Categories
The Week in Breach

The Week in Breach News: 20/04/22 – 26/04/22


 Two big ransomware attacks impact governments in Costa Rica and Brazil, supply chain risk takes the glow off of vacations for passengers on Canada’s Sunwing Airlines.



Christie Clinic

Exploit: Business Email Compromise

Christie Clinic: Healthcare Provider

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.802 = Severe

Illinois medical services provider Christie Clinic has informed an estimated 500,000 individuals that their personal information was potentially compromised in a data breach that occurred last year. In the incident, a bad actor gained unauthorized access to one of the practice’s email accounts in a suspected business email compromise operation with the intent of interrupting financial communications between July 14 and August 19, 2021. The practice assured patients that the bad actor did not compromise other systems, electronic medical records, or the firm’s patient portal.  

cybersecurity news represented by a gauge indicating moderate risk

Risk to Individual: 2.771 = Moderate

Christie Clinic is unsure of the scope of the breach but says that the bad actor may have gained access to patient names, addresses, medical and health insurance information and Social Security numbers through the compromised account.  

How It Could Affect Your Business: Business email compromise is the most expensive cyberattack businesses face and in this case, that price will come with regulatory trouble.


The Unified Government of Wyandotte County and Kansas City, Kansas

Exploit: Hacking

The Unified Government of Wyandotte County and Kansas City, Kansas: Regional Government

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.802 = Severe

Residents of Wyandotte Country and Kansas City, Kansas (UG) are missing access to several government services after an Easter weekend cyberattack snarled the regional government’s IT systems. Some systems have been restored, but many services remain unavailable including appraisals, court cases, motor vehicle services and procurement. A UG statement said that it is actively working with the U.S. Department of Homeland Security, Federal Bureau of Investigation, and the Mid-America Regional Council cybersecurity task force to investigate the incident. 

How It Could Affect Your Customers’ Business Government entities have been popular cybercrime targets for both data theft and ransomware in the last two years.


Bob’s Red Mill Natural Foods

Exploit: Malware

Bob’s Red Mill Natural Foods: Grocery Brand

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.761 = Moderate

Bob’s Red Mill Natural Foods has announced that it has experienced a data breach after data scraping malware was found to be operating on its website. The company said on April 15 that the malware was in operation between February 23 and March 1, 2022. The company’s initial investigation did not uncover any exfiltration, but after a customer complaint that has changed.  

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.814 = Moderate

Customer information impacted includes online customers’ payment card information, billing and shipping addresses, email addresses, phone numbers and purchase amounts. The company said that no information had been found to indicate that any Social Security numbers, dates of birth, driver’s license numbers or other government-issued ID numbers had been exposed in the attack. 

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Business: Customers aren’t going to respond well to companies that can’t keep their payment card data safe.



Sunwing Airlines 

Exploit: Supply Chain Attack

Sunwing Airlines: Passenger Air Carrier 

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.346 = Extreme

Sunwing Airlines passengers are finding themselves delayed or stranded in airports across the Caribbean after a cyberattack brought down boarding and check-in services maintained by Illinois-based service provider Airline Choice. The airline has been forced to manually check in passengers and handwrite boarding passes, causing massive delays, with passengers stranded in the Caribbean, Mexico and Central America, some for days. The company says it’s working to resolve the situation and get stranded passengers to their destinations as quickly as possible.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business This is a nightmare scenario that will have a serious impact on Sunwing’s future business.



Costa Rica – The Government of Costa Rica

Exploit: Ransomware

The Government of Costa Rica: National Government

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.271 = Extreme

The Conti group has claimed responsibility for a ransomware attack on the federal government of Costa Rica that has caused trouble in several government agencies for more than a week. Government ministries impacted include Finance, experiencing impacts in customs and tax collection, Labor and the social security agency’s human resources system. Conti’s extortion site claims that the group has published 50% of the stolen data including more than 850 gigabytes of material from the Finance Ministry and other institutions’ databases. Reports say that the group has demanded a $10 million ransom, which the Costa Rican government has stated it will not pay.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Ransomware is a major threat to governments and cybercriminals have not been shy about using it.


Brazil – The City of Rio de Janeiro

Exploit: Ransomware

The City of Rio de Janeiro: Municipal Government

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.909-Severe

 The LockBit ransomware group claimed to have attacked systems connected to the Finance department of the city government in Rio de Janeiro, stealing about 420 GB of data. The Secretary of State for Finance confirmed the attack. The ministry has said that the attackers only captured a small fraction of the ministry’s data. Spokespeople also said that the gang was demanding an unspecified ransom to keep the data from publication. Rio de Janeiro’s economy ranks 30th in GDP among all cities in the world.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business In a challenging economy, no government can afford this kind of incident or the associated bills.



United Kingdom – Funky Pigeon

Exploit: Hacking

Funky Pigeon: Retailer 

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.776 = Moderate

Gift card retailer Funky Pigeon, a division of UK retail giant WHSmith, has announced that it was the victim of a cyberattack that has seriously impacted its operations. Funky Pigeon was forced offline, suspending sales temporarily. The company was quick to reassure consumers that no payment data was at risk and did not believe any account passwords were compromised. The incident remains under investigation. 

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Online retailers have been a popular target for cybercriminals, especially for payment skimming attacks.


Russia – Tendertech 

Exploit: Nation-State Hacking (Hacktivism)

Tendertech: Documents Processor 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.976 = Severe

The Anonymous collective has announced that it penetrated systems at Tendertech, a Russia-based processor of financial services and banking documents. The firm counts Transcapitalbank, Bank Uralsib, Bank Soyuz, RGS Bank, Bank ZENIT and Otkritie Bank among its customers. Anonymous claims to have stolen 426,000 emails and leaked an archive of 160 GB in size through Demonstrated Denial of Secrets. Anonymous also claims to have hit other Russian government and quasi-governmental targets including GUOV i GS – General Dept. of Troops and Civil Construction,  Neocom Geoservice and Gazregion. 

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Nation-state cybercrime can impact businesses outside the government or military sphere quickly.



1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident

Leave a Reply