crook exploited a bug in its systems and stole 3.9 million people’s personal data – a figure that represents almost a quarter of the Netherlands’ population.

The information included users’ names, delivery and email addresses, telephone numbers, hashed passwords and, in some cases, dates of birth.

The organisation, which is currently in the process of expanding its franchise to neighbouring Belgium, said it worked with the cyber security firm Fox-IT to investigate and address the incident.

Days later, the Irish restaurant Apache Pizza confirmed that it had suffered a data breach affecting customers’ names, addresses, contact details and encrypted passwords.

The incident sparked concerns that the attackers would use the stolen information to target customers directly – either brute-forcing their way into other accounts or sending phishing emails.

Those with an Apache Pizza account have been told to change their password, and should consider changing the password of any other account in which they use the same login credentials.

Although that will mitigate the threat of further breaches, it won’t cancel any damage that has already occurred.

That’s why it’s essential for individuals to avoid mistakes that could allow cyber criminals to leverage data breaches, such as reusing the same password on multiple accounts.

Meanwhile, the incidents demonstrate that all organisations, even restaurants, are at risk of data breaches.


Website of online retailer Pearl taken offline in cyber attack

On 5 June 2021, the IT systems of Pearl GmbH came under attack. The organisation didn’t confirm how the incident occurred, but according to a notice on its website, it may have been the result of a DDoS (distributed denial-of-service) attack.

Databreaches.net captured a screenshot while the website was still down.

The message, translated, reads: “Our PEARL webshop is designed for several thousand visitors at the same time. At peak times, however, it can happen that access is temporarily not possible due to overload.

“This information page also appears if our web servers are overloaded by DDoS attacks or another web server problem has occurred. We are working flat out on a solution.”

This attack has the hallmarks of a DDoS attack, which occurs when a malicious actor overloads a site with traffic until it is unable to be processed.

However, Pearl’s subsequent comments suggest that the attackers didn’t simply flood the site with traffic but were able to access the organisation’s servers and virtual machines.

“Our IT experts immediately blocked all access as a precautionary measure, disconnected network access and shut down servers and systems to prevent further damage,” a spokesperson said.

The company’s online store was also taken offline as a precautionary measure.

Volkswagen says a vendor’s security lapse exposed drivers’ details

The car manufacturer Volkswagen confirmed last month that 3.3 million customers had their personal data exposed after a security error at one of its vendors.

In a statement, the organisation said that information used for sales and marketing purposes was left in an unsecured database, making it publicly available to anyone who found it.

It contained customers’ names, postal and email addresses and phone numbers. Some records also included information about customers’ loan eligibility, their driver’s licence numbers, dates of birth and Social Security numbers.

Volkswagen didn’t name the vendor, but confirmed that the appropriate law enforcement bodies and regulators had been made aware of the incident.

It added that it was working with external cyber security experts and the vendor to assess and respond to the situation.

Do you have a plan for disaster

If you find yourself facing a cyber security disaster, IT Governance is here to help. Our Cyber Incident Response service provides the help you need to deal with the threat, as our experts guide you through the recovery process.

They’ll review the breach, mitigate the damage and ensure that you are up and running again as soon as possible.

No Responses

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.