Cybersecurity news headlines 1-30 May 2020

Cybersecurity news headlines for 1-31 May, 2020

easyJet disclosed a data breach affecting 9 million customers, and is now facing a £18 billion lawsuit. Sodinokibi ransomware targeted a NY law firm and threatened to release incriminating information on Donald Trump. US accused China of carrying out cyber attacks against organizations doing COVID-19 research. And US Marshals service suffered a security breach that exposed personal information of former and current inmates. These are the stories that we explain in our cybersecurity news headlines report for 1-31 May.

In no particular order, here’s what made the biggest cybersecurity news headlines in May.

easyJet discloses data breach affecting 9 million customers, is now facing a £18 billion lawsuit

UK’s budget airline easyJet disclosed a huge data breach that exposed personal information of 9 million customers. The company has said it was a victim of a highly sophisticated attack but did not specify when the attack actually happened. Several news outlets have reported that the breach took place in January 2020, meaning the airline did not inform its customers of the incident for months despite being aware of it.

Not much information has been revealed about how the breach actually happened but easyJet claims that once it noticed what was happening, it took immediate action to manage the incident. Forensic experts have been called to investigate the attack, and National Cyber Security Centre as well as the ICO have been notified. Under Europe’s GDPR (General Data Protection Regulation), companies that have suffered a data breach are required to report the incident to authorities within 72 hours.

The malicious attackers were able to access names, email addresses and travel details of approximately 9 million customers. Among the 9 million, 2,208 customers also had their credit cards exposed. The budget airline has said passport details were not among the details exposed during the breach. Affected customers should have been informed by now, particularly those who had their credit card details accessed.

The airline has said there is no evidence that personal information has been misused in any way. However, the company has warned users to remain vigilant and be skeptical of any unsolicited communication purporting to come from easyJet.

This could not have happened at a worse time for a company that is already struggling financially because of the COVID-19 pandemic. Under GDPR, businesses found to be insufficiently protecting their users’ data could be fined up to €20 million or up to 4% of their annual revenue, whichever is higher. Furthermore, easyJet is also now facing a £18 billion lawsuit. The lawsuit, filed by impacted customers, states that exposure of customer data may pose security risks to individuals. The GDPR allows customers whose data has been exposed to seek compensation, and this lawsuit is trying to secure up to £2000 per affected customer.

Sodinokibi ransomware targets a NY law firm, threatens to expose information on Trump

Top entertainment law firm Grubman Shire Meiselas & Sacks (GSMS), representing popular artists like Lady Gaga, Elton John, Madonna, and Drake, has recently been a victim of the notorious Sodinokibi ransomware. Malicious actors behind the attack took off with 756GB of information. The attackers have threatened to publicly release the stolen information if a ransom is not paid. While they originally asked for $21 million, the price has since been doubled to $42 million.

The law firm confirmed the attack in an interview with Variety. It is believed that the information stolen includes contracts, non-disclosure agreements, phone numbers, email addresses, and private correspondence.

To pressure the company into paying the ransom, the group behind the attack have published 2.4GB of Lady Gaga’s legal documents. Most of the information released seems to be contracts for concerts and TV appearances. To further threaten the firm, they claim they will release incriminating information about the US President Donald Trump. Though sources have told Page Six that Trump has never been a client of GSMS. Furthermore, the attackers gave the law firm a deadline of a week, and more than two weeks have passed since then, indicating that the ransomware group never had anything on Trump.

It appears that despite the threats to release the data, the law firm is refusing to pay the ransom. It also believes that even if the money was paid, it’s likely that the attackers would release the information anyway.

US accuses China of hacking facilities working on COVID-19 research

US has formally accused China of targeting US organizations conducting COVID-19-related research. The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint statement declaring that malicious actors associated with People’s Republic of China have been attempting to “illicitly obtain valuable intellectual properly and public health data related to vaccines, treatments, and testing from networks and personnel affiliated with COVID-19-related research”.

The two government agencies have urged organizations that conduct COVID-19 research to “maintain dedicated cybersecurity and insider threat practices” to stop potential attackers from stealing COVID-19-related research material. The FBI and CISA have called the potential theft of this information as jeopardizing “the delivery of secure, effective, and efficient treatment options”.

A list of recommendations for organizations carrying out coronavirus research were included in the statement.

US Marshals Service exposes prisoner details in a security breach

In a breach at the US Marshals Service (USMS), personal information of current and former prisoners has been exposed. According to a letter sent to affected individuals and obtained by news outlets, on December 30 2019 US Marshals were notified by the Justice Department about a data breach affecting a public-facing server that stores personal information on current and former prisoners. It is believed that the information stolen includes names, addresses, dates of birth and Social Security Numbers. According to reports, approximately 387,000 people have been affected by the breach.

The attack affected a system called DSNet, which is designed to facilitate the movement and housing of USMS prisoners with the federal courts, Bureau of Prisoners, and within the agency. It has been reported that the malicious actors behind this attack exploited a vulnerability to breach the DSNet and then stole the data.

“A new cyber security monitoring tool alerted the Justice Security Operations Center to an attempted attack on a USMS system called DSNet, a system designed to facilitate the movement and housing of USMS prisoners with the federal courts, Bureau of Prisons, and within the agency. DSNet was built in 2005 by the Office of the Federal Detention Trustee and was brought into USMS when the two organizations merged in 2012,” US Marshals spokesperson Drew Wade told TechCrunch.

While the breach took place last year, affected individuals are only now being notified.

References

1. easyJet. Notice of cybersecurity incident.
2. Todd Spangler. Hacked Law Firm Informs Clients Like Lady Gaga and Bruce Springsteen of Data Breach. Variety.
3. Emily Smith. Law firm hackers double ransom demand, threaten Donald Trump. PageSix.
4. FBI, CISA. People’s Republic of China (PRC) Targeting of COVID-19 Research Organizations.
5. Zack Whittaker. US Marshals says prisoners’ personal information taken in data breach. TechCrunch.