Weekly Email Security News Recap #4 [June 2022]
It’s another week and another series of cybersecurity news and email security breach news.
This week’s recap covers news about a cyberattack affecting 1.5 million Flagstar Bank customers, Meta Platforms Inc. being sued, and a former Amazon engineer convicted on federal charges.
Let’s uncover the top cybersecurity and email security breach news of the week.
At the end of 2021, a massive data breach occurred due to a cyberattack affecting Flagstar Bank customers.
The Michigan-based bank notified over 1.5 million customers that might’ve been affected by the breach.
The unauthorized party accessed files that contained sensitive personal data of customers.
And as full names and Social Security numbers are most likely among the exposed data, the risk of identity theft was of great concern.
Eventually, in June, after an exhaustive investigation, Flagstar discovered that the impacted files contained the personal information of its customers.
The information was acquired from Flagster’s network between December 3, 2021, and December 4, 2021.
The bank stated it promptly activated an incident response plan, engaged external cybersecurity professionals, and reported the matter to law enforcement.
The world’s largest social network, Meta Platforms Inc., has been sued over privacy issues.
The claims allege that private medical data has been secretly shared with Facebook when patients accessed web portals.
Meta Inc. is infamous for being investigated and sued over privacy matters. The allegations are often about the company’s illegal actions, like collecting users’ data and using it for targeted advertising.
Facebook’s Pixel tracking tool redirected patient contacts and confidential data without authorization, violating federal and state laws.
A lawsuit was filed in San Francisco’s federal court as a proposed class action on behalf of millions of patients.
The plaintiff has not been identified, though he describes himself as a patient who has used a Baltimore health system’s portal to review his lab results and make appointments.
He demands compensatory and disciplinary damages for breach of contract. Among other allegations is the constitutional claim for invasion of privacy and violation of the federal Electronic Communications Privacy Act.
At the time of writing, Meta Inc. hadn’t commented on the situation.
However, the company’s business help center page states that Meta’s signals filtering mechanism detects Business Tools data categorized as sensitive health-related data.
A former Amazon engineer was convicted on federal charges from a 2019 hack that compromised the accounts of 100 million credit card users and became one of the largest breaches in U.S. history.
The convicted is former Amazon Web Services 36 year-old employee, Paige Thompson, described as “erratic.” Her defense attorneys argued that Thompson has mental health issues and said she didn’t intend to profit from the data.
Thompson downloaded data from more than 100 million Capital One customers in 2019, including about 120,000 Social Security Numbers and 77,000 bank account numbers.
To obtain that data, she looked for AWS clients with misconfigured firewalls and used those flaws to impersonate an authorized user.
Capital One’s internal system recognized Thompson’s queries as coming from a familiar computer; so the system accepted her requests for information.
She’s also accused of creating cryptocurrency mining software on the companies’ servers, using their computing power to mine currency for her use.
Thompson was convicted of one wire fraud and six computer fraud and abuse charges, and remains free pending sentencing later this year.
Nowadays, there are many vulnerabilities for hackers to exploit, which affects business communications, making email security a core concern for companies worldwide.
Hence, enabling complete protection for a business’s email is a must.
This was all the top email security news and cybersecurity news of the week.