Topics
Latest
AI
Amazon
Image Credits:MirageC / Getty Images
Apps
Biotech & Health
clime
Image Credits:MirageC / Getty Images
Cloud Computing
Commerce
Crypto
initiative
EVs
Fintech
Fundraising
appliance
Gaming
Government & Policy
ironware
Layoffs
Media & Entertainment
Meta
Microsoft
Privacy
Robotics
Security
Social
blank space
startup
TikTok
shipping
speculation
More from TechCrunch
Events
Startup Battlefield
StrictlyVC
Podcasts
Videos
Partner Content
TechCrunch Brand Studio
Crunchboard
Contact Us
Delays, silence and unanswered questions follow these organizations into the new year
Last year , we compiled a list of2022 ’s most poorly handled data break , seem back at the regretful behavior of corporate giants when faced with hack and breaches . That include everything from downplaying the real - world impact of spills of personal information to fail to resolve basic questions .
Turns out this year , many organization stay to make the same mistake . Here ’s this twelvemonth ’s dossier on how not to react to security system incident .
Electoral Commission hid details of a huge hack for a year, yet still tight-lipped
The Electoral Commission , the guard dog responsible for overseeing elections in the United Kingdom , affirm in Augustthat it had been place by “ uncongenial actors ” that accessed the personal details — including full public figure , email name and address , home addresses , speech sound numbers and any personal images sent to the Commission — on as many as 40 million U.K. voters .
While it may sound like the Electoral Commission was upfront about the cyberattack and its impact , the incident occurred in August 2021 — some two years ago — when hackers first gained access to the Commission ’s system . It took another year for the Commission to catch the hackers in the act . The BBC reported the following monththat the watchdog had failed a basic cybersecurity test around the same time hacker gained entry to the organisation . It has not yet been revealed who carried out the intrusion — or if it is known — and how the Commission was gap .
Samsung won’t say how many customers hit by year-long data breach
Samsung has once again made it onto our gravely handled break listing . The electronics giant once again took its typical soused - lipped plan of attack when face with questions about a class - long breach of its systems that gave hackers access to the personal data of its U.K.-based client . In a alphabetic character sent to strike customers in March , Samsung take that assaulter tap a vulnerability in an unnamed third - company business app to get at the unspecified personal information of customers who made purchase at its U.K. entrepot between July 2019 and June 2020 .
In the alphabetic character , Samsung admit that itdidn’t discover the via media until more than three years laterin November 2023 . When asked by TechCrunch , the tech giant refused to answer further questions about the incident , such as how many client were affect or how hackers were able to gain access to its internal system .
Hackers stole Shadow data, and Shadow went silent
French cloud play supplier Shadow is a company that lives up to its name , asan October breach at the company persist shrouded in closed book . The breach saw attackers carry out an “ advanced social technology attack ” against one of Shadow ’s employees that allowed access to customers ’ individual data , according to an email sent to affected Shadow customers .
Join us at TechCrunch Sessions: AI
Exhibit at TechCrunch Sessions: AI
However , the full impingement of the incident remains unnamed . TechCrunch obtained a sample of databelieved to be stolen from the company that contained 10,000 unequalled records , which included individual API keys that correspond with client account . When ask by TechCrunch , the company refuse to annotate , and would not say whether it had informed France ’s data protection regulator , CNIL , of the rift as command under European law . The society also fail to make tidings of the breach public outside of the emails sent to affect customer .
Lyca Mobile refused to say what kind of cyberattack hit
Lyca Mobile , the U.K.-headquartered mobile virtual web operator , said in October that it hadbeen the target of a cyberattack that caused widespread disruptionfor trillion of its client . Lyca Mobilelater admitted a information breach , in which unnamed attackers had access “ at least some of the personal data hold in our system of rules ” during the hack .
It ’s now more than two months later , and Lyca Mobile has still not say what data was stolen from its organisation ( despite storing sensitive personal data , such as copy of identity cards and financial data point ) , or how many of its 16 million customers were impacted by the rift . Despite repeated requests by TechCrunch , the caller has also refused to comment on the nature of the incident , despite the incident presenting as ransomware .
MGM Resorts still hasn’t said how many customers had data stolen after hack
The rift of MGM Resorts is one of the most memorable of 2022 ; the incident saw hackers associated with a gang known as Scattered Spider compromise the company ’s systems tocause weeks of commotion across MGM ’s Las Vegas hotel and casino . MGM said that the hoo-ha will be the society at least $ 100 million .
MGM first discover that it had been targeted by hackers on September 11 . But it was n’t until October that the company confirm in a regulatory filing thatthe attacker had obtained some personal information belonging to customerswho transact with MGM Resorts prior to March 2019 . That includes client names , contact information , gender , dates of birth , number one wood permit numbers , Social Security numbers and pass scans for some customer .
It ’s now more than three month later and we still do n’t know how many MGM customers were affect . MGM spokespeople have repeatedly declined to serve TechCrunch ’s questions about the incident .
Dish breach may affect millions — potentially a lot more
Back in February , satellite television receiver elephantine Dish sustain in a public filing that a ransomware attack was to blame for an on-going outage and warned that hackers exfiltrated data from its organisation thatmay have included customers ’ personal entropy . However , Dish has n’t provide a substantial update since , and customers still do n’t be intimate if their personal data is at risk of infection .
TechCrunch learned that , despite the troupe ’s silence , the impact of the rift could extend far beyond Dish ’s 10 million or so customer . A former Dish retail merchant told TechCrunch thatDish retains a wealth of client information on its servers , include customer names , engagement of birth , e-mail addresses , telephone set number , Social Security number and credit bill of fare information . The person said that this info is keep indefinitely , even for prospective customers who did n’t pass Dish ’s initial credit check .
CommScope late to tell its own employees that their data was stolen
TechCrunch heard fromCommScope employees who say they were left in the dark about a datum breachat the company affecting their personal information . The North Carolina - based company , which designs and manufactures web base mathematical product for a ambit of customers , was targeted by the Vice Society ransomware gang in April . Data leaked by the gang , andreviewed by TechCrunch , included the personal data of thousands of CommScope employees , include full name , postal addresses , e-mail computer address , personal number , Social Security numbers , passport scans and bank account information .
CommScope go down to do our doubt related to the leak employee data , and it also failed to answer those affect . Several employees told TechCrunch at the prison term thatCommScope executives remained tight - lipped about the falling out , saying little beyond it does “ not have grounds ” to hint employee data was ask .
These are the cybersecurity stories we were jealous of in 2023
