CYBER SECURITY NEWS – WEEK OF JULY 08, 2024

Bharti Airtel has denied any breach of its security system, refuting reports of a major data leak of 375 million customers.
An Airtel spokesperson stated that based on preliminary investigation, there has been no data breach of Airtel’s system.
The reports had suggested that details such as phone numbers, emails, addresses, and Aadhaar numbers were allegedly available for sale on the dark web for $50,000

The largest password compilation ever, containing nearly 10 billion unique plaintext passwords, was leaked on a popular hacking forum on July 4th, 2024.
The leaked file, titled “rockyou2024.txt”, was posted by a user named ObamaCare. The Cybernews research team believes this leak poses severe dangers to users prone to reusing passwords.
The RockYou2024 compilation is a mix of old and new data breaches, with an additional 1.5 billion passwords added since the previous RockYou2021 leak.
Threat actors can exploit this password compilation to conduct brute-force attacks and gain unauthorized access to various online accounts.

Infosys McCamish Systems (IMS), a subsidiary of Infosys, disclosed that the LockBit ransomware attack it suffered in November 2023 compromised the personal data of over 6 million individuals.
The stolen data included sensitive information such as Social Security numbers, dates of birth, medical records, biometric data, login credentials, financial account details, and passport numbers.
The attack occurred between October 29 and November 2, 2023, and impacted IMS’s clients, including major financial institutions like Bank of America and insurance providers.
IMS has notified the affected individuals and is providing them with free credit monitoring and identity protection services to mitigate the risks

Prudential, the second largest life insurance company in the United States, has reported a massive data breach that has affected over 2.5 million individuals, In February 2024, insurance giant Prudential experienced a data breach that initially affected 36,545 individuals, according to the company’s initial reports.
The stolen information included names, addresses, driver’s license numbers, and non-driver identification card numbers.
Prudential stated that it has taken measures to secure its systems, including enhancing access controls, implementing additional monitoring technologies, and strengthening authentication protocols.

HealthEquity, a health tech company, suffered a data breach where hackers stole “protected health information” of some customers.
The breach was an “isolated incident” and not connected to other recent high-profile cyberattacks in the sector, according to the company.
HealthEquity discovered the breach on March 25, 2024 and took immediate action to resolve the issue and conduct forensic analysis, which was completed on June 10, 2024.
The breach stemmed from a compromised third-party vendor account that had access to some of HealthEquity’s SharePoint data.
The breach comes amid a broader wave of cyberattacks across various industries, including recent high-profile incidents at companies like Change Healthcare, CDK Global, Neiman Marcus, and Evolve Bank & Trust.