A Russian spy operation is using commercial satellite Internet connections to gather sensitive information from diplomatic and military agencies from around the world. Cybersecurity research firm Kaspersky Lab suspects that the hackers have infected computers in 45 different countries. Their targets are mainly government agencies and embassies, and research and development departments at pharmaceutical companies. This Russian hacking group has been compared to the same one that was able to hack the State Department, White House, and Pentagon earlier this year, although it has not been confirmed if the two groups are associated. Researchers won’t say if the hackers are state sponsored, but do suspect that they are affiliated with the Russian government in some way.
The Department of Homeland Security informed the public last week that the Office of Personnel Management had been compromised by hackers. The hackers were able to access the data of 2.1 million current federal employees, and 2 million former federal employees. The hackers were able to infiltrate the OPM databases that stored information about the federal employees who were applying for security clearances. The Chief Administrative Officer Ed informed the public that only employees who had worked for another federal agency in the past had been compromised.
The Internal Revenue Service has been breached by an organized ring of identity thieves. These criminals tried to gain access to the information of 200,000 taxpayers, and succeeded in breaching half of those records.
Microsoft, in conjunction with a French research company called INRIA and a Spanish research institute called IMDEA Software, found an encryption flaw that affects most Internet users. This bug is known as FREAK, which stands for Factoring Attack on RSA-EXPORT Keys. Nearly two decades ago, the federal government wanted a way for law enforcement agencies to conduct surveillance on people in other countries.
The New York Department of financial services plans to increase their cyber security oversight on state-chartered banks. Director Benjamin Lawsky says that New York banks will have to pass a more difficult cyber security examination that will be more precise than the cyber security exams conducted on federal banks.
The Russian government has been accused of conducting electronic espionage around the world according to multiple reports which state that “for months this summer, unidentified hackers used a previously unknown hole in Microsoft Corp.’s Windows operating system.”
Office supply retailer Staples announced that it is “investigating possible payment card data thefts,” according to BBC News.
Seemingly moments after hearing about the JP Morgan data breach, consumers are learning about the data breach at AT&T. According to multiple reports, approximately 1,600 Vermont-based customers have been affected by the breach. The breach came from inside the company.
“We recently determined that one of our employees violated our strict privacy and security guidelines by accessing your account without authorization in August 2014, and while doing so, would have been able to view and may have obtained your account information including your social security number and driver’s license number. Additionally, while accessing your account, the employee would have been able to view your Customer Proprietary Network Information (CPNI), without proper authorization,” said AT&T in a notice to the Vermont Attorney General.
ZDNet reports that CPNIs are unique customer numbers that can include metadata such as “the time, date, duration, and destination number of each call made.” AT&T plans to make amends by reversing fraudulent charges, and providing a free year of credit monitoring to affected customers.
According to eWeek, AT&T experienced a similar data breach in June of this year, and the breach occurred from inside the company. “In the June breach, the motive was to help resellers unlock or "jailbreak" AT&T phones so they could be resold,” eWeek went on to say.
JP Morgan and Chase, an American financial institution, recently issued a public statement saying their networks were breached yet again. JP Morgan Chase is the largest American bank and holds $2.39 trillion in assets, according to Forbes. Approximately 1 million Chase Bank customers have been affected by the data leak. Consumers, unfortunately, are used to hearing about cyber attacks and data leaks – recent breaches include Home Depot, Goodwill, and Target. Both retailers and financial institutions are affected when cyber criminals steal consumer data.