--- title: "Cybersecurity Updates For The Week 45 of 2021 | Phish Protection" description: "Social engineering has become one of the most common means of launching cyberattacks today, and there can never be infallible protection against these attacks." image: "https://phishprotection.com/og/blog/cybersecurity-updates-for-the-week-45-of-2021.png" canonical: "https://phishprotection.com/blog/cybersecurity-updates-for-the-week-45-of-2021/" --- Quick Answer Renowned manufacturer of high-performance custom PCs and console controllers, \_SCUF Gaming International underwent a data breach in February 2021\_. However, it's only now that the organization thought of sharing the news with customers via notifications on its website. Share [ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-45-of-2021%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Cybersecurity%20Updates%20For%20The%20Week%2045%20of%202021&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-45-of-2021%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-45-of-2021%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-45-of-2021%2F&title=Cybersecurity%20Updates%20For%20The%20Week%2045%20of%202021 "Share on Reddit") [ ](mailto:?subject=Cybersecurity%20Updates%20For%20The%20Week%2045%20of%202021&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-45-of-2021%2F "Share via Email") ![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2021/11/protection-from-phishing-4236.jpg) _Social engineering has become one of the most common means of launching cyberattacks today_, and there can never be infallible protection against these attacks. However, being abreast of the [latest attack](/tags/announcements/) vectors in various sectors can help you keep ahead of threat actors and ensure [phishing protection](/) for your organization. Here are the top headlines this week to help you in this endeavor of creating a safe cyberspace for everyone: ### SCUF Gaming Discloses Cyberattacks Renowned manufacturer of high-performance custom PCs and console controllers, _SCUF Gaming International underwent a data breach in February 2021_. However, it’s only now that the organization thought of sharing the news with customers via notifications on its website. A web skimming or e-skimming (Magecart) attack was launched on SCUF Gaming, affecting **over 32,645 SCUF customers**. In such attacks, the adversaries inject JavaScript-based scripts (credit card skimmers) to the [compromised website](https://www.bleepingcomputer.com/news/security/scuf-gaming-store-hacked-to-steal-credit-card-info-of-32-000-customers/), which allows them to overlook and harvest the personal information and payment details of customers making payments on the compromised site. The data stolen from such attacks is later sold to third-party threat actors on carding forums who, in turn, use this information to launch targeted phishing and [identity theft attacks](/resources/phishing-identity-theft/). The adversaries initially hacked into SCUF’s backend using the credentials of one of its third-party vendors. Within two weeks, customer credit cards began showing unusual activity. SCUF immediately deployed [anti-phishing measures](/blog/ransomware-hits-reason-why-businesses-need-to-adopt-robust-anti-phishing-measures/) and investigated the breach. A month later, the payment skimmer was discovered on its website. It was revealed that all payments done through credit cards between 3rd February and 16th March were affected; however, payments made on PayPal remained unaffected. The exposed customer information includes their names, billing addresses, email addresses, credit card numbers, expiry dates, and CVV. While SCUF Gaming had reached out to customers and warned them of a possible data breach back in May, they merely asked them to be vigilant and didn’t state the details of the attack. Two months after this incident, _SCUF Gaming was the target of yet another data breach which exposed an internal development database containing **more than 1.1 million customer** records_. The official notification on its website was long due, and the recent update justifies both these attacks. ### Fullerton Health’s Customer Data Compromised by Third-party Vendor _Fullerton Health recently notified its Singaporean customers of a data breach caused by the compromise of its vendor’s servers_. Fullerton vendor Agape Connecting People Holdings was in charge of making appointments for patients. Fortunately, Fullerton Health’s own IT network and databases remain unaffected by the breach. However, the [unauthorized access](https://www.channelnewsasia.com/singapore/fullerton-health-vendor-agape-data-breach-2267051) of Agape’s servers compromised Fullerton’s customer data. ![Protection from phishing](https://media.mailhop.org/phishprotection/images/2021/11/protection-from-phishing-4236.jpg) The exposed customer data include their names and contact details. No passwords or credit card information was breached in the incident. Agape implemented its [phishing attack prevention](/content/phishing-prevention/) measures soon after detecting the attack. These quick measures of _isolating and suspending the affected systems helped ensure that no other infrastructure was affected_. In addition to Agape’s measures, Fullerton also has notified all the affected customers. It has hired external forensic and cybersecurity experts to look into the breach and identify the exact number of people affected, the intensity of the attack, and suggest remedial measures for the future. ### Vulnerability in Scoolio Exposes User Information _The German student community app Scoolio was functioning with an unidentified and unpatched API flaw which ultimately compromised the sensitive information of around **400,000 app users**_. The [bug was first discovered](https://www.bleepingcomputer.com/news/security/sensitive-data-of-400-000-german-students-exposed-by-api-flaw/) and reported by cybersecurity expert Lilith Wittmann. Scoolio operates as a middleman in the education sector by providing services like tutoring, time management skills, and homework planning. It then monetizes the collected user information with targeted advertising. Fortunately, _the organization does not collect or store any information without the students’ consent_. Scoolia has partnered with several German schools and government enterprises, making it the go-to or standard app for students. Thus, the **API flaw risks** the privacy of the many students using the app. The compromised information could include their usernames, nicknames, parents’ email addresses, school’s name, class, interests, UUID details, last tracked GPS location, personality traits, etc. All of this extremely sensitive data can be used for various crimes, right from kidnapping, spying, extortion, phishing, and even identity theft. The API flaw was made known to Scoolio on 21st September, but _the enterprise took over a month to deploy a patch and fix the bug_. In its breach notification, Scoolio mentions that it found no evidence