Major Data Breaches and Hacking News in March 2024

Data Breaches

Nations Direct Mortgage

Organization Description: Nations Direct Mortgage is a Nevada-based wholesale lender that operates in 35 states. Founded in 2007, they are direct seller to Fannie Mae, Freddie Mac and Ginnie Mae.

Breach Size: 83,000+ customers affected.

Data exposed: Addresses, names, Social Security numbers, and loan numbers.

In a March 14, 2024 notice to the Office of the Maine Attorney General, the lender disclosed that an unauthorized third party obtained access to the data of more than 83,000 customers on or about December 30, 2023.

This data breach is the latest in a string of cyberattacks across the mortgage industry. Companies such as Mr. Cooper, one of the largest mortgage loan servicers, and Fidelity National Financial, a Fortune 500 provider of title insurance, have also been recently hit with ransomware attacks.

Roku

Organization Description: Founded in 2002, Roku markets and designs smart TV operating systems, smart TV’s, streaming devices, and smart home products. The company is based out of San Jose, CA.

Breach Size: 15,000

Data exposed: Account login credentials including username and password.

In an intrusion discovered between January 4 and February 21, the streaming giant reports that more than 15,000 Roku users were impacted by a data breach involving unauthorized actors using login credentials obtained from third-party sources. The credentials were obtained from previous breaches of third-party services, which is also known as credential stuffing.

Roku states that payment details and personal information weren’t compromised but urges customers to update their passwords immediately surrounding security concerns. Customer credit card information was said to not have been compromised, however if Roku accounts are accessed, any private data contained within them could be exposed.

AT&T

Organization Description: AT&T is the fourth largest telecommunications company in the world and the largest wireless carrier in the United States. As of 2023, AT&T was ranked 13^th on the Fortune 500 list of the largest US corporations.

Breach Size: 71 million users affected.

Data exposed: Names, addresses, dates of birth, social security numbers, and phone numbers.

Earlier this month, a threat actor known as MajorNelson attempted to sell a massive amount of data impacting 71 million people that it says was from a 2021 AT&T data breach. The data includes encrypted information; however, the threat actors have decrypted the birth dates and social security numbers and added them to another file in the leak, making those accessible as well.

AT&T has denied the data originated from its’ systems though all signs point to it being the data of AT&T customers. Customers who have been with AT&T prior to 2022 are encouraged to monitor their personal data for dark web activity.

Fujitsu

Organization Description: Fujitsu is a Japanese tech giant and the world’s sixth largest IT services provider, employing 124,000 people with an annual revenue of $23.9 billion. Its portfolio includes servers, storage systems, software, telecommunications equipment and IT consulting services.

Breach Size: Not fully disclosed; leadership and cybersecurity teams affected.

Data exposed: Not yet fully released, but personal information and information relating to customers was exposed.

In an announcement published in early March, Fujitsu’s news portal disclosed a major cybersecurity incident that compromised systems and data, including sensitive customer information. In the document, it was stated that malware was found on several business computers that were promptly isolated upon discovery.

Fujitsu says it will continue to investigate how the malware breached its systems and what specific data was exfiltrated.

The company operates in over 100 countries and has a strong relationship with the Japanese government, playing a crucial role in the country’s national security. It has yet to comment on whether the data breach affected corporate clients or consumers, and has not yet released the number of impacted individuals or entities.

U-Haul

Organization Description: U-Haul Holding company is a US based moving truck and self-storage rental company based in Phoenix, AZ. The company has been in operation since 1945

Breach Size: 67,000 customers affected.

Data exposed: Names, dates of birth, and driver’s license numbers.

In a delayed notification, U-Haul confirmed it experienced a data breach that compromised the data of 67,000 customers. The company has received criticism for not reporting the compromise of information earlier; the event is believed to have happened between July 20 and October 2, 2023.

During the incident, legitimate credentials were used by an unauthorized party to access a system U-Haul dealers and team members use to track customer reservations and view customer records.

This is not the first time U-Haul has been compromised; in 2022 the moving and storage giant also experienced a data breach exposing customer names and driver license numbers.

Crinetics Pharmaceuticals

Organization Description: Crinetics Pharmaceuticals, Inc. is a clinical-stage pharmaceutical company focused on the discovery, development, and commercialization of therapeutics for rare endocrine diseases and endocrine-related tumors. The company is based out of San Diego, CA and was founded in 2008.

Breach Size: Unknown with details forthcoming

Data exposed: Not yet disclosed

In an attack orchestrated by the hacking gang LockBit, Crinetics experienced a cybersecurity event involving ransomware. The gang is demanding a $4 million payment as cybersecurity experts work to assist the pharmaceutical firm in mitigating the damage.

The admission from the company came shortly after LockBit listed it as a victim on its dark web data leak site. LockBit’s posting of the Crinetics attack arose amid promises of its leader LockBitSupp to restore the ransomware group’s operations shortly after a law enforcement take down.

Cyberattacks have been increasing against the pharmaceutical industry over the past year, with a major pharmaceutical distributor, Cencora, admitting just last month that it had experienced a data breach.

Hacking & Phishing News

LockBit Hacking Gang Gets a Taste of its Own Medicine

In a law enforcement take down, the infrastructure for the hacking group LockBit was breached by authorities on February 19^th. In Operation Cronos, authorities accessed 34 servers hosting the data leak website and its mirrors, data stolen from the victims, cryptocurrency addresses, decryption keys and the affiliate panel.

Less than a week later, the gang was up and running again, sharing details about the breach and how they’re going to run things going forward to make their infrastructure more difficult to hack. The message was conveyed in a mock-up FBI leak, specifically to draw attention.

‘Darcula’ Chinese Phishing Platform Targets Postal Organizations

A platform called Darcula has set its sights on postal services around the globe including the US Postal Service (USPS). By leveraging a massive network of more than 20,000 counterfeit domains, the nefarious group aids cybercriminals to launch attacks at scale.

As posted on Netcraft, the cybercrime is explained to be “using iMessage and RCS rather than SMS to send text messages which has the side effect of bypassing SMS firewalls.” This employs a greater effect for the malicious group in targeting the USPS and other postal services in 100+ countries.

More than 20,000 Darcula-related domains across 11,000 IP addresses have been detected, with an astounding average of 120 new domains per day since the start of 2024. Israeli security researcher Oshri Kalfon has revealed, and continues to search, for defining aspects of the Darcula phishing platform in efforts to help law enforcement agencies world-wide.