---
title: "Cybersecurity Updates For The Week 20 of 2021 | Phish Protection"
description: "Cybersecurity Updates For The Week 20 of 2021: Phishing attacks continue to create havoc in the cyber world . This week"
image: "https://phishprotection.com/og/blog/cybersecurity-updates-for-the-week-20-of-2021.png"
canonical: "https://phishprotection.com/blog/cybersecurity-updates-for-the-week-20-of-2021/"
---

Quick Answer

In a recent technical blunder, a local authority at East London sent out an email to thousands of residents without using the BCC field. Thus, \_all residents of Tower Hamlets could see the email addresses of the fellow email recipients\_. One of the Register readers by the name of Patrick questions why the council couldn't use some email marketing platform like Mailchimp. Patrick received an email with 400 other addresses in the To field.

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-20-of-2021%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Cybersecurity%20Updates%20For%20The%20Week%2020%20of%202021&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-20-of-2021%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-20-of-2021%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-20-of-2021%2F&title=Cybersecurity%20Updates%20For%20The%20Week%2020%20of%202021 "Share on Reddit") [ ](mailto:?subject=Cybersecurity%20Updates%20For%20The%20Week%2020%20of%202021&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-20-of-2021%2F "Share via Email") 

![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2021/05/what-is-phishing-1688.jpg) 

_Phishing attacks continue to create havoc in the cyber world_. This week’s cyber headlines are all about data breaches and the [phishing prevention](/) measures adopted by the victim organizations. _Reading such news sure gives some perspective into what should go into the business continuity plan_ we have for our organization, and that is why we bring you the top cybersecurity headlines

### \*\*\*\* East London Council Forgets To BCC Email Recipients, Exposes Thousands Of Addresses

In a recent technical blunder, a local authority at East London sent out an email to thousands of residents without using the BCC field. Thus, _all residents of Tower Hamlets could see the email addresses of the fellow email recipients_. One of the Register readers by the name of Patrick questions why the council couldn’t use some email marketing platform like Mailchimp. Patrick received an email with 400 other addresses in the To field.

There wasn’t much the council could do after the email was sent. However, it apologized to all [affected email recipients](https://www.theregister.com/2021/05/05/tower%5Fhamlets%5Femail%5Ffail/?&web%5Fview=true) in a follow-up email that was BCC’d correctly. The council assured recipients that such blunders wouldn’t be repeated, and they’ll take all **anti-phishing measures** from now on.

### Data Breach At Third Party Vendor Exposes Faxton St. Luke’s Healthcare’s Patient Data

Capture RX is a third-party business associate that assisted Faxton St. Luke’s Healthcare (FSLH) to reduce prescription drug costs. _The FSLH was notified of a data breach at Capture RX recently_, which impacted the PHI of **17,655 of its patients**.

Capture Rx noticed some unusual activity in its systems on 6th February and immediately began investigations into the attack. It notified that all affected clients and patients would be sent breach alert letters individually. Around 19th March, _FSLH was informed that some of its patient data were compromised in the security incident_. However, there has been no evidence of misuse of this [exposed data](https://www.wktv.com/content/news/Faxton-St-Lukes-Healthcare-faces-data-breach-potentially-exposing-information-on-thousands-of-patients-574354251.html?&web%5Fview=true) so far. The leaked patient information includes their full names, DOBs, prescription details, and medical record numbers. Capture Rx has been acting proactively ever since the attack was detected. It has also reviewed its policies and procedures and would provide training to its workforce to [prevent phishing](/) attacks in the future. It advises all patients to look out for **phishing attacks** and monitor their financial accounts for suspicious activities.

![What is phishing](https://media.mailhop.org/phishprotection/images/2021/05/what-is-phishing-1688.jpg) 

### ShinyHunters Attacks Indian Company WedMeGood

It’s just been over a week since we talked about the ShinyHunters attack on Big Basket, and now the notorious hacker group is back in the headlines for another attack. This time, _the adversaries have targeted the Indian wedding planning site, WedMeGood_. WedMeGood was reportedly involved in another security incident last October, and now it has been attacked by ShinyHunters. Over [41.5GB of the website’s customer data](https://www.hackread.com/shinyhunters-leak-india-wedmegood-database/?web%5Fview=true) has been compromised in the breach. The platform is renowned for its services in the wedding industry, right from finding and decorating venues to getting outfits and photographers for the event.

The exposed user data includes their cities, gender, names, contact numbers, email addresses, and password hashes, and booking details, among other information. Since _it’s the second known attack on WedMe Good in seven months_, users are advised to change their account passwords and adopt necessary measures to protect themselves from phishing. If users have the habit of using the same password for multiple accounts, they _must change their passwords for all other accounts_.

### Conti Ransomware Hits U.S. Defense Contractor Blueforce

_The Conti ransomware gang has recently attacked the U.S. defense contractor BlueForce_. The attack was confirmed by the Hatching Triage page, which also shared a copy of the ransom note left by the adversaries. Conti asks BlueForce to contact them to decrypt files and warns that _any attempts to recover files using external software might damage files_.

