MSnet

Nation-state threat actors hit the Mormon Church and trouble for NHS IT services provider Advanced.

Indianapolis Housing Agency

Exploit: Hacking

Indianapolis Housing Agency: Municipal Housing Authority

Risk to Business: 1.743 = Severe

A cyberattack has caused the shutdown of the internal information and email system of the Indianapolis Housing Agency (IHA). The outage began last Monday. Hackers may have accessed the personal information of approximately 25,000 Indianapolis residents served by IHA. Data from vendors and employees as well as the details of financial transactions shared with the Department of Housing and Urban Development (HUD) may also have been exposed. IHA admitted that it discovered the intrusion on October 3, but had not informed residents or issued a public statement until after local news broke the story on October 6. but did not issue a public statement until October 6. The incident is under investigation.

How It Could Affect Your Business: Government agencies are appealing targets for information-hungry cybercriminals thanks to historically poor security.

The Church of Jesus Christ of Latter-day Saints

Exploit: Nation-State Hacking

The Church of Jesus Christ of Latter-day Saints: Religious Organization

Risk to Business: 1.604 = Severe

The Church of Jesus Christ of Latter-day Saints, colloquially known as the LDS Church or Mormon Church, disclosed that it had suffered a data breach in March 2022 that officials believe was the result of a nation-state cyberattack. This breach involved the exposure of sensitive personal information of Church members, employees, contractors and other people the church kept records about. The breach did not include banking information or donation history. The church said that breach occurred on March 23, 2022, but that they’d not released any information about it at the request of federal investigators.

Individual Risk: 1.723 = Severe

Data stolen in this incident included personal information that church members or employees provided to the church, including basic contact information such as a person’s username in the system, membership record number, full name, gender, email address, birth date, mailing address, phone number and preferred language. 

How It Could Affect Your Business: This is a goldmine of personal data that will enable cybercrime like phishing and identity theft for years to come.

VisionWeb Holdings, LLC

Exploit: Hacking

VisionWeb Holdings, LLC: Software Company

Risk to Business: 2.107 = Severe

VisionWeb Holdings, LLC, a maker of software used in ophthalmology and eye care clinics, has disclosed that it has had a data breach. In a filing with U.S. Department of Health and Human Services (HHS) Office for Civil Rights and the Texas Attorney General, the company said that bad actors were able to access protected health information through a compromised employee email account. The data breach has impacted the confidential information of 35,900 individuals, who have been informed by letter.  

Individual Risk: 2.261 = Severe

The breached information varies depending on the individual, it may include your name, Social Security number, government-issued identification number (such as driver’s license or state ID number), medical information and health insurance information. 

How It Could Affect Your Business: Every business in the healthcare industry needs to be security conscious to avoid punishing fines from regulators.

UK – Advanced

Exploit: Ransomware

Advanced: IT Services Provider

Risk to Business: 1.624 = Severe

UK National Health Service (NHS) IT services provider Advanced announced that it had experienced a data breach stemming from a ransomware attack. LockBit 2.0 ransomware was at the root of the attack. The company initially experienced the ransomware incident on August 4 following widespread disruption to NHS services across the UK in a cyber incident. The Advanced attack took down a number of NHS services ices, including its Adastra patient management system and Carenotes, a system used by mental health trusts for patient information. The company revealed that it had determined that hackers gained access to its systems on August 2 using compromised third-party credentials to establish a remote desktop session to the company’s Staffplan Citrix server. After gaining entry, the attacker moved laterally and escalated privileges, enabling them to conduct reconnaissance and ultimately resulting in the deployment of encryption malware. The company says that it has no evidence that data was exposed or stolen.

How it Could Affect Your Business: Service providers are an attractive candidate for ransomware because the bad guys know that those businesses can’t afford downtime.

India – Tata Power

Exploit: Hacking

Tata Power: Utility Company 

Risk to Business: 2.363 = Severe

Tata Power, a leading power generation company in India, has confirmed that it was hit by a successful cyberattack that impacted some of its IT systems last Friday. The company was quick to reassure customers and investors that its critical systems were unaffected. In a filing with stock exchanges, Tata Power says that it has taken steps to retrieve and restore the systems. The company also said that it has restricted access and put in place preventive checks for employee and customer-facing portals and touchpoints. No further information was available at press time.  

How it Could Affect Your Business: Infrastructure is in danger – Bad actors conducted successful cyberattacks against 14 of 16 critical infrastructure sectors in the US in 2021.

Australia – Medibank Private

Exploit: Ransomware

Medibank Private: Health Insurer

Risk to Business: 1.731 = Severe

Australia’s largest private health insurer Medibank Private has confirmed that it fell victim to a ransomware attack last week. The health insurer said that the cause of the attack was compromised credentials. Bad actors used those credentials to access Medibank’s systems on Wednesday and deploy ransomware. The company says that its investigation has determined that no customer data was accessed or stolen. Medibank temporarily closed some systems while the activity was investigated but resumed normal business last Friday.

How it Could Affect Your Business: Ransomware attacks on healthcare-related sect targets have been a constantly growing problem since 2020.

Australia – MyDeal

Exploit: Credential Compromise

MyDeal: Online Retailer

Risk to Business: 1.816 = Severe

MyDeal, an online shopping site operated by Woolworths Group, has disclosed that it has experienced a data breach as a result of a successful cyberattack. The company points to a compromised credential that gave the hackers access to its customer relationship management system as the cause of the incident. Approximately 2.2 million customers were affected, and those customers were sent emails informing them of the incident.  

Individual Risk: 1.837 = Severe

Compromised data for MyDeal users may include email addresses, phone numbers, delivery addresses and dates of birth. The company stated that 1.2 million customers involved in the breach had only had their email addresses exposed.  

How it Could Affect Your Business: Online retailers are excellent sources of data for enterprising cybercriminals.

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident

This week we’re diving into a cascade of cybercrime in Australia and New Zealand.  

CSI Laboratories

Exploit: Phishing

CSI Laboratories: Medical Testing Company

Risk to Business: 1.173 = Extreme

For the second time in just 6 months, CSI Laboratories has experienced a data breach, this time as a result of a phishing incident in July 2022. In that incident, hackers attempted to commit payment fraud and were able to acquire a large number of files containing patient information. CSI reported the phishing incident on Sept. 26 to the U.S. Department of Health and Human Services Office for Civil Rights as affecting 244,850 individuals. The company says that this breach was not related to another data breach that it suffered in March 2022 that affected the data of 312,000 individuals.

Risk to Business: 1.806 = Severe

Patient information that may have been compromised in this breach includes documents that may have contained a patient’s name and patient number, and in some cases additional patient information, including date of birth and health insurance information. 

How It Could Affect Your Business: Two breaches within six months is a disaster and regulators won’t hesitate to slap down massive fines.

City of Dunedin, FL

Exploit: Hacking

City of Dunedin, FL: Municipality

Risk to Business: 2.604 = Moderate

The city of Dunedin has announced that officials discovered a cybersecurity incident impacting its network on Tuesday. City systems and services including city email, online payments for permits, inspection scheduling, utility billing, Parks & Recreation programs and online payments for Marina fees were knocked out. The city was quick to assure residents that water and wastewater services were not impacted.  

How It Could Affect Your Business: Municipalities have been taking a lot of heat from cybercriminals looking for a quick buck because they often have outdated security.

CommonSpirit Health

Exploit: Ransomware

CommonSpirit Health: Healthcare System Operator

Risk to Business: 2.771 = Extreme

One of the largest healthcare systems in the US is experiencing outages impacting patient care after a suspected ransomware attack knocked some hospital systems offline. Subsidiaries of CommonSpirit have reported being affected by the attack including CHI Health facilities in Nebraska and Tennessee, Seattle-based Virginia Mason Franciscan Health providers, MercyOne Des Moines Medical Center, Houston-based St. Luke’s Health and Michigan-based Trinity Health System. The company disclosed that it has rescheduled some patient procedures because of an inability to access electronic medical records or lab results. Some hospitals are using paper charts. The company says it is working to restore systems and the incident is under investigation.

How It Could Affect Your Business: Ransomware is an especially devastating prospect for a healthcare organization because it can impact patient care and even mortality rates.

Australia – The Dialog Group

Exploit: Hacking

The Dialog Group: IT Consulting Company

Risk to Business: 1.624 = Severe

Singapore Telecommunications Ltd (Singtel) has announced that its Australian division The Dialog Group has experienced a cyberattack that potentially exposed information about 1,000 current and former employees and an estimated 20 clients. Singtel, which acquired The Dialog Group earlier this year, also owns Optus, the scene of a massive breach just a few weeks ago. Company officials say that the two incidents are not connected, and the exact nature of the stolen data was not available at press time.

How it Could Affect Your Business: Cybersecurity awareness training helps reduce a company’s chance of having an incident significantly.

Australia – G4S

Exploit: Ransomware

G4S: Security Firm 

Risk to Business: 2.363 = Severe

Individual Risk: 2.325 = Severe

Employees of security firm G4S have been alerted that some of their personal and financial data may have been exposed in a ransomware incident after a cyberattack hit Fort Phillip prison in July 2022. The company apparently learned in mid-September that sensitive employee data had been snatched by bad actors in the incident.  The firm announced that it is working with the Australian Cyber Security Centre (ACSC) and IDCARE as part of its response.  

How it Could Affect Your Business: Financial data is especially desirable for bad actors, and failing to protect it can incur big fines in a place with data protection regulations.

Australia – Costa Group

Exploit: Phishing

Costa Group: Agricultural Producer

Risk to Business: 2.731 = Moderate

Fruit and vegetable company Costa Group says that an employee falling victim to a phishing attack resulted in unauthorized access to its servers. The company experienced the incident in August 2022. After an investigation, they’ve confirmed that the data exposed was limited to its berry farming operation Costa Corindi. Costa Farms did not provide details of the number of people impacted. The company says it has notified relevant authorities about the attack, including the Australian Cyber Security Center and the Office of the Australian Information Commissioner.  

Risk to Business: 2.655 = Moderate

The company said that exposed worker data may include workers’ passport details, bank details, superannuation details and tax file numbers.  

How it Could Affect Your Business: Agribusinesses and the food supply chain have been in the spotlight as risks escalate in critical infrastructure sectors.

Australia – Telstra

Exploit: Hacking

Telstra: Telecommunications Company

Risk to Business: 2.816 = Moderate

Just a few weeks after the massive Optus breach, Australian telecom Telstra has disclosed that it has experienced a data breach. The breach was likely caused by a cyberattack on a third-party vendor, Pegasus Group Australia, that operated a platform used in its employee rewards program. Basic employee data for an estimated 30,000 people including more than 12,000 current employees has potentially been exposed. Telstra officials suspect that the miscreant behind this data is trying to profit from buzz about the Optus breach. That data consisted of employees’ first and last names and email addresses reaching back to 2017. The National Australia Bank (NAB) was also impacted in this third-party vendor hack but details of that incident were unavailable at press time.  

How it Could Affect Your Business: Third-party and supply chain risk has been the story of the year in 2022 and all businesses should be working to mitigate it.

New Zealand – Pinnacle Midlands Health Network

Exploit: Ransomware 

Pinnacle Midlands Health Network: Healthcare System Operator 

Risk to Business: 1.816 = Severe

A successful ransomware attack on Pinnacle Midlands Health Network by cybercrime group Black Cat has resulted in patient data being exposed online. The company disclosed that the attack impacted clinics in the Waikato, Lakes, Taranaki and Tairawhiti districts, including Primary Health Care Ltd (PHCL) practices from across Taranaki, Rotorua, Taupō-Tūrangi, Thames-Coromandel and Waikato. Pinnacle noted in its statement that it does not hold GP notes and consultation records. The number of affected patients has not been made public, but news reports are saying as many as 450,000 people’s information could have been exposed. Information potentially exposed in this breach includes high-level data related to the use of hospital services, claiming information related to services that Pinnacle provides and information sent to practices around immunization and screening status of individual patients. No further details were available at press time.   

How it Could Affect Your Business: Third-party and supply chain risk has been the story of the year in 2022 and all businesses should be working to mitigate it.

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident

We’re kicking off Cybersecurity Awareness month with a bang! A $250k BEC attack hits Boulder County CO, BlackCat delivers ransomware to a New Jersey defense contractor &, a berry big data breach at an agricultural giant.

NJVC

Exploit: Ransomware

NJVC: Defense Contractor

Risk to Business: 1.806 = Severe

The BlackCat ransomware group has claimed responsibility for an attack on IT services provider NJVC. The company primarily serves the U.S. defense and intelligence community. The group has threatened to begin leaking NJVCs data in stages. However, it’s had difficulty following through on that threat – BackCat’s dark web leak site experienced technical difficulties shortly after the threat was made, and by September 30 they had removed NJVC from their hit list. No word on what if any ransom was paid or what data may have been compromised.

How It Could Affect Your Business: Attacks like this against defense contractors are very dangerous and could impact national security.

Fast Company

Exploit: Hacking

Fast Company: News Publication

Risk to Business: 2.713 = Moderate

Apple News was forced to disable business news publication Fast Company after hackers compromised the business magazines’ content management system and used it to send racist and inappropriately sexual push notifications to Apple News users.  Other news outlets that carried Fast Company’s content like INC. Magazine shut down their websites briefly to prevent suffering the same fate. Reports say that Fast Company’s website was defaced with foul language last Sunday after a hacker going by the nickname “postpixel”, claimed they were able to crack the default password used across multiple accounts, including that of an administrator. The hacker also claims to have had access to other content delivery streams and internal systems. Customer records were not impacted. The publication’s site remains down as the incident is handled.  

