cybersecurity news

From Starbucks to Uber: Top Cybersecurity News from the Week of Sept 14th

Mid-way through September 2022, some of the biggest multinational corporations across the world have been hit by devastating cyber attacks. Social-engineering attacks have been rampant throughout this week, as attackers have seemingly compromised large volumes of personal information throughout the industries. 

Here are some of the most notable cybersecurity news from the week: 

Starbucks Singapore experiences a massive data breach 

On Friday, September 16th, Starbucks announced that it had discovered unauthorised access to its user database in Singapore. The compromised data included personal user details, including their name, date of birth, contact number, email addresses, and home address. The attackers targeted the records of the Starbucks rewards membership program. 

Although user credentials were not affected, the company has advised all of its customers to reset their passwords immediately. Although much details of the attack haven’t been shared yet, the statement from Starbucks reflects that it was caused by a potential phishing attack. 

“We would like to reinforce that Starbucks will not request any personal or membership information, nor will we send any URL links for such requests. Please remain vigilant and do not share details if you receive such notifications,” said the company. Approximately 330,000 customer data was compromised as a result of this breach. 

Uber suffers a network breach, again! 

Earlier this week, Uber’s internet networks were breached by an 18-year old attacker using social engineering tactics. The attacker gained access to an employee’s Slack credentials, and used it to send messages to Uber’s workforce, notifying everyone of the breach. 

The company confirmed the attack through Twitter within hours. Seems like they had learned from their previous breach in 2016, where Uber was scrutinised for not publicly disclosing the incident in time. The company also claimed that the attacker was part of the infamous Lapsus$, and no user data was compromised. 

The attacker claiming responsibility later told the New York Times that he impersonated a corporate IT executive and sent a malicious message to an Uber employee, who unknowingly handed over his credentials, leading to the breach. 

Internal systems of six UK schools were disrupted through a cyberattack 

On September 20th, a multi-academy trust that runs schools serving 4,500 students suffered an internal network breach, which left the staff without access to its digital systems for over a week. 

The Scholars’ Education Trust runs six schools in Hertfordshire. All of the school’s published an internal notice saying that its IT systems were offline until further notice. Any further information regarding the breach has not been communicated yet. 

For more latest cybersecurity news and insights into the world of cybersecurity, follow Code Red on Twitter and LinkedIn.

Back to Knowledge Hub