HPE: Russian hackers breached security team’s email accounts

“We’ve now aggressively put in some security intelligence by trying to look for that code and turn off self-service registration access if we find that code” published online, Cloutier said. U.S. Bank spokesman Dana Ripley said the letter was sent to a “small population” of the bank’s more than 64,000 employees. HR giant ADP, which provides payroll, tax and benefits administration for more than 640,000 companies, was hit hard by identity thieves this week. The perps made off with tax and salary data, according to a report from Brian Krebs—although the actual number of people affected has yet to be revealed.

Much has been said in the recent past about the growing sophistication of hacking attacks, and this latest, sadly successful attack on ADP is a perfect example of that sophistication. US Bank’s Ripley then admitted that the bank made the company code accessible by publishing the link to an employee resource online. In his report, cybersecurity journalist Brian Krebs noted that at least one institution, U.S. Bank, one of America’s most sizable commercial banks, has duly notified a portion of its workforce affected by the stolen W-2 data, pointing to a “weakness in ADP’s customer portal”. ADP is a third-party service provider that offers payroll, tax and benefits administration to its vast clientele of over 640,000 companies around the world. Using this access, Midnight Blizzard gained access to corporate email accounts to steal data from Microsoft’s senior leadership team and employees in its cybersecurity and legal departments.

Vulnerability disclosure program

Wolf Haldenstein also conducted an examination of its systems and networks using all information available to determine the potential impact and the security of data housed on its servers.” reads the notice published by the company on its website. Wolf Haldenstein Adler Freeman & Herz LLP is a prominent U.S.-based law firm that specializes in complex class action litigation. In that instance the hackers retrieved W2 information and filed fake tax returns. The information was obtained by capturing login information, likely through a phishing scheme. Similarly, earlier this year the University of Virginia reported that hackers broke into a component of their HR system and attained access to sensitive employee information such as W2s and banking details. ADP’s portal, like so many other authentication systems, relies entirely on static data that is available on just about every American for less than $4 in the cybercrime underground (SSN/DOB, address, etc).

Identity Thieves Breach Payroll Service Provider ADP, Steal W-2 Data

• Experts have identified the importance of keeping the security of IT supply chains and contractors intact as these represent potential weak points in the security of any organization.
• For example, if you use the same password on all of your online accounts, and a phishing scam like this stole your password, then all of your accounts would be in jeopardy.
• We embed multiple layers of protection into our products, processes, and infrastructure, to be sure that security remains at the forefront.
• Bank explained fraudsters created unauthorized accounts for employees who had not yet registered on ADP’s portal using confidential personal information from other sources.
• The New Jersey-based company provides payroll, tax and benefits administration services to more than 640,000 businesses and corporations – one of them being U.S.
• The company previously said payment details were not affected by the attack, which has affected hundreds of universities, healthcare providers, and other organizations around the globe.

It says it believes the information was stolen from its platform using a “credential stuffing” attack. According to BuzzFeed News, sellers on two dark web stores are hawking information from 278,531 InstaCart accounts. South African branch of consumer credit reporting agency Experian discloses data breach. It says it gave personal details of South African customers to a fraudster posing as a client.

Third-party risk management

• Some client companies were not careful enough with these codes and posted them publicly on their websites.
• A very fast paced sales environment, that rewards its employees with high compensation.
• The victim companies were the ones that published their signup link and code somewhere publically accessible.
• “Once the fraudulent registration was established, they were able to view or download your W-2,” said Carlson.
• It adds theft did not affect bank account numbers, credit card numbers, records of financial transactions, or unencrypted Social Security numbers.
• In March 2016, the IRS suspended its “Get IP PIN” feature for the same reason.

HPE says they are still investigating the breach but believe it is related to a previous breach in May 2023, when threat actors gained access to the company’s SharePoint server and stole files. Hewlett Packard Enterprise (HPE) disclosed today that suspected Russian hackers known as Midnight Blizzard gained access to the company’s Microsoft Office 365 email environment to steal data from its cybersecurity team and other departments. The threat actors may have had access to name, Social Security number, employee identification number, medical diagnosis, and medical claim information of impacted individuals. “On December 13, 2023, Wolf Haldenstein detected suspicious activity in its network environment. Upon discovery of this incident, Wolf Haldenstein promptly took steps to secure its network and engaged a specialized cybersecurity firm to investigate the nature and scope of the incident. As a result of the investigation, Wolf Haldenstein learned that an unauthorized actor accessed certain files and data stored within its network.

Gatwick Airport’s Cybersecurity Chief on Supply Chain Risks and CrowdStrike Outage

In those cases, the fraudsters also already had the victim’s SSN, DoB and other personal data. In March 2016, the IRS suspended its “Get IP PIN” feature for the same reason. U.S. Bank’s Ripley acknowledged that the bank published the link and company code to an employee resource online, but said the institution never considered that the data itself was privileged. We’re committed to keeping our products and services running smoothly so you can serve your employees.

The ADP hackers used a process called “Flowjacking”, which allowed them to access ADP’s internal processes. ADP has thus far not released information on how many records were put at risk by the successful hack against them, and security experts stress that ADP adp security breach itself was not hacked. ADP Chief Security Officer Roland Cloutier explained that to create an account, users need to sign up using their name, social security number and date of birth—pretty basic information that can be easily lifted by skilled hackers.

Lazarus Group Targets Developers in New Data Theft Campaign

On December 3, 2024, the law firm identified potentially affected individuals but lacked address information to notify them directly. Fortra is creating a simpler, stronger, and more straightforward future for cybersecurity by offering a portfolio of integrated and scalable solutions. Learn more about how Fortra’s portfolio of solutions can benefit your business. The incident is an example of an increasingly sophisticated population of identity thieves, which uses complex, multi-stage attack vectors to get what they want.