How It Could Affect Your Business: this publication is tied to the websites of other publications creating a cascade of danger for everyone involved

Physician’s Business Office

Exploit: Hacking

Physician’s Business Office: Medical Practice Management

Risk to Business: 1.601 = Severe

West Virginia-based healthcare business services provider Physician’s Business Office has notified 196,573 patients that their personal data and protected health information was likely stolen during a hack of its network in April 2022. Although HIPAA provisions call for affected patients to be informed within 60 days of the incident, the company didn’t meet that deadline, saying that it was working “to collect current mailing addresses for all potentially impacted individuals.” Providers were informed in late July 2022. 

Risk to Individual: 1.624 = Severe

The stolen data could include patient names, Social Security numbers, dates of birth, driver’s licenses, treatments, diagnoses, contact details, disability codes, prescription information, and health insurance account details. Patients will receive free credit monitoring and identity theft protection services. 

How It Could Affect Your Business: An incident like this is going to cost a fortune to fix and incur a boatload of noncompliance fines.

Reiter Affiliated Companies

Exploit: Hacking

Reiter Affiliated Companies: Berry Producer

Risk to Business: 1.624 = Severe

Reiter Affiliated Companies, the world’s largest fresh multi-berry producer, has disclosed the theft of personal and health information of 93,000 people. The data appears to be tied to the health and welfare plans of Reiter Affiliated Health and Southern Pacific Farming. The attack appears to have occurred in late June but was not discovered until early July. The company sent data breach notifications to the parties involved in early September 2022.  

Risk to Individual: 1.733 = Severe

The stolen data was tied to plan enrollment rosters, which contained member names, identifying information, contacts, SSNs and dates of birth.  

How it Could Affect Your Business: This type of data will be very profitable for the bad guys who are always on the hunt for more.

Boulder County, CO

Exploit: Business Email Compromise

Boulder County, CO: Regional Government

Risk to Business: 1.116 = Extreme

Officials in Boulder County, Colorado have disclosed that the county was recently the victim of a successful business email compromise attack. Hackers obtained access to one of its vendors through a cyberattack and used the company to send spear-phishing emails to country employees. Ultimately, the county ended up sending $238,000 to the bad actors. The county is working with federal law enforcement in the ongoing incident investigation.  

How it Could Affect Your Business: Governments are common targets for BEC schemes and government agencies must be alert for schemes like this one.

Canada – Yukon Department of Education

Exploit: Employee Error

Yukon Department of Education: Local Education Authority

Risk to Business: 2.702 = Moderate

The personal data of more than 500 students was exposed inadvertently by an employee of the Yukon Department of Education. Reports say that a department employee included the email address of someone who was not authorized to view the information when forwarding a spreadsheet containing the data of students who applied to a post-secondary grant program to colleagues. The recipient claims to have never opened the message. The incident took place in late August 2022 but affected students and their parents were not informed until mid-September. The district says that it is working with the Department of Education to ensure it has met its obligations under the Access to Information and Protection of Privacy Act. No information is available about the exact nature of the data exposed. 

How it Could Affect Your Business: Employee mistakes like sending the wrong file are the most likely way that a company will suffer a data breach.

Hong Kong – Shangri-La Hotels

Exploit: Hacking

Shangri-La Hotels: Hospitality Company

Risk to Business: 1.816 = Severe

The Shangri-La hotel group has said that a database containing the personal information of customers at eight of its Asian properties between May and July has been accesses by bad actors. The company disclosed that hotels in Hong Kong, Singapore, Chiang Mai, Taipei and Tokyo were involved in the incident.  The incident took place between May and July, a period during which a Shangri-La hotel in Singapore hosted Asia’s top security summit. The company said it had not yet been able to determine what data had been stolen. 

Risk to Business: 1.718 = Severe

Customer data has been exposed including home addresses, drivers’ licenses, passport numbers. names, addresses, phone numbers, email addresses and individuals’ preferred pronouns. The company says that no financial or commercial account data was accessed.

How it Could Affect Your Business: Hotels are a prime place for bad actors to snatch data because they have a wide variety of customer information.

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident

September 28, 2022

Explore the massive Optus telecom breach in Australia, two nasty airline cyberattacks.

The City of Wheat Ridge, CO

Exploit: Ransomware

The City of Wheat Ridge, CO: Municipal Government

Risk to Business: 2.175 = Severe

A Colorado city is putting its IT systems back in order after a successful cyberattack by the BlackCat group. Local media report that following the attack, Wheat Ridge had to shut down its phones and email servers to assess the damage the cybercriminals had done to its network. That, in turn, prompted the city to close down City Hall to the public for more than a week. The cybercriminals demanded $5 million in Monero as the ransom, but the city declined to pay, opting to restore from backups. The city government has been able to return to normal business, and the attack is under investigation by the U.S. Federal Bureau of Investigation.

How It Could Affect Your Business: Ransomware attacks against governments and municipalities have been proliferating.

Rockstar Games

Exploit: Hacking

Rockstar Games: Video Game Developer

Risk to Business: 2.136 = Severe

Rockstar Games confirmed on Monday that a hacker broke into its systems and stole confidential internal data, including footage and source code from the previously unannounced next installment of its popular Grand Theft Auto series. The New York-based company appears to have been breached through a stolen employee Slack account. The hacker that claimed responsibility, “teapotuberhacker”, also says that they’re behind a murky hacking incident at Uber last week. The cybercriminal shared a link to footage and clips purportedly from Grand Theft Auto 6 on a Grand Theft Auto fan forum. The company has confirmed that the game is in development and that the attack occurred.  

How It Could Affect Your Business: This is a mess for Rockstar Games with a potentially nasty impact on the marketing and sales of a major new release that wasn’t ready for prime time yet.

New York Racing Association

Exploit: Ransomware

New York Racing Association: Professional Group 

Risk to Business: 2.703 = Moderate

The Hive ransomware operation has claimed responsibility for an attack on the New York Racing Association (NYRA). The NYRA operates the three major thoroughbred horse racing tracks in New York, the Aqueduct Racetrack, the Belmont Park (home of the Triple Crown event the Belmont Stakes) and the historic Saratoga Race Course. The attack took place in late August 2022 and breach notices were filed with authorities last week. Press reports say that the hackers have also published a link to freely download a ZIP archive containing all of the files they allegedly stole from NYRA’s systems.

Risk to Individual: 2.624 = Major

Member data that may have been exposed includes Social Security numbers (SSNs), driver’s license identification numbers, health records and health insurance information.

