Week 35 Cyberattack Digest 2018 – The Bank of Spain, T-Mobile, SingHealth and others
Learn about the latest cyber incidents news in our weekly cyber attack digest.
Bank of Spain in the next bank victim
by Reuters – 27 August 2018
As we always say, banks are too fructiferous targets to be out of attackers’ attention. After the Bank of Spain’s website was hit by a denial-of-service attack (DoS attack) attack, the access to the site was temporarily disrupted. According to a spokesman for the central bank, the incident did not affect the bank’s services or its communications with the European Central Bank or other institutions; there was also no risk of a data leakage. “It is a denial of service attack that intermittently affects access to our website, but it has had no effect on the normal functioning of the entity,” the spokesman concluded.
2 million T-Mobile customers affected
by SC Media – 24 August 2018
If you are a giant in any industry and deal with millions of customers, this both makes you attractive to attackers and rise possible losses in case of hack. Over 2 million customers were affected were affected as a result of an attack on T-Mobile telecom giant. The incident that was described by the company as an “unauthorized access to certain information,” was immediately “discovered and shut down” on Aug. 20. Amon the impacted data, there possibly could have been names, zip codes, phone numbers, email addresses, account numbers and account types. There is no evidence that any financial information, social security numbers and passwords were affected. “We take the security of your information very seriously and have a number of safeguards in place to protect your personal information from unauthorized access,” T-Mobile commented. As for the affected customers, the attack impacted “slightly less than” 3% of organization’s 77 million customers, which is about 2 million people.
Melbourne students’ data exposed
by SC Media – 24 August 2018
Information may suffer not only because of third party’s activity: sometimes, organizations put sensitive data at risk themselves. This way, medical records of about 300 high school students from Melbourne, Australia, were mistakenly posted online, which exposed a variety of medical issues. The incident happened on August, 20, when the information was posted by mistake in the school’s intranet. The records remained viewable for about 24 hours. Currently, the school is now investigating the case, trying to find out how exactly this took place.
The first hearing on SingHealth attack
by The Straits Times – 28 August 2018
As you remember, the recent attack on SingHealth was considered the worst cyber attack in the history of Singapore. The first hearing organized by a high-level panel investigating the incident took place on Aug. 28. The four-member Committee of Inquiry (COI) was tasked to examine the breach involving the personal records of 1.5 million SingHealth patients. The meeting was held behind closed doors at a location that had not been disclosed as data affecting national security or involving patient confidentiality was expected to be shared. The Personal Data Protection Commission was examining if there had been security lapses in SingHealth’s system and its technology outsourcing vendor Integrated Health Information Systems (iHiS). The commission also had to define whether they were liable for a fine of up to $1 million under the Personal Data Protection Act.
So, cyber attacks always have different consequences, and some of them even will take time to be regulated and dealt with. To learn about the future security incidents, follow us on Twitter, Facebook, and LinkedIn.