1. TechCrunch

3ZMg...1U42
29 Dec 2023
29

Delays, silence and unanswered questions follow these organizations into the new year

Carly Page@carlypage_ / 8:05 PM GMT+8•December 29, 2023
 Comment
Image Credits: MirageC / Getty Images
Last year, we compiled a list of 2022’s most poorly handled data breaches looking back at the bad behavior of corporate giants when faced with hacks and breaches. That included everything from downplaying the real-world impact of spills of personal information and failing to answer basic questions.

Turns out this year, many organizations continue to make the same mistakes. Here’s this year’s dossier on how not to respond to security incidents.Electoral Commission hid details of a huge hack for a year, yet still tight-lipped

The Electoral Commission, the watchdog responsible for overseeing elections in the United Kingdom, confirmed in August that it had been targeted by “hostile actors” that accessed the personal details — including full names, email addresses, home addresses, phone numbers and any personal images sent to the Commission — on as many as 40 million U.K. voters.
While it may sound like the Electoral Commission was upfront about the cyberattack and its impact, the incident occurred in August 2021 — some two years ago — when hackers first gained access to the Commission’s systems. It took another year for the Commission to catch the hackers in the act. The BBC reported the following month that the watchdog had failed a basic cybersecurity test around the same time hackers gained entry to the organization. It has not yet been revealed who carried out the intrusion — or if it is known — and how the Commission was breached.

Samsung won’t say how many customers hit by year-long data breach

Samsung has once again made it onto our badly handled breaches list. The electronics giant once again took its typical tight-lipped approach when faced with questions about a year-long breach of its systems that gave hackers access to the personal data of its U.K.-based customers. In a letter sent to affected customers in March, Samsung admitted that attackers exploited a vulnerability in an unnamed third-party business application to access the unspecified personal information of customers who made purchases at its U.K. store between July 2019 and June 2020.
In the letter, Samsung admitted that it didn’t discover the compromise until more than three years later in November 2023. When asked by TechCrunch, the tech giant refused to answer further questions about the incident, such as how many customers were affected or how hackers were able to gain access to its internal systems.

Hackers stole Shadow data, and Shadow went silent

French cloud gaming provider Shadow is a company that lives up to its name, as an October breach at the company remains shrouded in mystery. The breach saw attackers carry out an “advanced social engineering attack” against one of Shadow’s employees that allowed access to customers’ private data, according to an email sent to affected Shadow customers.
However, the full impact of the incident remains unknown. TechCrunch obtained a sample of data believed to be stolen from the company that contained 10,000 unique records, which included private API keys that correspond with customer accounts. When asked by TechCrunch, the company refused to comment, and would not say whether it had informed France’s data protection regulator, CNIL, of the breach as required under European law. The company also failed to make news of the breach public outside of the emails sent to affected customers.

Get fast shipping, movies & more with Amazon Prime

Start free trial

Enjoy this blog? Subscribe to Naytsirk

2 Comments