Multiple attacks disrupt education and expose data at U.S. public schools and a novel response to a ransom demand in Zambia.
Chicago Public Schools
Exploit: Supply Chain Risk
Chicago Public Schools: Regional Education Agency
Risk to Business: 1.944 = Severe
Chicago Public Schools is facing a big breach of student data after a technology vendor experienced a data security incident. CPS has disclosed that it was recently informed that an unauthorized access incident took place at Battelle for Kids in December 2021. In that incident, a server that housed four years’ worth of personal information about students and staff from the 2015-16 through 2018-2019 school years was breached. Officials say that no Social Security numbers, no financial information, no health data, no current course or schedule information, no home addresses and no course grades, standardized test scores, or teacher evaluation scores were exposed in this incident.
Risk to Individual: 1.672 = Severe
The improperly accessed data included students’ names, schools, dates of birth, gender, CPS identification numbers, state student identification numbers, class schedule information and scores on course-specific assessments used for teacher evaluations. Employee data included names, employee identification numbers, school and course information and emails and usernames.
How It Could Affect Your Business: School system databases are popular targets because they often hold big stores of information.
Fort Sumner Municipal Schools (New Mexico) & Washington Local Schools (Ohio)
Exploit: Ransomware
Fort Sumner Municipal Schools (New Mexico) & Washington Local Schools (Ohio): Local Education Agency
Risk to Business: 1.804 = Severe
The Cl0p ransomware gang has posted information that points to a successful ransomware attack against the Fort Sumner Municipal Schools agency in New Mexico. The Superintendent of Schools in the district confirmed the incident. This is just the latest in a long string of ransomware attacks that have impacted public school systems in the US. Just this week, the Washington Local Schools district in Ohio was also hit with a ransomware attack, this time impacting the district’s phone, email, internet and WiFi networks as well as Google Classroom.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How It Could Affect Your Business Bad actors know that using ransomware against targets with time-sensitive business can be profitable.
The U.S. Drug Enforcement Agency (DEA)
Exploit: Hacking
The U.S. Drug Enforcement Agency (DEA): Federal Government Agency
Risk to Business: 1.763 = Severe
Officials are investigating a potential breach that could allow bad actors to access key systems used by law enforcement agencies in the U.S. A tip pointed officials to information that the LAPSUS$ hacking group may have gained access to the esp.usdoj.gov data portal, the Law Enforcement Inquiry and Alerts (LEIA) system, the U.S. Drug Enforcement Agency (DEA)’s El Paso Intelligence Center (EPIC) and other DEA systems. That unauthorized access may be used by cybercriminals in myriad ways including for impersonation efforts and doxing, as well as affording the bad guys the opportunity to search databases and to obtain sensitive data.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How It Could Affect Your Business: This kind of access and information in the wrong hands could be beneficial to cybercriminals including nation-state actors.
Greenland – Agency for Health and Prevention
Exploit: Hacking
Agency for Health and Prevention: National Agency
Risk to Business: 2.864 = Moderate
The government of Greenland has announced that healthcare services have become extremely limited as a result of a cyberattack. While the nature of the incident was not specified, government officials noted that the network for the entire system had to be shut down, resulting in medical care providers becoming unable to access patient records and creating delays in care. The government says that patient data is not at risk, and that emergency treatment will not be impacted.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How it Could Affect Your Business: Healthcare targets have been at the top of the cybercriminal hit list since the start of the pandemic.
Zambia – National Bank of Zambia
Exploit: Ransomware
National Bank of Zambia: Banking & Financial Services
Risk to Business: 1.917 = Severe
A cyberattack at the National Bank of Zambia has played out with a bizarre twist. After experiencing a ransomware attack by the Hive ransomware outfit that purportedly encrypted the bank’s Network Attached Storage (NAS) device, officials responded to the cybercriminals’ ransom demands with a refusal to pay. Bloomberg reports that the refusal was accompanied by images of male genitalia and a message referencing a common NSFW insult about what the bad guys could do with their demands. In a statement, the bank said that it had experienced an incident that impacted some systems such as the Bureau De Change Monitoring System and the bank’s website.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How it Could Affect Your Business Organisations in the Banking & Finance sector suffered the most cyberattacks in 2021, and pressure isn’t letting up.
South Africa – Dis-Chem
Exploit: Supply Chain Risk
Dis-Chem: Pharmaceutical Company
Risk to Business: 1.733-Severe
Major pharmaceutical retailer Dis-Chem recently announced that it had been hit by a data breach that may have exposed the personal details of 3.6 million customers thanks to a data security incident at a third-party service provider on May 1, 2022. Dis Chem is the second-largest retail pharmacy chain in South Africa. An investigation is underway, and the company has stated that it will not be offering further comment on the incident.
Risk to Business: 1.733-Severe
The investigation has determined that the incident affected a total of 3,687,881 data subjects so far, exposing subjects’ first name and surname, email addresses, and cell phone numbers.
How it Could Affect Your Business Defence industry contractors and military-adjacent service providers are tempting targets for cybercriminals looking for back doors.
Singapore – Nikkei Business Publications
Exploit: Ransomware
Nikkei Business Publications: Publishing Company
Risk to Business: 2.786 = Moderate
Asian publishing giant Nikkei has disclosed that the organization’s headquarters was hit by a ransomware attack on May 13, 2022. The company, the publisher of several business and technology magazines, said that it is still investigating the incident and has not yet determined if bad actors accessed customer data. Officials in both Singapore and Japan have been notified.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How it Could Affect Your Business More than half of APAC organizations experienced a cyberattack in 2021.
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident