---
title: "Cybersecurity News Update, Week 10 of 2023 | DuoCircle"
description: "To stay ahead of cybercriminals, one needs to understand their modus operandi and how they operate on a micro level."
image: "https://www.duocircle.com/images/og-default.png"
canonical: "https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-10-of-2023/"
---

Quick Answer

Week 10 of 2023 covered: the Play ransomware gang leaking 10 GB of City of Oakland data, including employee documents, passports, IDs, and financial information, after the February 8 attack that took IT systems offline; the BidenCash carding marketplace releasing 2,165,700 stolen credit/debit cards (2,141,564 unique) and 497,000 unique email addresses across 28,000 domains as a one-year-anniversary promotion; a joint FBI and CISA advisory on Royal ransomware attacks against US healthcare, communications, and education, with ransom demands ranging from $250,000 to tens of millions and TTPs/IoCs published; a credential-stuffing attack on Chick-fil-A from December 18, 2022, to February 12, 2023, affecting 71,473 accounts and exposing names, emails, membership numbers, phone numbers, masked card details, and account balances; a Sydney woman charged by the AFP for sending 32,000 emails in 24 hours via multiple domains to a Federal MP's office, facing up to 10 years under section 477.3 of the Criminal Code Act 1995; and a phishing campaign impersonating Trezor data-breach notices to harvest hardware-wallet recovery seeds, possibly seeded by the March 2022 MailChimp breach.

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-10-of-2023%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Cybersecurity%20News%20Update%2C%20Week%2010%20of%202023&url=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-10-of-2023%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-10-of-2023%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-10-of-2023%2F&title=Cybersecurity%20News%20Update%2C%20Week%2010%20of%202023 "Share on Reddit") [ ](mailto:?subject=Cybersecurity%20News%20Update%2C%20Week%2010%20of%202023&body=Check out this article: undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-10-of-2023%2F "Share via Email") 

![Cybersecurity](https://media.mailhop.org/duocircle/images/2023/03/smtp-7036.jpg) 

To stay ahead of cybercriminals, one needs to understand their **modus operandi** and how they operate on a micro level. This week’s headlines share the top [cybersecurity](/) news, covering ransomware attacks, government warnings, stolen financial information, federal arrests, and cryptocurrency phishing campaigns.

## City of Oakland’s Stolen Data Released by Ransomware Group

The City of Oakland, California, was recently targeted in a cyberattack by the Play ransomware gang, **now leaking stolen data**.

The [ransomware attack](/email-security/ransomware-attacks-must-be-met-with-advanced-technology/) occurred on 8 February, taking **all IT systems** offline until the network was secured. The attack did not impact emergency services; however, phone services and systems used to collect payments, process reports, issue permits, and licenses were **taken offline**.

[![cybercriminals](https://media.mailhop.org/duocircle/images/2023/03/dmarc-report-8536.jpg)](https://media.mailhop.org/duocircle/images/2023/03/dmarc-report-8536.jpg)

The leaked data reportedly consists of a 10GB RAR archive containing **confidential documents**, employee information, passports, and IDs. The [cybercriminals](https://theprint.in/india/governance/cybercriminals-cloning-aadhaar-biometric-data-to-commit-fraud-mha-nodal-agency-to-states/1415112/) have claimed responsibility for the leak, stating that the published data includes private and personal confidential data, financial information, IDs, passports, full employee info, and **human rights violation** information.

The City of Oakland has released a [statement](https://www.oaklandca.gov/news/2023/city-of-oakland-targeted-by-ransomware-attack-core-services-not-affected) regarding the incident, stating that they are investigating the incident and will notify any citizens whose **personal data** may have been compromised. They also confirmed that an **unauthorized third party** had acquired specific files from their network and intended to release the information publicly.

_The City of Oakland has enlisted the help of third-party specialists and **law enforcement** to investigate the validity of cybercriminals’ claims._

## BidenCash Market Offers Free Access to Over 2 Million Stolen Credit Cards

The underground cybercrime marketplace BidenCash has released a database of 2,165,700 stolen credit and debit cards to celebrate its first anniversary.

According to [researchers](https://blog.cyble.com/2023/03/01/over-2-million-cards-leaked-by-bidencash/), the leaked information contains 740,858 credit cards, 811,676 debit cards, and 293 charge cards, with tens of thousands of duplicates. Despite the duplicates, the data includes 2,141,564 **unique cards** that contain personal information, including names, phone numbers, residential and email addresses, and payment card information, including expiration dates and **CVV codes**.

BidenCash also revealed 497,000 unique email addresses, with over 28,000 individual email domains that could be used for **future** targeted [phishing scams](/resources/phishing-scams-and-the-simple-ways-you-can-protect-yourself) or fraud campaigns. The presence of email addresses and complete information (“Fullz”) could also open the victims of the leak to phishing, [identity theft](/phishing-protection/recognizing-online-identity-thefts-and-how-enterprises-can-ensure-identity-theft-protection-for-their-employees/), and **online scams**.

BidenCash has used free credit card leaks **for promotion**, including releasing 1,221,551 credit cards in October 2022\. The carding shop has been active since 28 February 2022, and has used such “marketing” **tactics** as part of the [carding](https://www.investopedia.com/terms/c/carding.asp) marketplace world.

## FBI and CISA Issue Warning on Growing Risks of Royal Ransomware Attacks

The FBI and CISA have jointly [warned](https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-061a) about the increasing threat of ongoing Royal ransomware attacks against critical **U.S. infrastructure**, including healthcare, communications, and education.

The Department of Health and Human Services (HHS) had previously issued an advisory in December 2022, linking the ransomware operation to **multiple attacks** against U.S. healthcare organizations. In response, the FBI and CISA shared the Tactics, Techniques, and Procedures (TTPs) and [Indicators of Compromise (IoCs)](https://encyclopedia.kaspersky.com/glossary/indicator-of-compromise-ioc/) to assist defenders in detecting and **preventing attempts** to deploy Royal ransomware payloads on their networks.

The agencies have **urged** all enterprises at risk of being targeted to take proactive steps to **safeguard themselves** from ransomware threats, including prioritizing remediation of known [vulnerabilities](/email-security/two-zero-day-vulnerabilities-discovered-in-microsoft-exchange-server-patches-pending/) and training employees to identify and report phishing attempts. Despite the FBI’s recommendation against paying ransoms, victims are encouraged to **report incidents** to their local FBI field office or CISA for information-gathering purposes.

Royal Ransomware is a private operation that has seen a surge in activity since September, with ransom payments ranging from $250,000 to tens of millions per attack. _The group employs [social engineering](/phishing-protection/social-engineering-is-a-growing-threat/) tactics, including callback phishing attacks and hacked Twitter accounts, to pressure victims and attract media attention._

[![credential-stuffing attack](https://media.mailhop.org/duocircle/images/2023/03/dmarc-report-service-7316.jpg)](https://media.mailhop.org/duocircle/images/2023/03/dmarc-report-service-7316.jpg)

## Chick-fil-A Acknowledges Accounts Compromised in “Automated” Attack Spanning Several Months

Chick-fil-A, an American **fast food chain**, recently disclosed that over 71,000 customer accounts were **breached** due to a months-long [credential-stuffing attack](https://www.cpomagazine.com/cyber-security/credential-stuffing-attack-impacts-about-35000-paypal-accounts-company-says-no-unauthorized-transactions-detected/).

Chick-fil-A has [confirmed](https://oag.ca.gov/system/files/2023-03-02%20-%20CFA%20-%20Individual%20Notification%20Template.pdf) a credential stuffing attack in a security notice submitted to multiple Attorney General offices. The attack lasted from 18 December 2022, to 12 February 2023, and **affected** 71,473 accounts. According to the notification, the attack was launched by unauthorized parties who used account credentials obtained from a **third-party source**.

Chick-fil-A is warning **affected customers** that [hackers](/email-security/hackers-leak-twitter-account-data-putting-235-million-worldwide-at-risk/) may have accessed their personal information, including their name, email address, membership numbers, phone number, QR code, masked card credentials, and the credit on their account. To respond to the attack, Chick-fil-A forced customers to **reset passwords**, **froze funds** loaded into accounts, and removed any stored payment information. _They went on to restore Chick-fil-A One account balances and added rewards to impacted accounts as a way of apologizing._

Impacted customers must change their passwords on **all sites** they frequent, primarily if they use the **same Chick-fil-A password**. They should also look for potentially targeted [phishing emails](/content/phishing-prevention/phishing-email) utilizing their personal information.

## Australian Woman Arrested for Email Bombing Government Office

A woman in Sydney, Australia, was **apprehended** by the Australian Federal Police (AFP) for allegedly conducting an **email bombing** attack on a Federal Member of Parliament’s office.

_Email bombing is a cyberattack where attackers overwhelm an email address with many emails to flood the recipient’s inbox or mail server._ [According](https://www.afp.gov.au/news-media/media-releases/woman-charged-alleged-cyber-attack-against-federal-mp) to the AFP, the woman is accused of sending over 32,000 emails to the MP’s office **within 24 hours**, resulting in the office’s IT systems being disrupted and the public being unable to contact the office.

The Australian Federal Police states that the woman used multiple domains to send the emails, leading to **continued disruption** and harassment. The woman will face charges for **violating section 477.3** of the Criminal Code Act 1995, which carries a maximum sentence of ten years imprisonment. Her specific charge is one count of committing [unauthorized impairment of electronic communications](https://pottslawyers.com.au/criminal-law/commonwealth-offences-2/unauthorised-impairment-of-electronic-communication/).

Although the AFP did not explain the exact method the woman used to send a large volume of emails **quickly**, they stated that the attack involved **multiple domains**, suggesting that the woman used an “email bombing” service.

Due to email bombing attacks involving many senders, blocking the email addresses or marking their messages as spam is not an acceptable defense method. Therefore, organizations must set up advanced [filtering](/content/email-filtering-service/email-filtering-solutions) tools to **block messages** based on **specific criteria**, such as keywords in the content.