How It Could Affect Your Business: The involvement of health data could make this breach especially expensive and complicated.

American Airlines

Exploit: Business Email Compromise

American Airlines: Airline

Risk to Business: 2.639 = Moderate

American Airlines has filed a breach notice declaring that it has had a data breach that may have impacted personal data for about 1700 customers and employees. Bleeping Computer detailed the incident saying that the American Airlines Cyber Security Response Team found out the attack from the targets of a phishing campaign that was using an employee’s hacked Microsoft 365 account to send phishing messages. Reportedly, the attacker accessed multiple employees’ accounts via phishing and used them to send more phishing emails to additional targets that have not been named.

Risk to Individual: 2.714 = Moderate

Employee or customer personal information exposed in the attack may have included employees’ and customers’ names, dates of birth, mailing addresses, phone numbers, email addresses, driver’s license numbers, passport numbers or certain medical information. 

How it Could Affect Your Business: Business email compromise can take many forms but it is always an expensive nightmare in the end.

UK – Revolut

Exploit: Social Engineering

Revolut: Digital Bank

Risk to Business: 1.102 = Extreme

Revolut, a London-based digital banking application that provides banking, investing, currency transfer and other money management services to some 16 million users globally, has experienced a data breach. The FinTech startup confirmed that the personal information of an unspecified number of users (reports point to 50K customers) was accessed illegally after what the company is terming “a social engineering attack” in early September. The company said that impacted customers have been informed via email and relevant authorities have been informed. No information was available on the exact nature of the exposed data at press time.

How it Could Affect Your Business: This kind of bad publicity could be a serious problem for a start-up in the competitive financial services space.

Portugal – TAP Air Portugal

Exploit: Ransomware

TAP Air Portugal: Airline

Risk to Business: 1.637 = Severe

The Ragnar Locker ransomware group has claimed responsibility for a ransomware attack that hit TAP Air Portugal, the country’s state-owned flagship airline. The incident began a month ago but was just confirmed by the airline. Ragnar Locker has been advertising the stolen data on its dark website since early September. No ransom amount has been reported, and the group has posted a portion of the stolen data already. Portugal’s President Marcelo Rebelo de Sousa, MPs, government staff and high-ranking military officers are among the passengers whose data has been stolen. 

Individual Risk: 1.902 = Severe

Exposed customer data includes names, addresses, email addresses, phone numbers, corporate IDs, travel information, nationality, gender and other personal information. 

How it Could Affect Your Business: This breach could have far-reaching implications because it includes the personal information of major government players.

Australia – Optus

Exploit: Ransomware

Optus: Telecom

Risk to Business: 1.102 = Extreme

Australia’s second-largest telecom Optus has been hit by a ransomware attack. One of the largest data breaches in Australian history, the incident impacts an estimated 10 million customers or about one-third of Australia’s population. A bad actor using the moniker “optusdata” claimed to be the force behind the attack and initially posted a ransom demand of $1.5 million as well as the personal data of about 10k people on a dark web forum. They’ve since withdrawn that post. Some news articles have pointed at an API interface configuration error as the access point for the bad guys, but that has not been confirmed. The incident is under investigation.

Risk to Business: 1.236 = Extreme

Customer data has been exposed including home addresses, drivers’ licenses, passport numbers. names, addresses, phone numbers, email addresses and individuals’ preferred pronouns. The company says that no financial or commercial account data was accessed.

How it Could Affect Your Business: An incident this massive is a catastrophe that may spur some changes in Australia’s data privacy laws.

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident

This week take a look at the events that led to a big IRS data breach and trouble at Bell Canada.

U.S. Internal Revenue Service (IRS)

Exploit: Human Error

U.S. Internal Revenue Service: Federal Government Agency

Risk to Business: 2.026 = Severe

The U.S. Internal Revenue Service on Friday acknowledged that thanks to an employee error, the agency accidentally published confidential information about 120,000 taxpayers on its website. The compromised data came from Form 990-T filings. This form is required for people with individual retirement accounts who earn certain types of business income within retirement plans. While the forms for individuals are supposed to be confidential, charities that generate certain types of income are also required to file Form 990-T, and those are intended to be public. An employee mistakenly uploaded private taxpayers’ data to the agency’s website along with the public charity data.

Risk to Individual: 2.406 = Severe

Exposed taxpayer data includes names, contact information, and financial information about IRA income The exposed data did not include Social Security numbers, full individual income information, detailed financial account data, or other information that could impact a taxpayer’s credit.

How It Could Affect Your Business: Human error is the top cause of cybersecurity trouble, but training helps reduce the risk of a data disaster related to employee mistakes.

U-Haul International

Exploit: Credential Compromise

U-Haul International: Moving & Storage Company

Risk to Business: 2.779 = Moderate

 U-Haul International disclosed a data breach related to its customer contract search tool. U-Haul says that attackers accessed some customers’ rental contracts between November 5, 2021, and April 5, 2022, after compromising two passwords. U-Haul’s email and customer-facing websites were not impacted.

Risk to Individual: 2.626 = Moderate

Hackers gained access to customers’ names and driver’s license information, but U-Haul says that no credit card information was accessed or acquired during the incident.

How It Could Affect Your Business: Cybercriminals have been concentrating their fire on suppliers and service providers, elevating risk for them.

The North Face

Exploit: Credential Stuffing

The North Face: Clothing Brand 

Risk to Business: 1.677 = Severe

California-based outdoor clothing company The North Face disclosed that it has had a data breach after a successful credential stuffing attack exposed the information of an estimated 200,00 customers. The company said that the attack on its website began in late July 2022 and was finally stopped in August 2022. Investigators determined that bad actors had accessed shoppers’ information shortly thereafter. 

Risk to Individual: 1.636 = Severe

Exposed data includes a customer’s full name, purchase history, billing address, shipping address, telephone number, account creation date, gender and XPLR Pass reward records.

How It Could Affect Your Business: Educational institutions have been high on cybercriminal priority lists, and the time pressure here made this attack an attractive prospect for the bad guys.

Bell Technical Solutions (BTS)

Exploit: Ransomware 

Bell Technical Solutions: Telecommunications Services

Risk to Business: 2.712 = Moderate

The Hive ransomware group has claimed responsibility for a ransomware strike on Bell Technical Solutions (BTS), a subsidiary of Bell Canada. BTS provides installation services for the telecom. Hive just published a claim on its dark web leak site saying that it encrypted BTS systems almost a month ago. BTS’ website is currently inaccessible. Parent company Bell Canada published a cybersecurity alert following the incident on its own website

Risk to Individual: 2.834 = Moderate

The Hive ransomware group has claimed responsibility for a ransomware strike on Bell Technical Solutions (BTS), a subsidiary of Bell Canada. BTS provides installation services for the telecom. Hive just published a claim on its dark web leak site saying that it encrypted BTS systems almost a month ago. BTS’ website is currently inaccessible. Parent company Bell Canada published a cybersecurity alert following the incident on its own website

How it Could Affect Your Business: Critical infrastructure targets like utilities have been squarely in cybercriminal sights as ransomware targets.

Argentina – Buenos Aires Legislature

Exploit: Ransomware

Buenos Aires Legislature: Municipal Government Body

Risk to Business: 1.219 = Extreme

Legislators in Argentina’s capital Buenos Aires were left unable to access information systems or wifi in the legislature’s facility after a successful ransomware attack last week. The incident was discovered on September 11, 2022, and persisted into the week. Officials say they took measures to contain the attack immediately and they’re working quickly to restore all operations.  No ransomware group has claimed responsibility for this attack. 

How it Could Affect Your Business: Government agencies have been popular ransomware targets over the last few years.

France – Damart

Exploit: Ransomware

Damart: Clothing Retailer

Risk to Business: 1.863 = Severe

Clothing store Damart has been taken down by ransomware in an attack by the Hive cybercrime gang. The company, with more than 130 stores worldwide, has had a variety of systems encrypted and operations, including sales and customer service, have been disrupted since August 15. The threat actors haven’t posted the victim on their extortion site, but reports say that they’re demanding a $2 million ransom. Damart (through parent company Damartex) says that it has not negotiated with the cybercriminals and it has informed the French national police of the incident.

How it Could Affect Your Business: This breach is bound to have expensive consequences for Damart once regulators get through with them

United Kingdom – Eurocell

Exploit: Hacking

Eurocell: PVC Manufacturing

Risk to Business: 2.122 = Severe

Derbyshire-based PVC manufacturer and building products distributor Eurocell has begun informing former employees that their information may have been stolen in a data breach after bad actors obtained access to the company’s systems. An estimated 2000 current employees and an unknown number of former employees may have been affected.

Risk to Business: 2.236 = Severe

Among the data compromised are employment terms and conditions, PII like names, dates of birth and next of kin, financial information including bank account, NI and tax reference numbers, right to work documents, health and wellbeing documents, learning and development records and disciplinary and grievance forms.  

How it Could Affect Your Business: This kind of data is valuable and sought-after because bad actors can parlay it into easy money.

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident

Welcome to the Business Email Compromise special edition! This week, take a look at some recent BEC attacks and learn more about how to protect your clients from phishing-related disasters like BEC.

Klaviyo

Exploit: BEC

Klaviyo: Email Marketing Firm

Risk to Business: 1.706 = Severe

 In an interesting twist on the usual data breach incident, email marketing firm Klaviyo suffered a concentrated and specific data breach on August 3, 2022. After gaining access to an employee’s account thanks to a successful phishing attack, bad actors then downloaded marketing lists used by cryptocurrency-related clients for outreach efforts and for Klaviyo product and marketing updates.

The threat actor used the internal customer support tools to search for primarily crypto-related accounts and viewed list and segment information for 44 Klaviyo accounts, downloading data from at least 38 accounts.

Stolen data includes customers’ names, addresses, email addresses, account profile information and phone numbers. The hackers also downloaded two internal lists used by Klaviyo for product and marketing updates that contain names, addresses, email addresses, and phone numbers. 

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Business: Phishing is the most likely way for any organization to open the door to a data breach.

Atrium Health

Exploit: BEC

Atrium Health: Medical System 

Risk to Business: 1.907 = Severe

North Carolina-based Atrium Health has announced a data breach impacting 7,000 patients. The healthcare provider says that an employee at Atrium Health at Home fell victim to a phishing attack, resulting in bad actors accessing that employee’s email and messaging account in April 2021. Atrium is mailing letters to the affected patients and hasn’t determined whether the unauthorized user accessed the protected health information in the accounts. 

North Carolina-based Atrium Health has announced a data breach impacting 7,000 patients. The healthcare provider says that an employee at Atrium Health at Home fell victim to a phishing attack, resulting in bad actors accessing that employee’s email and messaging account in April 2021. Atrium is mailing letters to the affected patients and hasn’t determined whether the unauthorized user accessed the protected health information in the accounts. 

How It Could Affect Your Business: Healthcare data is always a desirable commodity for bad actors and letting them get their hands on it is always an expensive mistake for healthcare providers.

Spirit Super

Exploit: BEC

Spirit Super: Financial Services

Risk to Business: 1.836 = Severe

 Spirit Super has announced that a cyberattack caused by an employee falling for a phishing message is the cause of a cyberattack that has led to data exposure for an estimated approximately 50,000 member records from 2019/2020. The company said that the incident was quickly mitigated, and the damage contained, with new security measures added.

Spirit Super says that the information potentially exposed includes client names, addresses, ages, email addresses, telephone numbers, member account numbers and member balances. The company was quick to assure members that the exposed data doesn’t include dates of birth, government identification numbers or any bank details. 

How It Could Affect Your Business: Phishing is the first step in more than 90% of data breaches, making stopping it a top security priority.

Chester Upland School District

Exploit: BEC

Chester Upland School District: Regional Education Authority

Risk to Business: 1.337 = Severe

A recent business email compromise attack on a Pennsylvania school district resulted in bad actors making off with more than $13 million. Authorities say hackers used a stolen district employee email account to snatch the money by sending official-looking messages from that account and then diverting payments to themselves. After diverting the payments, the cybercriminals then used a romance scam conducted through the dating site eHarmony to entice a Florida woman to launder the money unwittingly. The scheme came to light after the Pennsylvania Department of the Treasury flagged a large transfer, unraveling the whole mess. $10 million of the money has since been recovered.  

How it Could Affect Your Business: Business email compromise is hard to detect but causes the most financial damage. This school district got lucky recovering money.

AllOne Health Resources, INC.

Exploit: BEC

AllOne Health Resources: Insurance Company

Risk to Business: 1.809 = Severe

AllOne Health Resources, Inc. Has experienced a data breach as the result of a business email compromise attack. The company says that an unauthorized party gained access to sensitive consumer data contained on its network after landing the BEC attack. According to AllOne Health, the company discovered the breach after it realized that the company’s finance department had sent several wire transfers to a fraudulently created bank account. That prompted an investigation that revealed that bad actors had gained access to an employee’s email account and snatched sensitive data.   

Exposed information includes the names, addresses, dates of birth, driver’s license numbers, Social Security numbers and health information of 13,669 individuals.   

How it Could Affect Your Business: A data security disaster in the healthcare sector is extra expensive and damaging after regulators weigh in.

