The hackers dubbed Hafnium exploited four zero-day vulnerabilities in the servers to claim hundreds of thousands of victims globally including the European Banking Authority and Chile's Comisin para el Mercado Financiero. https://www.blacklistednews.com/article/82889/chinese-bank-run-turns-violent-after-angry-crowd-storms-bank-of-china-branch-over-frozen.html, An online conference with the participation of top executives from global organizations to discuss how to maintain business continuity and develop safely in the cloud era. Although some members of the gang are still on the run, the initial charges have been seen as a success for law enforcement in their efforts to combat international cybercrime. Date Breach First Reported: 11/1/2021. Date Breach First Reported: 4/6/2021. Location: Lebanon On November 18, 2019, the Cayman National Bank and Trust Company confirmed it had been breached and had confidential data stolen. Date Breach First Reported: 8/6/2019. On November 21, 2019, Edenred, a payment solutions provider, reported that it was infected by malware that affected a number of the organizations computers. On May 12, 2021, Sophos, a cybersecurity firm, identified 167 fake Android and iOS financial trading, banking, and cryptocurrency apps being used by hackers to steal money. In August 2019, the UN Security Council Panel of Experts indicated DPRK-affiliated actors were behind the theft. On July 31, a 17-year-old suspect related to the recent Twitter Bitcoin scam was arrested in Florida. The database contained mostly Track 2 information, meaning the data stored on the magnetic stripe of a card such as the bank identification number (BIN), the account number, expiration date and CVV. Date Breach First Reported: 10/15/2021, Type: Non-state actor Location: United Kingdom, India, South Korea Location: United Kingdom Date Breach First Reported: 5/11/20. According to the FBI, attackers are using several tactics to steal and launder cryptocurrency, including technical support fraud, SIM swapping (aka SIM hijacking), and taking control of their targets' cryptocurrency exchange accounts via identity theft or account takeovers. The malware draws fake web views on infected devices, with the goal of stealing personal data, particularly credit card details or online banking credentials. In September 2015, Excellus announced a data loss, with 10 million customers data exposed by a breach that initially occurred in December 2013. On June 16, 2018, South African insurer Liberty Holdings was targeted by hackers who claimed to have seized data from the firm. Location: Mexico Location: South Africa, Angola, Kenya, Lesotho, Malawi, Mozambique, Namibia, Swaziland, Zimbabwe Date Breach First Reported: 4/8/2021. Date Breach First Reported: 08/23/2019. On November 5, 2016, as the weekend began, the gang started making fraudulent transactions with the card details it had calculated. On July 23, a security researcher reported that Jana Bank, an Indian small finance bank, left exposed a database containing information on millions of financial transactions.
The group entered the network through a single-factor authentication server that had not been upgraded with the rest of the firms estate, before gaining access to more than ninety bank servers for several months. In March 2019, attackers attempted to steal $12.2 million from a Nigerian financial institution. In April 2016, an anonymous source leaked 2.6 terabytes of information from the Panamanian law firm Mossack Fonseca to the German newspaper Sddeutsche Zeitung. EventBot is a mobile-banking Trojan Trojan that targets over 200 financial applications, money-transfer services and cryptocurrency wallets across the US, Europe, and now India. The indictment states that the attackers were targeting the private data of millions of Americans, along with Equifax trade secrets, such as data compilations and database plans. Location: United States On January 27, 2022, decentralized finance platform Qubit Finance suffered a breach, in which threat actors were able to steal $80 million worth of cryptocurrency. Date Breach First Reported: 2/16/2022. The attacks blocked customers from the banks websites for hours at a time. Banco del Austro said it recovered around $2.8 million of the stolen money. Attribution: High confidence. In May 2015, the Vietnamese bank Tien Phong announced it had blocked a fraudulent SWIFT transaction worth 1m several months before attackers successfully stole from the Bank of Bangladesh using the same method. According to Squar Milner, the data breach may have included names, addresses, Social Security numbers or Tax ID numbers.
