Tag: data leak

  • In the aftermath of the MGM cyberattack, five class action lawsuits have already been filed

    In the aftermath of the MGM cyberattack, five class action lawsuits have already been filed

    MGM Resorts are a staple on the Las Vegas strip, operating more than two dozen hotels and casinos around the world with nine of them being found in Las Vegas itself. You may have heard of the Bellagio, Mandalay Bay, and the Luxor? These are all MGM properties that host millions of visitors each year.

    Now some of those same visitors are wondering if the chain gambled with their private data. It was reported on September 11th that MGM was facing some kind of “cybersecurity issue” that trickled down to their facilities, with customers facing problems using the digital keys to their hotel rooms to slot machines not functioning as intended.

    Guests were left spending hours waiting to check in as the hotels shifted away from digital entry back to manual keys to get guests into the rooms they’d already paid for. It reportedly took 10 days for things to resume normal operations with some problems still occurring here or there.

    It’s now being reported that the cause of this hack was a persuasive phone call made by one of the members of a hacker group called “Scattered Spider” which has since claimed ownership of this attack. In a strange turn of events this group does not prioritize technology-based attacks such as malware or phishing but instead mostly engages in “Vishing”.

    “Vishing” or voice phishing is when someone calls you pretending to be someone else, they usually are purporting to be from a company you might do business with financially – such as your credit card company or banking institution.

    With number spoofing this type of attack can be very effective, and as the MGM attack shows even a massive organization is not necessarily immune from an attack if the bad actors is using the right attack vector for the job. That’s why it’s important to have several safeguards in place when it comes to protecting your systems and data.

    It’s alleged that a member of the Scattered Spider group found an MGM employee’s information on LinkedIn and was able to convince a member of their help desk to give them all the access they needed to perform the attack. Someone close to the group has said the original plan was to hack their slot machines but when that plan failed, they moved to plan B which was holding MGM’s data hostage for a payment in Crypto.

    Even though they’re now back to normal operations, MGM is not out of the woods yet. Five class action lawsuits have been filed with customers claiming the chain risked their personal identifiable information (PII) by falling for this attack. Two were filed against MGM directly, and three against their partner company Caesars Entertainment. We have talked about the legal ramifications. of cyber attacks before and it’s something companies should definitely be aware of, the insult of being hacked may not end just with the loss of data or systems being damaged – there may be legal consequences as well.

    Over 90% of successful attacks have a human element to them, with this most recent attack on MGM included in that figure. Cyber security training can go a long way in preventing cyber threats to your business, but vishing may still catch you or your employees off guard. You may be wondering how someone on the phone could possibly be so convincing that you give them access to your systems or financial accounts. We made a chart on the top 8 steps you need to take to guard against a vishing(voice phishing or)’ smishing (text message phishing) attack on your business.

    Of course, as we mentioned the best defense against cyber attacks in general is a layered approach, that way if one wall is breached an attacker would still have to get through several more to do any damage to your business. That’s where a partnership with Valley Techlogic comes in – we take a layered approach to protecting your backups, protecting your systems, and protecting you and your employees from bad actors. Learn more today through a consultation.

    Looking for more to read? We suggest these other articles from our site.

    This article was powered by Valley Techlogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

  • The Rockstar Games data leak and how reputation loss can be one of the costliest aspects of being hacked

    The Rockstar Games data leak and how reputation loss can be one of the costliest aspects of being hacked

    Video game news might fall outside our normal wheelhouse but reporting on cybersecurity events is right up our alley, and this the most recent hack on major game developer Rockstar Games made major news over the weekend so we wanted to chime in with our thoughts.

    The hacker going under the moniker “Tea Pot” released video clips of Rockstar Games unreleased (and previously unannounced) new game, Grand Theft Auto 6. The clips revealed spoilers on the games content and also showcased rougher assets as the game is still in early development, something game publishers don’t ordinarily highlight.

    In a message acknowledging the breach the Rockstar Games Team had this to say:

    Rockstar Games Response to the data leak.

    The hacker returned after releasing the data and sent a message on the GTAForums claiming they wanted to “negotiate a deal” with Rockstar Games, hinting that they had more data to release. Speculation proliferated across the internet that the hacker had somehow obtained some of the games source code.

    With the source code portions of the game could be re-engineered (outside Rockstar Games) and that could even possibly be used to provide at least a semi-playable version. The fallout from that would be devastating as it would steal the developer’s agency in releasing their own content and also reveal trade secrets that could be used to help create knockoff or pirated versions.