City of Portland, OR

Exploit: BEC

City of Portland, OR: Municipal Government

Risk to Business: 1.723 = Severe

Bad actors struck the city of Portland, Oregon in an audacious business email compromise attack that resulted in a $1.4 million fraudulent transaction with city funds in April. City officials say that cybercriminals obtained the money after gaining access to a city email account illegally. The compromise was detected in May when the same account attempted another transfer of funds. The incident is under investigation by the FBI, U.S. Secret Service and the Portland Police Bureau.

How it Could Affect Your Business: Governments have been popular targets for cybercriminals even when they’re not nation-state aligned.

Christie Clinic

Exploit: BEC

Christie Clinic: Healthcare Provider 

Risk to Business: 1.801 = Severe

Illinois medical services provider Christie Clinic has informed an estimated 500,000 individuals that their personal information was potentially compromised in a data breach that occurred last year. In the incident, a bad actor gained unauthorized access to one of the practice’s email accounts in a suspected business email compromise operation with the intent of interrupting financial communications between July 14 and August 19, 2021. The practice assured patients that the bad actor did not compromise other systems, electronic medical records, or the firm’s patient portal.   

Christie Clinic is unsure of the scope of the breach but says that the bad actor may have gained access to patient names, addresses, medical and health insurance information and Social Security numbers through the compromised account.

How it Could Affect Your Business: Business email compromise is the most expensive cyberattack businesses face and in this case, that price will come with regulatory trouble.

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident

Nelnet Servicing (Nelnet) 

Exploit: Hacking

Nelnet Servicing (Nelnet): Student Loans Servicer

Risk to Business: 2.026 = Severe

 A data breach of student loan servicer Nelnet Servicing (Nelnet) has affected over 2.5 million student loan borrowers throughout the United States. The breach affected borrowers whose student loans are serviced by the Oklahoma Student Loan Authority (OSLA) and Edfinancial Services (Edfinancial). The company disclosed that the PII of 2.5 million student loan borrowers was accessible by an unknown actor who gained access to the network in July 2022.  

Risk to Business: 2.406 = Severe

The exposed data includes names, addresses, email addresses, phone numbers and Social Security numbers of borrowers who had loans serviced by the affected institutions. 

How It Could Affect Your Customers’ Business: Service providers like this one are highly at risk for trouble thanks to the combination of valuable data and access to companies that they offer bad actors.

Baker & Taylor

Exploit: Ransomware

Baker & Taylor: Book Distributor

Risk to Business: 1.647 = Severe

 A ransomware attack at leading library book distributor Baker & Taylor has resulted in an outage that impacted the company’s phone systems, offices, and service centers. Those systems were out for a week. No ransomware group claimed responsibility, nor did Baker & Taylor disclose a ransom demand. The company said that they were able to restore their systems from backups and the incident remains under investigation.

How It Could Affect Your Business: Cybercriminals have been concentrating their fire on suppliers and service providers, elevating risk for them.

Los Angeles Unified School District

Exploit: Ransomware

Los Angeles Unified School District: Regional Education Authority

Risk to Business: 1.427 = Extreme

A cyberattack against the Los Angeles Unified School District added complications to the start of the new school year. The ransomware attack hit on the Sunday before schools were scheduled to open for the new year. The district was able to overcome the digital shutdown to open schools on schedule the following Tuesday. However, the personal data of an estimated 400,000 students may have been accessed by cybercriminals. Federal, state and local authorities are investigating the incident. The Vice Society ransomware group has claimed responsibility for the attack, saying that they snatched more than 500GB of unspecified data.

How It Could Affect Your Business: Educational institutions have been high on cybercriminal priority lists, and the time pressure here made this attack an attractive prospect for the bad guys.

Savannah College of Art and Design

Exploit: Ransomware

Savannah College of Art and Design: Institution of Higher Learning

Risk to Business: 2.712 = Moderate

Savannah College of Art and Design (SCAD) has revealed that a hacker gained access to SCAD’s information network systems, exposing data on an estimated 15,00 students. The school said that an unspecified “limited” number of files containing data about students and employees was accessed by bad actors. The AvosLocker ransomware group added SCAD to its leak site, but no ransom specifics have been released. AvosLocker may have taken at least 69,000 files that contained student information, personnel files and business data. No specifics have been released about what data was taken.

How it Could Affect Your Business: Education has been a sector under siege, especially attractive to ransomware groups as the school year opens.

United Kingdom – InterContinental Hotels Group (IHG)

Exploit: BEC

InterContinental Hotels Group (IHG): Hotel Operator

Risk to Business: 1.809 = Severe

InterContinental Hotels Group (IHG) has confirmed that they’ve had a security incident impacting the Holiday Inn hotels chain. A cyberattack downed its booking systems and mobile apps. Although ITG did not reveal the nature of the attack in its public statement, tech experts point to ransomware. The incident is under investigation, and no information about what if any data was stolen or the group responsible was mentioned.

How it Could Affect Your Business: Hospitality organisations rely heavily on their IT systems, and outages lead to disasters.

United Kingdom – Go-Ahead

Exploit: Hacking

Go-Ahead: Bus Company

Risk to Business: 1.723 = Severe

Go-Ahead, a major UK public transport operator disclosed that it is a cyberattack after finding unauthorized activity within its IT systems. The company said that many of its IT systems have been affected by this cybersecurity incident, including the system used to allocate drivers to bus services, with minimal delays expected. Some restoration has taken place using backups, and the incident remains under investigation.

How it Could Affect Your Business: Major transportation providers are juicy targets for bad actors because those services cannot afford disruptions, making them likely to pay ransoms.

Portugal – Armed Forces General Staff agency of Portugal (EMGFA)

Exploit: Hacking

Armed Forces General Staff agency of Portugal (EMGFA): Government Agency

Risk to Business: 1.361 = Extreme

Classified NATO documents belonging to the Armed Forces General Staff agency of Portugal (EMGFA) were spotted for sale on the dark web, leading the agency to discover that it had experienced a data breach. First spotted by US Information Services, hundreds of sensitive documents have apparently been snatched by bad actors. The documents were exfiltrated from systems in the EMGFA, in the secret military (CISMIL) and in the General Directorate of National Defense Resources. Investigators determined that security rules for the transmission of classified documents had been broken, and threat actors were able to access the Integrated System of Military Communications (SICOM) and receive and forward classified documents.

How it Could Affect Your Business: This problem could have been prevented by simple adherence to security rules and compliance with security policies.

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident

Welcome to the Business Email Compromise special edition! This week, take a look at some recent BEC attacks.

Klaviyo

Exploit: BEC

Klaviyo: Email Marketing Firm

Risk to Business: 1.706 = Severe

 In an interesting twist on the usual data breach incident, email marketing firm Klaviyo suffered a concentrated and specific data breach on August 3, 2022. After gaining access to an employee’s account thanks to a successful phishing attack, bad actors then downloaded marketing lists used by cryptocurrency-related clients for outreach efforts and for Klaviyo product and marketing updates.

