UPDATED 18:25 EST / DECEMBER 18 2023

SECURITY

MongoDB, North Face owner VF Corp and Mr. Cooper fall victim to cyberattacks

It has been a busy few days on the cybersecurity front as three notable companies confirmed hacks over the last two days: MongoDB Inc., North Face and Vans owner VF Corp., and mortgage broker Mr. Cooper Group Inc.

The first hack, that of MongoDB, was confirmed over the weekend and involved its corporate systems being breached and customer data exposed. Bleeping Computer reports that MongoDB sent emails to affected customers on Dec. 13.

“MongoDB is investigating a security incident involving unauthorized access to certain MongoDB corporate systems,” the email sent to affected customers stated. “This includes exposure of customer account metadata and contact information. At this time, we are NOT aware of any exposure to the data that customers store in MongoDB Atlas.”

Although further details were unavailable, a spokesperson for MongoDB stated that it’s still investigating the breach.

The breach of VF Corp. is described by the company as involving hackers encrypting “some” systems and stealing personal data.

While describing the attack in a disclosure with the U.S. Securities and Exchange Commission as “material cybersecurity incidents,” the ransomware duck rule comes into play: If it sounds like ransomware and VF Corp. says data was encrypted, it likely is ransomware.

The company said in its disclosure that it first identified hackers in its systems on Dec. 13 and that the attack is expected to affect the company’s operations in the lead-up to the holiday shopping period. The hack is possibly the first filing with the SEC under new rules, which state that companies must disclose any cybersecurity incidents within four days of their occurrence.

The largest of the three hacks, at least as known now, was that on Mr. Cooper previously known as Nationstar Mortgage Holdings Inc. The hack has reportedly affected 14.7 million former and current customers.

Described by the company simply as a “cyber breach,” the attack involved “substantially all of our current and former customers” sensitive personal information, according to filings reported by ABC News. Information stolen included names, addresses, phone numbers, Social Security numbers, dates of birth and bank account numbers.

Mr. Cooper added that it shut systems to contain the incident at the time it was detected and that it was monitoring the dark web to see if any of the stolen data is released. We “have not seen any evidence that the data related to this incident has been further shared, published, or otherwise misused,” the company told those affected.

As is the case with VF Corp., if it sounds like ransomware, it probably is. Although Mr. Cooper didn’t mention data being encrypted, that it’s monitoring leak sites on the dark web suggests that it’s highly likely the company was targeted in a double-tap ransomware attack. That involves both encryption and data theft, with the ransomware gang threatening to publish stolen data if a ransom is not paid.

“The disclosure of Mr. Cooper’s affected customers highlights the need for the financial industry, particularly nonbank financial institutions, to prioritize cybersecurity,” Nick Tausek, lead security automation architect at security operations company Swimlane Inc., told SiliconANGLE. “The Federal Trade Commission’s amendment to the Safeguards Rule, making it mandatory for non-banking financial institutions to report data breaches within 30 days, came one week before Mr. Cooper’s cyberattack.”

Andrew Costis, chapter lead of the Adversary Research Team at breach and attack simulation company AttackIQ Inc., commented that “just weeks after the FTC mandated 30-day breach reporting for nonbanking financial institutions, Mr. Cooper was hit by this cyberattack, serving as a stark reminder of the vulnerability of these institutions to cybercrime and the urgency of cybersecurity measures in this sector.”

Image: DALL-E 3

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU