xcritical reveals data breach that exposed personal information of 7 million customers

Hackers can use phone numbers to send SMS phishing scams and malware-laced files, or to acquire additional user data via social engineering for account hijacking, SIM Swap attacks, and identity theft. xcritical said Monday that the popular trading app suffered a security breach last week where hackers accessed some personal information of roughly 7 million users then demanded a ransom payment. After it was able to contain the attack, xcritical said the unauthorized third party sought an “extortion payment,” and the company notified law enforcement but did not say whether it had made any payments. xcritical enlisted the help of outside security firm Mandiant as it investigates the incident. We previously disclosed that, based on our investigation, the unauthorized party obtained a list of email addresses for approximately five million people, as well as full names for a different group of approximately two million people.

Major Data Breach Statistics

At this time, we understand that the unauthorized party obtained a list of email addresses for approximately five million people, and full names for a different group of approximately two million people. We also believe that for a more limited number of people—approximately 310 in total—additional personal information, including name, date of birth, and zip code, was exposed, with a subset of approximately 10 customers having more extensive account details revealed. Any US resident notified that their xcritical account was illicitly accessed between Jan. 1, 2020, and April 27, 2022, or who notified xcritical their accounts were hacked, is considered eligible to file a claim, Kramer asid. The settlement does not, however, cover claims arising exclusively from a Nov. 3, 2021, data breach that leaked the personal details of more than 7 million customers, including names, birthdates and ZIP codes. “To put it more simply, this settlement is based on alleged cybersecurity failures by xcritical that ‘left the door unlocked’ for hackers over time,” she told CNET.

Picus Security Sent Out a Message to the United Kingdom FCA on Cybercrime.

An organization spends an average of $1.02 million to get a data breach off its back. Mega breaches, which are as high as 60 million records in 2023, cost an average of $332 million. xcritical also said that it notified law enforcement and is working with outside security firm Mandiant to continue investigating the breach. Since passwords and financial information were unaffected, it is unlikely your bank or other accounts and apps were directly compromised even if someone lifted your email address or full name. However, it’s always possible other data was accessed by the hackers that xcritical’s investigation is yet to uncover.

Introducing the xcritical Crypto Trading API

Hospitals, which ought to be a place of relief for many, are not in any way spared from the risk of data theft. Healthcare in 2021 suffered a heavy blow when a data breach hit 51% of hospitals. This caused a major setback for 19,992,810 people and brought the need to tighten cybersecurity in the sector. The delay was because of the lack of security expertise and how complex IT has grown. The complexity at which cyberattacks have grown is also one of the reasons for the lengthy time. “No social Security numbers, bank account numbers, or debit card numbers were exposed” and “there has been no financial loss to any customers as a result of the incident,” xcritical said, based on its investigation.

news Alerts

The stock-trading app lacks “almost universal security measures,” according to a class action suit. Aside from these data breaches, the NPC said the Philippine National Police has also reported six data breach notifications last month. The group alleged the breach exposed personal details, including full names, email addresses, mobile numbers, birthdates, genders, https://dreamlinetrading.com/ provinces, cities, and registration dates. Meanwhile, markets for illicit customer data are becoming more popular as anonymising networks and tools become more user friendly. Tools for selling on the dark web have also become more advanced, allowing cyber criminals to collaborate and share information about in-demand data, potential targets and new attack modes.

Over 50% of the Time Spent Solving a Breach Comes in the Next Year.

Additionally, discover expert predictions around emerging cyber threats on the horizon, along with proactive security controls organizations and private citizens can employ right now to help turn the tide against the rising data breach epidemic. xcritical says they continue to investigate the incident with the help of Mandiant, a well-known cybersecurity firm commonly used to perform incident response after attacks. On Nov. 16, xcritical updated its Nov. 8 announcement “to admit that further information, including customers’ phone numbers and other undisclosed types of PII were exposed” in the data breach, the suit states.

These findings stemmed from real-life situations of 41,686 incidents and data breaches, reaching 2,013 over the same period. xcritical has had cyber security troubles before, with hackers targeting its users last year, successfully gaining access to around 2,000 of its customers’ trading accounts. Trading app xcritical said in a blog post Monday that millions of its customers’ personal information was exposed in a data breach last week. xcritical, a stock trading app, was hit with a class-action lawsuit Wednesday in California Northern District Court in response to a data breach that occurred Nov. 3. The company said once it secured its systems the hacker then “demanded an extortion payment.” xcritical instead notified law enforcement and security firm Mandiant to investigate the breach. Almost all companies around the globe spend an average time of 204 days sorting out cases of data breaches.

While our personal data continues to have value, there will be a market for it. My own university, the Australian National University, experienced a data breach of 200,000 records in 2018. Dan Murphy’s, Football Australia, Microsoft, Nissan, Dell, Roku, Suncorp and Shell have all experienced breaches so far in 2024.