Location: N/A In total, there were around thirty-five sites targeted by the attacks. On June 25, Europol, British law enforcement, and Dutch law enforcement officials arrested six individuals for cryptocurrency theft amounting to 24 million (over $26 million). UP TO 30%, GOLD; SILVER; Invest in PRECIOUS METALS to achieve the retirement peace of mind you deserve, the war would be a perfect opportunity for Schwab to launch his Cyber Pandemic, Protect your home and car with the best EMP, solar flares and lightning shield available, You will ALWAYS have electricity with this portable SOLAR power station. On September 6, 2019, Hong Kong Exchanges and Clearing Limited (HKEx), a Hong Kong-based stock exchange, suffered a distributed denial-of-service attack (DDoS) and discovered a technical bug, forcing them to suspend trading. On January 17, 2022, Multichain, a platform that allows users to swap tokens between blockchains, lost approximately $1.4 million when hackers exploited a vulnerability in the blockchain service. This included names, dates of birth, addresses, and phone numbers. A spokesperson for the bank stated that only a small number of those defrauded were Metro Bank customers. Date Breach First Reported: 1/11/2022. Google took down the blog containing the information, and the banks urged customers to change their PINs. Criminals gained access to victims' account using credentials stolen from previously breached online services. On April 9, 2020, a cache of 400,000 payment card records from banks in South Korea and the U.S. were uploaded to a well-known underground marketplace. Three weeks previously on May 1, 2020, the operators announced that they had breached Banco BCR, first in August 2019, and then in February 2020 at which point they stole 11 million credit card credentials and other data. The COVID-19 crisis would be seen in this respect as a small disturbance in comparison to a major cyber attack, he added. On April 1, 2022, North Korean state-sponsored threat group Lazarus was found to be using Trojanised decentralised finance apps to deliver malware in their latest spearphishing campaign. In November 2016, Retefe targeted Tesco Bank and other UK financial institutions. NCC Bank and Prime Bank were also targeted, but both banks reported no financial losses associated with the attack. You will never go without electricity with this portable power statio HUGE SALES RIGHT NOW! In March 2011, South Korea was hit by a widespread DDoS attack, almost two years after a similar campaign in 2009. The group was able to steal millions from Washington State through fraudulent claims, although at least $300 million was recovered.
The group demanded 50 bitcoin at first, gradually increasing its demands to 200 bitcoin. UN Security Council Panel of Experts indicated in August 2019 that DPRK-affiliated actors were behind the attack. Location: United States, Canada, South Africa, Panama, Italy Location: Morocco The incident prompted Mastercard and Visa to warn card-issuing banks about the potential fraud. Date Breach First Reported: 12/10/2019. Gemini identified 294,929 compromised payment records, resulting in at least $1.7 million in earnings for the criminals. Location: South Korea The attackers scanned Equifaxs estate for the vulnerability and gained access to the application, an online dispute portal, days after the bug was made public in Marchbut did not take any data for several months. He successfully stole over 400,000 credit and debit card numbers. Location: United States On March 3, 2021, researchers at Avast reported that at least 100 Italian banks were compromised in attacks using the Ursnif banking Trojan. Four of these fraudulent requests succeeded, and the hackers were able to transfer $81 million to accounts in the Philippines, representing one of the largest bank thefts in history. Location: United States Location: China Date Breach First Reported: 5/24/2019. The database was linked to MCA Wizard, an application developed by Advantage and Argus Capital Funding. Although hackers did not gain access to credit card information, the incident did leave many organizations vulnerable to bad actors who could gain control of their websites. On October 26, 2021, the Nigerian Communications Commission announced the discovery of a new malware, dubbed Flubot, targeting Android devices with fake security updates and application installations. On October 27, 2021, in their third attack this year, attackers stole around $130 million from Cream Finance, a decentralized finance ("DeFi") platform. BlazingFast said it had no information about the asserted attack and that it was unable to find any malicious data. The attackers are believed to have used a VPN exploit that remained unpatched to access the firms systems. The hackers also custom-designed a malware toolkit that compromised SWIFTs Alliance Access system and was designed to cover their tracks. Location: Brazil In 2017, the G20 warned that cyberattacks could undermine the security and confidence and endanger financial stability.. Location: United States Proceeds were laundered through a separate crypto-currency exchange called YoBit. Date Breach First Reported: 4/30/20. Location: N/A On October 3, 2020, hackers targeted Pegasus Technologies, a firm that processes mobile money transactions for two telecom firms, MTN Uganda and Airtel. Clear signal to NATO: First Baltic Sea voyage for Russias most modern and dangerous Yasen-class submarine taking place right now!
Location: Norway The Koredos Trojan was used to wipe disks on the computers used as command-and-control servers. According to the U.S. government indictments, the breach was carried out by the Chinese Peoples Liberation Army (PLA) exploiting a bug in an Apache Struts web application that the company had failed to patch. In August 2019, the UNSC Panel of Experts indicated DPRK-affiliated actors were behind the attack. Several days later, the sites of Shinhan Bank, the newspaper Chosun Ilbo, and the National Assembly were hit in South Korea. On September 23, 2020, Group-IB reported that a cybercrime gang dubbed 'OldGremlin' had been targeting banks and other businesses in Russia with ransomware since early March, 2020. In November, hackers breached Evercore gaining access to thousands of sensitive documents from the global investment bank. Date Breach First Reported: 11/28/19. On October 29, 2021, the National Bank of Pakistan suffered a destructive cyber attack, which is said to have impacted some of its services including the bank's ATMs, internal network, and mobile apps. The group employed a network of individuals to use the cards to withdraw over $9 million from more than 2,100 ATMs in at least 280 cities worldwide. On February 25, 2020, it was reported that Australian banks and other financial institutions were being extorted by the Silence group with DDoS attacks unless they paid a ransom. Location: South Korea, United States
Location: China Date Breach First Reported: 2/25/2020. We also use third-party cookies that help us analyze and understand how you use this website. Date Breach First Reported: 6/25/2019. Date Breach First Reported: 7/27/2021. On March 20, 2020, Finastra, a large London-based financial technology company, stated they were the victim of a ransomware attack. In this episode, Adam shares why prosecuting will attackers will become easier with Zeer, but why provension will remain a harder challenge. Date Breach First Reported: 11/1/2008. Anonymous claimed responsibility as part of Operation Icarus, a campaign against central banks. Date Breach First Reported:8/11/2018. Date Breach First Reported: 2/20/21. Location: Iran Date Breach First Reported: 5/4/2016. Location: Canada The Securities and Exchange Commission announced in September 2017 that hackers might have accessed inside information from the Edgar database, which contains market-sensitive filings for companies listed on U.S. stock exchanges, and used it to make illegal profits on share trades. In August 2019, the UN Security Council Panel of Experts indicated DPRK-affiliated actors were behind the attack on the Nigerian bank, referencing the African Bank named in the U.S. Department of Justice 2018 indictment of Park Jin Hyok. HSBC, one of the affected banks, said the move was in response to counterfeit ATM card usage from abroad, highlighting an early case of financial attacks operating on an international scale. From there they managed to exfiltrate the details of 3% of the platforms total users including names, emails and phone numbers. Attribution: High Confidence. Date Breach First Reported: 12/19/2019. Date Breach First Reported: 12/5/2021. It appears as though no losses have resulted from the emails. Location: Rwanda Location: United States The rogue trader hid his losses by booking fake offsetting trades on colleagues accounts and using knowledge from his previous role in the back office to alter internal risk controls so he would not trigger internal alerts. In March 2018, two Venezuelan men were arrested for jackpotting, where they installed malicious software or hardware on ATMs to force the machines to dispense huge volumes of cash on demand. The Reserve Bank of New Zealand suffered a data breach after actors illegally accessed its information through one of the bank's third-party file sharing services. On September 1, 2021, Kapersky reported that it had detected over 1,500 fraudulent global resources targeting potential crypto investors/users interested in mining, and prevented over 70,000 user attempts to visit such sites, since the beginning of 2021. He was pardoned in December 2017. In November 2017, an unknown whistle-blower leaked a trove of secret records on offshore companies to the German newspaper Sddeutsche Zeitung, which shared the details with 380 journalists around the world. The apps, suspected to belong to the "Joker" malware, work by hijacking SMS message notifications to carry out billing fraud. On Monday, November 16, Australia's stock exchange halted trading 20 minutes after opening due to a software issue that caused inaccurate market data. CIH bank has assured customers it will reimburse them for any fraudulent transactions and advised its users to turn off international transactions between use to prevent further fraud. In June, Citigroup announced that 360,000 card details in the United States were exposed after attackers exploited a URL vulnerability that allowed them to hop between accounts by slightly changing the website address. Ghimob, a banking malware originating from Brazil, has recently begun spreading globally. Date Breach First Reported: 6/12/2021, Method: Credential Stuffing The attackers stole names, account numbers, and contact information but were not able to access the card security codes needed to clone the cards, Citigroup said. Location: United States Location: United States They had used two zero-day exploits to build their presence in the stock exchanges network, and planted malware on the Directors Desk system, where directors of publicly held companies share confidential information. On July 25, 2020, hackers published data and personal information of 7.5 million users of Dave banking app. Location: United States Date Breach First Reported: 6/1/2013. Date Breach First Reported: 3/17/2022. In a statement, BOV said it was working with local and international police authorities to track down the attackers. From May to August 2021, researchers from Cyren reported a 300% increase in phishing attacks targeting Chase Bank. On October 2, 2021, Porto Seguro, Brazil's third-largest insurance company, suffered a cyberattack. In February 2011, a criminal gang breached at least three payment processors to take card information during a $55 million stealing spree. On October 31, Indonesian fintech company Cermati reported 2.9 million users' information was leaked and sold in a hacker forum. On May 12, 2021 the FBI warned of a spear-phishing campaign impersonating Truist Bank, in an attempt to get recipients to download a fake Windows application. The company contested the authenticity of the documents, claiming that they lacked digital watermarks, refused to pay the ransom, and contacted law enforcement for assistance in pursuing the attacker(s). Location: New Zealand On October 11, nearly 4000 clients of BetterSure, a South African home insurance company, experienced a phishing attack but no data was comprised. Date Breach First Reported: 4/16/2012. On October 27, 2021, in their third attack this year, attackers stole around $130 million from Cream Finance, a decentralized finance ("DeFi") platform. Other companies targeted in the attacks included Dow Jones, Fidelity, E*Trade, and Scottrade. Manuel.
