White House urges end to insurance-funded ransomware payments, Comcast reveals a major data loss, Chinese hackers use a back door to launch a devastating hack of US telecom and data systems, American Water halts billing after cybersecurity breach.
This is Cyber Security Today. I”m your host, Jim Love
A senior White House official has called on insurance companies to stop issuing policies that incentivize ransomware payments. Speaking after the fourth annual International Counter Ransomware Initiative CRI summit, Anne Neuberger, the U.S. deputy national security adviser for cyber and emerging technologies, warned that insurance policies covering ransomware payments are fueling the cybercrime ecosystem.
Neuberger’s comments, published in an opinion piece in the *Financial Times*, emphasized that reimbursing ransoms through insurance policies was a “troubling practice that must end.” She suggested that instead of incentivizing payments, insurance companies could play a more constructive role by requiring effective cybersecurity measures as a condition for underwriting, similar to how fire alarms are required for home insurance.
The CRI summit, which brought together representatives from 68 countries, saw some progress in promoting a cautious approach to ransomware payments. A group of 39 CRI members and eight insurance industry bodies endorsed guidance encouraging organizations to carefully consider their options before making payments. However, this falls short of Neuberger’s call to end the funding of ransomware payments altogether.
Despite the availability of guidance on best practices for handling ransomware, attacks have nearly doubled in both the United States and the United Kingdom over the past two years, underscoring the need for more decisive action to combat the growing threat.
Sources Include:
Financial Times https://www.ft.com
Comcast customer data stolen in ransomware attack on debt collector
Comcast, a major U.S. telecommunications conglomerate providing cable television, internet, and phone services has disclosed that the personal data of over 230,000 customers was stolen in a ransomware attack on a third-party debt collection agency, Financial Business and Consumer Solutions FBCS . The attack, which occurred in February, compromised names, addresses, Social Security numbers, dates of birth, and Comcast account details. Despite the initial assurance from FBCS that no customer data was involved, Comcast was informed in July that the data had indeed been compromised.
The attackers targeted FBCS’s systems between February 14 and February 26, gaining unauthorized access and encrypting parts of the network. Although no major ransomware group has claimed responsibility for the attack, it affected not only Comcast customers but also millions of others. Medical debt-purchasing company CF Medical confirmed that health information of 620,000 individuals was compromised, while Truist Bank, one of the largest financial institutions in the United States, reported that customer account information was accessed as well. Truist was formed through the merger of BB&T and SunTrust Banks in 2019 and serves millions of clients across the country.
The breach primarily impacted customers who signed up with Comcast around 2021, and the company has since discontinued its relationship with FBCS for debt collection. Consumer privacy advocates warn that the stolen data could expose victims to scams, particularly with attackers posing as debt relief agencies to exploit financially vulnerable individuals. As always, customers are advised to be cautious of suspicious communications and monitor their accounts for any unusual activity.
Sources Include: TechCrunch https://www.techcrunch.com , Engadget https://www.engadget.com
China-backed hackers breach U.S. wiretap systems
News broke this weekend that China-backed hackers have compromised the wiretap systems of several U.S. telecom and internet providers, likely in an effort to gather intelligence on Americans. Ironically, the attackers were using the wiretap systems, mandated under a 30-year-old U.S. federal law, which is among the most sensitive components of telecom and internet networks, granting nearly unfettered access to customer information, including internet traffic and browsing histories.
For years, security experts have emphatically warned about the inherent risks of these legally required backdoors, asserting that it was only a matter of time before they were exploited—and now, those fears have come true. “I think it absolutely was inevitable,” said Matt Blaze, a professor at Georgetown Law and an expert on secure systems, regarding the compromise. The Wall Street Journal first reported that the Chinese government hacking group known as Salt Typhoon breached three major U.S. internet providers, including AT&T, Lumen formerly CenturyLink , and Verizon, accessing systems used to facilitate customer data access for law enforcement. The hacks may have led to the “vast collection of internet traffic” from these telecom giants, and U.S. officials have described the breach as “potentially catastrophic.”
Salt Typhoon is one of several Chinese-backed groups believed to be laying the groundwork for future cyberattacks, possibly as part of anticipated conflicts, including a potential clash over Taiwan. The latest incidents demonstrate the inherent vulnerability of backdoor systems, which were originally intended for lawful purposes. “This hack exposes the lie that the U.S. government needs to be able to read every message you send and listen to every call you make, for your own protection,” said Riana Pfefferkorn, a Stanford academic and encryption policy expert.
The backdoors were established by the Communications Assistance for Law Enforcement Act CALEA of 1994, a law passed when mobile phones and the internet were still novelties. While CALEA requires communications providers to assist government access to customer data upon lawful request, experts have long argued that such backdoors create a dangerous target for malicious actors. The recent breaches underscore the risks of maintaining systems that can be exploited for illegal access, with security experts advocating for increased encryption as the only effective defense.
American Water halts billing after cybersecurity breach
We’ve done a number of stories and features on the potential vulnerabilities of physical infrastructure.
It appears that another attack has happened. American Water halts billing after cybersecurity breach
American Water, the largest publicly traded water and wastewater utility company in the United States, has disclosed a cybersecurity incident that led to unauthorized activity in its computer systems, prompting the company to take its customer portal, MyWater, offline and pause billing. The breach, discovered on October 3, 2024, resulted in the proactive disconnection of several systems to protect customer data, with efforts ongoing to restore services securely.
Upon learning of the incident, American Water activated its incident response protocols and enlisted third-party cybersecurity experts to assist with containment and mitigation. Law enforcement has also been notified, and investigations are underway to determine the full extent of the breach. The company emphasized that its water and wastewater operations were not impacted and that the water remains safe to drink.
As a result of the breach, the MyWater portal remains offline, meaning billing is currently paused, and no late fees or service disruptions will occur during this period. The call center is also operating with limited functionality, though American Water is working diligently to restore all affected systems. The company has committed to providing further updates as more information becomes available.
American Water has advised customers to remain cautious and monitor their accounts for any unusual activity. More information will be shared on the company’s website, www.amwater.com http://www.amwater.com .
Sources Include: American Water https://www.amwater.com
That’s our show for today.
You can find links to reports and other details in our show notes at technewsday.com. We welcome your comments, tips and the occasional bit of constructive criticism at editorial@technewsday.ca
I’m your host, Jim Love, thanks for listening.