In October 2021, there were 94 publicly disclosed cyber security incidents, accounting for 51,248,331 breached records. Most of these breached records have come from a single cyber-attack, where an attacker hacked into Argentina’s government ID database, with every citizen of the country thought to be affected:
Argentina’s population data theft
A hacker has breached the Argentinian government’s IT network, and stolen ID card details for the country’s entire population – data that is now being sold in private circles. The incident took place last month but information about the breach has only just been released. Hackers targeted RENAPER – the Registro Nacional de las Personas, translated as National Registry of Persons – which is the key body inside the Argentinian Interior Ministry, where they issue national ID cards to everyone in Argentina.
The attack was first discovered on Twitter this month when a newly registered account named @AnibalLeaks published ID card photos and personal details for 44 Argentinian celebrities, including the country’s president Alberto Fernández, multiple journalists and political figures, and footballers Lionel Messi and Sergio Aguero. A day after the images and personal details were published on Twitter, the hacker also posted an ad on a well-known hacking forum, offering to look up the personal details of any Argentinian user.
Faced with a media fallout following the Twitter leaks, the Argentinian government confirmed a security breach three days later.
On the 13 October the Ministry of Interior said in a press release that its security team discovered that a VPN account assigned to the Ministry of Health was used to query the RENAPER database for 19 photos “in the exact moment in which they were published on the social network Twitter.” Officials added that “the [RENAPER] database did not suffer any data breach or leak,” and authorities are now currently investigating eight government employees about having a possible role in the leak.
However, contradicting the official statement, it is thought the hacker still has a copy of the data and plans to sell and leak it. They have proved this by providing personal details, including the highly sensitive Trámite number, of an Argentinian citizen of our choosing. According to a sample provided by the hacker online, the information they have access to right now includes full names, home addresses, birth dates, gender info, ID card issuance and expiration dates, labor identification codes, Trámite numbers, citizen numbers, and government photo IDs.
Argentina currently has an estimated population of more than 45 million. Although it’s unclear how many entries are in the database, the hacker claims to have it all. This is the second major security breach in the country’s history after the Gorra Leaks in 2017 and 2019 when hacktivists leaked the personal details of Argentinian politicians and police forces.
Sunderland University hit by cyber-attack
Sunderland University was hit by an “extensive IT disruption” which has “all the hallmarks of a cyber-attack” at the beginning of October. The telephone, website and IT systems all went down, but face-to-face teaching continued as far as it was possible. All online lectures due to operate through the University’s systems were cancelled. Ever since the incident the University has been working with the police and other agencies to find out what happened. “We take the security of our systems extremely seriously and will work to resolve the situation as quickly as possible,” a spokesperson said. Its website said it was undergoing “essential maintenance” as the incident was resolved.
The Telegraph Newspaper leaks subscriber data
At the beginning of the month The Telegraph leaked 10TB of subscriber data and server logs after leaving an Elasticsearch cluster unsecured for most of September, according to the researcher who found it online. Security researcher Bob Diachenko, said that the cluster had been freely accessible “without a password or any other authentication required to access it.” After sampling the database to determine its owner, he found 1,200 Telegraph subscribers’ personal details, along with a substantial quantity of internal server logs. “A significant portion of the records were unencrypted,” he said. Information leaked included the user-agent string and device type, while categories of personal data included subscribers’ first and last names, email addresses, subscriber status, IP addresses and device type and operating system.
A Telegraph spokesperson said “We are aware that there was a time limited exposure of technical data, the vast majority of which had no meaning. Within that data was a small amount of system login data – less than 0.1 per cent of our subscriber/registrant database. We take this matter extremely seriously and took quick action to resolve this issue and close down the exposure. We have been in touch with the small number of those who have been affected to update them.” Subscribers affected are being advised on the look out for targeted phishing and scams.
Unsecured Elasticsearch clusters are relatively common ways for personal or sensitive data to be exposed to the wider world.
Computer Glitch Disrupts Walkers Crisps Supplies
Supplies of Walkers crisps have been disrupted by an IT upgrade. Multipack items have been mainly affected from this issue, including Ready Salted, Quavers and Wotsits. These issues could go on for a few weeks. Several Walkers products are currently unavailable on the Tesco website and there are reports of empty shelves in some shops, due to this IT upgrade and glitch. A spokeswoman said the firm was “working round the clock” to increase the supply to stores across the UK. She added: “We are currently experiencing disruption to the supply of some of our Walkers snacks products, as a result of a recent IT system upgrade. We’re very sorry for the inconvenience.”
Hack Attempted on the Tesco Website and App
This incident occurred between the 23rd and the 25th October. Tesco’s website and app are now up and running again, following a service outage. The retail giant’s services had crashed after what Tesco said were attempts “to interfere with our systems”. It is believed to be an attempted hack on Tesco’s systems. Tesco initially said there was “an issue”, but in an update a day into the incident they said there had been deliberate disruption. The supermarket later confirmed on Twitter that its groceries website and app were back up and running, but it was temporarily using a “virtual waiting room” to manage the high volume of traffic.
