In the spotlight this week:
Another Alibaba-backed grocer suffers a data breach
More ransomware attacks
Capcom gets hit by Ragnar Locker Ransomware
Laptop maker Compal hit by DoppelPaymer ransomware
Ransomware attacks toys with Mattel systems
Cyber attackers have stolen personal details of millions users of a top Indian internet grocer, Bigbasket, in the latest e-commerce data breach. The stolen data, which includes sensitive information such as email IDs, mobile phone numbers, and full addresses, has been put up for sale on the dark web for more than US$40,000. Bigbasket’s CEO issued a statement noting that they have filed a case with the cyber crime police in India, though he did not confirm the scale of the attack due to the ongoing status of the investigation.
Japanese game developer Capcom has suffered a ransomware attack where threat actors claim to have stolen 1 TB of sensitive data from their corporate networks in the US, Japan, and Canada. Capcom Group networks experienced issues that affected access to certain systems, including email and file servers. The company confirmed that this was due to unauthorized access carried out by a third party and that it has halted some operations of its internal networks since November 2nd. Since the attack, Capcom has been displaying notices on its site warning visitors that emails and document requests will not be answered due to the attack impacting email systems.
Taiwanese laptop maker Compal Electronics has suffered a DoppelPaymer ransomware attack last weekend, with the attackers demanding almost US$ 17 million in ransom. Compal is the second-largest original design manufacturer (ODM) of laptops globally, with well-known companies rebranding their devices or designs, including Apple, HP, Dell, Lenovo, and Acer. Taiwanese media reported that Compal suffered a cyberattack, but the laptop maker claimed it was just an "abnormality" in their office automation system and had immediately worked to patch the vulnerabilities. However, the ransom note has since been made public.
Toymaker Mattel has been the victim of a ransomware attack last July on its information technology systems. Data on a number of systems were encrypted. The company said that it had contained the attack and, although some business functions were temporarily impacted, the security team restored its operations. No sensitive business, retail customer, supplier, consumer, or employee data was exfiltrated.
Subscribe Here to receive Blackpanda thought leadership, webinar invitations, and cyber intelligence direct to your inbox.