It’s game over for security at Bandai Namco, human error causes a breach at a UK college and Lending Tree admits they’ve been breached.
Narragansett Bay Commission
Exploit: Ransomware
Narragansett Bay Commission: Utility Company
Risk to Business: 2.783 = Moderate
The Narragansett Bay Commission has been hit with a ransomware attack. The utility runs sewer systems in parts of the Providence and Blackstone Valley areas in Rhode Island. A spokesperson for the company said that the company experiences the encryption of data on some computers and systems in its network. However, service was not interrupted, and the utility does not store customer payment data. No word on what data was stolen or if the Narragansett Bay Commission paid a ransom.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How It Could Affect Your Business: Experts have warned that utilities are key targets for cybercriminals looking for quick money.
Lending Tree
Exploit: Hacking
Lending Tree: Financial & Mortgage Services
Risk to Business: 1.672 = Severe
Mortgage giant Lending Tree, LLC recently confirmed that the company has experienced a data breach after cybercriminals discovered a code vulnerability on its website. According to a notice filed by the company, on June 3, 2022, Lending Tree discovered a code vulnerability on the company’s website that likely resulted in bad actors gaining access to sensitive personal information for customers. Lending Tree believes that the vulnerability was in place since mid-February 2022.
Individual Risk: 1.703 = Severe
Exposed information varies depending on the individual, but may include client names, Social Security numbers, dates of birth and street addresses.
How It Could Affect Your Business The financial sector was at the top of the cybercriminal hit list in 2021 and that hasn’t changed in 2022.
Family Practice Center
Exploit: Hacking
Family Practice Center: Medical Clinic Operator
Risk to Business: 1.701 = Severe
Pennsylvania-based medical clinic chain Family Practice Center has experienced a data breach. The company filed a notice with the U.S. Department of Health and Human Services saying that on October 11, 2021, it was the target of a cyberattack that attempted to shut down its computer systems. This may have led to an unauthorized party gaining access to sensitive data about 83,969 patients.
Individual Risk: 1.641 = Severe
The breached information includes a patient’s name, Social Security number, address, medical insurance information and health/ treatment information.
How It Could Affect Your Business: Medical facilities of all kinds should be strengthening security in response to non-stop threats in the sector.
United Kingdom – Morgan Hunt
Exploit: Supply Chain Risk
Morgan Hunt: Recruiting Firm
Risk to Business: 1.776 = Severe
British recruitment agency Morgan Hunt confirmed that it has experienced a data breach that resulted in intruders snatching personal data for some of the freelancers on its books. The recruiter pointed the finger at a third party service provider as the source of the problem. Impacted freelancers were sent a letter informing them of the incident.
Individual Risk: 1.741 = Severe
The information accessed included contractors’ names, contact details, identity documents, proof of address documents (including any bank or building society statement provided), National Insurance number, and date of birth.
How it Could Affect Your Business: Cybercriminals are hungry for fresh stores of data, making service providers very attractive targets
United Kingdom – City College Norwich
Exploit: Human Error
City College Norwich: Institution of Higher Learning
Risk to Business: 2.304 = Severe
City College of Norwich is in hot water after an employee mistakenly sent the wrong information to a student’s family. A parent tipped off officials after they were sent an expected attachment in an email exchange with one of the college’s customer service team when she received an unanticipated attachment, a spreadsheet titled “P2E links for scheduled applicants”. That spreadsheet contained the personal data of hundreds of people associated with the college. The incident is under investigation.
Individual Risk: 2.215 = Severe
The spreadsheet included names, telephone numbers, postal and email addresses and other identifying details of students and applicants.
How it Could Affect Your Business Humans will make mistakes, but training can help reduce the chance that employees make security errors like this one.
Japan – Bandai Namco
Exploit: Ransomware
Bandai Namco: Videogame & Toy Maker
Risk to Business: 1.929 = Severe
The ransomware group Black Cat is claiming responsibility for a ransomware attack that hit Japanese entertainment company Bandai Namco. The video gaming giant confirmed that the group’s companies in Asian regions, excluding Japan, were breached by a third party on July 3, 2022. Bandai Namco appeared on the cybercriminal operation’s dark web site immediately afterward. The company said that in a statement “It is a possibility that customer information related to the Toys and Hobby Business in Asian regions (excluding Japan) was included in the servers and PCs, and we are currently identifying the status about [the] existence of leakage, scope of the damage, and investigating the cause.”
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How it Could Affect Your Business Ransomware attacks on all sorts of businesses have soared in the last 12 months as cybercriminals search for new revenue streams.
Australia – Deakin University
Exploit: Credential Compromise
Deakin University: Institution of Higher Learning
Risk to Business: 2.017 = Severe
Deakin University in Melbourne has experienced a data security incident. The username and password of a single staff member at Deakin University was hacked and then used to unlock private details of 46,980 past and current students. The hackers then used that data to send phishing messages to students. In the messages, the cybercriminals sent out two links, both of which took the student to a malicious form that phished for information including credit card details. The breach will be reported to the Office of the Victorian Information Commissioner (OVIC).
Risk to Business: 2.213 = Severe
Altogether, bad actors obtained the contact details of 46,980 past and current Deakin students. The haul included student names, IDs, mobile numbers, email addresses and even recent university results.
How it Could Affect Your Business Just one compromised credential can open organizations up to a world of hurt and an expensive security nightmare.
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident