December 11, 2023 at 06:53AM
23andMe’s data breach revealed that 5.5 million sets of “DNA relatives” profiles were stolen, along with 1.4 million sets of Family Tree data. Additionally, hundreds of laptops stolen from a Bay Area tech company were recovered, and Henry Schein employees’ personal data was stolen in a ransomware attack. These incidents raise concerns about data security and privacy.
Here are key takeaways from the meeting notes:
1. 23andMe’s mega data breach:
– Millions of records were leaked from just 14,000 accounts due to credential stuffing, indicating the misuse of username and password combinations from other breaches.
– Stolen data includes DNA relatives’ profiles, names, ancestry information, self-reported location, birth year, links to family trees, and self-descriptions added to user profiles.
– Concerns about potential legal ramifications led to an update in the company’s terms of service, including a dispute resolution period and an automatic acceptance of changes to the terms and conditions unless formally declined within 30 days.
2. Critical vulnerabilities:
– A classic buffer overflow vulnerability in “all versions of Mitsubishi Electric CNC series devices” and multiple vulnerabilities in Sierra Wireless AirLink routers were identified, posing threats like DoS, RCE, and credential theft.
3. Laptops stolen:
– 114 stolen laptop computers were recovered in Yolo County, California, leading to the arrest of five suspects suspected of involvement in a sophisticated retail theft ring.
4. Ransomware attack on Henry Schein:
– The company was hit by a ransomware attack allegedly perpetrated by the AlphaV/BlackCat gang, resulting in stolen employee data including names, DoBs, demographics, government-issued IDs, financial information, employment details, and photographs.
– Talks between Henry Schein and AlphaV reportedly broke down, causing re-encryption of the company’s systems and knocking applications offline.
These are the main points from the meeting notes.