According to Downdetector, which monitors website outages, shoppers began reporting issues early on Saturday morning (23rd October). The scale of the problem, and whether the issue was nationwide or only in certain areas, remained unclear the next day. Shoppers complained over the weekend about a lack of information, with many wanting to know how to cancel orders and whether they can get their money back.
Tesco has faced previous hacks. In 2014 about 2,000 customer accounts were deactivated amid fears login details were compromised, and there was also a cyber-attack on the supermarket’s bank branches. Big supermarket hacks are becoming more frequent.
Labour Relations Agency Apologises for Data Breach
Recently, the Labour Relations Agency in Northern Ireland shared email addresses and, in some cases the names, of more than 200 service users. They have now apologised. No other information was included in the incident. The agency deals confidentially with sensitive labour disputes between employees and employers. BBC Evening Extra has discovered when the Labour Relations Agency attempted to email 213 clients it made their email addresses visible to all the other recipients. All the clients had used the agency’s Early Conciliation programme.
The Labour Relations Agency has confirmed it is now preparing a report for the Information Commissioner’s Office. In a statement, the Labour Relations Agency said that on 19 October customers were invited by email to complete a customer satisfaction survey, but that “recipients of the survey should have been blind copied and we apologise unreservedly that on this occasion they were not. This survey was issued manually, whereas in future it will be automated,” it added. “That will mean that every individual will get a separate email and therefore this cannot happen again. “The surveys were sent in batches according to customer category, so employees and employers did not receive the same email.
The agency said it had issued an apology to recipients and was currently taking advice from the Information Commissioner’s Office.
CU Boulder cyberattack
A cyberattack on University of Colorado Boulder software in September compromised the personal information of approximately 30,000 current and former students and employees. Even though this attack occurred in September, information about the incident were only revealed in October.
Hackers used a vulnerability in the Atlassian software that is used by CU Boulder’s Office of Information Technology to share information. They accessed files that contained information including names, student ID numbers, addresses, dates of birth, phone numbers and genders. Those files do not contain Social Security numbers or financial information. Approximately 80% of the information accessed is connected to former employees and students. Campus officials do not know who is behind the attack, but CU Boulder is notifying those impacted by the security breach by email and will provide additional monitoring services at no cost.
The incident is not related to a cyberattack that occurred on Accellion software used by the Boulder campus and CU system in January, which compromised information in 310,000 files, including student data and medical information. The campus is now making investments to improve threat analysis, so it can more quickly detect software vulnerabilities.
Insurance broker becomes victim of ransomware attack
A Blue Shield of California Insurance broker – Team Alvarez Insurance Services – has said that 2,858 Blue Shield members were impacted by a data security breach. This attack happened on the 21st August but was not unveiled until this month. Team Alvarez immediately terminated the unauthorised access to their system, took additional mitigation actions, and began an internal investigation, as well as reporting to and working with appropriate law enforcement authorities.
It is believed that the ransomware attack affected information including names and one or more of the following: health insurance information, health plan member ID number, date of birth, email addresses, phone numbers and physical addresses. No Blue Shield member social security numbers or credit card information were affected. At this time, there is no evidence that any personal data has been misused. Blue Shield systems and emails were never affected or vulnerable to this attack. Blue Shield is sending notification letters to potentially impacted members of the incident and offering one free year of Experian credit monitoring and identity theft protection.
German student data leaked by a flawed API
A security researcher was able to exploit an API flaw in Scoolio and access the personal data of nearly 400,000 students registered in it. Scoolio is a german app for students, used mainly for educational updates, record keeping, and networking. The platform is backed by three state-owned investment groups, namely Technologiegründerfonds Sachsen, SIB Innovations – und Beteiligungsgesellschaft mbH and Kreissparkasse Bautzen, and is therefore trusted by all students, teachers, and schools.
The researcher notified Scoolio developers of the flaw, and a fix was subsequently released to patch the bug on the 21st October. The exposed data included user nickname, user and parent email addresses, GPS location at which the app was last opened, name of school and class, interests, UUID details and personality traits (origin, religion, sexuality). Though Scoolio boasts 1.8 million registered students, the security researcher was only able to find 400,000 records.
Twitch Blames Server Error for Massive Data Leak
On the 7th October, livestreaming site Twitch explained that an “error” caused the unprecedented leak that posted vast amounts of sensitive data online that week. The data appeared to include Twitch’s internal code and documents, as well as the payments made to thousands of top streamers. They explain that the incident was caused by large configuration changes that exposed the data. It must be noted that is has not been confirmed by Twitch if all the data posted online is genuine. Twitch said that “a Twitch server configuration change that was subsequently accessed by a malicious third party”. They ask for all Twitch streamers and viewers to change their passwords just in case, but have said there is “no indication” login details were compromised “at this time”
The leak took the form of a torrent file posted to online forums by an anonymous user. Its file structure contains folders labelled as containing payout information, business documents, under-the-hood software files and code, and even details of unreleased projects. And the payouts folder contains what appear to be records of payments made to thousands of the biggest streamers on the platform over two years – showing many of the biggest brands are earning millions of dollars. And big streamers have confirmed that the payment data leaked is rather accurate.