Categories
The Week in Breach

The Week in Breach News: 25/05/22 – 31/05/22


Government and education targets continue to be rocked by ransomware and GM experiences credential stuffing.



North Orange County Community College District

Exploit: Ransomware

North Orange County Community College District: Institution of Higher Learning

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.667 = Moderate

North Orange County Community College District in California has been notifying more than 19,000 people about a data security incident. A statement on the school’s website disclosed that Cypress College and Fullerton College in the NOCCCD system experienced a ransomware attack in March 2022. The notice was also posted to the website for Fullerton College for International Students and the Cypress College on-campus Dental Hygiene Clinic, but no confirmation that students in these locations were impacted.

cybersecurity news represented by a gauge indicating moderate risk

Risk to Individual: 2.901 = Moderate

Exposed information may include a student’s name and passport number or other unique identification number issued on a government document (such as Social Security number or driver’s license number) and possibly financial account information and/or medical information for some students. 

How It Could Affect Your Business: Schools have been a favourite target of bad actors and school system databases are popular targets because they often hold big stores of information.


Somerset County Government

Exploit: Ransomware

Somerset County Government: Local Government

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.963 = Severe

The government of Somerset County, New Jersey with an estimated population of about 350,000, announced on Tuesday that a ransomware attack had caused some systems outages. The county government said that its email system was down. County offices were using temporary Gmail accounts to enable residents to contact critical departments such as the County Commissioners, Health, Emergency Operations, the County Clerk, Sheriff and Surrogate. The county says that it expects the outages to continue for a week. The County Clerk’s office also disclosed that it has been rendered unable to provide most services that require internet access, including gaining access to land records, vital statistics, probate records and title searchers before 1977 In response, the county has activated its Emergency Operations Center and Continuity of Operations of Government Plan.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Business Governments have been high on the cybercriminal’s shopping list since they tend to have big data stores.


Verizon

Exploit: Hacking

Verizon: Wireless Network Provider

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.802 = Moderate

Verizon has announced that hackers obtained access to a database. The hacked database includes the full name, email address, corporate ID numbers, and phone number of hundreds of Verizon employees. According to reports, the hacker contacted Verizon to ask for an extortion payment of $250,000 to prevent the release of the stolen data. Verizon has said that they do not plan to pay.

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.773 = Moderate

Information exposed in the database includes employee names, email addresses, corporate ID numbers, and phone numbers. Verizon says that the database does not include Social Security Numbers, passwords or credit card numbers.

How It Could Affect Your Business: Data security must be a priority for protecting employee PII as well as customer PII.


General Motors (GM)

Exploit: Credential Stuffing

General Motors (GM): Automobile Manufacturer

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.872 = Moderate

General Motors (GM) has announced that it was hit by a credential stuffing attack last month that exposed customer information. GM said that they detected the malicious login activity between April 11-29, 2022, and that hackers obtained access through credential stuffing. GM said in a statement “We believe that unauthorized parties gained access to customer login credentials that were previously compromised on other non-GM sites and then reused those credentials on the customer’s GM account.” The bad actors also redeemed loyalty points from some customers’ accounts for gift cards.

cybersecurity news represented by a gauge indicating moderate risk

Risk to Individual: 2.583 = Moderate

Customer data that was exposed in this incident includes first and last names, personal email addresses, home addresses, usernames and phone numbers for registered family members tied to the account, last known and saved favorite location information, currently subscribed OnStar package (if applicable), family members’ avatars and photos (if uploaded), profile pictures and search and destination information, car mileage history, service history, emergency contacts and Wi-Fi hotspot settings (including passwords).

How it Could Affect Your Business: Dark web data is a credential compromise hazard that can bite any business big or small leading to a data exposure disaster. 



