Cisco faces fallout from a massive data leak exposing critical files, while China accuses the U.S. of cyber espionage amid rising tech tensions. AI governance sparks debate as Europe enforces strict rules, and ASIC sues HSBC for $23M scam failures. Global cyber affairs take center stage this week.
ASIC is suing HSBC Australia over $23M in scam losses, alleging systemic failures in fraud detection and delays in resolving complaints. Meanwhile, Singapore's proposed anti-scam law aims to freeze accounts of scam victims to prevent further losses, sparking debate on privacy and autonomy.
Broadcom joins Nvidia in the $1 trillion club, reshaping the AI chip race with a 51% revenue surge in Q4 2024 and VMware's $69B acquisition. As China invests $25B to boost semiconductor self-reliance, U.S.-China tensions escalate, redefining global innovation and geopolitical power dynamics.
National Public Data Hack Sends Shockwaves Through Cybersecurity Community
This week, the cybersecurity world is in turmoil following a massive data breach at National Public Data. The breach, involving 2.9 billion records, has exposed sensitive information spanning decades.
This past week the media and cybersecurity analysts have been in a frenzy regarding the latest hack. This class action arises out of the data breach that, upon information and belief, occurred in or around April of 2024 involving Defendant National Public Data (NPD).
A massive data breach has compromised a wealth of sensitive information spanning several decades, including current and past addresses, names, Social Security numbers, and, in some instances, details about relatives. While 2.9 billion records were compromised, this does not necessarily equate to 2.9 billion unique individuals, as multiple records may exist for a single person due to address changes over time.
The authenticity of the breach has been partially verified, with some individuals confirming the accuracy of their personal information, including details about deceased relatives. However, there are reports of outdated and incorrect data, suggesting the information may have been extracted from an older backup.
Cybercriminal Group USDoD
According to TechCrunch, the cybercriminal group USDoD played a central role in the National Public Data breach, claiming to have accessed the data in April 2024. Known for their previous attempts to sell stolen databases, USDoD listed the massive 277GB database containing 2.9 billion records for sale on the dark web for $3.5 million.
The exact timeline and method of the breach remain unclear, with some reports suggesting that the initial compromise may have occurred as early as December 2023. Adding complexity to the origin of the leaked information, a hacker named Fenice later leaked 2.7 billion records on the "Breached" hacking forum, attributing the data to another actor called "SXUL" rather than USDoD.
National Public Data data leaked on a hacking forum Source: BleepingComputer
In April, a threat actor known as USDoD claimed to be selling 2.9 billion records containing the personal data of people in the US, UK, and Canada that was stolen from National Public Data. At the time, the threat actor attempted to sell the data for $3.5 million and claimed it contained records for every person in the three countries. USDoD is a known threat actor who was previously linked to an attempted sale of InfraGard's user database in December 2023 for $50,000.
Since then, various threat actors have released partial copies of the data, with each leak sharing a different number of records and, in some cases, different data. On August 6th, a threat actor known as "Fenice" leaked the most complete version of the stolen National Public Data data for free on the Breached hacking forum. However, Fenice says the data breach was conducted by another threat actor named "SXUL," rather than USDoD.
Legal and Company Response
Multiple class-action lawsuits have been filed against Jerico Pictures Inc., operating as National Public Data, accusing the company of negligence and failure to adequately secure personal data. In response to the breach, NPD has acknowledged the incident on its website, stating they are cooperating with law enforcement and governmental investigators. "We are taking this breach very seriously and are working closely with authorities to ensure such incidents do not occur in the future," an NPD spokesperson said. The company claims to have implemented additional security measures to prevent future breaches and protect their systems. However, NPD has yet to directly inform affected individuals about their compromised data, with many learning of their involvement through third-party identity theft protection services.
Preventive Measures for Individuals
In the wake of this massive breach, experts are advising individuals to take several precautionary steps to protect their personal information. These steps include changing passwords for potentially affected accounts, closely monitoring financial statements and credit reports for unauthorised activity, and considering a credit freeze with major bureaus like Equifax, Experian, and TransUnion.
Dr Ilia Kolochenko, Founder of ImmuniWeb, and a member of Europol Data Protection Experts Network has commented on the new agreement.
“The CLOUD Act certainly accelerates and simplifies complex investigations in cyberspace, being an efficient and effective alternative to now-outdated MLATs and other traditional instruments used in cross-border criminal investigations.
The executive agreement between the US and the UK enacted under the Act will, however, unlikely have a revolutionary effect," he says.
Law enforcement agencies from the two countries have already established tenable and rapid communication mechanisms when seeking digital evidence from each other in transborder criminal investigations. Likewise, while Australia has also joined the club, other countries are reluctant to participate because of, among other things, privacy concerns.
CNC Editors Commentary
The National Public Data breach reveals a disturbing reality: our personal information is increasingly vulnerable to sophisticated cybercriminals who treat it as valuable currency on the dark web. The involvement of multiple actors, like USDoD and Fenice, not only underscores the complexity of this breach but also highlights the chaotic and dangerous landscape of cybercrime today.
National Public Data’s insufficient response to this crisis raises serious concerns about its ability to protect sensitive data. This breach serves as a stark reminder of the urgent need for stronger cybersecurity measures and more transparent handling of such incidents.
China’s "Salt Typhoon" hackers have breached U.S. telecoms, raising cyber tensions. Experts warn of the threat to international stability, emphasizing the need for collaborative strategies to prevent escalation amid ongoing economic competition.
Chinese hackers allegedly breached U.S. telecoms tied to Harris and Trump campaigns, highlighting election security gaps. AI-driven deepfakes and disinformation also surge on social media, raising risks to democracy as voters near Election Day.
CrowdStrike's disastrous July 19 software update crippled Jetstar and exposed vulnerabilities, causing a global IT outage. Competitors like SentinelOne exploited the chaos, shaking customer trust and eroding CrowdStrike's market value by 25%.
A major cyberattack that led to a significant Microsoft Azure outage, a high-stakes prisoner swap involving Russian cybercriminals and U.S. journalists, and Google's urgent patching of an Android zero-day vulnerability.