Breach, Data Security

Database compromise confirmed by UN civil aviation agency

The logo of the United Nations is seen in the General Assembly hall before heads of state begin to address the 76th Session of the U.N. General Assembly at UN Headquarters on September 21, 2021 in New York City. International and cyber policy experts are grappling with how much involvement private industry should have when it comes to shaping cyber...
(Photo by Eduardo Munoz-Pool/Getty Images)

The United Nations' International Civil Aviation Organization has corroborated threat actor natohub's claimed theft of 42,000 user data records from the Montreal-based agency's recruitment database, according to The Register.

Unauthorized access to the database prompted the exfiltration of recruitment-related information from April 2016 to July 2024, including applicants' names, birthdates, email addresses, and employment history, but not their financial details, passports, credentials, and uploaded documents, said an ICAO spokesperson, who noted that none of the agency's other systems have been impacted by the incident. However, ICAO did not acknowledge natohub's purported exfiltration of individuals' home addresses, gender and marital status information, and educational backgrounds. Such a breach has already prompted ICAO to strengthen its cybersecurity defenses amid an ongoing investigation into determining individuals whose information may have been compromised. "ICAO takes the privacy and security of personal information extremely seriously. We will provide further updates as our investigation progresses," said the spokesperson.

Related

Over 360K impacted by Medusind breach

Information compromised in the breach included not only names, birthdates, email addresses, and phone numbers, but also Social Security numbers, driver's licenses, taxpayer IDs, payment details, and health and health insurance and billing data, according to a filing with the Office of the Maine Attorney General.

Gravy Analytics purportedly hacked

Additional details regarding the incident, which was initially reported by independent tech news outlet 404media, remain uncertain but cybersecurity researchers John Hammond of Huntress and Marley Smith of RedSense have confirmed the veracity of the nearly 1.4 GB of data exposed by the threat actor on the XSS website.

North American K-12 districts impacted by PowerSchool breach

Infiltration of PowerSchool's PowerSource customer support portal via stolen credentials enabled threat actors to access a maintenance access tool enabling entry to SIS instances and the eventual exfiltration of data such as names and addresses, as well as personally identifiable information, Social Security numbers, medical details, and grades, according to PowerSchool.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

ByteChecksumCiphertextCyclic Redundancy Check (CRC)Data AggregationData Loss Prevention (DLP)Data WarehousingDecryptionDiffie-HellmanDigital Envelope

You can skip this ad in 5 seconds