Paramount, Forever 21 Data Breaches Set Stage for Follow-on Attacks

  /     /     /  
Publicated : 23/11/2024   Category : security


Paramount, Forever 21 Data Breaches Set Stage for Follow-on Attacks


The Forever 21 breach alone affects a half-million people, who could be a mix of consumers and employees; Paramount is staying mum on who exactly is impacted.



A pair of breaches have hit media giant Paramount Global and fashion purveyor Forever 21, exposing personally identifiable information for thousands of people in the latters case and setting them up for a raft of follow-on attacks.
In Paramounts case, the Hollywood bigwig disclosed in a
data breach notification letter
obtained by media that cyberattackers accessed PII for certain individuals for a month, between May and June of this year. The data included names, birthdates, Social Security numbers, drivers license numbers, passport numbers, and information related to [the individuals] relationship with Paramount. 
Its unclear if the data pertains to website members, employees, customers, or other profiles — or how many are affected. The data breach notification letter, penned by an operations executive at Nickelodeon Animation Studio, did not elaborate.
Meanwhile,
Forever 21
said in a 
data breach notification
 that hackers accessed PII belonging to 539,000 current and former employees, including names, Social Security numbers, birthdates, and bank account numbers. The letter also said that information regarding your Forever21 health plan was accessed, including enrollment and premiums paid.
The retailer discovered the intrusion on August 4, but the unauthorized access took place between Jan. 5 and March 21.
While stolen PII, especially Social Security numbers, can be used to
carry out identity theft
and a host of other fraud, more personalized information, such as the data on the Forever 21 health plans and descriptions of victims relationship to Paramount, could be used to mount convincing follow-on phishing attacks aimed at capturing even more lucrative data from victims. To boot, even the initial cache of
stolen info could lead to account takeovers
. Thus, impacted individuals should be on the lookout for a range of attack methods.
This is a significant number of records that contain very sensitive information that have been potentially compromised, said Erich Kron, security awareness advocate at cybersecurity company KnowBe4, via email. The data could easily be bundled and sold on the Dark Web and not used for months or even years. Information such as a Social Security number does not expire and can be useful for attackers for decades.
Its unclear what security holes led to the cyber intrusions and which systems were accessed in these cases, but the breaches are a good reminder to companies that hold PII to lock down obvious avenues of attack by patching vulnerabilities, ensuring
cloud instances are not misconfigured
for open access, and
hardening authentication methods
for databases and servers that house PII.
Data breaches, while detrimental to the organization breached, have severe repercussions for companies who encounter fraudsters leveraging the stolen data, says Stuart Wells, CTO at Jumio. This underscores the necessity for robust identity verification measures across all organizations — companies must establish every users true identity to ensure that the user accessing an account is not a fraudster.

Last News

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Paramount, Forever 21 Data Breaches Set Stage for Follow-on Attacks