A sophisticated smishing campaign using fake USPS package delivery notifications led to significant data compromise. Security researcher Grant Smith unveiled that victims across the United States entered 438,669 unique credit cards into fraudulent domains. Moreover, over 50,000 email addresses, including university and government domains, were affected, revealing the vast reach and potential financial impact of the scam. The data breach facilitated by the Chinese-language group not only compromised individual financial data but also exposed at-risk populations, including military personnel, to potential fraud.
Source: https://www.wired.com/story/usps-scam-text-smishing-triad/
"id": "usp001081924",
"linkid": "usps-oig",
"type": "Breach",
"date": "8/2024",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"