The threat actor used the internal customer support tools to search for primarily crypto-related accounts and viewed list and segment information for 44 Klaviyo accounts, downloading data from at least 38 accounts.

Stolen data includes customers’ names, addresses, email addresses, account profile information and phone numbers. The hackers also downloaded two internal lists used by Klaviyo for product and marketing updates that contain names, addresses, email addresses, and phone numbers. 

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Business: Phishing is the most likely way for any organization to open the door to a data breach.

Atrium Health

Exploit: BEC

Atrium Health: Medical System 

Risk to Business: 1.907 = Severe

North Carolina-based Atrium Health has announced a data breach impacting 7,000 patients. The healthcare provider says that an employee at Atrium Health at Home fell victim to a phishing attack, resulting in bad actors accessing that employee’s email and messaging account in April 2021. Atrium is mailing letters to the affected patients and hasn’t determined whether the unauthorized user accessed the protected health information in the accounts. 

North Carolina-based Atrium Health has announced a data breach impacting 7,000 patients. The healthcare provider says that an employee at Atrium Health at Home fell victim to a phishing attack, resulting in bad actors accessing that employee’s email and messaging account in April 2021. Atrium is mailing letters to the affected patients and hasn’t determined whether the unauthorized user accessed the protected health information in the accounts. 

How It Could Affect Your Business: Healthcare data is always a desirable commodity for bad actors and letting them get their hands on it is always an expensive mistake for healthcare providers.

Spirit Super

Exploit: BEC

Spirit Super: Financial Services

Risk to Business: 1.836 = Severe

 Spirit Super has announced that a cyberattack caused by an employee falling for a phishing message is the cause of a cyberattack that has led to data exposure for an estimated approximately 50,000 member records from 2019/2020. The company said that the incident was quickly mitigated, and the damage contained, with new security measures added.

Spirit Super says that the information potentially exposed includes client names, addresses, ages, email addresses, telephone numbers, member account numbers and member balances. The company was quick to assure members that the exposed data doesn’t include dates of birth, government identification numbers or any bank details. 

How It Could Affect Your Business: Phishing is the first step in more than 90% of data breaches, making stopping it a top security priority.

Chester Upland School District

Exploit: BEC

Chester Upland School District: Regional Education Authority

Risk to Business: 1.337 = Severe

A recent business email compromise attack on a Pennsylvania school district resulted in bad actors making off with more than $13 million. Authorities say hackers used a stolen district employee email account to snatch the money by sending official-looking messages from that account and then diverting payments to themselves. After diverting the payments, the cybercriminals then used a romance scam conducted through the dating site eHarmony to entice a Florida woman to launder the money unwittingly. The scheme came to light after the Pennsylvania Department of the Treasury flagged a large transfer, unraveling the whole mess. $10 million of the money has since been recovered.  

How it Could Affect Your Business: Business email compromise is hard to detect but causes the most financial damage. This school district got lucky recovering money.

AllOne Health Resources, INC.

Exploit: BEC

AllOne Health Resources: Insurance Company

Risk to Business: 1.809 = Severe

AllOne Health Resources, Inc. Has experienced a data breach as the result of a business email compromise attack. The company says that an unauthorized party gained access to sensitive consumer data contained on its network after landing the BEC attack. According to AllOne Health, the company discovered the breach after it realized that the company’s finance department had sent several wire transfers to a fraudulently created bank account. That prompted an investigation that revealed that bad actors had gained access to an employee’s email account and snatched sensitive data.   

Exposed information includes the names, addresses, dates of birth, driver’s license numbers, Social Security numbers and health information of 13,669 individuals.   

How it Could Affect Your Business: A data security disaster in the healthcare sector is extra expensive and damaging after regulators weigh in.

City of Portland, OR

Exploit: BEC

City of Portland, OR: Municipal Government

Risk to Business: 1.723 = Severe

Bad actors struck the city of Portland, Oregon in an audacious business email compromise attack that resulted in a $1.4 million fraudulent transaction with city funds in April. City officials say that cybercriminals obtained the money after gaining access to a city email account illegally. The compromise was detected in May when the same account attempted another transfer of funds. The incident is under investigation by the FBI, U.S. Secret Service and the Portland Police Bureau.

How it Could Affect Your Business: Governments have been popular targets for cybercriminals even when they’re not nation-state aligned.

Christie Clinic

Exploit: BEC

Christie Clinic: Healthcare Provider 

Risk to Business: 1.801 = Severe

Illinois medical services provider Christie Clinic has informed an estimated 500,000 individuals that their personal information was potentially compromised in a data breach that occurred last year. In the incident, a bad actor gained unauthorized access to one of the practice’s email accounts in a suspected business email compromise operation with the intent of interrupting financial communications between July 14 and August 19, 2021. The practice assured patients that the bad actor did not compromise other systems, electronic medical records, or the firm’s patient portal.   

Christie Clinic is unsure of the scope of the breach but says that the bad actor may have gained access to patient names, addresses, medical and health insurance information and Social Security numbers through the compromised account.

How it Could Affect Your Business: Business email compromise is the most expensive cyberattack businesses face and in this case, that price will come with regulatory trouble.

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident

 It’s all ransomware all the time this week with a spate of damaging attacks in the U.S., U.K. and South America.

Accelya

Exploit: Ransomware

Accelya: Airline Technology Services

Risk to Business: 1.706 = Severe

The AlphV/Black Cat ransomware group has claimed responsibility for an attack on airline technology firm Accelya. The group claimed to have stolen emails, worker contracts and other business information. Accelya provides passenger, cargo, and industry analytics platforms for airline retailing to Delta, British Airways, JetBlue, United, Virgin Atlantic, American Airlines and other airlines. The company confirmed the incident after investigators discovered that the company’s data was posted on a ransomware leak site.   

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Business: This company faced double jeopardy with both an increase in supply chain and transportation industry attacks.

DoorDash

Exploit: Supply Chain Attack

DoorDash: Food Delivery Service

Risk to Business: 1.907 = Severe

DoorDash has confirmed a data breach that has exposed customer information. Employees of the vendor had credentials that were stolen as part of a recent incident at software company Twilio that were then used to access DoorDash’s internal tools. The company said it cut off the third-party vendor’s access to its systems after discovering suspicious activity. DoorDash did not name the third-party vendor but did confirm the attack and that it was related to the Twilio hack.

Individual Risk: 1.975 = Severe

An undisclosed number of customers had their names, email addresses, delivery addresses, phone numbers and partial payment card numbers stolen. For drivers with the company, hackers were able to access names, phone numbers and email address information.

How It Could Affect Your Business: Unfortunately, this kind of exposure is becoming all too common as bad actors strike strategically against service providers.

