May 2023 Recap: Major Security Breaches and Penalties

May 2023 witnessed several security breaches wreaking havoc on the digital landscape. High-profile incidents affected millions of individuals globally, exposing their sensitive information. As a result, regulatory bodies and governments have imposed hefty fines on negligent entities, holding them accountable for their inability to protect user information. This makes robust cybersecurity measures and diligent data protection practices necessary in the digital age.

Major Security Breaches and Penalties in May 2023

Security breaches do not only compromise an individual’s confidential details but also damage a business’s reputation. 

Here’s a quick recap of the data breaches reported in the last month:

T-mobile Suffers its Second Security Breach Within Six Months

T-mobile US witnessed its second data breach, which affected 836 customers. The company’s first data breach occurred on January 5th, 2023, making 37 million customers susceptible to identity theft and fraud. The leading cause of the recent data theft has not been disclosed yet.

T-Mobile has changed the PINs of all affected customers due to the most recent incident. The company also stated that all impacted consumers would get free credit monitoring services for two years. Affected clients were also asked to take additional security measures and safeguard their accounts.

Ransomware Attack Exposes 5.8 Million Pharmaceutical Records of PharMerica Corporation

A Fortune 1000 company and pharmacy services provider, PharMerica Corp., has witnessed a ransomware attack. As a result, 5.8 million patients‘ medical information was stolen and exposed. Even though the corporation didn’t reveal the nature of the attack, the breach notification refers to it as an “external system breach (hacking)”.

Contrary to the breach notice’s assertion that the data breach was discovered on March 21st, PharMerica claims it happened on March 12th. Names, dates of birth, locations,  lists of prescription drugs, social security numbers, and information about health insurance were stolen.

On March 12th, the ransomware group Money Message held itself accountable for the attack. The group claims to have breached BrightSpring, a medical facility that merged with PharMerica in 2019. After missing the due date for payment on April 9th, the hacker group deleted all of the data they had obtained from a hacking website.

UAE Court Convicted 7 Companies and 13 Indian Nationals Over Money Laundering Offences

The Abu Dhabi Court in the UAE has filed money laundering charges against 13 Indian nationals and seven businesses. The liable party laundered AED 510 million ($139 million) through point-of-sale offences.

Four defendants, some of whom were present throughout the trial and others who were not, were given prison terms of five to 10 years and fines that ranged from five to ten million AED by the court. In addition, the UAE court mandated that all convicted people be expelled from the country after serving their prison terms and collecting the seized assets.

The prisoners established criminal organisations and offered credit facilities for commercial activity without official sanction. Seven businesses used the travel agency’s offices as the location for criminal activities they specifically created to hide the illegal activities, leveraging the point of sale system. Additionally, they misused their authority by dealing with bank accounts secretly controlled by third parties. Certain defendants made fraudulent purchases. Each withdrawal activity will result in a percentage deduction for the business that owns and utilises the Point of Sale (POS).

Furthermore, according to the bank transaction records and the financial analysis released by the Financial Information Unit (FIU), substantial sums of money have recently been transferred into and out of the defendants’ bank accounts in the last few weeks. Not only this, but the FIU’s reports revealed many transfers, withdrawals, deposits,  and other financial transactions that the businesses attempted to hide.

UAE Levies Fines of More than DH115 Million to Prevent Money Laundering

The UAE has levied fines of more than Dh115 million this year to prevent money laundering. According to a UAE official, there have been 899 extraditions since 2020, 43 of which involved allegations of money laundering. 

UAE’ Judge Abdul Rahman Al Blooshi stated that the Ministry of Justice places the matter of enhancing international cooperation in combating money laundering and organised crime at the top of its priorities. He asserted that in addition to working with community partners, the ministry has collaborated with national and international organisations, including the Foreign and Interior Ministries and regional and federal prosecutors, to fight organised crime, money laundering, drug trafficking,  and terrorism funding.

65,000 Australian Credit Cards Uncovered on the Dark Web

Australia was ranked second on the fraud risk index created by cyber-security researchers following the hack of approximately 65,000 debit, credit, and ATM cards. The dark web had six million stolen credit cards, two-thirds bundled with personal data, including names, phones, and emails. 

Australian credit and debit cards typically cost $9.82 on the dark web and were being offered for sale on the eight main dark web markets. There were 65 000 Australian cards available for purchase, of which around 28,000 had home addresses, 22,000 had phone numbers, 18,000 had emails, and 200 had birthdates. Thus, the bundles could give hackers access to additional sensitive data about the victims, allowing them to perpetrate identity theft or even manipulate the judicial system. 

How Can Shufti Help?

Shufti’s AI-powered identity verification solution to 230+ countries and territories and supports 150+ languages. Our robust IDV solution verifies identities within seconds and protects businesses from identity theft, data breaches, account takeovers and fraud. Not only does our identity verification solution keep scammers away, but it also prevents firms from hefty non-compliance penalties.  

Still confused about how our identity verification solution helps businesses abide by KYC and AML regulations?