24 January 2020

IRM Weekly Cybersecurity Roundup: Microsoft data breach and more

Want the IRM weekly cybersecurity roundup sent straight to your inbox? Sign up to our newsletter.

250 million records exposed in Microsoft data breach

On Wednesday, Microsoft announced a data breach that has affected one of its customer databases.

It seems that between the 5th and 31st December last year, a “support case analytics” database was visible from the cloud to the public. Whilst figures from the Microsoft data breach weren’t confirmed in the statement, consumer website Comparitech claims 250 million records were affected.

The vast majority of records are said to be clear of personal information. Microsoft were quick to secure the data, although some records had been missed out from a redaction process. Microsoft have committed to notifying anyone whose data was exposed.

You can read more here.

New Orleans cyber-attack cost reaches $7 million

The rising bill of New Orleans’s cyber-attack in December has so far reached $7 million.

The city is partially covered by a cyber-insurance policy which has paid out $3 millioon, but the attempt to recover from the incident still leaves them out of pocket.

Officials in the city state that it will be another six to eight months before they rebuild all the systems back up after the extensive ransomware attack they were victim to.

The biggest cost within the $7 million bill is the purchase of 3,400 computers and plans to improve the city’s IT infrastructure.

You can read more here.

Mitsubishi Electric data in cyber-attack compromise

A Chinese cybercrime group is thought to be behind the cyber-attack on Japanese company, Mitsubishi Electric.

Among the data thought to be exposed to the public include government project information, personal data of graduate applicants and survey results from an internal HR matter.

Mitsubishi spotted irregular activity on devices in June which led to an internal investigation highlighting unauthorised access to management sections.

Despite being the third largest contractor for defence equipment at the Defence Ministry in 2018, the company confirms there has been no leak of sensitive defence information.

You can read more here.

US bill to create cybersecurity leaders in each state

A new bill in America, the ‘Cybersecurity State Coordinator Act of 2020’ proposes the implementation of a cybersecurity leader in each US state in order to strengthen state and local government response to cyber incidents.

It’s thought the new “state-level coordinators” would coordinate efforts to prepare, respond and remediate cybersecurity incidents. They would also support training to expedite recovery and assist non-federal entities in coordinating their programmes with relevant industry standards.

You can read more here.

Quick-Fire Updates

Bahrain oil company cyber-attack linked to Iran: An attack of Bapco last December has now been linked to state-sponsored hackers from Iran. Read more here.

Cybersecurity firm boss pleads guilty to commissioning DDoS attacks: A man who co-founded a service to protect companies from cyber-attacks has pleaded guilty to arranging from DDoS attacks against a company with service in New Jersey. The guilty plea will lead to a maximum penalty of 10 years in prison and a fine of up to $250,000. Read more here.

To find out more about IRM, Altran’s World Class Center for Cybersecurity, explore our cybersecurity services here.