Cox Communications gets caught by phishing, Atalanta imports some ransomware, another crypto exchange gets hacked for millions & a shocking ransomware attack on the Virginia Legislature.
Atalanta
Exploit: Ransomware
Atalanta: Food Importer
Risk to Business: 1.616= Severe
Imported foods outfit Atalanta has admitted that it suffered a data breach involving employees’ personal information as the result of a ransomware attack in July 2021. An investigation concluded that information related to Atalanta’s current and former employees and some visitors was accessed and acquired by an unauthorized party. Atalanta is North America’s largest privately-held specialty food importer. No details were offered by the company about how many records were exposed and what personal information they contained.
Individual Impact: No details were offered by the company about how many records were exposed and what personal information they contained.
Customers Impacted: Unknown
Cox Communications
Exploit: Phishing (Vishing)
Cox Communications: Digital Cable Provider
Risk to Business: 1.773=Severe
Cox Communications has disclosed a data breach after a hacker impersonated a support agent to gain access to customers’ personal information. The story goes that on October 11th, 2021, a bad actor impersonated a Cox support agent by phone to gain access to customer information. Cox is the third-largest cable television provider in the US with around 3 million customers.
Individual Risk: 1.813=Severe
Customers may have had information material to their Cox account exposed including name, address, telephone number, Cox account number, Cox.net email address, username, PIN code, account security question and answer, and/or the types of services that they receive from Cox.
Customers Impacted: 3 million
The Virginia Division of Legislative Automated Systems (DLAS)
Exploit: Ransomware
The Virginia Division of Legislative Automated Systems (DLAS): Government Technology Services
Risk to Business: 1.318=Extreme
A ransomware attack has hit the division of Virginia’s state government that handles IT for agencies and commissions within the Virginia legislature. Hackers accessed the agency’s system late Friday, then deployed ransomware. A ransom demand was received on Monday. A Virginia state official told CNN that DLAS was shutting down many of its computer servers in an attempt to stop the spread of ransomware. No information was available at press time about the amount of the ransom demand or what if any data was stolen. AP reports that this attack is the first recorded on a state legislature.
Individual Impact: No consumer/employee PII or financial data loss was disclosed in this breach as of press time.
Customers Impacted: Unknown
Kronos Ultimate Group
Exploit: Ransomware
Kronos Ultimate Group: Payroll Services
Risk to Business: 1.619= Severe
HR management company Ultimate Kronos Group has been hit by a ransomware attack that could have devastating ongoing repercussions. The company’s Kronos Workforce Central was paralyzed in the attack. That prevents its clients, including heavyweights like Tesla and Puma, from processing payroll, handling timesheets and managing their workforce. Kronos first became aware of unusual activity on Kronos Private Cloud on Saturday evening. The company’s blog says that it is likely the issue may require several weeks to resolve.
Individual Impact: No consumer/employee PII or financial data loss was disclosed in this breach as of press time.
Customers Impacted:
United Kingdom – SPAR Convenience Stores
Exploit: Ransomware
SPAR Convenience Stores: Convenience Store Chain
Risk to Business: 1.412= Extreme
UK convenience store chain SPAR fell victim to a cyberattack that impacted operations at a store level. SPAR has around 2600 stores located across the UK. The suspected ransomware attack impacted 330 SPAR locations primarily located in the north of England. Those stores were left unable to process payments made using credit or debit cards for a time. The attack also prevented the stores from using their accounting or stock control systems. Some of the affected shops remain closed in the wake of the attack, but some have reopened accepting only cash payments. An investigation is ongoing.
Individual Impact: No consumer or employee PII or financial data exposure was disclosed in this incident as of press time.
Customers Impacted: Unknown
Sweden – Volvo Cars
Exploit: Hacking
Volvo Cars: Automotive Manufacturer
Risk to Business: 2.112 = Severe
Swedish automotive company Volvo announced that hackers had violated its network and made off with valuable research and development data in a cyberattack. The company went on to say that its investigation confirmed that a limited amount of the company’s R&D property was stolen during the intrusion, but no other data was accessed. The company was quick to assure Volvo owners that there would be no impact on the safety or security of their cars or their personal data.
Individual Impact: No consumer or employee PII or financial data exposure was disclosed in this incident as of press time.
Customers Impacted: Unknown
Germany – Hellmann Worldwide Logistics
Exploit: Ransomware
Hellmann Worldwide Logistics: Transportation Logistics Firm
Risk to Business: 1.7684 = Severe
Hellmann Worldwide Logistics reported a cyberattack this week that packed a punch. The company said that a cyberattack, suspected to be ransomware, caused them to have to temporarily remove all connections to their central data center. Hellmann said its Global Crisis Taskforce discovered the attack but outside cybersecurity experts were brought in to help with the response. The company serves clients in 173 countries, running logistics for a range of air, sea, rail and road freight services.
Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.
Customers Impacted: Unknown
France – Régie Autonome des Transports Parisiens (RATP)
Exploit: Misconfiguration
Régie Autonome des Transports Parisiens (RATP): Transportation Authority
Risk to Business: 1.723 = Severe
A state-owned French transportation giant is in hot water after exposing personal information for nearly 60,000 employees via an unsecured HTTP server. Researchers discovered the server on October 13 left open and accessible to anyone. It contained an SQL database backup dating back to 2018 with over three million records. This featured the details of 57,000 RATP employees — including senior executives and the cybersecurity team. Source code related to RATP’s employee benefits web portal was also exposed with API keys that enabled access to the sensitive info about the website’s backend and RATP’s GitHub account.
Individual Risk: 1.723 = Severe
The exposed employee data includes full names, email addresses, logins for their RATP employee accounts and MD5-hashed passwords.
Customers Impacted: Unknown
Singapore – AscendEX
Exploit: Hacking
AscendEX: Cryptocurrency Trading Platform
Risk to Business: 1.223 = Extreme
Cryptocurrency exchange AscendEX suffered a hack for an estimated $77 million following a breach of one its hot wallets. The company announced the hack on Twitter, saying that it had identified a number of unauthorized transactions from one of its hot wallets on Saturday. Blockchain analytics firm PeckShield estimated that the stolen funds amounted to $77 million spread across three chains: Ethereum ($60 million), Binance Smart Chain ($9.2 million) and Polygon ($8.5 million). The largest share of the $77 million was accounted for by the relatively minor taraxa (TARA) with $10.8 million, while the combined shares of stablecoins USDT and USDC accounted for $10.7 million. The Singapore-based exchange, which was formerly known as BitMax, claims to serve one million institutional and retail clients.
Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.
Customers Impacted: Unknown
Australia – Frontier Software
Exploit: Ransomware
Frontier Software: Payroll Services Technology Provider
Risk to Business: 2.323 = Severe
South Australia’s state government announced that state government employee data has been exfiltrated as part of a ransomware attack on payroll provider Frontier Software. The company has informed the government that at least up to 80,000 government employees and 38,000 employees of other businesses may have had their data snatched by bad actors in the November 13 incident.
Individual Risk: 2.401 = Severe
The stolen employee data contained names, dates of birth, tax file numbers, home addresses, bank account details, employment start dates, payroll period, remuneration, and other payroll-related information.
Customers Impacted: Unknown
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.