New information is available about Panasonic’s Canadian data breach, McDonald’s serves up risk to customers in Costa Rica and Anonymous continues its campaign against Russia.
Contra Costa County Government
Exploit: Hacking
Contra Costa County Government: Regional Government
Risk to Business: 1.677 = Severe
Contra Costa County officials have begun sending out letters this week to potential victims, after investigating a data breach from Q3 2021. The county’s investigation determined that an unauthorized person accessed several county employee email accounts at various times between June 24, 2021, and August 12, 2021. The intruder accessed emails and attachments containing information pertaining to certain county employees, as well as individuals who communicated with the county’s Employment and Human Services Department.
Risk to Individual: 1.702 = Severe
The exposed data includes names and one or more of the following: Social Security numbers, driver’s license or state-issued identification numbers, financial account numbers, passport numbers and medical information or health insurance information.
How It Could Affect Your Business: Government bodies have been a popular target for cybercriminals because they usually provide access to lots of valuable data.
Newman Regional Health
Exploit: Hacking
Newman Regional Health: Healthcare Facility
Risk to Business: 1.802 = Severe
Newman Regional Health is a tiny facility that’s notifying patients and employees of a big breach. The 25-bed not-for-profit hospital in Kansas informed patients that their data may have been exposed in a yearlong data breach. More than 52,000 patients are being notified of the incident after an investigation revealed unauthorized access to a limited number of the hospital’s employee e-mail accounts between January 26, 2021, and November 23, 2021.
Risk to Individual: 1.809 = Severe
Exposed patient and employee information includes names, dates of birth, medical record or other identification numbers, addresses, phone numbers, or email addresses, limited health, treatment or insurance information, or employee information collected in connection with an individual’s receipt of services from or employment. A limited group of individuals may have social security numbers or financial information affected.
How It Could Affect Your Business No non-profit can afford the huge penalties that this organization will potentially incur after regulators get finished with them.
Florida International University
Exploit: Ransomware
Florida International University: Institution of Higher Learning
Risk to Business: 2.177 = Severe
The BlackCat ransomware outfit has claimed they’re behind a ransomware attack at Florida International University. The group said that it has stolen a range of personal information from students, teachers and staff, amounting to 1.2 TB of data. Among the stolen data, the group says it obtained contracts, accounting documents, social security numbers, email databases and more. No further details about the stolen data was available at press time.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How It Could Affect Your Business: The Education sector has been getting hammered by cybercrime since the start of the global pandemic.
Panasonic
Exploit: Ransomware
Panasonic: Electronics Manufacturer
Risk to Business: 2.217 = Severe
The Conti ransomware group has claimed responsibility for an attack on Panasonic’s Canadian operations in February 2022. Panasonic confirmed that it had been the victim of a ransomware attack that impacted its systems, processes and networks. The company says that it has contracted with outside experts to investigate the attack as well as clean and restore servers and rebuild applications. No word was available about what if any data was stolen by the attackers. Panasonic says that relevant authorities have been informed.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How it Could Affect Your Business Manufacturers and industrial targets have been high on the cybercriminal hit list for months.
Costa Rica – McDonald’s
Exploit: Supply Chain Risk
McDonald’s: Fast Food Restaurant Chain
Risk to Business: 2.734 = Moderate
McDonald’s is informing customers in Costa Rica that they may have had data exposed after a data breach at one of the company’s service providers. The company says it has notified relevant authorities and the incident is under investigation. The name, location or type of the service provider was not disclosed, nor how many customers had their data exposed.
Risk to Individual: 2.623 = Moderate
McDonald’s is informing customers in Costa Rica that they may have had data exposed after a data breach at one of the company’s service providers. The company says it has notified relevant authorities and the incident is under investigation. The name, location or type of the service provider was not disclosed, nor how many customers had their data exposed.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How it Could Affect Your Business Cybercriminals have been hitting small supply chain targets to gain access to their clients, especially big-name companies.
UK – CitySprint
Exploit: Hacking
CitySprint: Courier
Risk to Business: 1.417 – Severe
UK same-day delivery company CitySprint has informed its drivers of a data breach that may have exposed their personal information. The company says that an unauthorized party gained access to its iFleet internal management and routing system. While CitySprint says that it doesn’t think that drivers’ personal data was compromised, it can’t be sure.
Risk to Individual: 2.766 – Moderate
Drivers may have had information exposed including photos of their driving license, vehicle pictures, and records of their weekly earnings.
How it Could Affect Your Business UK GDPR ensures means that this could be a very expensive incident when all the penalties are added up.
Spain – The Royal Spanish Football Federation (RFEF)
Exploit: Hacking
The Royal Spanish Football Federation (RFEF): Sports Organization
Risk to Business: 2.176 = Severe
RFEF announced that it has been the victim of hacking after a journalist warned the organization that they’d been offered stolen data. The organization has determined that documents and information from email accounts, private texts and audio conversations from top executives of the federation are among the stolen data. The journalist claimed to have received or gained access to confidential contracts, private WhatsApp conversations, emails and abundant documents regarding the RFEF management. An investigation is ongoing.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How it Could Affect Your Business It pays to keep an eye on your network for intrusions instead of waiting for the media to tell you about one.
Russia- Ministry of Culture of the Russian Federation
Exploit: Nation-State Hacking (Hacktivism)
Ministry of Culture of the Russian Federation: Federal Government Agency
Risk to Business: 2.976 = Moderate
The Anonymous Collective hasn’t stopped its push against Russia after the country’s unjust invasion of Ukraine. This time, Anonymous hackers obtained and exposed 446 GB of data from Russia’s Ministry of Culture as part of a larger hacking operation targeting Russia’s national government. The trove of data purportedly includes more than 200,000 emails. The information was published by Demonstrated Denial of Secrets, a hacktivist organization that has been involved in the Anonymous effort.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How it Could Affect Your Business It pays to keep an eye on your network for intrusions instead of waiting for the media to tell you about one.
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident