---
title: "Cybersecurity Updates For The Week 10 of 2021 | Phish Protection"
description: "Cybersecurity Updates For The Week 10 of 2021: Phishing schemes continue to be highly effective as netizens continue to ignore basic cyber-hygiene practices."
image: "https://phishprotection.com/og/blog/cybersecurity-updates-for-the-week-10-of-2021.png"
canonical: "https://phishprotection.com/blog/cybersecurity-updates-for-the-week-10-of-2021/"
---

Quick Answer

Impacts of the breach are also seen on beneficiaries of The Kroger Co. Retiree Health and Welfare Benefit Plan and The Kroger Co. Health and Welfare Benefit Plan. As investigations into the breach continue, \_Kroger is providing free credit monitoring to those affected by the breach\_.

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-10-of-2021%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Cybersecurity%20Updates%20For%20The%20Week%2010%20of%202021&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-10-of-2021%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-10-of-2021%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-10-of-2021%2F&title=Cybersecurity%20Updates%20For%20The%20Week%2010%20of%202021 "Share on Reddit") [ ](mailto:?subject=Cybersecurity%20Updates%20For%20The%20Week%2010%20of%202021&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-10-of-2021%2F "Share via Email") 

![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2021/03/phishing-prevention-6654.jpg) 

_Phishing schemes continue to be highly effective as netizens continue to ignore basic cyber-hygiene practices_. Today, it has become essential to stay abreast of the latest modus operandi adopted by malicious actors to lure users into disclosing their crucial information such as financial details, PII (Personally Identifiable Information), etc. The following **top phishing headlines** from the past week tell us that [phishing protection](/) is indeed a necessity for the cyber world.

### \*\*\*\* Data Breach Hits The Kroger Co.

_On 23rd January, the Cincinnati-based grocery and pharmacy chain, Kroger Co. was notified of its involvement in a data breach from the December Accellion attack_. Kroger used Accellion’s services to share corpus data and email attachments but stopped the association soon after the **breach discovery**. It is now advising customers of its grocery retail stores and pharmacy to take [anti-phishing protection](/) measures to minimize data loss damage. The exposed information included the patients’ names, addresses, DOBs, Social Security Numbers, email addresses, insurance-related info, prescription details, medical history, etc. While [Kroger claims](https://www.ajc.com/news/breaking-kroger-advises-customers-of-data-breach-affecting-pharmacy/R44FKCSVLNDTJHA53ON36HO2CA/?&web%5Fview=true) that _only 1% of its customer data was lost in the breach_, some current and former employees’ details were also compromised. 

Impacts of the breach are also seen on beneficiaries of The Kroger Co. Retiree Health and Welfare Benefit Plan and The Kroger Co. Health and Welfare Benefit Plan. As investigations into the breach continue, _Kroger is providing free credit monitoring to those affected by the breach_.

### \*\*\*\* Cyberattack Hits Lakehead University

A few days ago, _the Canadian undergraduate research university Lakehead underwent a cyberattack that brought down its servers_. The Thunder Bay and Orillia campuses had to _shut down their computers to contain the attack’s spread_. Although the school hasn’t disclosed the nature of the breach, it did mention that the adversaries targeted its file share servers.

The Technology Services Centre (TSC) of the University took immediate measures for [protection from phishing](/) and **removed all access** to servers. As investigations continue, _all access to on-campus computers and servers is restricted_. Stakeholders are advised to change their passwords, although the attack seems more [like ransomware](https://www.bleepingcomputer.com/news/security/lakehead-university-shuts-down-campus-network-after-cyberattack/?&web%5Fview=true). The attack has disrupted many academic activities at the University, including virtual tours of the Thunder Bay and Orillia campus and webinars. As the University strives to restore operations at the earliest, students suffer academically due to their inability to access learning resources. The University has offered them temporary solutions.

### \*\*\*\* Data Breach Hits Cashalo

_The Filipino-based credit company Cashalo recently underwent a data breach that exposed customers’ sensitive personal details_. The adversaries **gained access to a database** containing customers’ personally identifiable information. The compromised details include the names, email addresses, passwords, device IDs, and customers’ phone numbers. Fortunately, Cashalo had used encryption which ensured that no accounts were compromised because of the [password leak](https://portswigger.net/daily-swig/filipino-credit-app-cashalo-suffers-data-breach?&web%5Fview=true).

Cashalo IT team proactively brought down the systems, began investigations, and reported the incident to the Philippines’ National Privacy Commission. They shall notify all affected customers about the incident soon and encourage them to take further [phishing prevention](/) measures. Additionally, customers are advised to change their passwords and look out for spam emails asking for passwords or other sensitive information.

### \*\*\*\* Turkish Consultancy Firm Leaves AWS S3 Bucket Publicly Available

The Turkish actuarial consultancy, _İnova Yönetim, had left an AWS S3 bucket unprotected online, which contained a **20 GB database** with 55,000 documents_. Anyone on the internet can access this database with just the URL. The documents exposed details related to [15,000 cases](https://www.infosecurity-magazine.com/news/legal-firm-leaks-15000-cases-via/?&web%5Fview=true) of people injured or killed in traffic accidents. _The database was first discovered and reported by review site WizCase on 1st October 2020_, twelve days after which the firm secured the server.

![Phishing prevention](https://media.mailhop.org/phishprotection/images/2021/03/phishing-prevention-6654.jpg) 

Victim information such as names, DOBs, marital status, national ID numbers, insurance details, accident details, etc., were compromised in the breach. In some cases, more intricate case details such as witness or complainant details, breathalyzer test results, and vehicle registration numbers were exposed. The revealed cases date from the beginning of 2018 to the summer of 2020\. A range of cyberattacks can be launched using these details, such as **phishing attacks**, cloning SIM cards, insurance or bank fraud, extortion, etc. İnova Yönetim must consider **adopting anti-phishing** measures at the earliest to contain the breach and make sure no further damages happen to their clients.

### \*\*\*\* Data Breach At Covenant Healthcare

_Two Covenant healthcare employee email accounts were accessed by unauthorized third parties recently_. Resultantly, the details belonging to **around 45,000 patients** were compromised. The hospital began its investigation soon after detecting the breach and is now working with [cybersecurity experts](https://www.wnem.com/news/covenant-healthcare-reports-data-breach-through-employee-emails/article%5Feaf988fc-76c8-11eb-99f1-cbedd3811c29.html?&web%5Fview=true) to get to the attack’s roots. A more in-depth look at the incident revealed that the adversaries had access to the employee email accounts since 14th May.

These email accounts contained the patients’ names, DOBs, addresses, driver’s license numbers, Social Security numbers, clinical information, medical diagnosis, prescription number, doctors’ names, etc. _Covenant regrets this unfortunate break-in and has informed all patients whose contact details were available_. Although the hospital hasn’t found any evidence of data misuse so far, it pledges to take [anti-phishing](/products/advanced-threat-defense/) measures to prevent such an incident in the future.

### \*\*\*\* Indian Govt. Leaks COVID Results Of 8 Million Citizens

_The Health and Welfare Department of West Bengal has exposed the COVID-19 test reports of 8 million people_ because of its flawed online system implementation.

Cybersecurity researcher Sourajeet Majumder discovered that the Indian Government site is exposing the reports of everyone who took the COVID-19 test in West Bengal. These reports included the names, addresses, age, and date of sample testing of citizens. _The URL leading to a COVID report contains a base64-encoded report’s ID number (SRF ID)_. This number can easily be converted to a numeric form [that displays the results](https://www.bleepingcomputer.com/news/security/over-8-million-covid-19-test-results-leaked-online/?&web%5Fview=true) of other citizens’ COVID tests when used in the URL.

![What is spear phishing](https://media.mailhop.org/phishprotection/images/2021/03/what-is-spear-phishing-6654.jpg) 

The authorities are taking necessary measures to [prevent phishing](/) attacks and have acknowledged the leak. The leaky URLs now return a 404 (not found) message.

### \*\*\*\* Hackers Access Machines Of An Oxford University Lab

_The Structural Biology research lab at Oxford University, often known as “Strubi,” was recently involved in a security incident_. Third-party threat actors could access some lab systems at a time when the Strubi lab was engaged in COVID 19 related research. Although the lab wasn’t associated with the Oxford Vaccine Group and Jenner Institute’s COVID-19 [vaccine development](https://www.theverge.com/2021/2/25/22301725/covid-19-research-lab-hacked-oxford-university-strubi?&web%5Fview=true), the nature of **data compromised** in the breach is unknown.

As Forbes investigates the breach, _an Oxford spokesperson informs that no clinical research data has been affected_. They further add that some machines handling biochemical samples were accessed but that only indicates the unlikeliness of the adversaries being linked to nation-state threat actors. Along with adopting the [best phishing prevention practices](/resources/phishing-prevention-best-practices/), the University has informed the NCSC, which now investigates the breach.

### Protect Your Organization

- [Learn how phishing attacks work and how to spot them](/learn-what-is-phishing/)
- [See how Phish Protection blocks threats in real time](/anti-phishing-tools/)

## Topics

[ Announcements ](/tags/announcements/) 

![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) 

[ Brad Slavin ](/authors/brad-slavin/) 

General Manager

Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base.

[LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) 

## Protect your inbox from phishing attacks

Real-time email security with 60-day free trial. No credit card required.

[Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) 

## Related Articles

[  Intermediate 5m  Cybersecurity Updates For The Week 33 of 2022  Aug 22, 2022 ](/blog/cyber-security-news-update-week-33-2022/)[  Intermediate 6m  Cybersecurity Updates For The Week 41 of 2022  Oct 21, 2022 ](/blog/cybersecurity-news-21-oct-2022/)[  Intermediate 5m  Cybersecurity Updates For The Week 1 of 2021  Jan 1, 2021 ](/blog/cybersecurity-updates-for-the-week-1-of-2021/)[  Intermediate 6m  Cybersecurity Updates For The Week 1 of 2022  Jan 7, 2022 ](/blog/cybersecurity-updates-for-the-week-1-of-2022/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"Cybersecurity Updates For The Week 10 of 2021","description":"Cybersecurity Updates For The Week 10 of 2021: Phishing schemes continue to be highly effective as netizens continue to ignore basic cyber-hygiene practices.","url":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-10-of-2021/","datePublished":"2021-03-01T08:35:58.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2021-03-01T08:35:58.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-10-of-2021/"},"articleSection":"intermediate","keywords":"Announcements","wordCount":1140,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2021/03/phishing-prevention-6654.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Intermediate","item":"https://phishprotection.com/intermediate/"},{"@type":"ListItem","position":4,"name":"Cybersecurity Updates For The Week 10 of 2021","item":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-10-of-2021/"}]}
```