--- title: "Lama Security Breach, AT&T Security Lawsuit, Russian Card Theft, Cybersecurity News [April 01, 2024] | DuoCircle" description: "Lama Security Breach, AT&T Security Lawsuit, Russian Card Theft - Cybersecurity News [April 01." image: "https://www.duocircle.com/images/og-default.png" canonical: "https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-15-of-2024/" --- Quick Answer Week ending April 1, 2024 covered: a SurveyLama breach (Globe Media) reported through Have I Been Pwned that exposed 4,426,879 users' birth dates, emails, IPs, names, contact numbers, addresses, and salted SHA-1, bcrypt, or argon2 password hashes; ten class-action lawsuits filed against AT&T after Major Nelson leaked roughly 73 million customer records on a hacking forum on March 17 (covering 7.6 million current and 65.4 million former customers, with names, addresses, phone numbers, birth dates, SSNs, and emails dating to 2019); the Russian indictment of Denis Priymachenko, Alexander Aseev, Alexander Basov, Dmitry Kolpakov, Vladislav Patyuk, and Anton Tolmachev for a card-skimming campaign active since 2017 that stole 160,000+ cards from foreign online stores; the Indian government rescuing 250 nationals trafficked into Cambodian cybercrime operations who were forced to run social-media scams against Indian victims under daily quotas; and a Visa PFD alert on JsOutProx phishing campaigns aimed at financial institutions in the Middle East, South Asia, and Africa, delivering a JavaScript backdoor RAT via ZIP-archived .js files for shell commands, screenshots, OTP theft, and registry persistence. Lama Security Breach, AT&T Security Lawsuit, Russian Card Theft, Cybersecurity News \[April 01, 2024\] Your browser does not support the audio element. [ Download episode](https://media.mailhop.org/duocircle/images/2024/04/Lama-Security-Breach-ATT-Security-Lawsuit-Russian-Card-Theft-Cybersecurity-News.mp3) Share [ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-15-of-2024%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Lama%20Security%20Breach%2C%20AT%26T%20Security%20Lawsuit%2C%20Russian%20Card%20Theft%2C%20Cybersecurity%20News%20%5BApril%2001%2C%202024%5D&url=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-15-of-2024%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-15-of-2024%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-15-of-2024%2F&title=Lama%20Security%20Breach%2C%20AT%26T%20Security%20Lawsuit%2C%20Russian%20Card%20Theft%2C%20Cybersecurity%20News%20%5BApril%2001%2C%202024%5D "Share on Reddit") [ ](mailto:?subject=Lama%20Security%20Breach%2C%20AT%26T%20Security%20Lawsuit%2C%20Russian%20Card%20Theft%2C%20Cybersecurity%20News%20%5BApril%2001%2C%202024%5D&body=Check out this article: undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-15-of-2024%2F "Share via Email") ![cybersecurity](https://media.mailhop.org/duocircle/images/2024/04/Office-365-migration.jpg) We’re back with the latest [cybersecurity](/) scoop of the week. We’re here with the SurveyLama security incident, why AT&T is facing class action lawsuits, Russians charging individuals behind a 7-year card skimming campaign, how **India freed 250 nationals** being forced into cybercrime, and the latest JSOutProx malware strain that can steal your card details so you can avoid these threats. ## SurveyLama Security Incident Exposes 4.4 Million Users’ Information [HIBP (Have I Been Pwned)](https://en.wikipedia.org/wiki/Have%5FI%5FBeen%5FPwned%3F) has warned that SurveyLama was the victim of a [data breach](https://www.bbc.com/news/technology-68615042) in **February this year**. SurveyLama is a survey platform owned by Globe Media that rewards users for completing surveys. Troy Hunt, the creator of [HIBP](https://haveibeenpwned.com/PwnedWebsites#SurveyLama), got information about a data breach hitting the platform where the birth dates, email addresses, IP (Internet Protocol) addresses, names, passwords, contact numbers, and **residential addresses were leaked**. The news was confirmed by SurveyLama, which said that the information of 4,426,879 people was leaked in the data breach. If you’re a user of the platform and have received an email, it means your data was leaked as well. The platform’s passwords were stored as [salted SHA-1](https://backstage.forgerock.com/docs/ds/7.3/configref/objects-salted-sha1-password-storage-scheme.html), **bcrypt**, or **argon2 hashes**, so they’re not available as strings to the threat actor and it might take them a while to decrypt them. It’s best to **change your passwords** on SurveyLama and on other platforms if you reuse them. The data set has yet to be posted anywhere on the Internet as of now, but threat actors could use it for phishing, extortion, and [identity theft](/phishing-protection/recognizing-online-identity-thefts-and-how-enterprises-can-ensure-identity-theft-protection-for-their-employees/). ## AT&T Faces Legal Action Following Security Breach Impacting 73 Million Customers AT&T is facing [class-action lawsuits](https://en.wikipedia.org/wiki/Class%5Faction) following a data breach that left the data of 73 million **customers exposed**. Ten lawsuits have been filed against the organization as it failed to protect the personal information of its customers, which was stolen in a data breach. The [threat actors](https://www.helpnetsecurity.com/2024/04/08/cyberattacks-implications-video/) made away with names, residential addresses, phone numbers, birth dates, SSNs (Social Security Numbers), and **email addresses** of their former and current customers. The threat actor group Shiny Hunters, breached the organization and attempted to sell the data in 2021\. On 17 March 2024, Major Nelson, another threat actor, leaked stolen customer data on a hacking forum. AT&T carried out an internal investigation, [highlighting](https://about.att.com/story/2024/addressing-data-set-released-on-dark-web.html) that the stolen data has information about 7.6 million current and nearly 65.4 million former customers. They also **shared that the leaked data** is from 2019. _If that is true, AT&T let threat actors roam around with their [customers’ crucial data](https://www.news18.com/tech/major-boat-data-breach-more-than-7-5-million-customers-at-risk-of-major-cyber-attack-8843640.html) for nearly three years, and the lawsuits are justified_. ## Russian Authorities Indict Individuals for Stealing 160,000 Credit Cards The Prosecutor General Office of Russia indicted six individuals who were part of a hacking group and were using [malware](/data-privacy/new-zero-click-hack-with-stealthy-root-privilege-malware-targets-ios-users/) to **steal credit card** information. The threat actors were using [card skimming](https://www.seattlecu.com/askus/what-is-card-skimming) and stealing payment information from **foreign online stores** using malicious code that would capture the inputs on order checkout pages. Once they captured the information, they sent it to money mules who made unauthorized purchases or sold the information to threat actors on the dark web. [![credit card skimming fraud](https://media.mailhop.org/duocircle/images/2024/04/smtp.jpg)](https://media.mailhop.org/duocircle/images/2024/04/smtp.jpg) The six suspects (Denis Priymachenko, Alexander Aseev, Alexander Basov, Dmitry Kolpakov, Vladislav Patyuk, and Anton Tolmachev) have been involved in [card skimming scams](https://www.fox5atlanta.com/news/atlanta-scam-card-skimmers-self-checkout) since 2017 and have made away with **over 160,000 cards** to date. The suspects will be [sent](https://epp.genproc.gov.ru/web/gprf/mass-media/news?item=94137024) to the Soviet District Court in Ryazan, where their penalty will be decided. _If you frequently shop online, it’s best to use digital payment methods and **monitor all card statements** so you can identify misuse early on_. ## India Frees 250 Nationals from Cambodian Cybercrime Syndicate’s Control This week, the Indian government rescued 250 citizens who were **duped in Cambodia** and forced into [cybercrime](/data-privacy/what-is-cybercrime-as-a-service-or-caas/). The government shared how the **people were tricked** into going to Cambodia for job opportunities but were forced into [committing cybercrimes](https://www.gmanetwork.com/news/money/content/881896/cybercrimes-fraud-committed-via-messaging-apps-globe-exec/story/). Many nationals informed India’s Embassy in the Southeast Asian country, after which the government worked with Cambodian authorities to locate these individuals and bring them back. The government [announced](https://www.mea.gov.in/response-to-queries.htm?dtl/37760/Official%5FSpokespersons%5Fresponse%5Fto%5Fmedia%5Fqueries%5Fregarding%5FIndians%5Fstuck%5Fin%5FCambodia) that it had saved 250 citizens, 75 of whom had been in the last three months. The individuals who were saved shared how they were **lured in with data entry jobs** but were forced into carrying out scams by Chinese and Malaysian scammers and had to live in horrific conditions. They were forced to create [fake social media profiles](https://www.nextgov.com/cybersecurity/2024/04/china-backed-operatives-used-fake-social-profiles-gauge-us-political-division-microsoft-says/395516/) and use them to defraud Indian nationals and were even **assigned daily quotes**. If they could not meet the quotas, the threat actors isolated them and did not give them food. Investigations are still ongoing, and the government is **working to locate** and repatriate more victims. [![cybercrime](https://media.mailhop.org/duocircle/images/2024/04/dkim-selector-4186.jpg)](https://media.mailhop.org/duocircle/images/2024/04/dkim-selector-4186.jpg) ## Visa Alerts on Updated JsOutProx Malware Strain Aimed at Financial Institutions Visa has warned about a new JsOutProx malware being delivered via [phishing campaigns](https://www.the420.in/delhi-police-issues-warning-cyrillic-script-phishing-attacks-increase-vigilance-advised/) that are **targeted at financial institutions**. _Visa’s PDF (Payment Fraud Disruption) **sent security alerts** to all card issuers about this new RAT (Remote Access Trojan) campaign that is targeting the Middle East, South Asia, and Africa._ JsOutProx is a RAT with a [hidden JavaScript backdoor](https://thehackernews.com/2024/02/new-backdoor-targeting-european.html) that allows threat actors to **run shell commands**, download malware, capture screenshots, and execute files. Resecurity shared a [report](https://www.resecurity.com/blog/article/the-new-version-of-jsoutprox-is-attacking-financial-institutions-in-apac-and-mena-via-gitlab-abuse) on the workings of the phishing operation where the threat actors send **fake financial notifications** to targets via email that contain ZIP archived .js files. Once the victim executes this file, it downloads the malicious payload. The second stage of the malware allows the threat actors to **avoid detection**, alter network proxy settings, steal clipboard content, extract Outlook contacts, steal OTPs (One Time Passwords), **modify the registry** for deep system access, and maintain persistence. The threat actors can also [exfiltrate data from the infected system](https://thehackernews.com/2024/03/russia-hackers-using-tinyturla-ng-to.html) to the threat actors. All of these are the new capabilities of the updated strain of JsOutProx. The attacks look like the work of the **Solar Spider** threat actor but there’s no solid proof as of yet. It’s best to keep an eye out on such emails and avoid opening the files. _You should **make it a practice** to verify unsolicited or urgent payments via the official website or contact the financial institution._ Furthermore, deploy top-notch [phishing protection](/email/phishing-protection) solutions and enhance your [phishing awareness training](/phishing-awareness-training) programs. ## Topics NewsSecurityUpdates ![Brad Slavin](https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg) Brad Slavin General Manager General Manager at DuoCircle. Product strategy and commercial lead across the email security portfolio. ## Secure your email infrastructure Protect, authenticate, and deliver. Contact our team to find the right solution. [Contact Sales](/contact/) [Explore Products](/products/) ## Related Articles [ News 3m Alert: Fix SPF & DKIM Settings For Your Email Forwarding Set Up Through Microsoft o365 SMTP Server Or Your Emails May End Up In Spam Jul 20, 2021 ](/blog/announcements/alert-fix-spf-dkim-settings-for-your-email-forwarding-set-up-through-microsoft-o365-smtp-server-or-your-emails-may-end-up-in-spam/)[ News 6m Cyber Security News Update, Week 1 of 2022 Jan 7, 2022 ](/blog/announcements/cyber-security-news-update-week-1-of-2022/)[ News 7m Cybersecurity News Update, Week 1 of 2023 Jan 1, 2023 ](/blog/announcements/cyber-security-news-update-week-1-of-2023/)[ News 5m EasyPark Data Breach, Ohio Lottery Cyberattack, GTA 5 Leak, Cybersecurity News \[December 25, 2023\] Jan 4, 2024 ](/blog/announcements/cyber-security-news-update-week-1-of-2024/) ```json {"@context":"https://schema.org","@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}],"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://www.g2.com/products/phish-protection-by-duocircle/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://support.duocircle.com"},"knowsAbout":["Email Security","Email Authentication","SPF","DKIM","DMARC","Phishing Protection","Spam Filtering","SMTP Relay","Email Deliverability","Email Forwarding"]} ``` ```json {"@context":"https://schema.org","@type":"WebSite","name":"DuoCircle LLC","url":"https://www.duocircle.com","description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}} ``` ```json [{"@context":"https://schema.org","@type":"BlogPosting","headline":"Lama Security Breach, AT&T Security Lawsuit, Russian Card Theft, Cybersecurity News [April 01, 2024]","description":"Lama Security Breach, AT&T Security Lawsuit, Russian Card Theft - Cybersecurity News [April 01.","url":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-15-of-2024/","datePublished":"2024-04-08T14:26:41.000Z","dateModified":"2025-08-29T13:54:44.000Z","dateCreated":"2024-04-08T14:26:41.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-15-of-2024/"},"articleSection":"announcements","keywords":"News, Security, Updates","wordCount":1047,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2024/04/Office-365-migration.jpg","caption":"cybersecurity","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}},{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":2,"name":"News"},{"@type":"ListItem","position":3,"name":"Lama Security Breach, AT&T Security Lawsuit, Russian Card Theft, Cybersecurity News [April 01, 2024]","item":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-15-of-2024/"}]}] ``` ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://www.duocircle.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":3,"name":"News","item":"https://www.duocircle.comundefined"},{"@type":"ListItem","position":4,"name":"Lama Security Breach, AT&T Security Lawsuit, Russian Card Theft, Cybersecurity News [April 01, 2024]","item":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-15-of-2024/"}]} ``` ```json {"@context":"https://schema.org","@type":"BlogPosting","headline":"Lama Security Breach, AT&T Security Lawsuit, Russian Card Theft, Cybersecurity News [April 01, 2024]","description":"Lama Security Breach, AT&T Security Lawsuit, Russian Card Theft - Cybersecurity News [April 01.","url":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-15-of-2024/","datePublished":"2024-04-08T14:26:41.000Z","dateModified":"2025-08-29T13:54:44.000Z","dateCreated":"2024-04-08T14:26:41.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-15-of-2024/"},"articleSection":"announcements","keywords":"News, Security, Updates","wordCount":1047,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2024/04/Office-365-migration.jpg","caption":"cybersecurity","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}} ```