Government and education targets continue to be rocked by ransomware and GM experiences credential stuffing.
North Orange County Community College District
Exploit: Ransomware
North Orange County Community College District: Institution of Higher Learning
Risk to Business: 2.667 = Moderate
North Orange County Community College District in California has been notifying more than 19,000 people about a data security incident. A statement on the school’s website disclosed that Cypress College and Fullerton College in the NOCCCD system experienced a ransomware attack in March 2022. The notice was also posted to the website for Fullerton College for International Students and the Cypress College on-campus Dental Hygiene Clinic, but no confirmation that students in these locations were impacted.
Risk to Individual: 2.901 = Moderate
Exposed information may include a student’s name and passport number or other unique identification number issued on a government document (such as Social Security number or driver’s license number) and possibly financial account information and/or medical information for some students.
How It Could Affect Your Business: Schools have been a favourite target of bad actors and school system databases are popular targets because they often hold big stores of information.
Somerset County Government
Exploit: Ransomware
Somerset County Government: Local Government
Risk to Business: 1.963 = Severe
The government of Somerset County, New Jersey with an estimated population of about 350,000, announced on Tuesday that a ransomware attack had caused some systems outages. The county government said that its email system was down. County offices were using temporary Gmail accounts to enable residents to contact critical departments such as the County Commissioners, Health, Emergency Operations, the County Clerk, Sheriff and Surrogate. The county says that it expects the outages to continue for a week. The County Clerk’s office also disclosed that it has been rendered unable to provide most services that require internet access, including gaining access to land records, vital statistics, probate records and title searchers before 1977 In response, the county has activated its Emergency Operations Center and Continuity of Operations of Government Plan.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How It Could Affect Your Business Governments have been high on the cybercriminal’s shopping list since they tend to have big data stores.
Verizon
Exploit: Hacking
Verizon: Wireless Network Provider
Risk to Business: 2.802 = Moderate
Verizon has announced that hackers obtained access to a database. The hacked database includes the full name, email address, corporate ID numbers, and phone number of hundreds of Verizon employees. According to reports, the hacker contacted Verizon to ask for an extortion payment of $250,000 to prevent the release of the stolen data. Verizon has said that they do not plan to pay.
Risk to Business: 2.773 = Moderate
Information exposed in the database includes employee names, email addresses, corporate ID numbers, and phone numbers. Verizon says that the database does not include Social Security Numbers, passwords or credit card numbers.
How It Could Affect Your Business: Data security must be a priority for protecting employee PII as well as customer PII.
General Motors (GM)
Exploit: Credential Stuffing
General Motors (GM): Automobile Manufacturer
Risk to Business: 2.872 = Moderate
General Motors (GM) has announced that it was hit by a credential stuffing attack last month that exposed customer information. GM said that they detected the malicious login activity between April 11-29, 2022, and that hackers obtained access through credential stuffing. GM said in a statement “We believe that unauthorized parties gained access to customer login credentials that were previously compromised on other non-GM sites and then reused those credentials on the customer’s GM account.” The bad actors also redeemed loyalty points from some customers’ accounts for gift cards.
Risk to Individual: 2.583 = Moderate
Customer data that was exposed in this incident includes first and last names, personal email addresses, home addresses, usernames and phone numbers for registered family members tied to the account, last known and saved favorite location information, currently subscribed OnStar package (if applicable), family members’ avatars and photos (if uploaded), profile pictures and search and destination information, car mileage history, service history, emergency contacts and Wi-Fi hotspot settings (including passwords).
How it Could Affect Your Business: Dark web data is a credential compromise hazard that can bite any business big or small leading to a data exposure disaster.
