Former Uber security chief found guilty of data breach coverup
A U.S. federal court jury has found Former Uber Chief Security Officer Joseph Sullivan has been found guilty by a U.S. federal court jury of not disclosing a 2016 breach of customer and driver records to regulators and of attempting to cover up the incident. He has now been convicted on two counts: obstructing justice by not reporting the incident and another for misprision, which is essentially neglect or wrong performance of official duty. These charges come with maximum sentences of five years and three years respectively. The action stem from a 2016 break-in of Uber’s systems which Uber sought to resolve by secretly paying a $100,000 ransom in exchange for deletion of the stolen information.
Optus confirms 2.1 million ID numbers exposed in data breach
The mobile carrier Optus confirmed yesterday that 2.1 million customers had their government identification numbers stolen during a cyberattack last month. According to Bleeping computer, “1.2 million had at least one number from a current and valid form of identification compromised, and 900,000 had ID numbers exposed but from documents that are now expired.” These numbers are within the overall number of affected customers – all 9.8 million, who had other personal information exposed, including email addresses, date of birth, or phone numbers.
Retailer Easylife fined £1.5m for data protection breaches
The UK-based catalog retailer has been dealt a penalty of close to £1.5m by the Information Commissioner’s Office (ICO), for breaching data protection and marketing laws. The ICO stated that “Easylife used the personal information of its customers to target them with health-related products without their consent.” The ICO explained that 80 out of 122 products in Easylife’s Health Club catalog were considered to be “trigger products” which, if bought, “would lead to the firm profiling the customer and targeting them with follow-on calls and emails.”
Australian Federal Police arrest man suspected of exploiting Optus cyberattack
Police in Australia have arrested a 19-year-old Sydney resident who is now accused of “trying to extort money from victims of the recent cyberattack and digital burglary at national telecommunications provider Optus.” The Australian Federal Police (AFP) said it was alerted to a blackmail attempt “when some Optus customers were told to transfer AU$2,000 ($1,300) to a bank account or have their personal data used for financial crimes.” The arrested individual, who has not been publicly identified, is alleged to have used 10,200 customer PII records which had been uploaded to the web following the attack in September.
And now thanks to this week’s episode sponsor, Hunters
“Egypt Leaks” – hacktivists are leaking financial data
California-based cybersecurity company Resecurity is warning of a new group of hacktivists that is targeting financial institutions in Egypt. Working under the campaign “EG Leaks” (also known as “Egypt Leaks”), “they started leaking large volumes of compromised payment data belonging to the customers of major Egyptian banks on the Dark Web. First mention of this activity have been detected in a Telegram channel created to leak Excel files containing 12,229 credit cards.”
Japanese sushi chain owner resigns over improper data access
The president of the Japanese restaurant chain Kappa Sushi resigned yesterday after being embroiled in a data-theft scandal. Kobi Tanabe was arrested by the Tokyo Metropolitan Police on September 30. The allegations referred to violating Japan’s competition laws. For some context, Tanabe once led the rival discount sushi establishment Hama Sushi – “which has accused Tanabe of stealing trade secrets by accessing data caches. As the former director of Hama Sushi, Tanabe had contacts, including former subordinates, who allegedly emailed him daily sales data on several occasions.”
Ferrari denies data breach and ransomware attack following gang’s online claims
The exotic car maker Ferrari is denying it suffered a ransomware attack even after the RansomEXX gang added the company to its list of victims this week. The ransomware group claims to have stolen 7 GB of data from the company, allegedly including contracts, invoices, internal company information, repair manuals and more. Speaking to The Record on Tuesday, a Ferrari spokesperson said “it was aware of reports that documents from the company have been leaked online but said it is not dealing with any kind of ransomware attack or cybersecurity incident.” The RansomEXX listing has not specified a ransom demand or offered details about how their attack.
Intel inching closer to mass production of spin qubit chips
According to The Record, “Intel claims to have achieved a milestone in efforts to produce silicon spin qubit devices using existing manufacturing processes, a move they think might pave the way for large-scale production of quantum computers.” They describe this as “the industry’s highest” yield and uniformity for silicon spin qubit hardware. “Intel’s quantum angle has been on scaling up the process to fabricate quantum processor chips using its own transistor manufacturing techniques, which have been tuned for large-scale production over many decades.”