Expired SSL Certificate Poses Security Risk; Mr. Cooper and Xfinity Experience Data Breaches
The Negros Occidental government’s website, www.negros-occ.gov.ph, is under a security warning due to its expired SSL certificate. The certificate, issued by Sectigo RSA Domain Validation Secure Server CA, expired on December 17, 2023, and as of today, December 19, 2023, remains unaddressed, thereby increasing the potential risk of information theft. Any user attempting to access the site risks losing sensitive data, including passwords, messages, and credit card details.
Cybersecurity Concerns Across the Board
Simultaneously, a recent cyberattack has compromised the personal and banking data of 14.7 million individuals associated with the mortgage giant, Mr Cooper. The exposed information includes names, addresses, dates of birth, phone numbers, Social Security numbers, and bank account details. Following the attack, Mr Cooper has sought to restore its systems and monitor the dark web for potential leaks of the stolen data.
Mr. Cooper’s Response to the Cyberattack
To mitigate the aftermath of the breach, Mr Cooper is providing identity protection and credit monitoring services to the impacted individuals. The company has admitted to system outage on the day of the breach, which was later acknowledged as a cybersecurity incident. The financial burden on the company due to this cyberattack is estimated to be at least $25 million, primarily for providing identity protection to its current and former customers for two years.
Xfinity and the Data Breach
In another incident, Xfinity, a home and mobile internet provider, announced a data breach in October. The breach, attributable to a vulnerability in Citrix, one of its software providers, resulted in the hacking of usernames, passwords, and partial social security numbers. The number of affected customers remains undisclosed. Xfinity has recommended its users to change their passwords and enroll in two-factor authentication while the incident is still under investigation.
Mr. Cooper’s Data Breach Notification
Mr. Cooper, based in Coppell, Texas, reported a cyberattack compromising the personal data of over 14 million individuals, affecting both current and former customers. The company has filed a data breach notification with the Maine Attorney General, revealing the breach to be much worse than initially estimated, potentially impacting 14,690,284 individuals, with 59,917 of them being residents of Maine.