May 29, 2024

Data Breach Report: May 2024 Edition

PKWARE
Data Breach Report: May 2024 Edition

Data breaches in April 2024 exposed billions of records globally. This report highlights some of the most concerning incidents, including the compromise of millions of customer records at AT&T and retailer Giant Tiger, alongside a major attack targeting the international shopping platform PandaBuy. This month also unpacked major breaches from earlier in the year, such as the Marriott incident. For example, in April, Marriott admitted to misleading the court regarding the encryption used during a massive 2018 data breach, a revelation that could significantly impact ongoing legal battles.

Giant Tiger

In March 2024, the Canadian discount store chain Giant Tiger Stores Limited suffered a data breach that exposed over 2.8 million customers’ records. Giant Tiger confirmed that the breach occurred on March 4 due to a cybersecurity incident involving one of its third-party vendors.

Scale of the Breach: Over 2.8 million unique customer records were leaked.

Data Exposed: The breach potentially exposed names, email addresses, phone numbers, and physical addresses of Giant Tiger customers.

Cause of the Breach: The cause of the Giant Tiger data breach is attributed to a security issue with a third-party vendor they used for customer communications and engagement.

Giant Tiger themself acknowledged the incident: While they didn’t comment on the authenticity of the leaked data in hacker forums, they did confirm a security issue with a third-party vendor in early March 2024 that resulted in unauthorized access to customer contact information. – https://www.cbc.ca/news/business/giant-tiger-customer-data-breach-1.7154572

PandaBuy

In April 2024, a data breach affected PandaBuy, a popular platform for purchasing items from China.

Scale of the Breach: Threat actors claimed to have exploited vulnerabilities in PandaBuy’s system and leaked a database containing information on over 1.3 million users.

Data Exposed: The leaked data reportedly included user IDs, full names, phone numbers, email addresses, home addresses, login IPs, and order details.

Cause of the Breach: The attackers, known as Sanggiero and IntelBroker, claimed to have exploited “several critical vulnerabilities in the platform’s API” and other bugs to gain access to PandaBuy’s internal systems.

PandaBuy acknowledged the incident and claimed it was due to hackers exploiting vulnerabilities in their platform’s security.

Marriott

The Marriott data breach which likely began in 2014 but Marriott didn’t discover it until 2018 is again in a complex situation in April 2024.

Marriott spent over five years downplaying a major 2018 data breach, claiming their encryption (AES-128) was unbreachable. However, in a surprising turn of events during a US District Court hearing on April 10th, the company’s lawyers admitted they hadn’t even used AES-128 at the time of the breach and instead using a hashing method called SHA-1, which isn’t considered encryption.

Marriott’s latest statement update
“Following an investigation with several leading data security experts, Marriott initially determined that the payment card numbers and certain passport numbers in the database tables involved in the Starwood database security incident that Marriott reported on November 30, 2018 were protected using Advanced Encryption Standard 128 encryption (AES-128). Marriott has now determined that the payment card numbers and some of the passport numbers in those tables were instead protected with a different cryptographic method known as Secure Hash Algorithm 1 (SHA-1).” Source: https://news.marriott.com/news/2019/01/04/marriott-provides-update-on-starwood-database-security-incident

The Marriott data breach of 2018 was a major cybersecurity incident that affected hundreds of millions of guests. Here’s a summary of what happened:

Scale of the Breach: Up to 500 million guest records were compromised. This number includes duplicate entries, but it still represents a significant portion of Marriott’s customer base.

Data Exposed: Personal information of up to 500 million guests was compromised, including credit card details, passport numbers, and birthdates.

Cause of the Breach: The breach originated from a flaw in the security of Starwood’s guest reservation system. Attackers gained access in 2014, two years before Marriott acquired Starwood.

AT&T

While the AT&T data breach announcement happened in late March 2024 and we have covered the same in our April 2024 data breach report, details continued to emerge throughout April.

Scale of the Breach: The exposed data appears to be from 2019 or earlier, indicating the breach might have occurred before then.

Data Exposed: The breach exposed the personal information of millions of AT&T customers, including current and former ones. Estimates suggest around 73 million people were affected.

Cause of the Breach: AT&T is still investigating the source. They haven’t confirmed if the data originated from their systems or a vendor they work with.

AT&T’s official statement on the data breach is here: https://about.att.com/story/2024/addressing-data-set-released-on-dark-web.html

Keep your organization out of breach headlines by ensuring your organization not only knows where all its sensitive data is stored but can also protect it wherever it lives and moves.

Take a look at our unique, data-centric approach!

Share on social media
  • Data Breach Report: September 2024 Edition

    PKWARE October 9, 2024
  • Data Breach Report: August 2024 Edition

    PKWARE September 6, 2024
  • Where Are the Keys? Managing Encryption in the Cloud

    PKWARE August 7, 2024
  • Data Breach Report: July 2024 Edition

    PKWARE July 19, 2024
  • Data Breach Report: September 2024 Edition
    PKWARE October 9, 2024
  • Data Breach Report: August 2024 Edition
    PKWARE September 6, 2024
  • Where Are the Keys? Managing Encryption in the Cloud
    PKWARE August 7, 2024