Every industry is fair game for hackers. One mistake with any account information like reusing or sharing passwords and your organization can be shaken down for millions. So remember to practice good cybersecurity: do not reuse passwords, always confirm whom you are sharing sensitive information with, and be careful when clicking on suspicious links.

Share this post with your friends as a reminder to why “password” should not be their password. Subscribe HERE to receive HackNotice content directly to your inbox!

 

Photo by Rinck Content Studio on Unsplash

 

 

Campari Group, the famed Italian beverage vendor behind brands like Campari, Cinzano, and Appleton, has been hit by a ransomware attack and has taken down a large part of its IT network… The RagnarLocker gang is now trying to extort the company into paying a ransom demand to decrypt its files… the ransomware group is also threatening to release files it stole from Campari’s network if the company doesn’t pay its ransom demand in a week after the initial intrusion. Screenshots of Campari’s internal network and corporate documents have been posted on a dark web portal where the RagnarLocker gang runs a “leak site”, as proof of the intrusion. Included in these proofs is even a copy of the contract signed by Campari with US actor Matthew McConaughey for the Wild Turkey bourbon brand.

 

Photo by Limor Zellermayer on Unsplash

 

 

Toy manufacturer Mattel has admitted that it was hit by ransomware attack that temporarily impacted some of its business functions but did not lead to any data theft. The Barbie manufacturer, which is also behind brands as Fisher-Price and Hot Wheels, disclosed that the ransomware attack had taken place on 28 July 2020… Mattel added that a forensic investigation of the attack found that “no exfiltration of any sensitive business data or retail customer, supplier, consumer, or employee data was identified” and that the incident had “no material impact to Mattel’s operations or financial condition”.

 

Photo by Nicholas Doherty on Unsplash

 

 

Japanese game developer Capcom has revealed that it suffered a security breach earlier this week which saw malicious hackers access its internal systems. The maker of such well-known video games as “Resident Evil” and “Street Fighter” disclosed in a short press release that in the early hours of Monday some of its networks “experienced issues” that affected access to email and file servers. At the moment the company’s official statement says that “at present there is no indication that any customer information was breached.”

 

Photo by Clint Patterson on Unsplash

 

 

The data came from Cit0Day, a website that was offering the databases for sale to hackers for a monthly fee. Cit0Day ceased operations in September. An archived snapshot of its website showed a notice that it had been seized by the U.S. Federal Bureau of Investigation pursuant to a warrant issued in California… The hacked database may have been leaked by one of the operators of the site following its closure. The data from Cit0Day is said to total 50 gigabytes and 13 billion records from 23,618 databases. The majority of the databases are from companies known to have had credentials stolen previously, but cumulatively the data is arguably the biggest leak of its kind to date.

 

Photo by Matthew Ansley on Unsplash

 

 

The leaked details of each individual could possibly include names, addresses, dates of birth, Social Security Numbers, driving license details, and healthcare details. The company is currently notifying everybody whose data was leaked by the hackers. The company continued to downplay the attack, stating that only a handful of its 123 centres, across USA, Australia, South Africa, and the UK, had been affected. However, it is important to know that GEO Group made more than half of its revenue in 2019 in the USA. The company currently claims in its SEC filing that the leaked information has not been misused yet. However, such data leaks can be very harmful, as they can aid hackers in their impersonation-powered phishing scams. 

 

Photo by Marten Bjork on Unsplash

 

Prestige Software sells a channel management platform called Cloud Hospitality to hotels that automate their availability on online booking websites like Expedia and Booking.com According to Website Planet which deals in online reviews, the Prestige Software was storing years of credit card data from hotel guests and travel agents without any protection on a misconfigured Amazon Web Services (AWS) S3 bucket. As a result, a massive amount of data was exposed — over 10 million individual log files in total, dating back to 2013.

 


That’s this week’s roundup, showing that every industry benefits when good cybersecurity habits are followed. So wash your hands and keep your passwords secure. Thanks for reading, stay safe and we’ll see you next week!

Exclusive offer for Weekly Roundup readers. Get 30% off your first 3 months of HackNotice Premium with coupon code: fall30. Enter that code in the Premium Upgrade page before it expires quick!