Threat Intelligence Report - June 29, 2023.

OpenAI with Microsoft Face Class Action Lawsuit

OpenAI, the maker of AI tool ChatGPT, is facing a class-action lawsuit over allegations of unauthorized data scraping from social media, blogs, and other sources without users' consent, potentially violating the Computer Fraud and Abuse Act. The lawsuit contends that OpenAI used this data, including private user information, in a reckless manner to develop unstable, experimental technology, thereby placing users at significant cybersecurity risk. Microsoft has been named as a co-defendant.

Original Link: Explosive allegations: OpenAI faces lawsuit for data breach – Cryptopolitan

NetFire link: https://netfire.link/openai-class-action-lawsuit

Mondelez Compromised through Third-Party Law Firm

Mondelēz International, the multinational confectionery, food, and beverage conglomerate, has suffered a data breach through its legal services provider, Bryan Cave Leighton Paisner LLP, exposing sensitive personal information of over 50,000 current and former employees. The breach, which was detected from February 23 to March 1, 2023, did not compromise Mondelēz's internal systems but revealed victims' names, social security numbers, addresses, dates of birth, marital statuses, and more, highlighting the significant cybersecurity risk posed by third-party relationships.

Original link: Third-Party Data Breach at Law Firm Impacts Snack Giant Mondelēz International - CPO Magazine

NetFire link: https://netfire.link/mondelez-data-breach-through-law-firm

Patient Records Stolen Through GoAnywhere File Transfer Tool

Intellihartx, a patient payment balances and collections company, confirmed that personal and health data of 489,830 patients was stolen during a mass ransomware attack on its technology vendor, Fortra. The cyberattack, claimed by the Clop ransomware group, targeted Fortra's GoAnywhere file-transfer software and resulted in the breach of names, addresses, dates of birth, Social Security numbers, as well as patient medical billing, insurance information, diagnoses, and medication data.

Original link: Another huge US medical data breach confirmed after Fortra mass-hack | TechCrunch

NetFire link: https://netfire.link/patient-records-stolen-through-goanywhere-file-transfer-tool

LetMeSpy Android Spying App Breach Exposes Users Data

Android-based phone monitoring app LetMeSpy has suffered a data breach, in which an unauthorized third party accessed sensitive information of thousands of users, including email addresses, telephone numbers, and content of messages collected on accounts. The breach, which took place on June 21, 2023, was reported to law enforcement and data protection authorities.

Original link: Android Spy App LetMeSpy Suffers Major Data Breach, Exposing Users' Personal Data (thehackernews.com)

NetFire link: https://netfire.link/letmespy-data-breach

SEC Notices Put CISOs and Cybersecurity Executives on Alert

The US Securities and Exchange Commission (SEC) has issued Wells Notices to executives of SolarWinds, including the CFO and CISO, indicating possible legal action in response to the company's handling of the 2020 cyberattack on its infrastructure. This move could potentially set a new precedent in holding individual cybersecurity professionals accountable for such incidents, signaling increased liabilities for those in these roles.

Original link: SEC notice to SolarWinds CISO and CFO roils cybersecurity industry | CSO Online

NetFire link: https://netfire.link/sec-notices-signal-increased-liability-for-cybersecurity-executives

Follow NetFire and stay tuned for more insights.

#NetFireThreatIntelligence #SecureCloud #OpenAI #ThreatIntelligence #ChatGPT #Microsoft #GoAnywhere #BryanCave #Mondelez #Lawsuit #NetOnFire