Scarborough Health Network
Exploit: Hacking
Scarborough Health Network: Healthcare Network
Risk to Business: 1.917 = Severe
Toronto healthcare provider Scarborough Health Network has disclosed that it has experienced a data breach. Officials say that an unauthorized actor gained access to the organization’s systems around January 25, 2022. The attacker was shut out of the system by February 1, 2022. The information of anyone treated before February 1, 2022, may have been compromised. The organization says that patients who received care prior to the amalgamation of SHN Centenary Hospital (also known as Scarborough Centenary Hospital), SHN General (also known as Scarborough General), and Birchmount Hospital (also known as Scarborough Grace) under one network in 2016 might be impacted as well as patients who received care at hospitals that were part of the former Rouge Valley Hospital Network, including RVHS Ajax and Pickering Campus or Ajax-Pickering Hospital.
Risk to Business: 1.917 = Severe
The health network says a big pool of information may have been accessed, including patients’ names, dates of birth, marital statuses, home addresses, phone numbers, email addresses, OHIP numbers, insurance policy numbers, lab results, diagnosis information, COVID-19 immunization records. Staff names and numbers may have also been accessed.
How it Could Affect Your Business Medical data is very profitable for the bad guys, and data security incidents are sure to be expensive for medical systems.
Austria – Government of Carinthia
Exploit: Ransomware
Government of Carinthia: Regional Government
Risk to Business: 1.733-Severe
The Black Cat ransomware gang has struck the government of the Austrian state of Carinthia, demanding a ransom of $5 million. The government of Carinthia disclosed that 3,000 IT workstations were affected. Among services that were impacted by this incident include the issuance of passports and the payment of traffic fines. It doesn’t plan to pay the attackers.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How it Could Affect Your Business Ransomware is a go-to attack against governments because bad actors gave had plenty of success getting them to pay up.
Turkey – Pegasus Airlines
Exploit: Misconfiguration
Pegasus Airlines: Air Carrier
Risk to Business: 1.963 = Severe
Turkish carrier Pegasus Airlines has disclosed that data including the personal information of flight crew alongside source code and flight data has been exposed as the result of a misconfiguring an AWS bucket. Researchers discovered an estimated 23 million files were found on the bucket, totaling around 6.5TB of leaked data. This included over three million files containing sensitive flight data including flight charts and revisions, insurance documents, details of issues found during pre-flight checks and information on crew shifts. Over 1.6 million of the exposed files contained personally identifiable information (PII) on airline crew, including photos and signatures. Source code and data from Pegasus’s proprietary software was also exposed, including plain text passwords and secret keys.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How it Could Affect Your Business Employee mistakes can be just as dangerous, damaging and expensive as many cyberattacks.
Australia – Spirit Super
Exploit: Phishing
Spirit Super: Financial Services
Risk to Business: 2.771 = Severe
Spirit Super has announced that a cyberattack caused by an employee falling for a phishing message is the cause of a cyberattack that has led to data exposure for an estimated approximately 50,000 member records from 2019/2020. The company said that the incident was quickly mitigated, and the damage contained, with new security measures added.
Risk to Individual: 2.643 = Severe
Spirit Super says that the information potentially exposed includes client names, addresses, ages, email addresses, telephone numbers, member account numbers and member balances. The company was quick to assure members that the exposed data doesn’t include dates of birth, government identification numbers or any bank details.
How it Could Affect Your Business Phishing is the first step in more than 90% of data breaches, making stopping it a top security priority.
Australia – National Disability Insurance Scheme (NDIS)
Exploit: Supply Chain Risk
National Disability Insurance Scheme (NDIS): Government Program
Risk to Business: 2.654 = Severe
A client management system provided by a service provider and used by the National Disability Insurance Scheme (NDIS) has exposed sensitive data. The system was maintained by CTARS, a Sydney-based software and analytics provider for the disability and care sectors. NDIS disclosed that an unauthorized third party had gained access to its systems on May 15, 2022.
Risk to Individual: 2.643 = Severe
NDIS says that personal information relating to patients may have been exposed including details of the diagnoses, treatment, or recovery of a medical condition or disability. Other data possibly compromised includes Medicare and pensioner cards, as well as tax file numbers.
How it Could Affect Your Business Supply chain risk has been escalating as cybercriminals tap lynchpins in the supply chain and it’s sure to be a major risk for every business this year too.
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident