Weekly Cybersecurity Recap March 31
Table of Contents
- By Steven
- Mar 31, 2023
Major companies and services were hit by data breaches this week. Some of the breaches were caused by internal mistakes, others were the result of coordinated gang attacks, and some were issues with outside services. All the different attack types make it clear that no matter how you run your business, there are data risks you must look out for, and as a consumer, you have to be careful to monitor your credit and finances closely. ChatGPT, Proctor and Gamble, the Tri Counties Bank, Kroger, and Ferrari were all hit this week.
ChatGPT is a language bot designed by OpenAi to have realistic conversations with people through text chat. The service is being offered to many companies and individuals, but customers paying for ChatGPT Plus may have had their data exposed due to a recent data breach. The company suffered from a service outage on March 20th, and during the outage, customer data was available to grab for 1.2% of its customers. The issue exposed the last four of customer credit card numbers, email addresses, full names, and payment addresses. Complete credit card details were never exposed, but the breach is still a legitimate data concern for ChatGPT customers.
Proctor and Gamble
Proctor and Gamble is an enormous production business that creates products under many different brand names. The company is responsible for Febreze, Dawn, Gillette, Crest, Pampers, and many others. The production giant is the next company that was impacted by the GoAnywhere data breach issues. The company has since stopped using the service but states that internal documents and messages were obtained due to security issues in the file transfer service. The organization may have suffered from some internal issues but assures consumers that their data wasn't impacted by the breach at all.
Tri Counties Bank in Chico
The Tri Counties Bank in Chico maintains financial documents and money for customers throughout the Chico area. The bank suffered from a cyber attack in February 2023, caused by the Black Basta cyber gang. The gang posted photos of protected documents like passports, driver's licenses, and Social Security Numbers, claiming it obtained them from the bank's internal files. It doesn't appear that the bank has released a statement about the incident yet, but customers of the Chico branch should take immediate action to protect themselves, starting with a freeze on their credit and careful monitoring of their financial accounts.
Postal Prescription Services
Postal Prescriptions Services is a company based in Oregon that offers mail-order medical prescriptions to customers. The company teamed up with grocery chain Kroger, and when its users were added to Kroger's system, they were exposed due to an internal error. The error exposed more than 82,000 individuals between July 2014 and January 13, 2023, before the mistake was caught. The issue exposed the patients' email addresses and names but nothing else. The data leak was minor, but it could lead to phishing attempts on customers over time.
A cyber gang hit Ferrari's file servers and demanded a ransom on March 20th. The attack exposed some minor customer data, like email addresses, full names, home addresses, and phone numbers, but didn't expose financial or credit information. Ferrari refused to pay the ransom demands and may have lost a significant number of internal documents and data sheets as a result. The company is having investigators look into the incident but says that consumers don't have anything to worry about currently.