New York University had over 1 million students' personal data reported by DataBreach.com's Zach Ganot to have been leaked following the hijacking of the university's website over the weekend, according to The Record, a news site by cybersecurity firm Recorded Future.Included in the applicant data exposed by the threat actor were individuals' full names, addresses, phone numbers, email addresses, and grade point averages, among other information, said Ganot, who has already added the stolen data trove to his website after the incident was revealed by NYU's school newspaper to have compromised extensive information from applicants dating back to 1989. Such an intrusion, which involved the defacement of NYU's homepage, was claimed by a "Computer Niggy Exploitation" hacker to have been conducted in response to the removal of affirmative action nearly two years ago, a move which Ganot regarded to be "reckless" despite the hacker's efforts to reveal illegal discrimination. Computer Niggy Exploitaiton was previously linked to an attack against the University of Minnesota, which resulted in the theft and exposure of 7 million current and former students' Social Security numbers.
Reuters reports that major Chinese state-run telecommunications firms China Telecom, China Mobile, and China Unicom have been subpoenaed by the House Committee on China lawmakers to respond to queries concerning the security of Americans' data collected by their U.S. cloud and internet businesses following recent attacks by Volt Typhoon and other Chinese state-backed threat operations against U.S. telcos and other critical infrastructure.
Widely used workplace time tracking and productivity monitoring software WorkComposer had over 21 million screenshots of employee devices unintentionally leaked by an unprotected Amazon S3 bucket, Cybernews reports.
Kelly Benefits, a Maryland-based benefits administration and payroll solutions provider, has confirmed that almost 264,000 individuals served by its customers Amergis, CareFirst, Beam Benefits, Intercon Truck of Baltimore, Beltway Companies, The Guardian Life Insurance Company of America, Transforming Lives, and Publications Circulation Fulfilment had their data compromised following a cyberattack in December, SecurityWeek reports.
