Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
It was a strange year in cyberspace, as U.S. President Donald Trump and his administration launched foreign policy initiatives and massive changes within the federal government that had significant geopolitical ramifications. Through it all, the constant drumbeat of data breaches, leaks, ransomware attacks, digital extortion cases, and state-sponsored attacks that have unfortunately become a backdrop to daily life has continued to resonate.
Here’s WIRED’s take on this year’s biggest breaches, hacks and digital attacks. Stay vigilant and stay safe out there.
Salesforce Integrations
Attackers took data from sales management giant Salesforce in at least two breaches this year, but they did not directly compromise Salesforce. Instead, the group breached third-party Salesforce contractor integrations, including those of Gainsight And Sales loft.
Google Threat Intelligence Group published about the August frenzy, claiming that some Google Workspace data was compromised as part of the sales and marketing platform Salesloft Drift breach. Although the incident was not a direct hack of Google Workspace, it represents a rare case in recent years where Alphabet customer data was exposed.
Other companies affected include Cloudflare, Docusign, Verizon, Workday, Cisco, LinkedIn, Bugcrowd, Proofpoint, GitLab, SonicWall, Adidas, Louis Vuitton and Chanel. The credit bureau TransUnion also had a violation apparently linked to the situation that exposed the information of 4.4 million people, including names and social security numbers.
The spree was carried out by a group known as Scattered Lapsus$ Hunters, a potential amalgam of actors and tools from the hacking and data theft groups Scattered Spider, Lapsus$ and ShinyHunters. Researchers notehowever, that the group is not actually an individual evolution of the three namesakes. Regardless, scattered Lapsus$ hunters have a data leak site where they previewed reams of data stolen during the campaign and carried out digital extortion attacks against victims.
Clop’s Oracle E-Business hacking spree
The Clop ransomware group is known for massively exploiting vulnerabilities in data breaches and extortion attacks. Past outbursts in recent years there were a large number of victims both in private companies and in government agencies. This year, the group did it again by exploiting a vulnerability in Oracle’s internal E-Business management platform to steal data from many companies and organizations.
As part of this spree, Clop was able to steal employee data from several companies, including executives’ personal information, and used it to send emails and other threatening communications to senior executives as part of demands for millions of dollars in ransom to delete the data instead of publishing it.
Oracle rushed to patch the vulnerability in early October, but Clop had already exploited it to steal data from hospitals and healthcare groups, media companies like The Washington Postand universities like the University of Pennsylvania (see below).
Academic infractions
The University of Pennsylvania publicly disclosed a data breach in early November which took place at the end of October, impacting the personal data – some dating back several years or decades – of students, alumni and donors. The data also included internal university documents and some financial information. The incident was the result of a phishing attack; the hacker sent emails to students and alumni describing Penn as “woke” and saying the school prioritizes “legacies, donors, and wholehearted affirmative action.” The edge reportedhowever, that ultimately the hacker may have been financially motivated.
Harvard said in a November statement that its Alumni Affairs and Development office’s systems had been breached via a “telephone phishing attack.” The incident involved personal information about alumni, their partners, Harvard donors, parents of current and former students, certain current students, and certain faculty and staff. The data included email addresses, phone numbers, physical addresses, event attendance records, university donation information, and other fundraising details. Princeton University was hit by a similar attack the same month, although the scope of the data affected appears to be more limited.
