Categories
The Week in Breach

The Week in Breach News: 10/08/22 – 16/08/22


 An employee’s compromised Google account is to blame for a nasty incident at Cisco and 7-11 is closed by ransomware in Denmark.



Cisco

Exploit: Hacking 

Cisco: Networking Technology Company

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.211 = Severe

Cisco Systems confirmed experiencing a cyberattack in May 2022 that was caused by the compromise of an employee’s Google account, The company’s investigation determined that the attackers obtained details of an employee’s private Google account, which contained passwords synced with Cisco’s web browser. The attackers parlayed that into initial access to Cisco’s VPN. The employee’s credentials were synced through the Chrome browser, where the targeted employee had also stored their Cisco credentials. The Yanluowang ransomware gang has claimed responsibility by publishing files stolen in the incident on its dark web leak site.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Business: Insecure or compromised employee credentials can do big damage in a very short span of time.


PlatformQ

Exploit: Misconfiguration

PlatformQ: Digital Engagement Solutions

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.687 = Severe

PlatformQ, a provider of digital engagement solutions for healthcare (PlatformQ Health) and education (PlatformQ Education) sector entities, experienced a data breach after an employee accidentally published a database backup stored in a misconfigured AWS S3 bucket. The data appears to be about marketing the drug Zarex to doctor’s offices and similar places, and PII for healthcare professionals was involved.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.733 = Severe

The leak exposed sensitive information including the full names, personal email addresses, job titles work email addresses, home, work and private phone numbers and National Provider Identifier (NPI) numbers of an estimated 99,000 healthcare professionals

How It Could Affect Your Customers’ Business Employee mistakes and negligence are responsible for more data breaches than any other cause, but training helps fix that.


Behavioral Health Group

Exploit: Hacking

Behavioral Health Group: Addiction Treatment Center Operator 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.716 = Severe

Behavioral Health Group recently began notifying 197,507 patients that their data was stolen in a December 2021 cyberattack. The opioid treatment provider’s 80 clinics suffered a week of IT outages that disrupted patient care after a cyberattack forced the team to shut down portions of the network. That in turn caused delays for health services like refilling patient medications, a critical part of the recovery process for many addiction treatment patients.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.802 = Severe

The stolen data varied by patient and could include patient names, Social Security numbers, driver’s licenses, passports, biometrics, health insurance information, diagnoses, treatments, prescriptions, dates of service, and medical record numbers. Only patients whose SSNs were compromised will receive free credit monitoring. 

How It Could Affect Your Business: Medical entities of all sorts have been high on cybercriminal hit lists because they know that it’s a rich and time-sensitive industry.


Acorn Financial Services

Exploit: Phishing

Acorn Financial Services: Financial Planners

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.837 = Severe

In April 2022, Acorn Financial Services discovered unusual activity within an employee email account that ultimately led to uncovering a data breach. Acorn says that the incident was kicked off by an employee falling for a phishing email. The company acted to secure the employee’s email account and confirmed that an unauthorized actor has potentially gained access to sensitive customer data. The company has filed data breach notifications and is informing the impacted customers via mail. 

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.646 = Severe

While the breached information varies depending on the individual, it may include the client’s name, address, date of birth, driver’s license number, financial account number, Social Security number and other account-related information.  

How it Could Affect Your Business: The financial services sector was the most heavily under seige by ransomware last year, a pattern that continues in 2022.


Klaviyo

Exploit: Phishing

Klaviyo: Email Marketing Firm

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.284 = Severe

In an interesting twist on the usual data breach incident, email marketing firm Klaviyo suffered a concentrated and specific data breach on August 3, 2022. After gaining access to an employee’s account thanks to a successful phishing attack, bad actors then downloaded marketing lists used by cryptocurrency-related clients for outreach efforts and for Klaviyo product and marketing updates. The threat actor used the internal customer support tools to search for primarily crypto-related accounts and viewed list and segment information for 44 Klaviyo accounts, downloading data from at least 38 accounts. 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.284 = Severe

 Stolen data includes customers’ names, addresses, email addresses, account profile information and phone numbers. The hackers also downloaded two internal lists used by Klaviyo for product and marketing updates that contain names, addresses, email addresses, and phone numbers.

How it Could Affect Your Business Phishing is the most likely way for any organization to open the door to a data breach.



Bombardier Recreational Products (BRP) Inc.

Exploit: Ransomware

Bombardier Recreational Products (BRP) Inc.: Recreational Equipment Manufacturer 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.529 = Severe

 BRP, Inc, manufacturer of the Ski-Doo and other all-terrain vehicles, watercraft and snowmobiles, has been hit with a suspected ransomware attack that shut down operations briefly at its plants. This attack may have resulted from exposure by a third-party service provider. After an initial complete closure of manufacturing operations, the company expects its manufacturing sites in Valcourt, Canada, Rovaniemi, Finland, Gunskirchen, Austria and Sturtevant in to resume operations imminently. 

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Service disruptions from cyberattacks can cost manufacturers and the companies that they supply a fortune.


Union des producteurs agricoles (UPA)

Exploit: Ransomware

Union des producteurs agricoles (UPA): Agricultural Trade Organization 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.017 = Severe

Hackers launched a ransomware attack on the Union des producteurs agricoles (UPA) on Sunday, a regional agriculture organization. Bad actors deployed ransomware that paralyzed the network, leaving an estimated 160 UPA employees and 23 UPA client organizations, like the union of grain producers, unable to connect. An investigation is ongoing, and services are expected to be quickly restored.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Groups like this offer a great opportunity for cybercriminals to snatch profitable and useful data.



Denmark – 7 –11 Stores

Exploit: Hacking

7-11 Stores: Convenience Store Chain 

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.211 = Extreme

The chain of 7-11 stores in Denmark was forced to shut down after a cyberattack disrupted stores’ payment and checkout systems throughout the country. The attack occurred on August 8th, and all stores remain closed while the company investigates the incident. No word on when they’ll reopen or the nature of the attack, although ransomware is suspected.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business No company can afford to be shut down entirely for days or weeks because of a cyberattack, especially not in retail.



1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident

Leave a Reply