In November, HSBC reported that hackers had gained access to customer data including names, addresses, phone numbers, and account details.
The group entered the network through a single-factor authentication server that had not been upgraded with the rest of the firms estate, before gaining access to more than ninety bank servers for several months. In March 2019, attackers attempted to steal $12.2 million from a Nigerian financial institution. In April 2016, an anonymous source leaked 2.6 terabytes of information from the Panamanian law firm Mossack Fonseca to the German newspaper Sddeutsche Zeitung. EventBot is a mobile-banking Trojan Trojan that targets over 200 financial applications, money-transfer services and cryptocurrency wallets across the US, Europe, and now India. The indictment states that the attackers were targeting the private data of millions of Americans, along with Equifax trade secrets, such as data compilations and database plans. Location: United States On January 27, 2022, decentralized finance platform Qubit Finance suffered a breach, in which threat actors were able to steal $80 million worth of cryptocurrency. Date Breach First Reported: 2/16/2022. The attacks blocked customers from the banks websites for hours at a time. Banco del Austro said it recovered around $2.8 million of the stolen money. Attribution: High confidence. In May 2015, the Vietnamese bank Tien Phong announced it had blocked a fraudulent SWIFT transaction worth 1m several months before attackers successfully stole from the Bank of Bangladesh using the same method. According to Squar Milner, the data breach may have included names, addresses, Social Security numbers or Tax ID numbers.
Location: N/A In total, there were around thirty-five sites targeted by the attacks. On June 25, Europol, British law enforcement, and Dutch law enforcement officials arrested six individuals for cryptocurrency theft amounting to 24 million (over $26 million). UP TO 30%, GOLD; SILVER; Invest in PRECIOUS METALS to achieve the retirement peace of mind you deserve, the war would be a perfect opportunity for Schwab to launch his Cyber Pandemic, Protect your home and car with the best EMP, solar flares and lightning shield available, You will ALWAYS have electricity with this portable SOLAR power station. On September 6, 2019, Hong Kong Exchanges and Clearing Limited (HKEx), a Hong Kong-based stock exchange, suffered a distributed denial-of-service attack (DDoS) and discovered a technical bug, forcing them to suspend trading. On January 17, 2022, Multichain, a platform that allows users to swap tokens between blockchains, lost approximately $1.4 million when hackers exploited a vulnerability in the blockchain service. This included names, dates of birth, addresses, and phone numbers. A spokesperson for the bank stated that only a small number of those defrauded were Metro Bank customers. Date Breach First Reported: 1/11/2022. Google took down the blog containing the information, and the banks urged customers to change their PINs. Criminals gained access to victims' account using credentials stolen from previously breached online services. On April 9, 2020, a cache of 400,000 payment card records from banks in South Korea and the U.S. were uploaded to a well-known underground marketplace. Three weeks previously on May 1, 2020, the operators announced that they had breached Banco BCR, first in August 2019, and then in February 2020 at which point they stole 11 million credit card credentials and other data. The COVID-19 crisis would be seen in this respect as a small disturbance in comparison to a major cyber attack, he added. On April 1, 2022, North Korean state-sponsored threat group Lazarus was found to be using Trojanised decentralised finance apps to deliver malware in their latest spearphishing campaign. In November 2016, Retefe targeted Tesco Bank and other UK financial institutions. NCC Bank and Prime Bank were also targeted, but both banks reported no financial losses associated with the attack. You will never go without electricity with this portable power statio HUGE SALES RIGHT NOW! In March 2011, South Korea was hit by a widespread DDoS attack, almost two years after a similar campaign in 2009. The group was able to steal millions from Washington State through fraudulent claims, although at least $300 million was recovered.
The group demanded 50 bitcoin at first, gradually increasing its demands to 200 bitcoin. UN Security Council Panel of Experts indicated in August 2019 that DPRK-affiliated actors were behind the attack. Location: United States, Canada, South Africa, Panama, Italy Location: Morocco The incident prompted Mastercard and Visa to warn card-issuing banks about the potential fraud. Date Breach First Reported: 12/10/2019. Gemini identified 294,929 compromised payment records, resulting in at least $1.7 million in earnings for the criminals. Location: South Korea The attackers scanned Equifaxs estate for the vulnerability and gained access to the application, an online dispute portal, days after the bug was made public in Marchbut did not take any data for several months. He successfully stole over 400,000 credit and debit card numbers. Location: United States On March 3, 2021, researchers at Avast reported that at least 100 Italian banks were compromised in attacks using the Ursnif banking Trojan. Four of these fraudulent requests succeeded, and the hackers were able to transfer $81 million to accounts in the Philippines, representing one of the largest bank thefts in history. Location: United States Location: China Date Breach First Reported: 5/24/2019. The database was linked to MCA Wizard, an application developed by Advantage and Argus Capital Funding. Although hackers did not gain access to credit card information, the incident did leave many organizations vulnerable to bad actors who could gain control of their websites. On October 26, 2021, the Nigerian Communications Commission announced the discovery of a new malware, dubbed Flubot, targeting Android devices with fake security updates and application installations. On October 27, 2021, in their third attack this year, attackers stole around $130 million from Cream Finance, a decentralized finance ("DeFi") platform. BlazingFast said it had no information about the asserted attack and that it was unable to find any malicious data. The attackers are believed to have used a VPN exploit that remained unpatched to access the firms systems. The hackers also custom-designed a malware toolkit that compromised SWIFTs Alliance Access system and was designed to cover their tracks. Location: Brazil In 2017, the G20 warned that cyberattacks could undermine the security and confidence and endanger financial stability.. Location: United States Proceeds were laundered through a separate crypto-currency exchange called YoBit. Date Breach First Reported: 4/30/20. Location: N/A On October 3, 2020, hackers targeted Pegasus Technologies, a firm that processes mobile money transactions for two telecom firms, MTN Uganda and Airtel. Clear signal to NATO: First Baltic Sea voyage for Russias most modern and dangerous Yasen-class submarine taking place right now!
Location: Norway The Koredos Trojan was used to wipe disks on the computers used as command-and-control servers. According to the U.S. government indictments, the breach was carried out by the Chinese Peoples Liberation Army (PLA) exploiting a bug in an Apache Struts web application that the company had failed to patch. In August 2019, the UNSC Panel of Experts indicated DPRK-affiliated actors were behind the attack. Several days later, the sites of Shinhan Bank, the newspaper Chosun Ilbo, and the National Assembly were hit in South Korea. On September 23, 2020, Group-IB reported that a cybercrime gang dubbed 'OldGremlin' had been targeting banks and other businesses in Russia with ransomware since early March, 2020. In November, hackers breached Evercore gaining access to thousands of sensitive documents from the global investment bank. Date Breach First Reported: 11/28/19. On October 29, 2021, the National Bank of Pakistan suffered a destructive cyber attack, which is said to have impacted some of its services including the bank's ATMs, internal network, and mobile apps. The group employed a network of individuals to use the cards to withdraw over $9 million from more than 2,100 ATMs in at least 280 cities worldwide. On February 25, 2020, it was reported that Australian banks and other financial institutions were being extorted by the Silence group with DDoS attacks unless they paid a ransom. Location: South Korea, United States
Location: China Date Breach First Reported: 2/25/2020. We also use third-party cookies that help us analyze and understand how you use this website. Date Breach First Reported: 6/25/2019. Date Breach First Reported: 7/27/2021. On March 20, 2020, Finastra, a large London-based financial technology company, stated they were the victim of a ransomware attack. In this episode, Adam shares why prosecuting will attackers will become easier with Zeer, but why provension will remain a harder challenge. Date Breach First Reported: 11/1/2008. Anonymous claimed responsibility as part of Operation Icarus, a campaign against central banks. Date Breach First Reported:8/11/2018. Date Breach First Reported: 2/20/21. Location: Iran Date Breach First Reported: 5/4/2016. Location: Canada The Securities and Exchange Commission announced