News Heading - 1

Panasonic 2022 Network Hack Results in Data Breach

  • Written by Shipra Sanganeria Cybersecurity & Tech Writer
  • Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor

Panasonic Avionics Corp., an in-flight entertainment and communications (IFEC) solution provider, revealed that personal information of an undisclosed number of individuals was compromised in the December 2022 cyberattack.

In an individual notification to affected individuals, the US-based company disclosed certain details about the incident, including the type of information compromised. ‘’On December 30, 2022, Panasonic identified evidence of an issue potentially impacting certain systems in our corporate network environment that occurred on or around December 14, 2022,’’ the notice read.

In last weeks’ notice filed with the Office of California’s Attorney General , Panasonic said that during the cyberattack, the hacker gained access to certain information collected by the company, from individuals and their employers.

‘’We promptly initiated a comprehensive investigation into the nature and scope of the incident and impacted personal information, engaging cybersecurity and forensics experts to assist in the investigation of the incident, to assess what information may have been impacted, and to identify the individuals associated with that information,’’ the notice read.

While personally identifiable and specific information related to an individual’s health was accessed, the company till date, has no evidence of any data misuse.

The stolen information includes, name, contact details (email address, mailing address, and telephone number), dates of birth, medical and health insurance information, financial account numbers, company employment status, and government identifiers, such as Social Security numbers.

As remediation measures, the company undertook several steps to enhance its network’s security and offered affected individuals a 2-year complimentary identity and credit monitoring services through Kroll. It also advised the said individuals to remain vigilant of any account-related suspicious activity.

A subsidiary of Panasonic America, the world’s leading in-flight entertainment (IFE) solutions has been installed on 15,000+ commercial airplanes, and its satellite Wi-Fi connectivity on over 3,400 aircraft, worldwide.

Indian HR Portal Exposed Personal Data of Over 9 Million People Including Employees and Job Applicants - 2

Indian HR Portal Exposed Personal Data of Over 9 Million People Including Employees and Job Applicants

  • Written by Ari Denial Cybersecurity & Tech Writer

The website myrocket.co has accidentally released private information about thousands of employees and millions of job candidates without them knowing.

A publicly accessible database has been discovered with over 260GB of sensitive personal information owned by the Indian HR service and recruitment solution company, myrocket.co.

The data includes information that could identify a person, like full name, parents’ names, phone numbers, bank account details, date of birth, salary, salary slip, tax information, and photocopies of driving license and voter ID. It is estimated that nearly 2,00,000 employees and almost 9 million job candidates were affected.

The researchers informed the officials to be careful as this type of data leak might help hackers set up phishing campaigns to steal money or identities. The company said the issue was caused by a mistake and fixed it when they found out.

“The discovered database was not protected by authentication. The security loophole resulted in millions of private documents being revealed to the public. Worryingly, it also allowed threat actors to modify the data, changing salary amounts and details of bank accounts used for salary payments,” the research team said.

“We found about 435,000 payslips, 300 tax filings, 3,800 insurance payment documents, and 21,000 salary sheets belonging to various companies using the HR platform’s services,” they added.

Since the exposed data includes hashed names and contact information in plain text format, the researchers suggested that people who have worked for the company or used myrocket.co should assume their information has been exposed and take appropriate action.

According to Myrocket officials, “Rocket was recently acquired [Dutch-owned OLX bought it back in 2019], and enforcement of parent company standards is in progress, along with architectural corrections. The parent company follows the highest levels of data safety standards, with its tech teams conducting vulnerability assessments with every release and periodically monthly.”

The company has started an internal investigation and scheduled a vulnerability assessment and penetration testing (VAPT test) to ensure user data safety.