Categories
The Week in Breach

The Week in Breach News: 28/09/22 – 04/10/22


We’re kicking off Cybersecurity Awareness month with a bang! A $250k BEC attack hits Boulder County CO, BlackCat delivers ransomware to a New Jersey defense contractor &, a berry big data breach at an agricultural giant.



NJVC

Exploit: Ransomware

NJVC: Defense Contractor

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.806 = Severe

The BlackCat ransomware group has claimed responsibility for an attack on IT services provider NJVC. The company primarily serves the U.S. defense and intelligence community. The group has threatened to begin leaking NJVCs data in stages. However, it’s had difficulty following through on that threat – BackCat’s dark web leak site experienced technical difficulties shortly after the threat was made, and by September 30 they had removed NJVC from their hit list. No word on what if any ransom was paid or what data may have been compromised.

How It Could Affect Your Business: Attacks like this against defense contractors are very dangerous and could impact national security.


Fast Company

Exploit: Hacking

Fast Company: News Publication

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.713 = Moderate

Apple News was forced to disable business news publication Fast Company after hackers compromised the business magazines’ content management system and used it to send racist and inappropriately sexual push notifications to Apple News users.  Other news outlets that carried Fast Company’s content like INC. Magazine shut down their websites briefly to prevent suffering the same fate. Reports say that Fast Company’s website was defaced with foul language last Sunday after a hacker going by the nickname “postpixel”, claimed they were able to crack the default password used across multiple accounts, including that of an administrator. The hacker also claims to have had access to other content delivery streams and internal systems. Customer records were not impacted. The publication’s site remains down as the incident is handled.  

How It Could Affect Your Business: this publication is tied to the websites of other publications creating a cascade of danger for everyone involved


Physician’s Business Office

Exploit: Hacking

Physician’s Business Office: Medical Practice Management

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.601 = Severe

West Virginia-based healthcare business services provider Physician’s Business Office has notified 196,573 patients that their personal data and protected health information was likely stolen during a hack of its network in April 2022. Although HIPAA provisions call for affected patients to be informed within 60 days of the incident, the company didn’t meet that deadline, saying that it was working “to collect current mailing addresses for all potentially impacted individuals.” Providers were informed in late July 2022. 

cybersecurity news represented by agauge showing severe risk

Risk to Individual: 1.624 = Severe

The stolen data could include patient names, Social Security numbers, dates of birth, driver’s licenses, treatments, diagnoses, contact details, disability codes, prescription information, and health insurance account details. Patients will receive free credit monitoring and identity theft protection services. 

How It Could Affect Your Business: An incident like this is going to cost a fortune to fix and incur a boatload of noncompliance fines.


Reiter Affiliated Companies

Exploit: Hacking

Reiter Affiliated Companies: Berry Producer

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.624 = Severe

Reiter Affiliated Companies, the world’s largest fresh multi-berry producer, has disclosed the theft of personal and health information of 93,000 people. The data appears to be tied to the health and welfare plans of Reiter Affiliated Health and Southern Pacific Farming. The attack appears to have occurred in late June but was not discovered until early July. The company sent data breach notifications to the parties involved in early September 2022.  

cybersecurity news represented by agauge showing severe risk

Risk to Individual: 1.733 = Severe

The stolen data was tied to plan enrollment rosters, which contained member names, identifying information, contacts, SSNs and dates of birth.  

How it Could Affect Your Business: This type of data will be very profitable for the bad guys who are always on the hunt for more.


Boulder County, CO

Exploit: Business Email Compromise

Boulder County, CO: Regional Government

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.116 = Extreme

Officials in Boulder County, Colorado have disclosed that the county was recently the victim of a successful business email compromise attack. Hackers obtained access to one of its vendors through a cyberattack and used the company to send spear-phishing emails to country employees. Ultimately, the county ended up sending $238,000 to the bad actors. The county is working with federal law enforcement in the ongoing incident investigation.  

How it Could Affect Your Business: Governments are common targets for BEC schemes and government agencies must be alert for schemes like this one.



Canada – Yukon Department of Education

Exploit: Employee Error

Yukon Department of Education: Local Education Authority

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.702 = Moderate

The personal data of more than 500 students was exposed inadvertently by an employee of the Yukon Department of Education. Reports say that a department employee included the email address of someone who was not authorized to view the information when forwarding a spreadsheet containing the data of students who applied to a post-secondary grant program to colleagues. The recipient claims to have never opened the message. The incident took place in late August 2022 but affected students and their parents were not informed until mid-September. The district says that it is working with the Department of Education to ensure it has met its obligations under the Access to Information and Protection of Privacy Act. No information is available about the exact nature of the data exposed. 

How it Could Affect Your Business: Employee mistakes like sending the wrong file are the most likely way that a company will suffer a data breach.



Hong Kong – Shangri-La Hotels

Exploit: Hacking

Shangri-La Hotels: Hospitality Company

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.816 = Severe

The Shangri-La hotel group has said that a database containing the personal information of customers at eight of its Asian properties between May and July has been accesses by bad actors. The company disclosed that hotels in Hong Kong, Singapore, Chiang Mai, Taipei and Tokyo were involved in the incident.  The incident took place between May and July, a period during which a Shangri-La hotel in Singapore hosted Asia’s top security summit. The company said it had not yet been able to determine what data had been stolen. 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.718 = Severe

Customer data has been exposed including home addresses, drivers’ licenses, passport numbers. names, addresses, phone numbers, email addresses and individuals’ preferred pronouns. The company says that no financial or commercial account data was accessed.

How it Could Affect Your Business: Hotels are a prime place for bad actors to snatch data because they have a wide variety of customer information.



1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident