Hackers have broken through the "front door" of online data storage units used by pharmaceutical giant Pfizer and leaked hundreds of chatbot conversations and patient information.
Scores of victims could now be exposed to phishing scams after having their full names, home addresses and email contacts taken from a misconfigured Google Cloud storage bucket.
Data included hundreds of conversations between customers and chatbots enquiring about cancer drugs, epilepsy medication and Viagra.
It is not known how many patients were in the UAE.
When administrators leave the front door open it's unsurprising attackers walk straight in unnoticed
Cybercrime experts said the blunder could lead to patients inadvertently handing over bank card information to criminals claiming to process bogus prescriptions.
“While name, addresses, and email addresses are not highly sensitive information like birth dates or social security numbers, the conversations could reveal very private medical data,” said Morey Haber, chief technology officer at BeyondTrust, a cyber security company in the UAE.
“The information could easily lead to future spear phishing attacks because the details about an individual would make a potential attack credible.
“Pfizer did not know the data was accessible nor [that] it was obtained.
“It is feasible therefore to assume the data has been accessed in the past as well.”
Phishing is the most common technique used by hackers to extract restricted data or gain access to accounts by encouraging users to relinquish passwords.
Sensitive information about patients, who asked questions online about smoking cessation drug, Chantix, was also obtained by hackers.
The breach was reported to Pfizer and regulators by online security researchers at tech-company vpnMentor.
They said the information remained exposed online for months before action was taken to remove it in September.
It is the fifth similar failure to secure patient information by Pfizer, that has offices in Dubai Media City, following incidents in 2007 and 2019.
"Pfizer is aware that a small number of non-HIPAA data records on a vendor operated system used for feedback on existing medicines were inadvertently publicly available," Pfizer said in response.
"We take privacy and product feedback extremely seriously. To that end, when we became aware of this event we ensured the vendor corrected the issue and notifications compliant with applicable laws will be sent to individuals."
Industry experts said cloud storage is becoming increasingly difficult to secure as hacking techniques become more sophisticated.
In 2014, celebrities including Jennifer Lawrence, Rihanna and Kim Kardashian were among those who had compromising photos leaked online after cloud storage was hacked.
A two-step verification process was then introduced to bolster security around Apple’s iCloud data storage service.
“The recent Pfizer data breach tells us it is extremely difficult for even the largest companies in the world to secure their data every hour, every day and every week,” said Sam Curry, chief security officer at Cybereason, a company working with businesses in the UAE to bolster online defences.
“It's irrelevant whether an internal or external error led to this data breach.
“The digital footprint for enterprises is expanding at such a rapid pace, errors will occur and data will be exposed.
“Customers want transparency and guarantees that the company will continue to make sure data protection is their top priority.”
Read More
Explainer: How to avoid phone and email scams
Phishing scam 'webcam' warning as UAE residents find themselves targets
Passwords no longer enough to protect users from cybercrime, former hackers say
Chat conversations between human and chatbots that give an automated conversation response were some of the information exposed in the leak.
While replies were preprogrammed into the solution, humans would realistically have to answer a series of questions to determine the proper response.
Those questions were designed to provide a high confidence in the results and often forced the exposure of more information to obtain the desired results.
“As no system, or person, is ever perfect, the ability to monitor, detect and respond to unauthorised or malicious access to cloud services can make the difference between a contained security incident and a full-blown breach as being reported at Pfizer,” said Matt Walmsley, a tech industry analyst and director at Vectra AI.
“We performed analysis on Office 365 – the worlds most used software and service cloud – and identified how attackers are using existing tools and services within the cloud to spy and steal.
“When administrators inadvertently leave the front door open it’s unsurprising that attackers walk straight in and out unnoticed.”
FIXTURES
All times UAE ( 4 GMT)
Saturday
Fiorentina v Torino (8pm)
Hellas Verona v Roma (10.45pm)
Sunday
Parma v Napoli (2.30pm)
Genoa v Crotone (5pm)
Sassuolo v Cagliari (8pm)
Juventus v Sampdoria (10.45pm)
Monday
AC Milan v Bologna (10.45om)
Playing September 30
Benevento v Inter Milan (8pm)
Udinese v Spezia (8pm)
Lazio v Atalanta (10.45pm)
UAE currency: the story behind the money in your pockets
Our legal consultant
Name: Dr Hassan Mohsen Elhais
Position: legal consultant with Al Rowaad Advocates and Legal Consultants.
Company%20Profile
%3Cp%3ECompany%20name%3A%20EduPloyment%3Cbr%3EDate%20started%3A%20March%202020%3Cbr%3ECo-Founders%3A%20Mazen%20Omair%20and%20Rana%20Batterjee%3Cbr%3EBase%3A%20Dubai%2C%20UAE%3Cbr%3ESector%3A%20Recruitment%3Cbr%3ESize%3A%2030%20employees%3Cbr%3EInvestment%20stage%3A%20Pre-Seed%3Cbr%3EInvestors%3A%20Angel%20investors%20(investment%20amount%20undisclosed)%3C%2Fp%3E%0A
Who is Tim-Berners Lee?
Sir Tim Berners-Lee was born in London in a household of mathematicians and computer scientists. Both his mother, Mary Lee, and father, Conway, were early computer scientists who worked on the Ferranti 1 - the world's first commercially-available, general purpose digital computer. Sir Tim studied Physics at the University of Oxford and held a series of roles developing code and building software before moving to Switzerland to work for Cern, the European Particle Physics laboratory. He developed the worldwide web code as a side project in 1989 as a global information-sharing system. After releasing the first web code in 1991, Cern made it open and free for all to use. Sir Tim now campaigns for initiatives to make sure the web remains open and accessible to all.
UK’s AI plan
- AI ambassadors such as MIT economist Simon Johnson, Monzo cofounder Tom Blomfield and Google DeepMind’s Raia Hadsell
- £10bn AI growth zone in South Wales to create 5,000 jobs
- £100m of government support for startups building AI hardware products
- £250m to train new AI models
Fund-raising tips for start-ups
Develop an innovative business concept
Have the ability to differentiate yourself from competitors
Put in place a business continuity plan after Covid-19
Prepare for the worst-case scenario (further lockdowns, long wait for a vaccine, etc.)
Have enough cash to stay afloat for the next 12 to 18 months
Be creative and innovative to reduce expenses
Be prepared to use Covid-19 as an opportunity for your business
* Tips from Jassim Al Marzooqi and Walid Hanna
Mercer, the investment consulting arm of US services company Marsh & McLennan, expects its wealth division to at least double its assets under management (AUM) in the Middle East as wealth in the region continues to grow despite economic headwinds, a company official said.
Mercer Wealth, which globally has $160 billion in AUM, plans to boost its AUM in the region to $2-$3bn in the next 2-3 years from the present $1bn, said Yasir AbuShaban, a Dubai-based principal with Mercer Wealth.
“Within the next two to three years, we are looking at reaching $2 to $3 billion as a conservative estimate and we do see an opportunity to do so,” said Mr AbuShaban.
Mercer does not directly make investments, but allocates clients’ money they have discretion to, to professional asset managers. They also provide advice to clients.
“We have buying power. We can negotiate on their (client’s) behalf with asset managers to provide them lower fees than they otherwise would have to get on their own,” he added.
Mercer Wealth’s clients include sovereign wealth funds, family offices, and insurance companies among others.
From its office in Dubai, Mercer also looks after Africa, India and Turkey, where they also see opportunity for growth.
Wealth creation in Middle East and Africa (MEA) grew 8.5 per cent to $8.1 trillion last year from $7.5tn in 2015, higher than last year’s global average of 6 per cent and the second-highest growth in a region after Asia-Pacific which grew 9.9 per cent, according to consultancy Boston Consulting Group (BCG). In the region, where wealth grew just 1.9 per cent in 2015 compared with 2014, a pickup in oil prices has helped in wealth generation.
BCG is forecasting MEA wealth will rise to $12tn by 2021, growing at an annual average of 8 per cent.
Drivers of wealth generation in the region will be split evenly between new wealth creation and growth of performance of existing assets, according to BCG.
Another general trend in the region is clients’ looking for a comprehensive approach to investing, according to Mr AbuShaban.
“Institutional investors or some of the families are seeing a slowdown in the available capital they have to invest and in that sense they are looking at optimizing the way they manage their portfolios and making sure they are not investing haphazardly and different parts of their investment are working together,” said Mr AbuShaban.
Some clients also have a higher appetite for risk, given the low interest-rate environment that does not provide enough yield for some institutional investors. These clients are keen to invest in illiquid assets, such as private equity and infrastructure.
“What we have seen is a desire for higher returns in what has been a low-return environment specifically in various fixed income or bonds,” he said.
“In this environment, we have seen a de facto increase in the risk that clients are taking in things like illiquid investments, private equity investments, infrastructure and private debt, those kind of investments were higher illiquidity results in incrementally higher returns.”
The Abu Dhabi Investment Authority, one of the largest sovereign wealth funds, said in its 2016 report that has gradually increased its exposure in direct private equity and private credit transactions, mainly in Asian markets and especially in China and India. The authority’s private equity department focused on structured equities owing to “their defensive characteristics.”