As per the shared evidence, Conti operators first approached BlueForce with offers to negotiate on 9th April. The victim company responded two weeks later, asking for ways to recover files. _The ransomware operators are demanding around $969,000_ (17 bitcoins) for the [decryption key](https://searchsecurity.techtarget.com/news/252500356/US-defense-contractor-BlueForce-apparently-hit-by-ransomware?&web%5Fview=true). The Conti ransomware is renowned for encrypting files as well as publishing the stolen data. We haven’t heard BlueForce’s side of the story yet, but this is another attack that reminds us to take adequate [phishing protection](/) measures.

### Security Vulnerabilities Discovered In Peloton’s API

_Researchers at Pen Test Partners recently discovered some vulnerabilities in Peloton’s bike software_. The loophole in its API enabled unauthorized users to view sensitive user data, such as their age, gender, location, class attendees, etc., even when the private mode was enabled for their accounts.

Pen Test Partners gave Peloton three months to _patch the identified vulnerabilities_ before they went public about these **security flaws**. Peloton did acknowledge the notification but didn’t update anything about fixing the vulnerability. Resultantly, Pen Test Partners made the vulnerability public, and TechCrunch was the first to report the vulnerabilities. The incident coincided with the recall of a Peloton treadmill that used the [vulnerable API](https://thehill.com/policy/cybersecurity/552163-newly-patched-vulnerabilities-exposed-peloton-user-data?web%5Fview=true&rl=1) and led to a child’s death and other injuries among users.

In its defense, _Peloton said that the existence of the vulnerabilities doesn’t equate to their exploitation_. It has accepted and apologized for the delay in corresponding the patch update to Pen Test Partners. It says that [protection against phishing](/) is one of its primary cybersecurity goals, and there won’t ever be a compromise on that. In the future, Peloton promises to be faster in responding to security incidents as and when they happen.

### DDoS Attack Hits Belgian Internet Provider Belnet

_The Belgian Education Network and National Research were recently brought down by a major distributed denial of service (DDoS) attack_. The attack affected most of the Belgium government’s IT network and internal systems. The government and police services websites were down too. Since Belnet services are availed by research centers, educational institutions, government services, and scientific institutes, there was a [general disruption](https://securityaffairs.co/wordpress/117529/hacking/belgiums-ddos-attack.html?web%5Fview=true) in user activities and communication.

Belnet is doing everything in its capacity to restore services for people and has opened up a customer service desk to help those in distress. It successfully implemented many of its [anti-phishing solutions](/) by 4th May and believes that the impact of the **DDoS attack** has diminished to a great extent.

![What is phishing](https://media.mailhop.org/phishprotection/images/2021/05/what-is-phishing-1689.jpg) 

### Cyber Attack Hits Spanish Delivery Startup Glovo

Glovo is a Spanish rapid-delivery start-up that came up and flourished during the COVID-19 pandemic. With a market value of **more than $1 Billion**, Glovo does a good job _delivering everything from groceries to other essentials at the doorsteps of over **10 million customers** across 20 nations_.

Glovo notified of a [data breach](https://cybernews.com/news/spanish-delivery-startup-glovo-hit-by-cyber-attack/?&web%5Fview=true) recently where the adversaries gained access to its system. The incident took place on 29th April but could be regulated at the entry point because of Glovo’s robust [anti-phishing protection](/products/advanced-threat-defense/) strategies.

No personal data or payment card details of users were involved in the incident. However, the adversaries were selling and changing the login passwords of customers and courier personnel. As more start-ups and small-scale enterprises populate the gig economy, there should be an equal emphasis on ensuring [protection from phishing](/) attacks.

### Protect Your Organization

- [Learn how phishing attacks work and how to spot them](/learn-what-is-phishing/)
- [See how Phish Protection blocks threats in real time](/anti-phishing-tools/)

## Topics

[ Announcements ](/tags/announcements/) 

![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) 

[ Brad Slavin ](/authors/brad-slavin/) 

General Manager

Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base.

[LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) 

## Protect your inbox from phishing attacks

Real-time email security with 60-day free trial. No credit card required.

[Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) 

## Related Articles

[  Intermediate 5m  Cybersecurity Updates For The Week 33 of 2022  Aug 22, 2022 ](/blog/cyber-security-news-update-week-33-2022/)[  Intermediate 6m  Cybersecurity Updates For The Week 41 of 2022  Oct 21, 2022 ](/blog/cybersecurity-news-21-oct-2022/)[  Intermediate 5m  Cybersecurity Updates For The Week 1 of 2021  Jan 1, 2021 ](/blog/cybersecurity-updates-for-the-week-1-of-2021/)[  Intermediate 6m  Cybersecurity Updates For The Week 1 of 2022  Jan 7, 2022 ](/blog/cybersecurity-updates-for-the-week-1-of-2022/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"Cybersecurity Updates For The Week 20 of 2021","description":"Cybersecurity Updates For The Week 20 of 2021: Phishing attacks continue to create havoc in the cyber world . This week's cyber headlines are all about data.","url":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-20-of-2021/","datePublished":"2021-05-13T18:04:45.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2021-05-13T18:04:45.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-20-of-2021/"},"articleSection":"intermediate","keywords":"Announcements","wordCount":1188,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2021/05/what-is-phishing-1688.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Intermediate","item":"https://phishprotection.com/intermediate/"},{"@type":"ListItem","position":4,"name":"Cybersecurity Updates For The Week 20 of 2021","item":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-20-of-2021/"}]}
```