of any user data being accessed or misused by third parties in the interim of bug detection and patch release. Students using the application and their parents are _advised to adopt measures to protect themselves from phishing_ and look out for suspicious calls or texts. ### Ransomware Hits PracticeMax _Arizona-based medical practice management services enterprise, PracticeMax underwent a **ransomware attack**_ between 12th April and 5th May, which affected the data of its health plan clients Humana, Anthem, and DaVita Inc. Not only did the [adversaries access and copy](https://www.govinfosecurity.com/phi-stolen-in-practice-management-firms-ransomware-attack-a-17813) the personal health information (PHI) of patients, _they also removed the data from the database_. PracticeMax took immediate measures to ensure [protection against phishing](/) attacks and regained access to its systems on 6th May. The investigations revealed that all affected individuals were members of the VillageHealth program run by DaVita Inc and the health plans of Humana and Anthem. _Over **4,400 Humana patients** were affected by the breach_. However, PracticeMax had reported the breach to the HIPAA Breach Reporting Tool, citing that only 500 individuals were affected by the incident. In addition, PracticeMax mentions in its statement that it _found no evidence of the data being removed, stolen, or taken from its website_. As mentioned in the breach notifications sent to Humana, DaVita, and Anthem, the compromised patient information includes individuals’ full names, addresses, DOBs, phone numbers, social security numbers, clinical details, membership numbers, etc. As part of its measure to [prevent phishing](/) attacks, PracticeMax has reviewed and enhanced its **security policies** and measures. It is rebuilding its systems and _installing additional firewalls and endpoint software_. Further, the enterprise is providing 24 months of free identity and credit monitoring to all victims. ### Data Breach Hits University of Colorado Boulder _The University of Colorado Boulder recently underwent a data breach_ that affected the personal information of thousands of present and former students. The [adversaries exploited](https://www.infosecurity-magazine.com/news/data-breach-university-colorado/) an unpatched software vulnerability in the University’s third-party vendor, Atlassian Corporation Plc, to access the personally identifiable information (PII) for present and former CU Boulder students. The compromised data includes their names, addresses, student ID numbers, DOBs, genders, and phone numbers. The University released the breach notification on 25th October, two months after Atlassian patched the flaw. ![Phishing prevention software](https://media.mailhop.org/phishprotection/images/2021/11/phishing-prevention-software-4236.jpg) Fortunately, _no social security numbers and financial information were stored in the compromised databases_. Reportedly, **30,000 former students** have been affected by the breach, and all of them were notified of the incident. The University shall provide free monitoring services to all affected individuals and further enhance its [anti-phishing protection](/products/advanced-threat-defense/) measures. ### Desorden Group Attacks Centara Hotels & Resorts, Thailand With assets exceeding **$11.6 billion**, the Central Group, run by the Chirathivat family, is a renowned leader of thousands of fashion, food, property, and building materials businesses in Thailand. _The threat actors’ group Desorden recently targeted the Central Group in a series of attacks_, the first of which was the [attack on the Centara Hotels & Resorts](https://www.zdnet.com/article/luxury-hotel-chain-in-thailand-reports-data-breach/), Thailand. The CEO of this luxury hotel chain, Thirayuth Chirathivat, was notified of the security incident on 14th October, and since then, extensive investigations have been ongoing around the breach. The initial analysis revealed that **80 GBs of files**, including the names, email addresses, phone numbers, residential addresses, booking details, and ID scans of hotel guests, were compromised in the breach. Although the nature of the exposed IDs has not been revealed yet, it’s probably the passports of guests that were affected since hotels like Centara often ask for passports as proof of ID. As part of its [phishing prevention tips](/content/phishing-prevention/) to customers, the hotel chain asks them to remain vigilant and rest assured that Centara never calls its customers seeking their PII. It further asks customers to change their account passwords and report suspicious calls, emails, or texts. ### Protect Your Organization - [Learn how phishing attacks work and how to spot them](/learn-what-is-phishing/) - [See how Phish Protection blocks threats in real time](/anti-phishing-tools/) ## Topics [ Announcements ](/tags/announcements/) ![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) [ Brad Slavin ](/authors/brad-slavin/) General Manager Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base. [LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) ## Protect your inbox from phishing attacks Real-time email security with 60-day free trial. No credit card required. [Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) ## Related Articles [ Intermediate 5m Cybersecurity Updates For The Week 33 of 2022 Aug 22, 2022 ](/blog/cyber-security-news-update-week-33-2022/)[ Intermediate 6m Cybersecurity Updates For The Week 41 of 2022 Oct 21, 2022 ](/blog/cybersecurity-news-21-oct-2022/)[ Intermediate 5m Cybersecurity Updates For The Week 1 of 2021 Jan 1, 2021 ](/blog/cybersecurity-updates-for-the-week-1-of-2021/)[ Intermediate 6m Cybersecurity Updates For The Week 1 of 2022 Jan 7, 2022 ](/blog/cybersecurity-updates-for-the-week-1-of-2022/) ```json {"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]} ``` ```json {"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}} ``` ```json {"@context":"https://schema.org","@type":"BlogPosting","headline":"Cybersecurity Updates For The Week 45 of 2021","description":"Social engineering has become one of the most common means of launching cyberattacks today, and there can never be infallible protection against these attacks. ","url":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-45-of-2021/","datePublished":"2021-11-08T10:59:47.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2021-11-08T10:59:47.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-45-of-2021/"},"articleSection":"intermediate","keywords":"Announcements","wordCount":1373,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2021/11/protection-from-phishing-4236.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}} ``` ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Intermediate","item":"https://phishprotection.com/intermediate/"},{"@type":"ListItem","position":4,"name":"Cybersecurity Updates For The Week 45 of 2021","item":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-45-of-2021/"}]} ```