London’s Hackney Council has been forced to pay an incredible £12 million after its online services and IT systems were hit by a cyber-attack. The attack involved Pysa ransomware, which stole data from the council and published it on a dark web forum. Julia O’Toole, CEO of MyCena Security Solutions, said: “As long as public sector organisations continue to let their employees create their own keys, there will be no respite. Organisations need to control their access keys and improve their resilience through encryption and segmentation.”
The personal data of 129,000 customers and 23 businesses was exposed in a 2020 cyber-attack on a telco company. Australia-based Optus revealed in September that 10 million customers had been exposed in a data breach – but it has since come to light that a further two attacks were made on its parent company, Singtel. The hackers had exploited a zero-day vulnerability to obtain sensitive data, which was then published on a public forum.
The former security officer of Uber, Joe Sullivan, has been convicted on criminal charges in relation to a data breach. The breach took place in 2016 and affected 57 million Uber riders and drivers around the world. Sullivan was convicted of obstruction of proceedings of the Federal Trade Commission, but experts say the judgement is unfair. Jody R. Westby at Forbes says the blame should lie with the C-Suite, not a single CISO or CSO. She said: “In a cyber context, meeting the duty of loyalty and exercising good faith oversight could be interpreted to mean that boards have identified key cyber risks and established an information and reporting system with critical information flows about these risks and a process to monitor them.”
A healthcare system in Wisconsin and Illinois has had to notify patients of a data breach that exposed millions of personal details. Advocate Aurora Health, which runs 26 hospitals, reported that improper use of a Meta Pixel caused the attack. This affected patients’ login areas, where they would enter personal medical information. The Meta Pixel JavaScript tracker is designed to study how users interact with the site, and then send this data to Facebook. Attacks of this type have happened before, including Novant Health in August 2022, which affected 1.3 million patients.
Technology corporation IBM has announced a $5 million grant to schools to improve their readiness for cyber-attacks. The grants will go to schools in Ireland, the UAE, and several states in North America. It is predicted that there will be a significant increase in attacks on schools throughout the 2022/2023 academic year, with each attack costing on average $3.8 million for educational institutions. Charles Henderson, Global Managing Partner, said: “We're proud to be able to support schools through this initiative, now in its second year, by helping to address critical gaps in security resources and planning and preparedness.”
Executives from Twitter, Facebook, TikTok and other social media companies are due to appear before the Senate Homeland Security Committee. There, they’ll answer questions about social media's impact on security. A former employee of Twitter is due to report on data security failings and nation state agents within the company. Likewise, TikTok executives are due to address accusations that the social media platform is a high security risk to the western world – including the considerable personal data required to sign up. Many have suggested that social media should require more thorough checks to hold them to account for security breaches.
