This blog posting represents the views of the author, David Fosberry. Those opinions may change over time. They do not constitute an expert legal or financial opinion.

If you have comments on this blog posting, please email me .

The Opinion Blog is organised by threads, so each post is identified by a thread number ("Major" index) and a post number ("Minor" index). If you want to view the index of blogs, click here to download it as an Excel spreadsheet.

Click here to see the whole Opinion Blog.

To view, save, share or refer to a particular blog post, use the link in that post (below/right, where it says "Show only this post").

The Hackers Have Been Busy.

Posted on 28th December 2023

 Show only this post
Show all posts in this thread (Cybersecurity).

It seems that the hackers have been very busy lately.

Xfinity, a division of Comcast, waited about 9 days to patch a high-severity vulnerability. During that delay, hackers stole password data and other sensitive information belonging to 36 million Xfinity customers, as reported by Ars Technica. The stolen passwords are cryptographically hashed, so will not give the hackers access to those customers' accounts, but the other data is not encrypted. Basically, the problem was caused by laziness on the part of Comcast.

The LockBit ransomware group claims to have hacked accounting firm Xeinadin, which serves customers in the UK and Ireland, and is threatening to disclose the stolen data, according to Security Affairs. Stolen data apparently includes:

  • All internal databases,
  • Customer financials,
  • Passports,
  • Account balances,
  • Accesses to personal accounts of Companies House customers of Xeinadin,
  • Client legal information,
  • And much more.

Europe’s largest parking app operator, owner of brands including RingGo and ParkMobile, has reported itself to information regulators in the EU and UK after hackers stole customer data, according to this report on The Guardian. Data stolen includes customer names, phone numbers, addresses, email addresses and parts of credit card numbers. Luckily, complete credit card numbers were not stolen.

Rather more worrying is this security breach at Panasonic Avionics, which provides in-flight communications and entertainment systems, as reported by Bleeping Computer. Data stolen potentially includes:

  • individuals' names,
  • email address,
  • mailing address,
  • telephone number,
  • dates of birth,
  • medical and health insurance information,
  • financial account numbers,
  • company employment status,
  • and government identifiers such as Social Security numbers.

The reason that this is so worrying is that the breach occurred on the 30th of December 2022, but has only now been reported to California's Attorney General.

This just goes to prove that our data is not secure, whether it is held by government agencies or by companies.