cybersecurity news

The Winter of Cyberattacks is Here: Top Security News from the Week of Sept 21st

Every day in the cyber world is full of surprises. It seems like threat actors are in a race to ramp up the volume of cyber attacks, and this week hasn’t been any different. Industries across the world have suffered a great magnitude of data breaches this week, resulting in millions of personal data across the web being compromised. 

Here are some of the most notable cybersecurity news from the week: 

Canadian Border Agency suffered a 1.38 million data breach 

According to a federal privacy watchdog, a third-party contractor for the Canadian border agency suffered a massive data breach earlier this week. The breach resulted in 1.38 million licence plate images being compromised. 

According to the Privacy Commissioner’s Office, the breach was a result of inconsistent security measures applied by Canada Border Services. The organisation did not have minimal security protocols in place to safely manage licence plate information. The breach was initiated through a US-based third-party contractor. Threat actors gained access to the Border Services database by compromising the access points of the third party. The reports also indicate that approximately 11,000 of the leaked number plate information was posted on the dark web. 

Multiple hotels in Hong Kong suffers a customer data breach 

According to Hong Kong’s privacy watchdogs, over 29,000 customer data from three hotels across the country were breached by unknown threat actors. The affected hospitality organisations included the Shangri-La, Kowloon Shangri-La and Kerry Hotel. 

Reports suggest that the breach occurred months ago, but all three hotels failed to notify customers about the incident. The Privacy Commissioner has also stated that all organisations will be assessed due to their failure of timely disclosure. 

Morgan Stanley penalised for shocking data disposal practices

The U.S. Securities and Exchange Commission (SEC) has handed a $35 million penalty for financial services giant Morgan Stanley. The penalty comes as a result of the company’s failure to safely dispose of hard drives and servers containing the personal data of over 15 million customers. 

According to the SEC, the company hired storage companies with little to no experience in data destruction to decommission thousands of hard drives and servers containing critical user information. Morgan Stanely also did not supervise or monitor the storage companies, as some of them sold the servers to third-party buyers and illicit groups. Having such inexperienced contractors manage high-value personal data without any supervision is not only dangerous but also irresponsible, as the SEC stated. 

For more latest cybersecurity news and insights into the world of cybersecurity, follow Code Red on Twitter and LinkedIn.

Back to Knowledge Hub