WEEK ENDING: 26th February– A ROUNDUP IN I.T. & TECH NEWS
We don’t know about everyone else, but it feels like this week we may have turned a corner, it feels like spring is almost here and we now have a better idea of when things can finally go back to normal.
I.T. and tech has also been at the forefront this week, but not necessarily in a positive way. From an app breach which exposed the financial and personal information of Npower customers, and new legal challenges for the NHS, to how hackers are using Google Alerts to spread malware; there’s a lot to catch up on.
Npower forced to shut down app after data breach
UK energy giant, Npower, has been forced to shut down its app this week after it become the latest victim of a data breach.
The cyber-attack resulted in sensitive information, including financial and personal details of an undisclosed number of customers, being leaked.
According to MoneySavingExpert.com, cybercriminals infiltrated the customer accounts by credential stuffing, which involves using login details from other websites to breach the Npower accounts.
Npower confirmed that hackers may have accessed information including customers dates of birth and financial information including details such as sort codes and the last four digits of their bank account numbers, although not full account numbers.
The energy firm confirmed in a statement this week that they have contacted all affected customers and encouraged them to change their passwords, while also offering them advice on how to prevent unauthorised access to their online account.
Digital privacy expert, Ray Walsh commented on the incident, siting it as a “huge lapse of security” which has put consumers at “substantial risk”. He warned:
“Energy customers who have used the Npower app should immediately check their bank statements for unusual activity, as the breach included sort codes and the last four digits of customer bank accounts numbers leaving them wide open to fraud.”
Npower certainly isn’t the first, and it won’t be the last, large organisation to fall victim to a data breach. As cybercriminals become more sophisticated, we as customers need to become more vigilant with our online activity, and organisations such as Npower need more secure and robust processes in place to ensure this doesn’t happen again.
If data security is high on your agenda, get in touch at firstname.lastname@example.org to discuss how we might be able support.
Read more on the breach here.
NHS face new legal challenges over Palantir contract
It has emerged this week that the NHS is facing new legal challenges over its decision to award a £23.5m data contract to controversial US data mining firm Palantir Technologies.
Political organisation Open Democracy has brought the charges against the NHS. On its website they state the reason for doing this as:
“We’re taking the government to court because, right before Christmas, they quietly gave this CIA-backed firm a major, long-term role in handling our personal health information, and in England’s cherished National Health Service.”
The lawsuit claims that NHS England failed to do an impact assessment when it handed a two-year contract to Palantir in December.
In a report by Sky New this week, it was claimed that Palantir, which has become notorious for its close ties to security services and immigration agencies in the United States, secured its first ever deal to handle NHS data in March last year for the nominal sum of £1.
The court case against the health service, could force it to reconsider the contract, which was extended in December 2020 and is now worth £23.5m.
We’ll be following to see how this case unfolds.
Learn more about the lawsuit here.
Hackers target Google Alerts to spread malware
It has emerged this week that cybercriminals have started to target Google Alerts as a way of spreading malware.
Cyber criminals have been using the Google Alerts service to push fake updates to non-existent Adobe Flash Player. According to reports, hackers have created fake news stories using words and phrases which contain popular search terms to spread the malware. Google Alerts then pushes these notifications to people who follow the keywords with the hope that they click and install.
ITPro reports that the latest attack redirects users to a page that states the user’s Flash Player is outdated and needs to be updated. Adobe no longer supports or updates Flash Player, but many victims may not realise this and click on the update button.
Google Alerts users have been advised that if they receive said email and are redirected and prompted to install anything, to close their browser window immediately.
Javvad Malik, security awareness advocate at KnowBe4, told IT Pro that by manipulating Google Alerts, cyber criminals are finding ingenious ways to get into users’ inboxes, as email gateways and spam filters won’t block alerts.
“Once in the user’s inbox, there is a high likelihood that users will click on the link because the alerts are something they expect and trust.”
Read more on this here.
Those were just some of this week’s top stories but if you want more content, follow us across our four social media channels: