CSTI
    breachThe Ransomware Era (2020-Present) Daily Briefing Landmark Event

    GrubHub and DISA Breaches Highlight Ongoing Cybersecurity Challenges

    Saturday, February 1, 2025

    GrubHub and DISA Breaches Highlight Ongoing Cybersecurity Challenges

    Today, two significant data breaches have come to light, affecting millions and underscoring persistent vulnerabilities in data handling practices across industries. GrubHub reported a breach stemming from a third-party vendor, exposing personal information of customers, drivers, and restaurant partners — including names, email addresses, and partial payment card details, although full card numbers and passwords were not compromised (SSL.com). Meanwhile, the U.S. drug testing firm DISA reported a breach impacting approximately 3.3 million individuals, though specific data compromised remains undisclosed (CM-Alliance). These incidents reinforce the critical need for organizations to bolster their cybersecurity defenses, particularly in managing third-party access.

    Also In Security Today

    • CVE-2025-0108 - PAN-OS Vulnerability: A critical vulnerability in Palo Alto Networks’ PAN-OS has been identified, with a CVSS score of 9.1, allowing unauthenticated attackers to bypass authentication. Organizations are urged to apply patches urgently (Security Boulevard).
    • Unimicron Ransomware Attack: The Sarcoma ransomware group has breached Unimicron, threatening to leak sensitive data unless a ransom is paid. This highlights the increasing threat of ransomware in the manufacturing sector (CM-Alliance).
    • IoT Data Exposure: A massive breach from the Chinese IoT firm Mars Hydro exposed approximately 2.7 billion records, including Wi-Fi passwords and IP addresses due to inadequate database security. This incident raises alarms about IoT security vulnerabilities (CSHub).

    Analyst's Take

    Today's breaches at GrubHub and DISA reflect an alarming trend in cybersecurity, where third-party vulnerabilities continue to pose significant risks. The incident at GrubHub highlights the need for organizations to conduct rigorous third-party assessments and implement stringent access controls. As ransomware attacks proliferate, as seen with Unimicron, defenders should prioritize incident response planning and employee training. The vulnerabilities in PAN-OS and IoT systems underline the urgency for timely patch management and enhanced security protocols across all platforms. Reinforcing these measures is critical to safeguarding sensitive data and maintaining organizational resilience in an evolving threat landscape.

    Sources

    GrubHub DISA data breach CVE-2025-0108 ransomware IoT security