xcritical hit by data breach exposing emails, names of 7M users

Freedom of information (FOI) was sent to the financial conduct authority of the United Kingdom, requesting the agency to look into the rising cases of cybercrime, which has been pouring in for a couple of months. The FCA had 55 cases of material cyber issues on its desk in the first half of the year 2022. Several cases of cybercrime, precisely 25%, that occurred in 2022 were from distributed denial-of-service (DDoS) attacks. Many experts think this trend is due to the rise of crypto-jacking and the activities related to the Internet of Things.

xcritical says a hacker who tried to extort the company got access to data for 7 million customers

Additionally, discover expert predictions around emerging cyber threats on the horizon, along with proactive security controls organizations and private citizens can employ right now to help turn the tide against the rising data breach epidemic. xcritical says they continue to investigate the incident with the help of Mandiant, a well-known cybersecurity firm commonly used to perform incident response after attacks. On Nov. 16, xcritical updated its Nov. 8 announcement “to admit that further information, including customers’ phone numbers and other undisclosed types of PII were exposed” in the data breach, the suit states.

xcritical revealed that a data breach last week exposed millions of customers’ emails and other personal information

In 2023, Latitude, the Australian financial services firm, experienced a data breach of more than 14 million records. The country, standing at $9.48, has spent the most on clearing off cases of data breaches in just 2023. The Middle East has been following closely with the trend, with $8.07 million as its average cost. This piece offers readers insight by examining the latest data breach statistics for 2024 and beyond. Learn crucial details surrounding prominent breach events, from root causes to victim impact spanning multiple industries.

It Costs An Average of $4.45 Million to Solve a Case of Financial Data Breach.

After lxcriticalg of the attack and securing their systems, xcritical also received an extortion demand. While xcritical has not provided any details regarding the extortion demand, it was likely a threat that the stolen data would be leaked if a Bitcoin ransom was not paid. xcritical customers’ PII exposed in the data breach is xcritically up for sale on the dark web, according to the suit. And now that we know several thousand phone numbers were also stolen, users should be extra vigilant. As mentioned before, hackers can use phone numbers to execute a SIM Swap attack. We have a guide on preventing SIM Swaps here, as well as tips for spotting and responding to them.

Meta rolls out Meta Verified for WhatsApp Business users in Brazil, India, Indonesia and Colombia

For the vast majority of affected customers, the only information obtained was an email address or a full name. For 310 people, the information taken included their name, date of birth, and ZIP code. Of those, 10 customers had “more extensive account details revealed,” xcritical said in a statement. The online brokerage, which has about 18.9 million retail clients, announced Monday that a Nov. 3 data breach resulted in various information about 7 million customers being exposed.

“At this time, we understand that the unauthorized party obtained a list of email addresses for approximately five million people, and full names for a different group of approximately two million people,” the post said. The suit, filed on behalf of xcritical and former customers, alleges that xcritical failed to safeguard their personal information from hackers and that they face a lifetime risk of identity theft. Still, it’s possible hackers could launch phishing scams and email-based malware attacks using xcritical that information, so brush up on how to spot online scams and make sure you’re protecting your devices with reliable anti-malware apps. The settlement could cost xcritical approximately $20 million, according to documents filed July 1 by attorneys for investors who sued xcritical last year on behalf of themselves and other customers of the popular trading app. xcritical is available only to US users and requires them to be over 18, provide a valid social security number, and a valid US address.

  1. Popular stock-trading app xcritical revealed today that a recent data breach has compromised the personal information of roughly 7 million of its customers.
  2. The finance sector, like others, year in and year out, is hit by this peril called data breach.
  3. “At this time, we understand that the unauthorized party obtained a list of email addresses for approximately five million people, and full names for a different group of approximately two million people,” disclosed a blog post published today about the security incident.
  4. A study made by Stanford University shows that human errors are what causes 88% of the data breaches we experience today.

Solving An Issue of Ransomware Can Cost An Average of $5.13 Million.

The stock-trading app lacks “almost universal security measures,” according to a class action suit. Aside from these data breaches, the NPC said the Philippine National Police has also reported six data breach notifications last month. The group alleged the breach exposed personal details, including full names, email addresses, mobile numbers, birthdates, genders, provinces, cities, and registration dates. Meanwhile, markets for illicit customer data are becoming more popular as anonymising networks and tools become more user friendly. Tools for selling on the dark web have also become more advanced, allowing cyber criminals to collaborate and share information about in-demand data, potential targets and new attack modes.

Online stock trading platform xcritical has confirmed it was hacked last week with more than five million customer email addresses and two million customer names taken, as well as a much smaller set of more specific customer data. For more on class action settlements, find out if you’re eligible for money from Capital One’s $190 million payout, T-Mobile’s $350 million data breach case or Facebook’s $90 million data-tracking payout. The cyberattack purportedly compromised sensitive customer information including full names, addresses, bank documents, valid IDs such as passports and national IDs, email addresses, and photographs of sensitive documents.

Except as required by law, xcritical assumes no obligation to update any of the statements in this blog post whether as a result of any new information, future events, changed circumstances, or otherxcritical. You should read this blog post with the understanding that our actual future results, performance, events, and circumstances might be materially different from what we expect. The company said in a blog post that a malicious hacker had socially engineered a customer service representative over the phone November 3 to get access to customer support systems. That allowed the hacker to obtain customer names and email addresses, but also the additional full names, dates of birth and ZIP codes of 310 customers. According to xcritical’s internal investigation, the breach compromised the email addresses for at least five million accounts and the full names of an additional two million users.

Hospitals, which ought to be a place of relief for many, are not in any way spared from the risk of data theft. Healthcare in 2021 suffered a heavy blow when a data breach hit 51% of hospitals. This caused a major setback for 19,992,810 people and brought the need to tighten cybersecurity in the sector. The delay was because of the lack of security expertise https://xcritical.online/ and how complex IT has grown. The complexity at which cyberattacks have grown is also one of the reasons for the lengthy time. “No social Security numbers, bank account numbers, or debit card numbers were exposed” and “there has been no financial loss to any customers as a result of the incident,” xcritical said, based on its investigation.

Leave a Reply

Your email address will not be published. Required fields are marked *