in September 2017 that hackers might have accessed inside information from the Edgar database, which contains market-sensitive filings for companies listed on U.S. stock exchanges, and used it to make illegal profits on share trades. In August 2019, the UN Security Council Panel of Experts indicated DPRK-affiliated actors were behind the attack on the Nigerian bank, referencing the African Bank named in the U.S. Department of Justice 2018 indictment of Park Jin Hyok. HSBC, one of the affected banks, said the move was in response to counterfeit ATM card usage from abroad, highlighting an early case of financial attacks operating on an international scale. From there they managed to exfiltrate the details of 3% of the platforms total users including names, emails and phone numbers. Attribution: High Confidence. Date Breach First Reported: 12/19/2019. Date Breach First Reported: 12/5/2021. It appears as though no losses have resulted from the emails. Location: Rwanda Location: United States The rogue trader hid his losses by booking fake offsetting trades on colleagues accounts and using knowledge from his previous role in the back office to alter internal risk controls so he would not trigger internal alerts. In March 2018, two Venezuelan men were arrested for jackpotting, where they installed malicious software or hardware on ATMs to force the machines to dispense huge volumes of cash on demand. The Reserve Bank of New Zealand suffered a data breach after actors illegally accessed its information through one of the bank's third-party file sharing services. On September 1, 2021, Kapersky reported that it had detected over 1,500 fraudulent global resources targeting potential crypto investors/users interested in mining, and prevented over 70,000 user attempts to visit such sites, since the beginning of 2021. He was pardoned in December 2017. In November 2017, an unknown whistle-blower leaked a trove of secret records on offshore companies to the German newspaper Sddeutsche Zeitung, which shared the details with 380 journalists around the world. The apps, suspected to belong to the "Joker" malware, work by hijacking SMS message notifications to carry out billing fraud. On Monday, November 16, Australia's stock exchange halted trading 20 minutes after opening due to a software issue that caused inaccurate market data. CIH bank has assured customers it will reimburse them for any fraudulent transactions and advised its users to turn off international transactions between use to prevent further fraud. In June, Citigroup announced that 360,000 card details in the United States were exposed after attackers exploited a URL vulnerability that allowed them to hop between accounts by slightly changing the website address. Ghimob, a banking malware originating from Brazil, has recently begun spreading globally. Date Breach First Reported: 6/12/2021, Method: Credential Stuffing The attackers stole names, account numbers, and contact information but were not able to access the card security codes needed to clone the cards, Citigroup said. Location: United States Location: United States They had used two zero-day exploits to build their presence in the stock exchanges network, and planted malware on the Directors Desk system, where directors of publicly held companies share confidential information. On July 25, 2020, hackers published data and personal information of 7.5 million users of Dave banking app. Location: United States Date Breach First Reported: 6/1/2013. Date Breach First Reported: 3/17/2022. In a statement, BOV said it was working with local and international police authorities to track down the attackers. From May to August 2021, researchers from Cyren reported a 300% increase in phishing attacks targeting Chase Bank. On October 2, 2021, Porto Seguro, Brazil's third-largest insurance company, suffered a cyberattack. In February 2011, a criminal gang breached at least three payment processors to take card information during a $55 million stealing spree. On October 31, Indonesian fintech company Cermati reported 2.9 million users' information was leaked and sold in a hacker forum. On May 12, 2021 the FBI warned of a spear-phishing campaign impersonating Truist Bank, in an attempt to get recipients to download a fake Windows application. The company contested the authenticity of the documents, claiming that they lacked digital watermarks, refused to pay the ransom, and contacted law enforcement for assistance in pursuing the attacker(s). Location: New Zealand On October 11, nearly 4000 clients of BetterSure, a South African home insurance company, experienced a phishing attack but no data was comprised. Date Breach First Reported: 4/16/2012. On October 27, 2021, in their third attack this year, attackers stole around $130 million from Cream Finance, a decentralized finance ("DeFi") platform. Other companies targeted in the attacks included Dow Jones, Fidelity, E*Trade, and Scottrade. Manuel.
In November, HSBC reported that hackers had gained access to customer data including names, addresses, phone numbers, and account details.