Categories
The Week in Breach

The Week in Breach News: 09/03/22 – 15/03/22

We’re going on a world tour this week as anime and gaming fans get a few nasty surprises from Ubisoft and Toei Animation hacks, Lapsus$ keeps up the bad work and Anonymous continues hammering Russia.



South Denver Cardiology Associates

Exploit: Hacking

South Denver Cardiology Associates: Medical Clinic

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.214 = Severe

South Denver Cardiology Associates apparently kicked off 2022 with a data breach that they’ve just disclosed to their patients on their website. The medical practice believes that an unauthorized party gained access to its systems between January 2, 2022, and January 5, 2022. During that time, certain files stored on the system were accessed that contained the protected health information of patients. They were careful to note that there was no impact to the contents of patient medical records and no unauthorized access to the patient portal.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 2.371 = Severe

Information potentially exposed includes names, dates of birth, Social Security numbers and/or drivers’ license numbers, patient account numbers, health insurance information, and clinical information, such as physician names, dates/types of service and diagnoses. South Denver Cardiology Associates is offering credit monitoring to impacted patients who have been informed by mail.  

How It Could Affect Your Business: This incident could end up being very expensive even if no real damage was done to the practice after regulators get finished with them.



Argentina – Mercado Libre 

Exploit: Ransomware

Mercado Libre: E-commerce & Payments

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.872 = Severe

E-commerce giant Mercado Libre has confirmed that an unauthorized party accessed its systems last week, snatching up a part of its source code. The ransomware gang Lapsus$ has claimed responsibility. Mercado admitted that threat actors had accessed data of around 300,000 of its users but stopped short of disclosing that this was a ransomware attack, clarifying what data was stolen or sharing ransom demands.  The company said that they do not believe “any users’ passwords, account balances, investments, financial information, or credit card information were obtained”. 

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Business Ransomware gangs have been quick to snatch data from large repositories, especially personal data or payment card information.



United Kingdom – Vodafone

Exploit: Ransomware

Vodafone: Telecom

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.311 = Severe

Lapsus$ was busy this week. The group also claimed responsibility for a hack at Vodafone. In a Telegram message to its subscribers, Lapsus$ claimed to have 200GB of Vodafone source code in its possession, allegedly the fruit of 5,000 GitHub repositories. No word on the specifics of the stolen data. Lapsus$ is reportedly a South American gang that also claimed responsibility for recent attacks on Nvidia and Impresa.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Business: Source code can be very profitable for ransomware gangs, and companies need to ensure that they’re protecting their proprietary resources well.


France – Ubisoft 

Exploit: Ransomware

Ubisoft: Video Game Studio

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.867 = Severe

French video game company Ubisoft has admitted that a cyber security incident knocked many games, services and systems offline. Guess who claimed responsibility? If you answered “Lapsus$”, you’re right!  Ubisoft says that no customer information was accessed, and games should be operating normally now. Credential compromise appears to have been a factor as Ubisoft employees have reportedly been required to change their passwords.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Protecting proprietary digital assets is especially important for companies like this who rely on them completely to do business.


Russia – Roskomnadzor (Federal Service for Supervision of Communications, Information Technology and Mass Media)

Exploit: Nation-State Hacking

Roskomnadzor (aka Federal Service for Supervision of Communications, Information Technology and Mass Media): Government Agency 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.661 = Severe

Hacktivist collective Anonymous is still hard at work disrupting Russia’s technology infrastructure in response to that country’s continued aggression in Ukraine. This week, Anonymous chose to hit Roskomnadzor (Federal Service for Supervision of Communications, Information Technology and Mass Media). That agency is the watchdog that censors media outlets within Russia. The group leaked around 820 GB of data, available on the website Distributed Denial of Secrets (aka DDoSecrets). Roskomnadzor was recently tasked by the Putin regime to block Facebook, Twitter, and other online platforms within Russia. Anonymous had been loud, open and very busy in its support of Ukraine, claiming attacks on more than 300 Russian strategic targets within the first 72 hours of the Russian invasion of Ukraine.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Nation-state cybercriminals are highly likely to strategically attack Government, Utilities and Infrastructure targets during times of trouble but every business is at risk.


Russia – PJSC Rosneft Oil Company (Rosneft)

Exploit: Nation-State Cyberattack

PJSC Rosneft Oil Company (Rosneft): Oil Company

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.601 = Severe

The German subsidiary of the Russian energy company Rosneft has disclosed that they’d experienced a cyberattack. The attack snarled operations from last Friday night through the weekend. Reuters reports that German news outlet Die Welt points to “Anonymous” as the source behind the attack as part of its ongoing campaign against Russia in opposition to its invasion of Ukraine. 

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Political upheaval can place organizations within hacktivist sights, creating unforeseen security complications.



Japan – Denso 

Exploit: Ransomware

Denso: Automotive Parts Manufacturer

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.402 = Extreme

Cybercrime group Pandora released a statement on Sunday saying it had snatched sensitive data from Denso, a supplier to Toyota. Just two weeks ago, Toyota had been forced to halt production in Japan because of a supply chain cybersecurity incident and this appears to be it. The company disclosed that it had detected unauthorized access to its network using ransomware at DENSO Automotive Deutschland GmbH, an associated firm in Germany. No information about the ransom or specifics on stolen data were available.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Supply chain issues have plagued businesses as cybercriminals seek fast ransom payments from manufacturers or critically needed goods.


Japan – Toei Animation 

Exploit: Ransomware

Toei Animation: Animation Studio

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.436 = Extreme

 Major Japanese animation studio Toei announced that there will be delays in the release of several popular anime series, including the long-awaited episode 1000 of ONE PIECE, because of a cyberattack. The anime studio said that they detected unauthorized access to their systems on March 6th, 2022, forcing a system-wide shutdown that impacted their production schedule. In a statement, Toei revealed that new releases for series including Dragon Quest Dai no Daibouken, Delicious Party Precure, Digimon Ghost Game and ONE PIECE will be delayed until further notice.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Cybercriminals love to hit organizations that are under time pressure or handle time-sensitive products because of the higher chance they’ll get paid.



1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.