In November a series of data breaches affected a plethora of businesses and organizations around the word, including giants like T-Mobile and Amazon. The November attacks once again highlight the growing threat to cybersecurity and online privacy.

• T-Mobile Data Breach
• Amazon Hacked?
• IntelBroker
• Blue Yonder Ransomware Attack Affects Starbucks
• Hot Topic, Box Lunch, and Torrid

T-Mobile Data Breach

T-Mobile has become the latest target of a sophisticated campaign linked to the Chinese hacker group known as “Salt Typhoon”. Revealed on November 15^th, the breach highlights the attackers’ ability to infiltrate U.S. telecommunications networks. The hackers potentially accessed sensitive data, including call logs, texts, and high-value communications.

Although T-Mobile denies significant impacts on customer data, the possibility of compromised surveillance requests and private communications has sparked alarm. T-Mobile’s history of frequent breaches, including the massive 2021 incident affecting millions of customers, underscores the need for stronger cybersecurity measures.

Amazon Hacked?

A hacker recently announced on the dark web platform, BreachForums, that they had obtained Amazon employee data, including names, phone numbers, email addresses, job titles, and more. The hacker claims the leaked database contains 2.8 million entries. The hacker additionally claims that this data originated from the 2023 MOVEit hack that impacted nearly 2,800 organizations and compromised the data of around 100 million individuals. 

Amazon confirmed the breach but clarified that its systems were not directly compromised. Instead, the breach involved a third-party vendor serving multiple clients, including Amazon. The company emphasized that only work contact details, such as email addresses and phone numbers, were exposed, and no sensitive personal or financial information was affected.

Protect Yourself with Trend Micro ScamCheck

Data breaches and the leaking of users’ personal info to the dark web always leads to an increase in phishing scams. Introducing Trend Micro ScamCheck! Available for both Android and iOS, ScamCheck offers comprehensive protection from the latest deception:

• Scam Check: Instantly analyze emails, texts, URLs, screenshots, and phone numbers with our AI-powered scam detection technology. Stay secure and scam-free.
• SMS Filter & Call Block: Say goodbye to unwanted spam and scam calls and messages. Minimize daily disruptions and reinforce your defenses against phishing.
• Deepfake Scan: Detect deepfakes in real-time during video calls, alerting you if anyone is using AI face-swapping technology to alter their appearance.
• Web Guard: Surf the web safely, protected from malicious websites and annoying ads.

To download Trend Micro ScamCheck or to learn more, click the button below.

IntelBroker

IntelBroker, a notorious figure in the cybercrime world, has claimed responsibility for a significant breach involving Nokia. Posting on BreachForums, the hacker alleges they accessed sensitive Nokia data via a third-party. While IntelBroker insists no customer information was compromised, the stolen data is being sold for $20,000. To demonstrate the breach’s legitimacy, IntelBroker shared a detailed file tree of the data. 

IntelBroker was also involved in a separate incident affecting Ford, where leaked records included addresses of global car dealers. While Ford confirmed the leak originated from a third-party, it underscores IntelBroker’s focus on exploiting vulnerabilities in third-party systems.

Blue Yonder Ransomware Attack Affects Starbucks

A ransomware attack on Blue Yonder, the leading supply chain management software provider, caused widespread disruptions for Starbucks and other retailers. The attack, which targeted Blue Yonder’s private cloud services on November 21^st, 2024, severely impacted Starbucks’ back-end systems for employee scheduling and payroll. Blue Yonder, a key supply chain provider for Fortune 500 companies, is investigating the incident. While the company is working on defensive measures and recovery efforts, a timeline for restoring full function remains unclear. Starbucks has assured employees that accurate payments remain a priority despite the setbacks.

Hot Topic, Box Lunch, and Torrid

An alleged data breach has exposed the personal information of nearly 57 million accounts belonging to customers of Hot Topic, Box Lunch, and Torrid. The stolen data includes full names, email addresses, dates of birth, phone numbers, physical addresses, purchase histories, and partial credit card information. The breach was initially claimed by a threat actor known as “Satanic” on BreachForums, who attempted to sell the database.

The breach reportedly originated from an information stealer malware attack targeting a data service used by Hot Topic, occurring on October 19^th, 2024. Hot Topic has yet to comment or notify customers — but experts urge vigilance against phishing, close monitoring of financial accounts, and immediate password updates.

Safeguard Your Identity

Trend Micro is here to have your back as 2024 ends. We would encourage readers to head over to our new ID Protection portal, which has been designed to meet the security and privacy threats we now all face. With ID Protection, you can:

• Safeguard your social media accounts against hackers
• Receive alerts if your personal info gets leaked
• Protect against online threats, such as phishing scams
• Stop sites from collecting privacy-compromising data
• Create, store, and manage strong, tough-to-hack passwords.

What’s even better is that you can enjoy a 7-day free trial of ID Protection‘s paid version, so that you can take advantage of all its awesome features and start securing your identity and privacy today! Why not give it a go today?