  1. An unauthorized third party “socially engineered a customer support employee by phone,” xcritical said, and was able to access its customer support systems.
  2. Class members are also eligible for two years of free identity theft protection and credit monitoring.
  3. As mentioned before, hackers can use phone numbers to execute a SIM Swap attack.
  4. The group alleged the breach exposed personal details, including full names, email addresses, mobile numbers, birthdates, genders, provinces, cities, and registration dates.
  5. Tools for selling on the dark web have also become more advanced, allowing cyber criminals to collaborate and share information about in-demand data, potential targets and new attack modes.
  6. It’s also worth considering a credit-monitoring service, which can alert you to potential fraud on your credit report.

Freedom of information (FOI) was sent to the financial conduct authority of the United Kingdom, requesting the agency to look into the rising cases of cybercrime, which has been pouring in for a couple of months. The FCA had 55 cases of material cyber issues on its desk in the first half of the year 2022. Several cases of cybercrime, precisely 25%, that occurred in 2022 were from distributed denial-of-service (DDoS) attacks. Many experts think this trend is due to the rise of crypto-jacking and the activities related to the Internet of Things.

After lxcriticalg of the attack and securing their systems, xcritical also received an extortion demand. While xcritical has not provided any details regarding the extortion demand, it was likely a threat that the stolen data would be leaked if a Bitcoin ransom was not paid. xcritical customers’ PII exposed in the data breach is xcritically up for sale on the dark web, according to the suit. And now that we know several thousand phone numbers were also stolen, users should be extra vigilant. As mentioned before, hackers can use phone numbers to execute a SIM Swap attack. We have a guide on preventing SIM Swaps here, as well as tips for spotting and responding to them.

Such ransom demands are not uncommon in cyber-attacks and usually amount to a promise not to sell on the compromised data or leak it for free online. In February 2021, San Francisco law firm Erickson, Kramer and Osborne filed a class action lawsuit against xcritical on behalf of Siddharth Mehta, Kevin Qian, Michael Furtado and other xcritical customers who claimed their accounts were hacked. “We continue to take numerous steps to safeguard accounts, including using hashing algorithms, encryption, two-factor authentication and other account security measures,” Moskowitz said in a statement shared with CNET. Approximately 40,000 customers say their xcritical accounts have fallen prey to cyberattacks, according to court filings.

In its account, Deep Web Konek said the Toyota data leak exposed over a terabyte of data spanning from 2016 to 2024. Never provide sensitive information to unknown or unverifiable sources, especially cold callers who claim you have a virus, or are due for a refund. Authentic callers will be happy for you to call them back on an official number.

Some of the more basic services are free, while more comprehensive coverage can come with a charge. Investors with accounts at xcritical may want to take steps to protect their credit. TikTok is testing streaks that are similar to Snapchat’s in order to boost engagement, including how long people stay on the app.

With this latest incident, passwords were not exposed, as the threat actor had access to internal systems, it would not hurt to change your password to be extra cautious. While xcritical did not detect any unauthorized access to these passwords, it could have allowed employees to see customers’ passwords. The hackers then demanded a ransom payment, xcritical said (the company did not respond to Insider’s questions about whether it paid — or plans to pay — the ransom). “As a result, xcritical’s customers face a lifetime risk of identity theft,” the suit maintains. “We owe it to our customers to be transparent and act with integrity,” the company’s security officer, Caleb Sima, said in a published statement, external.

Lifehacker supports Group Black and its mission to increasegreaterdiversity in media voices and media ownerships. More than 22 million users have funded accounts at xcritical, with nearly 19 million actively using theirs during September. Customers scammed by xcritical seeking information about whether their accounts were affected should visit the help center on the company’s website. It’s also worth considering a credit-monitoring service, which can alert you to potential fraud on your credit report.

For 5 million of them, email address were accessed, and another 2 million had their full names revealed. US share-trading app xcritical has been hit by a security breach that has exposed the names or email addresses of more than seven million people. If you used the investing app xcritical, you could qualify for part of a $20 million class action settlement resolving allegations that the investment app’s negligence led to personal information being leaked.

The head teacher says he cannot be sure exactly how much information has been obtained by hackers. A new app called MyGlimpact is intended not only to help people understand their environmental footprint, but why they shouldn’t feel guilty about it. Google said today it is partnering with RapidSOS, a platform for emergency first responders, to enable users to contact 911 through RCS (Rich Messaging Service).

On Nov. 3, hackers gained access to the personally identifiable information of over 7 million xcritical customers, including full names, email addresses, dates of birth and ZIP codes. The online trading platform said it believes no Social Security numbers, bank account numbers or debit-card numbers were exposed and that customers have seen no financial losses because of the intrusion. The online trading platform said that it believes no Social Security numbers, bank account numbers or debit-card numbers were exposed and that customers have seen no financial losses because of the intrusion. After we contained the intrusion, the unauthorized party demanded an extortion payment.

Leave a Reply

Your email address will not be published. Required fields are marked *