The Risk Report - Sept. 17

🌐 Epik

The web hosting company well-known for serving alt-right organizations suffered a major attack earlier this week by 'hacktivist' group Anonymous. 180 gigabytes of data were stolen, which Anonymous claims is "all that’s needed to trace actual ownership and management of the fascist side of the internet that has eluded researchers, activists, and, well, just about everybody." The attack was part of "Operation Jane", Anonymous' retaliatory response to Texas' recently-passed anti-abortion legislation known as the Heartbeat Act.

Read more

🕊 United Nations

The world's largest intergovernmental organization is managing the fallout of a major data breach that began after employee login data was obtained on a dark web forum. The hackers have demonstrated an interest in Umoja, the UN's proprietary project management tool, with multiple screenshots having been recorded. The Umoja account that was originally compromised did not have multi-factor authentication enabled. Given the UN's heavy involvement in global affairs, lacking multi-factor authentication comes as quite a surprise. This data breach began in April 2021 and was first reported to the public earlier this week.

Read more

👟 GetHealth

A mysterious New York-based company that aggregates IoT and fitness tracking data was found to have been maintaining a passwordless list of over 61 million records of PII from a myriad of health apps including Fitbit and Apple HealthKit. The leak includes such information as name, date of birth, height, weight, gender, and GPS logs. While it's not yet clear what has been done with the data, security researchers report that health PII can sell for up to $250 per record, a stark increase from the $5.40 dark web value of a stolen credit card.

Read more

Want to receive this newsletter weekly? Subscribe for the latest news on data breaches and privacy legislation.