A total of 19 breaches were found and analysed resulting in 6,238,564 leaked accounts containing a total of 23 different data types. The breaches found publicly and freely available included Hathway Cable & Datacom, GSM Forum, Stealer Log 0407, Atlas Bus and Live4Fun. Sign in to view the full BreachAware Breach Index which includes, where available, reference articles relating to each breach.

SPOTLIGHT

An electronic music event ticket seller, based in Denmark, experienced a significant data breach, with a large SQL database dumped online and circulated for free. Specialising in the underground electronic music scene, the company's entire user base is exposed in the data, including various datasets associated with online ticket purchases. The breach may be linked to the company's close ties to an Israel-based artist management.

One of the world's leading AI companies faced a security breach where a small list of employee contact information was leaked online. The origin of the data remains unknown, but it was posted on a forum by a user with a high reputation. Although the user did not disclose how they obtained the information, the leak poses a potential threat to the affected employees, underscoring the importance of vigilance against phishing scams in the AI industry.

The rise of "CyberKidnapping" has been noted, involving two parties targeting victims through social engineering. In a recent case in the United States, threat actors obtained significant information about a Chinese family with a 17-year-old son in America while the rest of the family resided in China. Through spoofed phone calls, the threat actors convinced the family to pay over $80,000 for the safe return of their son. The young man was later found hiding in the mountains of Utah, having believed he was in danger.

VULNERABILITY CHAT

A security researcher in Germany faced legal consequences after exposing a database vulnerability that exposed nearly 700,000 customer records. Despite responsibly reporting the issue, the researcher was fined £2,600, raising questions about the legal ramifications of uncovering security flaws and the potential chilling effect on researchers in the field. Read the full article here: https://www.theregister.com/2024/01/19/germany_fine_security/

5 Common Vulnerabilities and Exposure (CVEs) were added to the CyberSecurity & Infrastructure Security Agency's (CISA) 'Known Exploited Vulnerabilities Catalog' last week including Laravel (Laravel Framework), Google (Chromium V8), and Citrix (NetScaler ADC and NetScaler Gateway). See the full catalog here: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

INFORMATION PRIVACY HEADLINES

The Australian Information Commissioner has initiated court proceedings against Australian Clinical Labs Limited in the Federal Court of Australia. This rare legal action is related to the company's response to a data breach that occurred in February 2022. The regulator is seeking a civil penalty in connection with the incident, marking a significant move in addressing data protection issues in Australia.