Scarborough Health Network

Exploit: Hacking

Scarborough Health Network: Healthcare Network

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.917 = Severe

Toronto healthcare provider Scarborough Health Network has disclosed that it has experienced a data breach. Officials say that an unauthorized actor gained access to the organization’s systems around January 25, 2022. The attacker was shut out of the system by February 1, 2022. The information of anyone treated before February 1, 2022, may have been compromised. The organization says that patients who received care prior to the amalgamation of SHN Centenary Hospital (also known as Scarborough Centenary Hospital), SHN General (also known as Scarborough General), and Birchmount Hospital (also known as Scarborough Grace) under one network in 2016 might be impacted as well as patients who received care at hospitals that were part of the former Rouge Valley Hospital Network, including RVHS Ajax and Pickering Campus or Ajax-Pickering Hospital.

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.917 = Severe

The health network says a big pool of information may have been accessed, including patients’ names, dates of birth, marital statuses, home addresses, phone numbers, email addresses, OHIP numbers, insurance policy numbers, lab results, diagnosis information, COVID-19 immunization records. Staff names and numbers may have also been accessed. 

How it Could Affect Your Business Medical data is very profitable for the bad guys, and data security incidents are sure to be expensive for medical systems.



Austria – Government of Carinthia

Exploit: Ransomware

Government of Carinthia: Regional Government

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.733-Severe

The Black Cat ransomware gang has struck the government of the Austrian state of Carinthia, demanding a ransom of $5 million. The government of Carinthia disclosed that 3,000 IT workstations were affected. Among services that were impacted by this incident include the issuance of passports and the payment of traffic fines. It doesn’t plan to pay the attackers.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Ransomware is a go-to attack against governments because bad actors gave had plenty of success getting them to pay up.


Turkey – Pegasus Airlines

Exploit: Misconfiguration

Pegasus Airlines: Air Carrier

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.963 = Severe

Turkish carrier Pegasus Airlines has disclosed that data including the personal information of flight crew alongside source code and flight data has been exposed as the result of a misconfiguring an AWS bucket. Researchers discovered an estimated 23 million files were found on the bucket, totaling around 6.5TB of leaked data. This included over three million files containing sensitive flight data including flight charts and revisions, insurance documents, details of issues found during pre-flight checks and information on crew shifts. Over 1.6 million of the exposed files contained personally identifiable information (PII) on airline crew, including photos and signatures. Source code and data from Pegasus’s proprietary software was also exposed, including plain text passwords and secret keys.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Employee mistakes can be just as dangerous, damaging and expensive as many cyberattacks.



Australia – Spirit Super

Exploit: Phishing 

Spirit Super: Financial Services

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.771 = Severe

Spirit Super has announced that a cyberattack caused by an employee falling for a phishing message is the cause of a cyberattack that has led to data exposure for an estimated approximately 50,000 member records from 2019/2020. The company said that the incident was quickly mitigated, and the damage contained, with new security measures added. 

cybersecurity news represented by agauge showing severe risk

Risk to Individual: 2.643 = Severe

Spirit Super says that the information potentially exposed includes client names, addresses, ages, email addresses, telephone numbers, member account numbers and member balances. The company was quick to assure members that the exposed data doesn’t include dates of birth, government identification numbers or any bank details. 

How it Could Affect Your Business Phishing is the first step in more than 90% of data breaches, making stopping it a top security priority.


Australia – National Disability Insurance Scheme (NDIS)

Exploit: Supply Chain Risk 

National Disability Insurance Scheme (NDIS): Government Program 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.654 = Severe

A client management system provided by a service provider and used by the National Disability Insurance Scheme (NDIS) has exposed sensitive data. The system was maintained by CTARS, a Sydney-based software and analytics provider for the disability and care sectors. NDIS disclosed that an unauthorized third party had gained access to its systems on May 15, 2022.

cybersecurity news represented by agauge showing severe risk

Risk to Individual: 2.643 = Severe

NDIS says that personal information relating to patients may have been exposed including details of the diagnoses, treatment, or recovery of a medical condition or disability. Other data possibly compromised includes Medicare and pensioner cards, as well as tax file numbers. 

How it Could Affect Your Business Supply chain risk has been escalating as cybercriminals tap lynchpins in the supply chain and it’s sure to be a major risk for every business this year too.


1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident

Leave a Reply