Cybersecurity Monthly Newsletter August 2024

In this issue:

• National Public Data Breach: What You Need to Know About the Massive Cybersecurity Incident

• Cybersecurity Shorts

• Software Updates

Welcome to your August Savvy Cybersecurity newsletter. Read on to learn more about:

• The massive National Public Data Breach
• Essential cybersecurity tips for college students
• And more

National Public Data Breach: What You Need to Know About the Massive Cybersecurity Incident

The National Public Data breach has emerged as one of the most significant data security incidents of 2024. This breach, affecting a prominent background check company, has potentially exposed the sensitive information of millions of individuals, raising serious concerns about data privacy and security in the digital age.

The breach targeted National Public Data, a company specializing in collecting information from public data sources for background checks. The scale of the incident is staggering, with reports indicating that between 2.7 and 2.9 billion records were compromised. This vast trove of data includes highly sensitive personal information such as names, addresses, phone numbers, email addresses, Social Security numbers, and date of birth.

The compromised data is particularly concerning due to its comprehensive nature. It includes both current and historical personal information, providing a detailed profile of affected individuals.

The sheer volume of exposed records makes this one of the largest data breaches in recent history, potentially affecting a significant portion of the U.S. population.

Timeline and Discovery

The breach’s timeline reveals a months-long saga of unauthorized access and data exfiltration:

• December 2023: Initial hacking attempt on National Public Data’s systems
• April 2024: Data leaks begin, continuing over several months
• August 2024: The breach is publicly revealed through a class-action lawsuit

This extended timeline raises questions about the company’s detection capabilities and incident response procedures.

What You Should Do

In light of this massive data exposure, cybersecurity experts recommend the following steps for individuals to protect themselves:

Freeze credit: Implement a credit freeze with all three major credit bureaus – Equifax, Experian, and TransUnion – to prevent unauthorized credit applications.

Enhance security: Change passwords for important accounts, enable multi-factor authentication wherever possible, and be cautious about sharing personal information, especially on public Wi-Fi networks.

The National Public Data breach serves as a reminder of the vulnerabilities inherent in our increasingly digital world. It underscores the critical need for robust data protection measures and stronger regulations governing data brokers and cybersecurity practices. As investigations continue and the full impact of this breach unfolds, it is clear that this incident will have far-reaching implications for data privacy, cybersecurity policies, and individual data protection strategies in the years to come.

Cybersecurity shorts

Essential cybersecurity practices for college-bound students. As students transition to college life, they face increased cybersecurity risks in their new environment. This article outlines critical steps for protecting digital assets, including securing devices against theft, implementing strong passwords and two-factor authentication, and establishing regular backup routines. It also emphasizes the importance of VPN usage on shared networks, maintaining clean devices, and being vigilant against phishing attempts and rigged charging cables or flash drives. These measures form a comprehensive approach to safeguarding students’ digital lives on campus.

Chinese hacking persists despite U.S. efforts to curb cyber threats. Despite increased efforts by the Biden administration to deter Chinese cyber activities, cybersecurity experts report that the government-linked hacking group Volt Typhoon remains active in targeting U.S. critical infrastructure. The group’s persistence, coupled with its stealthy tactics aimed at maintaining long-term access to key networks, poses a significant concern for U.S. officials worried about potential cyberattacks in the event of geopolitical conflicts. While the U.S. has taken unprecedented steps to publicly warn about and combat these threats, experts suggest that these efforts have yet to significantly impact China’s cyber operations.

New Android trojan “BingoMod” threatens user finances and privacy. Cybersecurity firm, Cleafy, has uncovered a sophisticated Android malware called BingoMod, which masquerades as legitimate security apps to gain access to users’ devices. Once installed, this remote access trojan can steal login credentials, intercept texts, and perform fraudulent transactions, all while evading detection by disabling security systems. To protect against this threat, users are advised to avoid clicking on links from unknown sources, download apps only from reputable platforms like the Google Play Store, and consider using additional security measures such as password managers.

Cybersecurity firm’s close call: North Korean hacker infiltrates hiring process. Clearwater-based cybersecurity company KnowBe4 narrowly avoided a major security breach after inadvertently hiring a suspected North Korean hacker for a remote AI research position. The imposter, who used a fake profile and passed through multiple video interviews, was detected within hours of being hired due to suspicious software activity on the company-issued laptop. While no client data was compromised, the incident serves as a stark reminder of the sophisticated tactics employed by cybercriminals and the importance of rigorous vetting processes in hiring, especially for remote positions in sensitive industries.

CIRCIA: Reshaping U.S. cybersecurity through mandatory reporting. The Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) has significantly transformed the United States’ approach to cybersecurity by mandating swift reporting of cyber incidents and ransomware payments. This law fills critical gaps in the nation’s cyber defense strategy by centralizing threat data, improving analysis, and fostering a unified response to cyber threats across critical infrastructure sectors. By streamlining reporting processes and offering liability protections, CIRCIA not only enhances national security but also positions the U.S. as a global leader in proactive cybersecurity measures.

Software updates

Adobe: Over 70 security flaws were addressed in this month’s Adobe update. The vulnerabilities were found in various products such as Reader, Acrobat, Photoshop and more. You can read more here.

Microsoft: Microsoft released updates closing over 90 vulnerabilities this month. Six of the security flaws are actively being exploited. These updates impact programs such as Office, Co-Pilot, and Teams. You can learn more about the updates here. Your devices should prompt you to update automatically.