Welcome reader to your CybersecurityHQ report.

Headlines

The British Library faced a significant ransomware attack first discovered in November, resulting in the loss of about 40% of its financial reserves to restore services. The attack, which occurred in October, led to the publication of numerous stolen files, including sensitive customer and personnel data, after the library refused to pay a £600,000 ransom. This has forced the library to allocate an estimated £6mn-£7mn for rebuilding most of its digital services, consuming a major portion of its £16.4mn in unallocated reserves. The cyber-attack left many of its services, including the online catalog, inaccessible.

The library is working closely with its government sponsor, the Department for Culture, Media and Sport, but has not made a formal bid for government funds. The situation has significantly impacted academics and authors, especially those outside London. The cyber security provider NCC Group was paid £250,000 for an initial response. The hacking group Rhysida, linked to the Russian-affiliated Vice Society and known to US authorities, claimed responsibility for the breach.

In a recent survey by Vercara, 75% of consumers said they would stop using a brand following a cybersecurity breach. Along the same lines, the study found:

• 66% of U.S. consumers would not trust a company with their data after a data breach

• 44% believe cyber incidents result from inadequate security measures

• 54% felt more lenient toward smaller brands facing cyberattacks compared to larger businesses

  Despite these concerns, 55% use their corporate devices for online shopping, which poses risks to business infrastructure. Additionally, 35% underestimate the ease of impersonating large e-commerce brands.

23andMe, faced with over 30 lawsuits following a massive data breach, is now shifting the blame to the victims, according to a TechCrunch report. The breach, which occurred in December, compromised the genetic and ancestry data of nearly 6.9 million users, nearly half of the company's customer base. The hackers initially accessed around 14,000 user accounts through credential stuffing, using passwords already associated with these accounts. They then exploited the DNA Relatives feature, which shares data with relatives on the platform, to access the personal data of the remaining 6.9 million users.

In a letter to the hundreds of users suing the company, 23andMe stated that the breach was due to users recycling and failing to update their passwords, not because of the company's alleged failure to maintain reasonable security measures.

Interesting Read

Just how much is your smart car tracking you? Today's vehicles have many functions that rely on some level of monitoring, whether its your speed, location, or route details. That creates a ton of data collected. This is generated by systems like GPS, onboard diagnostics (OBD), telematics, infotainment, wireless communication systems, cameras, and sensors. And to make matters worse, a staggering 84% of car manufacturers collect data on their drivers and share or sell it, raising significant privacy concerns.

This comprehensive overview delves into the mechanics of how smart cars track data, the rationale behind it, and the ethical and legal considerations that arise from such extensive data collection.

For the latest openings in cybersecurity careers, check CybersecurityHQ.

Stay Safe, Stay Secure.

The CybersecurityHQ Team