News Heading - 1

Data Security Incident at Forever 21 Impacts Nearly Half a Million Individuals

  • Written by Shipra Sanganeria Cybersecurity & Tech Writer

The renowned fashion retailer, Forever 21, in a notification disclosed a data breach incident that is said to have affected over 500K of its current and former employees. The breach in no way impacted the customers of the company.

In the sample letter submitted to the Maine Attorney General’s Office, the Los Angeles-headquartered company revealed that it had identified a cyberattack on some of its systems on March 20.

The attack which is said to have occurred over a period of over two months, saw an unidentified hacker gain access to its systems multiple times between January 5 to March 21, 2023. Post discovery, the company partnered with a cybersecurity firm and launched an investigation.

During the investigation, the company found that the unidentified third-party had used the attack to extract company data. ‘’Findings from the investigation indicate the unauthorized third party obtained select files from certain Forever 21 systems during this time period,’’ the notice read.

In August, Forever 21 sent out notices to the affected 539,207 individuals, wherein they discussed the incident in its entirety along with information on the stolen personal data.

The stolen information included, full name, Social Security Number (SSN), date of birth, bank account number (without access code or pin), Forever 21 health plan details, including the individuals’ enrolment and premium paid details.

In the notification, the company also notes that there was no evidence regarding any misuse of stolen data. “We have no evidence to suggest your information has been misused for purposes of fraud or identity theft as a result of this incident – and no reason to believe that it will be.’’

While no details were shared about the attack or the attacker behind the incident. From the company’s statement, it can be deduced that it had engaged with the hackers to ensure that the stolen data was erased and not used for any fraudulent activities.

As a precaution, it is also providing a 12-month complimentary fraud and identity protection service to the affected individuals.

News Heading - 2

China-Linked Android Spyware Targets Telegram and Signal Users in Europe and the US

  • Written by Shipra Sanganeria Cybersecurity & Tech Writer

Cybersecurity researchers discovered trojanized Android apps for Signal and Telegram used in a new espionage campaign. The apps found on Google Play and Samsung Galaxy Store are said to contain the BadBazaar spyware, attributed to the Chinese APT group GREF.

According to ESET researcher Lukáš Štefanko, the campaign distributing the malware espionage code was most likely active since July 2020 and 2022, respectively. To infiltrate targeted victims’ devices, GREF is said to have used pathed versions of the open-source Signal and Telegram app for Android, named ‘Signal Plus Messenger’ and ‘FlyGram’.

The spyware was previously documented being used against Uyghurs and other Turkic ethnic minorities outside of China. ‘’Based on our research, [..] potential victims were also lured to install the FlyGram app from a Uyghur Telegram group focused on Android app sharing, which now has more than 1,300 members,’’ Lukáš stated.

This time however, ESET found that the campaign was primarily targeted at users in Australia, Brazil, Denmark, the Democratic Republic of the Congo, Germany, Hong Kong, Hungary, Lithuania, the Netherlands, Poland, Portugal, Singapore, Spain, Ukraine, the US, and Yemen.

The espionage malware BadBazaar has the capability to extract device information, including contact and installed apps list, steal call logs and messages, Google accounts, remotely using the device camera to take pictures, transferring Telegram communication to an attacker controlled C2 server, and linking devices via the Signal Plus Messenger app.

Before the discovery of their malicious capability, the apps had been downloaded and installed over a hundred times. Based on the available data of Play Store, the apps:

  • Signal Plus Messenger – installed 100+ times since July 2022, The app is also available for download via signalplus[.]org
  • FlyGram – installed 5,000+ times since June 2020. The app is also available for download via flygram[.]org

When notified, Google removed both the apps from the Play Store, but they continue to be available on Samsung Galaxy Store.