Week 33 Cyberattack Digest 2019 – Biostar 2, European Central Bank, Tangipahoa Parish School and others
We have some hot cyber news for you! If you have been waiting for our new week 33 cyberattack digest, we are sure you’ll like our latest article compilation.
Biometric database is accessible on the Internet
by SC Media – 14 August, 2019
Biometric data has been found accessible on the Internet; the exposed information belongs to a global biometric security company.
According to the VPNMento security firm, a security tool called Biostar 2 that has more than thousands users all over the world, such as the UK’s Metropolitan Police and several banks, provided access to records that include over million fingerprints. Israeli security researchers Noam Rotem and Ran Locar, promoters of VPNMentor, came across the unsecured database in the online biometric security smart lock platform built by Suprema, one of the world’s top 50 security manufacturers.
Besides being unprotected, the sensitive contents of the database were also unencrypted. 23 GB data including fingerprints, facial recognition details, face photos of users, unencrypted usernames, passwords and personal details of employees were accessible for anyone. Biostar 2 is believed to have the highest share in biometric access control market in the EMEA region.
“It’s one thing having your password hacked – passwords can be changed and replaced. But what happens when your biometrics are hacked? You can’t change your voice; you can’t replace your eyes and you can’t reset your fingerprints. Those things are constant, permanent and contain genetic data that is unique to you,” Etienne Greeff, CTO and co-founder of SecureData commented.
European Central Bank website experiences a cyber incident
by Politico – 15 August, 2019
A European Central Bank website has suffered a cyberattack. The ECB was forced to shut down the Banks’ Integrated Reporting Dictionary (BIRD) “until further notice”
The ECB officials say that the cyberattack could have captured names, email addresses or any other personal data from 481 users, except passwords for the externally hosted site. “The breach succeeded in injecting malware onto the external server to aid phishing activities,” the central bank said. It also added that BIRD is separate from other internal and external ECB sites. “Neither ECB internal systems nor market-sensitive data were affected,” it explained.
Tangipahoa Parish School System cannot communicate back-to-school info with parents
by WAFB – 12 August, 2019
A cyber incident that affected the Tangipahoa Parish School System made the district unable to communicate critical back-to-school information with parents via the email
Still, the district’s employees will try to get in touch with everybody to inform the parents that students need to return to campus on Monday, Aug. 12. As a result of the hackers’ actions, it became impossible for district officials to use their bus look-up system online. TPSS officials have been forced to remap all routes manually with the help of paper maps and highlighters. Color-coded maps are still available on the Transportation website to help parents learn their child’s bus route and driver information.
“The cyberattack has hindered many of our plans, but we refuse to allow it to ruin our students’ return to class,” Tangipahoa Parish School Superintendent Melissa Stilley said. “We appreciate the public’s patience and understanding as we strive to make Monday a great first day back for our children.”