## Massive Crypto Wallet Phishing Campaign Alerted by Trezor

An ongoing phishing campaign is currently targeting Trezor users. The attackers are pretending to be Trezor [data breach](/phishing-protection/data-breach-at-registrar-could-make-phishing-emails-even-harder-to-detect/) notifications and attempting to **steal** their target’s **cryptocurrency**.

_Trezor is a **physical wallet** for cryptocurrencies that enables users to store their digital assets offline instead of relying on cloud-based or device-based wallets_. Trezor is not intended to be connected to a computer, so it provides security against [malware](/resources/malware-and-its-defense-mechanism) and compromised devices. Additionally, when creating a new Trezor wallet, users are given a **recovery seed** consisting of either 12 or 24 words, which can be used to recover the wallet. But, if others get hold of the seed, it risks the wallet.

Since 27 February, Trezor customers have received **phishing messages** asking them to visit a website to secure their devices after a data breach. The fake site prompts users to enter their recovery seed, which threat actors then steal. Trezor has [warned](https://twitter.com/Trezor/status/1630526933199998977) users to beware of **phishing SMS** and emails warning of a fake data breach. The organization states they have not found evidence of a recent data breach in its systems.

While it is **not known** how the threat actors are **targeting** Trezor customers’ phone numbers and email addresses, it could be through a [marketing list](https://www.bitdefender.com/blog/hotforsecurity/marketing-lists-for-crypto-customers-stolen-in-data-breach-at-marketing-platform-klaviyo/) stolen in a MailChimp breach in March 2022.

## Topics

email securityNewsSecurityUpdates 

![Brad Slavin](https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg) 

Brad Slavin 

General Manager

General Manager at DuoCircle. Product strategy and commercial lead across the email security portfolio.

## Secure your email infrastructure

Protect, authenticate, and deliver. Contact our team to find the right solution.

[Contact Sales](/contact/) [Explore Products](/products/) 

## Related Articles

[  News 4m  Cambodia Targets Cybercriminals, Traditional Security Insufficient, AI Against Phishing, Cybersecurity News \[March 09, 2026\]  Mar 16, 2026 ](/blog/announcements/cyber-security-news-update-week-11-of-2026/)[  News 6m  Lazarus Infects NPM, MassJacker Steals Crypto, CISA Alerts Ivanti, Cybersecurity News \[March 10, 2025\]  Mar 17, 2025 ](/blog/announcements/cyber-security-news-update-week-12-of-2025/)[  News 6m  RedCurl Ransomware Targets, CS2 Steam Phishing, Fake Converter Cyberattacks , Cybersecurity News \[March 24, 2025\]  Apr 1, 2025 ](/blog/announcements/cyber-security-news-update-week-14-of-2025/)[  News 5m  Apple Pay Scam, Crypto Fraud Victims, Retirement Phishing Loss, Cybersecurity News \[April 06, 2026\]  Apr 13, 2026 ](/blog/announcements/cyber-security-news-update-week-15-of-2026/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}],"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://www.g2.com/products/phish-protection-by-duocircle/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://support.duocircle.com"},"knowsAbout":["Email Security","Email Authentication","SPF","DKIM","DMARC","Phishing Protection","Spam Filtering","SMTP Relay","Email Deliverability","Email Forwarding"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"DuoCircle LLC","url":"https://www.duocircle.com","description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}
```

```json
[{"@context":"https://schema.org","@type":"BlogPosting","headline":"Cybersecurity News Update, Week 10 of 2023","description":"To stay ahead of cybercriminals, one needs to understand their modus operandi and how they operate on a micro level.","url":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-10-of-2023/","datePublished":"2023-03-06T16:36:23.000Z","dateModified":"2025-05-26T17:59:10.000Z","dateCreated":"2023-03-06T16:36:23.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-10-of-2023/"},"articleSection":"announcements","keywords":"email security, News, Security, Updates","wordCount":1262,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2023/03/smtp-7036.jpg","caption":"Cybersecurity","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}},{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":2,"name":"News"},{"@type":"ListItem","position":3,"name":"Cybersecurity News Update, Week 10 of 2023","item":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-10-of-2023/"}]}]
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://www.duocircle.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":3,"name":"News","item":"https://www.duocircle.comundefined"},{"@type":"ListItem","position":4,"name":"Cybersecurity News Update, Week 10 of 2023","item":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-10-of-2023/"}]}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"Cybersecurity News Update, Week 10 of 2023","description":"To stay ahead of cybercriminals, one needs to understand their modus operandi and how they operate on a micro level.","url":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-10-of-2023/","datePublished":"2023-03-06T16:36:23.000Z","dateModified":"2025-05-26T17:59:10.000Z","dateCreated":"2023-03-06T16:36:23.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-10-of-2023/"},"articleSection":"announcements","keywords":"email security, News, Security, Updates","wordCount":1262,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2023/03/smtp-7036.jpg","caption":"Cybersecurity","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```