Breach Brief – Carnival Cruise, T-mobile, Unknown Real Estate Database.
Did you go on a Carnival Cruise last summer? The world’s largest cruise ship line has reported a data breach of customer data.
The breach was discovered online through a notification letter from the cruise line to its customers. According to Carnival Corporation some unauthorized activity was detected on its network in May 2019. The attack is believed to have continued from April through July of 2019. An investigation confirmed a breach had occurred. The attack happened when the attackers gained access to employee email accounts.
Carnival revealed that the attackers stole the personal information of its customers that includes such highly sensitive information as names, Social Security numbers, addresses, govt. ID numbers, security numbers, and passport or drivers’ license numbers. Some financial information such as credit card numbers, financial account data, and some health-related information was also pilfered.
Carnival has not reported any fraudulent use of the information but they still advise customers to remain vigilant. For any details, customers can contact the cruise line via their toll-free number +1 (833) 719-0091.
T-Mobile announced a security breach which has potentially impacted the account information of both employees and customers.
According to T-Mobile’s official website, the company’s cyber security team identified and stopped a cyber attack against T-Mobile’s email vendor. The attack gave unauthorized access to certain employee email accounts. Some of those accounts contained customer and employee information. T-Mobile did not name the email vendor.
T-Mobile says the information accessed include customer names, addresses, phone numbers, account numbers, rate plans and features, as well as billing information. The company took pains to assure customers that financial information (such as credit card information) and Social Security numbers were not affected.
This is T-Mobile’s second security breach in the last six months – the telecom firm reported a similar incident last November.
Real Estate Database Exposed
Basic sloppiness has exposed more 200 million records containing a wide range of property-related information on U.S. residents. The database were left unprotected on the web. No password, no authentication and no owner.
The exposed data was a mix of personal and demographic details that included names, addresses, email addresses, age, gender, ethnicity, employment, credit rating, investment preferences, income, net worth. Other property information included:
- Market value
- Property type
- Mortgage amount, rate, type, and lender
- Refinance amount, rate, type, and lender
- Previous owners
- Year built
- Number of beds and bathrooms
- Tax assessment information
According to security firm Comparitech, the database was hosted on Google Cloud. It was first indexed by search engine BinaryEdge on the 26th of January and discovered a day later by legendary cybersecurity researcher Bob Diachenko. According to Comparitech the information was being updated regularly so they believed the information was recent and accurate.
The identity of the database owner is unknown. The server was eventually taken offline.