    Rockstars parent company, Take-Two, has issued take down notices to social media accounts and Youtube channels broadcasting the stolen footage as work to perform damage control. There will probably be a costly investigation into the origination of the hack and there may even be financial complications beyond that, as investors may question what effect this leak will have on the eventual release of the game.

    This hack is a perfect example of the reputation cost associated with being hacked. Recovering data you need to do your day to day job is one aspect, but you also need to think about data you wouldn’t want released to the public.

    Projects that haven’t been announced yet or information that’s not easily changed (tax information, personal identifying information) are just two factors, but there’s also the release of your customers private data. Many aren’t aware a breach involving client information can even lead to legal ramifications depending on regulatory factors in your sector.

    There’s also your private emails or messages, which could have future business plans, personal information, or other things that could be used by the hackers in a ransomware attempt (or even ongoing blackmail).

    Cybersecurity prevention’s are important but one element that has surged to the forefront of our minds is a recovery tool that’s becoming more difficult to obtain – cybersecurity insurance.

    You can review our comprehensive guide on the topic but here’s a brief chart on what cybersecurity insurance typically covers:

    Click to view the full size version.

    Obtaining coverage can be challenging, the requirements have grown much steeper as cybersecurity attacks become more common place, and that doesn’t look like it’s going to change anytime soon. At Valley Techlogic we have experience in helping clients obtain coverage so if the unthinkable does occur, their business will survive the hit.

    Whether you’re are in the early stages of researching cybersecurity coverage or if you have an application form in front of you, we can be your guide through the process. Schedule a consultation today to learn more.

    Looking for more to read? We suggest these other articles from our site.

    This article was powered by Valley Techlogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

  • Your Information Was Leaked in a Major Breach, Now What?

    Your Information Was Leaked in a Major Breach, Now What?

    In what seemed to be major news for only a brief period of time, over 500 million Facebook account details were leaked last week. The data included things like profile names, Facebook ID numbers, email addresses, and phone numbers. While this data may be online in other forms the combined data together makes it a treasure trove for phishers and scammers.

    The colossal total of 533 million accounts was accessed by hackers exploiting a bug in a Facebook address book contacts import feature. It was confirmed by Facebook that the exploit was patched in August 2019, but it is unclear how many times the bug was used before then. The information featured users from 106 different countries. News Tip About Hackers

    It’s clear from Facebook’s response that this data has been out there for a while, and no one knows how it’s currently being utilized by bad actors to phish and scam people. It hasn’t been released that password data was a part of the breach, but it’s still our recommendation that you change your password any time you hear news of a major breach from a service you utilize. As well as making sure you use different passwords for different sites (if you don’t already).

    But what else can you do? Here are our 5 tips to protect yourself after a breach occurs with a service you use or have used in the past.

    1. Keep an Eye Out for An Alert from The Company Affected. We feel companies should be duty bound to let their users know if a breach has occurred. You should keep an eye out for an email detailing the steps they have taken to protect your data after a breach, what may have been compromised, and what you should do to protect yourself.
    2. Monitor Your Financials. If the breach happened within a financial institution you utilize, or even one we all utilize by default (such as the Equifax breach) you want to take the time to monitor your financials for suspicious activity. Many banking and credit card issuers offer free credit reporting as part of their services now. You can even freeze your credit to be extra sure but keep in mind if you do try to open a new credit card or loan the freeze will affect you as well.
    3. Change Your Passwords. We recommend changing passwords if a major breach has occurred even if the business confirms no password data was leaked, you really can never be too careful. If you need help remembering your passwords for various sites as well as creating stronger passwords, we recommend our article on the top 3 password managers we recommend.
    4. Be Extra Wary of Suspicious Emails. Following a data leak, phishers and scammers will use this newly obtained information to try and reach out and trick you into handing over your financial or other personal information. They may have names of relatives or other people you know to utilize and try to get you to send them money. If you receive a suspicious email it is best to report it to your email provider.
    5. File Your Taxes Early. If your social security number was stolen as part of a breach, you may want to be prepared to file your taxes as soon as possible to avoid having your tax refund stolen by scammers.

    In addition to these five tips if the company that was breached offers assistance in the form of either monitoring your credit or tips on how to safeguard your account, we recommend accepting their offer. Data breaches occur so often now that the public is desensitized but they are still a threat that should be treated seriously.

    Data breaches that affect businesses are a different animal entirely. There is much more to monitor and safeguard and it is not something you should try to tackle alone. Valley Techlogic is experienced in helping businesses recover from data breaches and we can help you recover your data and protect it from further attacks. Visit here to schedule a free consultation to learn more.

    Looking for more to read? We suggest these tech articles from the last week.

    This article was powered by Valley TechLogic, an IT provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.