fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Kroger Data Breach Exposes Pharmacy And Employee Data

Kroger Data Breach Exposes Pharmacy And Employee Data

Supermarket giant Kroger has suffered a data breach after a service used to transfer files securely was hacked, and threat actors stole files.

Kroger is one of the largest retailers in the world, with almost 2,800 stores in 35 states. Kroger employs approximately 500,000 people and had over $122 billion in sales for 2019.

Yesterday, Kroger disclosed that they were the latest company to be affected by a security vulnerability in the Accellion FTA software that allowed hackers to steal data from companies utilizing the service.

According to a data breach advisory published yesterday, Kroger was informed by Accellion of their breach on January 23rd, 2021, and immediately discontinued the service’s use.

As part of their investigation into the attack, Kroger has determined that no grocery store data, including payment information, was impacted by the breach. However, the breach did expose human resources data and pharmacy records.

Also Read: The 5 Benefits Of Outsourcing Data Protection Officer Service

“At this time, based on the information provided by Accellion and our own investigation, Kroger believes the categories of affected data may include certain associates’ HR data, certain pharmacy records, and certain money services records.”

“Importantly, there was no impact to grocery store data or systems; credit or debit card information; or customer account passwords,” Kroger explained in their data breach advisory.

Kroger states that they are in the process of contacting those affected via postal mail. For those affected, Kroger is offering a free year of credit monitoring.

Accellion attacks have a wide-reaching impact

Kroger is just one of what is becoming a long list of companies affected by the vulnerability in the Accellion FTA service that hackers exploited over the past few months.

In mid-December, Accellion disclosed that they learned of an actively exploited zero-day vulnerability in their FTA secure file-transfer service. Threat actors exploited this vulnerability to steal data from companies who utilized the service to communicate with customers and partners securely.

Accellion released a patch on Christmas Day, but by the time companies received the update and applied it, threat actors had already gained access to their data.

Some of those affected by the Accellion breach have received ransom notes from threat actors demanding payment, or their data would be publicly released.  

As Accellion FTA service is used by many companies, educational institutions, and government agencies, we will continue to see further data breach advisories released over time.

Also Read: How To Prevent WhatsApp Hack: 7 Best Practices

Previous Accellion-related data breaches include the Singtel, QIMR Berghofer Medical Research InstituteReserve Bank of New Zealand, the Australian Securities and Investments Commission (ASIC), and the Office of the Washington State Auditor (“SAO”).

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us