Global Cyber Pulse: 16 December 2024

December 16, 2024 | Cybersecurity
By Ashwani Mishra, Editor-Technology, 63SATS

Cyberattacks and scams continue to wreak havoc globally, targeting organizations and individuals alike.

In South Carolina, SRP Federal Credit Union suffered a breach exposing sensitive data of 240,000 members, while LKQ Corporation faced disruptions in its Canadian operations due to a cyberattack. Japanese publisher Kadokawa reportedly paid $3 million in ransom to Russia-linked hackers after a breach compromised 1.5 TB of data. Similarly, Colorado-based nonprofit Young Life fell victim to malware, jeopardizing data of over 51,000 individuals. Rhode Island’s government programs were also targeted, with hackers stealing personal information of residents relying on SNAP and healthcare assistance.

Adding to these alarming trends, the FTC warned against a rise in “task scams,” where victims are lured into fraudulent online jobs, losing over $220 million in 2024. From corporate breaches to individual scams, these incidents highlight the growing urgency for stronger cybersecurity measures and public awareness campaigns.

South Carolina Credit Union Cyberattack Exposes Data of 240,000 Members

SRP Federal Credit Union, one of South Carolina’s largest credit unions, reported a data breach impacting over 240,000 individuals. Hackers accessed its systems between September 5 and November 4, 2024, stealing sensitive data such as names, Social Security numbers, driver’s license numbers, financial account details, and credit card information.

Despite the breach, SRP’s online banking and core processing systems were not affected. A ransomware group, Nitrogen, claimed responsibility, alleging they stole 650 GB of data. Investigations are ongoing, but SRP has yet to confirm the ransomware claims or provide further details.

LKQ Corp Cyberattack Disrupts Canadian Operations

Automotive parts giant LKQ Corporation revealed a cyberattack on its Canadian unit, causing weeks of operational disruptions. The breach, detected on November 13, 2024, led to data theft and required LKQ to activate its incident response plan.

The company collaborated with forensic experts and law enforcement to contain the threat. LKQ stated the incident was isolated to one unit, with no impact on its global operations. Business activities have since resumed near full capacity. Investigations continue to determine the extent of the compromised data.

Japanese Media Firm Pays $3M Ransom After Cyberattack

Kadokawa, a leading Japanese publisher of anime, manga, and games, reportedly paid $3 million to ransomware group BlackSuit following a data breach. The attack, which occurred in June 2024, compromised 1.5 TB of sensitive data, including employee records and internal documents.

BlackSuit, linked to the Conti cybercrime group, claimed the ransom payment was made via cryptocurrency. Investigations revealed evidence of a $2.98 million transaction and leaked emails confirming the payment. Kadokawa has not commented on the alleged extortion.

Religious Nonprofit Young Life Faces Major Data Breach

Colorado-based nonprofit Young Life disclosed a cyberattack compromising the data of 51,226 individuals. Hackers installed malware on its systems between June 13 and 14, 2024, exposing names, Social Security numbers, and financial account details of employees and their dependents.

Young Life notified affected individuals in December 2024 and is working to mitigate the breach’s impact. Further details on the incident are expected as investigations continue.

Rhode Island Government Programs Targeted in Cyber Extortion

Personal data of Rhode Island residents using state assistance programs, including SNAP and healthcare services, was likely stolen by cybercriminals demanding ransom. State officials announced the breach affected thousands of residents, exposing Social Security and bank details.

Governor Dan McKee described the incident as extortion. Investigations are underway to assess the full scope of the breach and prevent further exploitation of affected individuals.

FTC Warns of Surge in Online “Task Scams”

The FTC issued an alert about “game-like task scams,” defrauding Americans of over $220 million in 2024. Scammers promise continuous income for completing tasks but instead siphon victims’ money, often in cryptocurrency.

Reports of such scams surged to 20,000 in the first half of 2024, a sharp rise compared to previous years. The FTC advises vigilance when engaging in online task-based income schemes.