The Week in Breach

The Week in Breach News: 12/10/22 – 18/10/22

Nation-state threat actors hit the Mormon Church and trouble for NHS IT services provider Advanced.

Indianapolis Housing Agency

Exploit: Hacking

Indianapolis Housing Agency: Municipal Housing Authority

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.743 = Severe

A cyberattack has caused the shutdown of the internal information and email system of the Indianapolis Housing Agency (IHA). The outage began last Monday. Hackers may have accessed the personal information of approximately 25,000 Indianapolis residents served by IHA. Data from vendors and employees as well as the details of financial transactions shared with the Department of Housing and Urban Development (HUD) may also have been exposed. IHA admitted that it discovered the intrusion on October 3, but had not informed residents or issued a public statement until after local news broke the story on October 6. but did not issue a public statement until October 6. The incident is under investigation.

How It Could Affect Your Business: Government agencies are appealing targets for information-hungry cybercriminals thanks to historically poor security.

The Church of Jesus Christ of Latter-day Saints

Exploit: Nation-State Hacking

The Church of Jesus Christ of Latter-day Saints: Religious Organization

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.604 = Severe

The Church of Jesus Christ of Latter-day Saints, colloquially known as the LDS Church or Mormon Church, disclosed that it had suffered a data breach in March 2022 that officials believe was the result of a nation-state cyberattack. This breach involved the exposure of sensitive personal information of Church members, employees, contractors and other people the church kept records about. The breach did not include banking information or donation history. The church said that breach occurred on March 23, 2022, but that they’d not released any information about it at the request of federal investigators.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.723 = Severe

Data stolen in this incident included personal information that church members or employees provided to the church, including basic contact information such as a person’s username in the system, membership record number, full name, gender, email address, birth date, mailing address, phone number and preferred language. 

How It Could Affect Your Business: This is a goldmine of personal data that will enable cybercrime like phishing and identity theft for years to come.

VisionWeb Holdings, LLC

Exploit: Hacking

VisionWeb Holdings, LLC: Software Company

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.107 = Severe

VisionWeb Holdings, LLC, a maker of software used in ophthalmology and eye care clinics, has disclosed that it has had a data breach. In a filing with U.S. Department of Health and Human Services (HHS) Office for Civil Rights and the Texas Attorney General, the company said that bad actors were able to access protected health information through a compromised employee email account. The data breach has impacted the confidential information of 35,900 individuals, who have been informed by letter.  

cybersecurity news represented by agauge showing severe risk

Individual Risk: 2.261 = Severe

The breached information varies depending on the individual, it may include your name, Social Security number, government-issued identification number (such as driver’s license or state ID number), medical information and health insurance information. 

How It Could Affect Your Business: Every business in the healthcare industry needs to be security conscious to avoid punishing fines from regulators.

UK – Advanced

Exploit: Ransomware

Advanced: IT Services Provider

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.624 = Severe

UK National Health Service (NHS) IT services provider Advanced announced that it had experienced a data breach stemming from a ransomware attack. LockBit 2.0 ransomware was at the root of the attack. The company initially experienced the ransomware incident on August 4 following widespread disruption to NHS services across the UK in a cyber incident. The Advanced attack took down a number of NHS services ices, including its Adastra patient management system and Carenotes, a system used by mental health trusts for patient information. The company revealed that it had determined that hackers gained access to its systems on August 2 using compromised third-party credentials to establish a remote desktop session to the company’s Staffplan Citrix server. After gaining entry, the attacker moved laterally and escalated privileges, enabling them to conduct reconnaissance and ultimately resulting in the deployment of encryption malware. The company says that it has no evidence that data was exposed or stolen.

How it Could Affect Your Business: Service providers are an attractive candidate for ransomware because the bad guys know that those businesses can’t afford downtime.

India – Tata Power

Exploit: Hacking

Tata Power: Utility Company 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.363 = Severe

Tata Power, a leading power generation company in India, has confirmed that it was hit by a successful cyberattack that impacted some of its IT systems last Friday. The company was quick to reassure customers and investors that its critical systems were unaffected. In a filing with stock exchanges, Tata Power says that it has taken steps to retrieve and restore the systems. The company also said that it has restricted access and put in place preventive checks for employee and customer-facing portals and touchpoints. No further information was available at press time.  

How it Could Affect Your Business: Infrastructure is in danger – Bad actors conducted successful cyberattacks against 14 of 16 critical infrastructure sectors in the US in 2021.

Australia – Medibank Private

Exploit: Ransomware

Medibank Private: Health Insurer

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.731 = Severe

Australia’s largest private health insurer Medibank Private has confirmed that it fell victim to a ransomware attack last week. The health insurer said that the cause of the attack was compromised credentials. Bad actors used those credentials to access Medibank’s systems on Wednesday and deploy ransomware. The company says that its investigation has determined that no customer data was accessed or stolen. Medibank temporarily closed some systems while the activity was investigated but resumed normal business last Friday.

How it Could Affect Your Business: Ransomware attacks on healthcare-related sect targets have been a constantly growing problem since 2020.

Australia – MyDeal

Exploit: Credential Compromise

MyDeal: Online Retailer

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.816 = Severe

MyDeal, an online shopping site operated by Woolworths Group, has disclosed that it has experienced a data breach as a result of a successful cyberattack. The company points to a compromised credential that gave the hackers access to its customer relationship management system as the cause of the incident. Approximately 2.2 million customers were affected, and those customers were sent emails informing them of the incident.  

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.837 = Severe

Compromised data for MyDeal users may include email addresses, phone numbers, delivery addresses and dates of birth. The company stated that 1.2 million customers involved in the breach had only had their email addresses exposed.  

How it Could Affect Your Business: Online retailers are excellent sources of data for enterprising cybercriminals.

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident