18 June 2021 | Asia Cyber Summary

Partner Feature: Pandamatics Underwriting

[PAYWALL] Cyber Security Premiums Are Flexible To Help Small Businesses Reduce Risk

In today’s world, all sectors and industries are using technology and the internet to further expand their business. Cyber-attacks are becoming more frequent. Large enterprises may have sufficient resources to prevent them, but small and medium enterprises (SMEs) have to bear potential risks due to limited resources.

Read more here.

In the Spotlight This Week:

  • Singapore firms fined SGD 75,000 for personal data lapses affecting over 600,000 people

  • McDonald’s hit by data breach

  • VW says data breach at vendor impacted 3.3 million people in North America

  • Biden says he told Putin U.S. will hack back against future Russian cyberattacks

  • Ukraine arrests ransomware gang in global cyber criminal crackdown

Singapore Firms Fined SGD 75,000 For Personal Data Lapses Affecting Over 600,000 People

Several companies have been fined a total of SGD 75,000 for breaches and lapses that have affected more than 600,000 people's personal data, including their names and contact numbers, and, in some cases, financial information.

This included the data of 98,000 Ministry of Defence staff and Singapore Armed Forces servicemen exposed during a breach in 2019 due to a well-known vulnerability that was knowingly left open for more than four years by healthcare training provider HMI Institute of Health Sciences.

McDonald’s Hit By Data Breach

McDonald's is the latest high-profile company to be affected by a data breach, leading to the exposure of private information of customers and employees in South Korea and Taiwan.

The burger chain said in a statement Friday that an investigation revealed a "small number of files were accessed," some of which had personal data. McDonald's is contacting affected customers and regulators in the two areas and said that payment information wasn't accessed.

The Wall Street Journal, which first reported the news, said that a data breach also affected its operations in the United States. Data that was reportedly accessed included restaurant information, such as square footage, but not "sensitive or personal" customer or employee data.

VW Says Data Breach At Vendor Impacted 3.3 Million People In North America

Volkswagen AG's U.S. unit said a data breach at a vendor impacted more than 3.3 million customers and prospective buyers in North America. Nearly all those impacted were current or potential customers of Audi, one of the German automaker's luxury brands.

Volkswagen Group of America said on Friday an unauthorized third party obtained limited personal information about customers and interested buyers from a vendor that its Audi Volkswagen brands and some U.S. and Canadian dealers used for digital sales and marketing.

The information was gathered for sales and marketing between 2014 and 2019 and was in an electronic file the vendor left unsecured.

Biden Says He Told Putin U.S. Will Hack Back Against Future Russian Cyberattacks

President Joe Biden on Wednesday said he warned his Russian counterpart that the U.S. would use offensive cyber operations in the future unless the Kremlin clamps down on cyber strikes against the U.S., including ransomware attacks and election interference.

"He knows there are consequences," Biden told reporters in Geneva following his meeting with Russian President Vladimir Putin. "He knows I will take action.”

Biden later said he pointed out to Putin that the U.S. has “significant cyber capability.”

"He knows it. He doesn't know exactly what it is, but he knows it’s significant. If in fact they violate these basic norms, we will respond."

Ukraine Arrests Ransomware Gang In Global Cyber Criminal Crackdown

Ukrainian police have arrested members of a notorious ransomware gang that recently targeted American universities, as pressure mounts on global law enforcement to crack down on cyber criminals.

The Ukraine National Police said in a statement on Wednesday that it had worked with Interpol and the US and South Korean authorities to charge six members of the Ukraine-based Cl0p hacker group, which it claimed had inflicted half a billion dollars in damages on victims based in the US and South Korea.

The move marks the first time that a national law enforcement agency has carried out mass arrests of a ransomware gang, adding to pressure on other countries to follow suit. Russia, a hub for ransomware gangs, has been blamed for harbouring cyber criminals by failing to prosecute or extradite them.

Subscribe Here to receive Blackpanda thought leadership, webinar invitations, and cyber intelligence direct to your inbox.