Equifax Massive Data Breach Results in Financial Settlements, Bulgarian Data Breach Suspects Arrested, South African City Power Impacted by Ransomware Attack
Equifax Data Breach Results in FTC Settlement
Equifax reached a settlement with the US Federal Trade Commission. Equifax will have to pay $700 million to compensate for a massive data breach which affected about 147 million people.
Equifax was hacked after failing to keep its IT system up-to-date with the latest security patches leaving the system vulnerable to a cyber attack. In 2017, Hackers breached the system and stole about 147 million names, and birthdates, including 145.5 million Social Security numbers, and 209,000 payment card numbers. About 700,000, UK consumer records were also compromised.
Beginning in 2020, all U.S. consumers will be entitled to six free Equifax credit reports each year for the next seven years. They are also entitled to cash payments from $125 up to $20,000. The Equifax settlement is awaiting approval from the U.S. District Court for the Northern District of Georgia.
Over 100,000 University of Western Australia alumni were notified that their data may have been compromised after hardware was taken from a university building. The alert was sent by the university’s Vice Chancellor, Dawn Freshwater. She reported that thieves stole twenty laptop computers from a campus administration building. The theft occurred in late June and was reported to police. The laptops are password protected. The stolen data mostly affects applicants who applied to the University of Western Australia between 1988 and January 2018.
The University of Western Australia, a public research university, is located in Perth in the state of Western Australia. The stolen data includes tax file numbers, student identification numbers, and in some cases names, birthdates, and passport information. No banking or credit card information was compromised.
Ransomware Impacts South Africa’s City Power
A ransomware attack has crippled the operations of City Power, a South African utility company. The ransomware blocked customers from purchasing electricity through City Power’s prepaid vending system and also inhibited the utility’s ability to respond to service calls. The corporate database was compromised which affected most applications and networks leaving customers unable to use the website. City Power is located in Johannesburg, South Africa and is one of the area’s largest power suppliers.
Ransomware attacks continue to infect cities and universities. In the past two months three Florida cities were hacked in ransomware cyber attacks. Two of those cities, Riviera Beach and Lake City, opted to pay hackers their ransom to have data restored. The city of Baltimore, Maryland, Indiana’s La Porte County, and Lawrenceville, Georgia all were attacked by hackers. Universities have also been recent targets with Northwest Indian College and New York City’s Monroe College both reporting cyber attacks.
Two Bulgarians Charged for Hacking Ministry of Finance
Two employees at a Bulgarian cyber security research firm, Tad Group, have been charged in connection to the massive data theft from Bulgaria’s Ministry of Finance. The breach affects almost five million Bulgarian citizens. Tad Group employees, Georgi Yankov and Kristian Boykov, were both charged with terrorism. Boykov was initially charged with crimes against information systems, but that charge was dropped and changed.
Hacked data from Bulgarian citizens, foreigners, and businesses contain financial information, personally identifiable numbers, tax returns, addresses, and income history. With only seven million citizens, this data breach affects almost everyone in Bulgaria. Compromised data also includes files from the European Union’s anti VAT fraud network, EUROFISC, Bulgaria’s Ministry of Finance tax agency, the National Revenue Agency, may face a maximum of 20 million Euros (about $22.5 million USD.)