MATCH INFO
Uefa Champions League semi-final, second leg result:
Ajax 2-3 Tottenham
Tottenham advance on away goals rule after tie ends 3-3 on aggregate
Final: June 1, Madrid
The%20US%20Congress%20explained
%3Cp%3E-%20Congress%20is%20one%20of%20three%20branches%20of%20the%20US%20government%2C%20and%20the%20one%20that%20creates%20the%20nation's%20federal%20laws%3C%2Fp%3E%0A%3Cp%3E-%20Congress%20is%20divided%20into%20two%20chambers%3A%20The%20House%20of%20Representatives%20and%20the%20Senate%3C%2Fp%3E%0A%3Cp%3E-%C2%A0The%20House%20is%20made%20up%20of%20435%20members%20based%20on%20a%20state's%20population.%20House%20members%20are%20up%20for%20election%20every%20two%20years%3C%2Fp%3E%0A%3Cp%3E-%20A%20bill%20must%20be%20approved%20by%20both%20the%20House%20and%20Senate%20before%20it%20goes%20to%20the%20president's%20desk%20for%20signature%3C%2Fp%3E%0A%3Cp%3E-%20A%20political%20party%20needs%20218%20seats%20to%20be%20in%20control%20of%20the%20House%20of%20Representatives%3C%2Fp%3E%0A%3Cp%3E-%20The%20Senate%20is%20comprised%20of%20100%20members%2C%20with%20each%20state%20receiving%20two%20senators.%20Senate%20members%20serve%20six-year%20terms%3C%2Fp%3E%0A%3Cp%3E-%20A%20political%20party%20needs%2051%20seats%20to%20control%20the%20Senate.%20In%20the%20case%20of%20a%2050-50%20tie%2C%20the%20party%20of%20the%20president%20controls%20the%20Senate%3C%2Fp%3E%0A
Student Of The Year 2
Director: Punit Malhotra
Stars: Tiger Shroff, Tara Sutaria, Ananya Pandey, Aditya Seal
1.5 stars
The Brutalist
Director: Brady Corbet
Stars: Adrien Brody, Felicity Jones, Guy Pearce, Joe Alwyn
Rating: 3.5/5
Difference between fractional ownership and timeshare
Although similar in its appearance, the concept of a fractional title deed is unlike that of a timeshare, which usually involves multiple investors buying “time” in a property whereby the owner has the right to occupation for a specified period of time in any year, as opposed to the actual real estate, said John Peacock, Head of Indirect Tax and Conveyancing, BSA Ahmad Bin Hezeem & Associates, a law firm.
SERIE A FIXTURES
Friday Sassuolo v Benevento (Kick-off 11.45pm)
Saturday Crotone v Spezia (6pm), Torino v Udinese (9pm), Lazio v Verona (11.45pm)
Sunday Cagliari v Inter Milan (3.30pm), Atalanta v Fiorentina (6pm), Napoli v Sampdoria (6pm), Bologna v Roma (6pm), Genoa v Juventus (9pm), AC Milan v Parma (11.45pm)
Company%20profile
%3Cp%3EName%3A%20Cashew%0D%3Cbr%3EStarted%3A%202020%0D%3Cbr%3EFounders%3A%20Ibtissam%20Ouassif%20and%20Ammar%20Afif%0D%3Cbr%3EBased%3A%20Dubai%2C%20UAE%0D%3Cbr%3EIndustry%3A%20FinTech%0D%3Cbr%3EFunding%20size%3A%20%2410m%0D%3Cbr%3EInvestors%3A%20Mashreq%2C%20others%0D%3C%2Fp%3E%0A
DC%20League%20of%20Super-Pets
%3Cp%3EDirector%3A%20Jared%20Stern%3C%2Fp%3E%0A%3Cp%3EStarring%3A%20Dwayne%20Johnson%2C%20Kevin%20Hart%2C%20John%20Krasinski%2C%20Keanu%20Reeves%2C%20Olivia%20Wilde%2C%20Kate%20McKinnon%2C%20Jameela%20Jamil%3C%2Fp%3E%0A%3Cp%3ERating%3A%203%2F5%3C%2Fp%3E%0A
Name: Peter Dicce
Title: Assistant dean of students and director of athletics
Favourite sport: soccer
Favourite team: Bayern Munich
Favourite player: Franz Beckenbauer
Favourite activity in Abu Dhabi: scuba diving in the Northern Emirates
The five pillars of Islam
1. Fasting
2. Prayer
3. Hajj
4. Shahada
5. Zakat
Du Plessis plans his retirement
South Africa captain Faf du Plessis said on Friday the Twenty20 World Cup in Australia in two years' time will be his last.
Du Plessis, 34, who has led his country in two World T20 campaigns, in 2014 and 2016, is keen to play a third but will then step aside.
"The T20 World Cup in 2020 is something I'm really looking forward to. I think right now that will probably be the last tournament for me," he said in Brisbane ahead of a one-off T20 against Australia on Saturday.
A timeline of the Historical Dictionary of the Arabic Language
- 2018: Formal work begins
- November 2021: First 17 volumes launched
- November 2022: Additional 19 volumes released
- October 2023: Another 31 volumes released
- November 2024: All 127 volumes completed
Red flags
- Promises of high, fixed or 'guaranteed' returns.
- Unregulated structured products or complex investments often used to bypass traditional safeguards.
- Lack of clear information, vague language, no access to audited financials.
- Overseas companies targeting investors in other jurisdictions - this can make legal recovery difficult.
- Hard-selling tactics - creating urgency, offering 'exclusive' deals.
Courtesy: Carol Glynn, founder of Conscious Finance Coaching
What can victims do?
Always use only regulated platforms
Stop all transactions and communication on suspicion
Save all evidence (screenshots, chat logs, transaction IDs)
Report to local authorities
Warn others to prevent further harm
Courtesy: Crystal Intelligence