LastPass

Exploit: Ransomware

LastPass: Software Company

Risk to Business: 1.836 = Severe

Authentication software firm LastPass said on Thursday that someone broke into one of its developer’s accounts and used that to gain access to proprietary data including source code. The company said in a statement that the incident had been contained and that they see no further evidence of unauthorized activity. LastPass says there is no evidence that customer data or encrypted password vaults were compromised. This breach may be related to the recent Twilio hack which impacted many companies.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Business: The Information Technology sector was one of the 14 critical infrastructure sectors most victimized by ransomware last year.

Chester Upland School District

Exploit: Business Email Compromise

Chester Upland School District: Regional Education Authority

Risk to Business: 1.337 = Severe

A recent business email compromise attack on a Pennsylvania school district resulted in bad actors making off with more than $13 million. Authorities say hackers used a stolen district employee email account to snatch the money by sending official-looking messages from that account and then diverting payments to themselves. After diverting the payments, the cybercriminals then used a romance scam conducted through the dating site eHarmony to entice a Florida woman to launder the money unwittingly. The scheme came to light after the Pennsylvania Department of the Treasury flagged a large transfer, unraveling the whole mess. $10 million of the money has since been recovered.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business: Business email compromise is hard to detect but causes the most financial damage. This school district got lucky recovering money.

New Hampshire Lottery

Exploit: Hacking

New Hampshire Lottery: Gambling Program

Risk to Business: 2.809 = Moderate

New Hampshire Lottery officials warned of a cyberattack on its website, cautioning players that people visiting the site should not click on any pop-up message. The site began to experience trouble early Friday morning, typically a busy day for lottery sales with the Mega Millions drawing taking place late Friday night. Officials said the site has been taken down as the matter is investigated and the trouble dealt with. They do not believe any personal data of players was stolen.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business: Cybercriminals love to exploit government-run websites to spread malware or for other nefarious purposes.

The Dominican Republic – Instituto Agrario Dominicano

Exploit: Ransomware

The Instituto Agrario Dominicano (IAD): Government Agency

Risk to Business: 1.223 = Severe

The Instituto Agrario Dominicano (IAD), an arm of the Dominican Republic’s Ministry of Agriculture, has been hit by the Quantum ransomware group. The attack took down four physical and eight virtual servers as well as compromising all of IAD’s data. Officials say that the agency had only basic security in place and no dedicated security workers. The group is demanding an estimated $600k in ransom, but The Dominican Republic is an economically challenged country, making it unlikely that they’ll pay the extortionists.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business: Governments have been popular targets for cybercriminals even when they’re not nation-state aligned.

Greece – DESFA

Exploit: Ransomware

DESFA: National Natural Gas Provider 

Risk to Business: 2.871 = Moderate

Greece’s national natural gas operator DESFA has been hit by a ransomware attack by the Ragnar Locker ransomware organization. The group added DESFA to its dark web leak site on Friday, noting that it had not received a response to its ransom demand at that time. DESFA said that it will not negotiate with cybercriminals. The company also said that the incident had a “confirmed impact on the availability of some systems and possible leakage of a number of directories and files.” DESFA also said that Greek law enforcement agencies as well as the Ministry of Digital Governance and Hellenic Data Protection Authority have been notified of the attack. 

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business: Cybercriminals love to go after utilities because of the high chance they’ll get paid to avoid service disruptions, although these bad actors won’t.

India – Akasa Air

Exploit: Misconfiguration

Akasa Air: Airline

Risk to Business: 1.790 = Severe

 Akasa Air disclosed that it has suffered a data breach resulting in unauthorized individuals gaining access to user information. The breach was caused by a configuration error that left vulnerabilities in the airline’s login and sign-up service. Akasa Air said that no travel-related information, travel records or payment information was compromised in the incident. The company claims to have fixed the problem and reopened all services.

Risk to Business: 1.662 = Severe

 Exposed registered user information includes registrant names, genders, email addresses and phone numbers.  

How it Could Affect Your Business: Employee mistakes like this one can be just as costly and problematic as a cyberattack.

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident

 It’s all ransomware all the time this week with a spate of damaging attacks in the U.S., U.K. and South America.

Entrust

Exploit: Ransomware

Entrust: Cybersecurity Solutions Company

Risk to Business: 1.877 = Severe

Entrust has fallen victim to a ransomware attack by the LockBit group. LockBit added Entrust to its Tor site last Thursday. The Minneapolis-based provider of payment security solutions confirmed the incident. The company admitted that threat actors had gained access to systems used for HR, finance and marketing, but said there was no evidence that the operation or security of its products and services was impacted. 

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Business: Ransomware groups have been ramping up operations, with risk up by over 60%.

Practice Resources LLC

Exploit: Misconfiguration

Practice Resources LLC: Medical Billing Service 

Risk to Business: 1.687 = Severe

Practice Resources LLC (PRL) is at the center of a ransomware attack that led to a supply chain data breach impacting 26 healthcare organizations. In a filing, PRL declared that 942,138 people had data exposed in the April 2022 incident. The company provides billing and other related services to healthcare providers. PRL declared that it has sent out data breach letters to all affected parties.  

Individual Risk: 1.733 = Severe

The information exposed in the attack included patient names, addresses, health plan numbers, dates of treatment, and medical record numbers. 

How It Could Affect Your Business Supply chain risk has been a constantly rising risk for businesses as bad actors target service providers.

Valent U.S.A. LLC 

Exploit: Ransomware

Valent U.S.A. LLC: Agricultural Chemical Manufacturing

Risk to Business: 1.902 = Severe

Chemical company Valent U.S.A. LLC has filed notices that it experienced a data breach as a result of a suspected ransomware attack. The company revealed that the attack was discovered when employees were unable to access some of Valent’s computer systems and subsequently discovered that files had been encrypted. Valent said that it secured its network and then retained an outside cybersecurity firm to investigate the incident.

Individual Risk: 1.768 = Severe

The company says the breach resulted in the names, Social Security numbers, driver’s license numbers, passport numbers, financial account information, medical information and dates of birth of certain individuals being compromised.

How It Could Affect Your Business: Both the Chemical and Agricultural sectors have been under heavy pressure from bad actors in the last 12 months.

Brasseler USA

Exploit: Ransomware

Brasseler USA: Dental Equipment Manufacturer

Risk to Business: 2.077 = Severe

Brasseler USA has disclosed that it experienced a data breach as a result of a ransomware attack. The company discovered that this incident occurred in June 2022. In July 2022, the company learned that certain files containing sensitive consumer data were compromised. The company says that it reported the incident to law enforcement and then worked with third-party data security specialists to investigate the scope of the cyberattack Brasseler USA is a dental and surgical product manufacturer based in Savannah, Georgia.

Individual Risk: 1.966 = Severe

Breached information varies depending on the individual, but may include an individual’s name, Social Security numbers, driver’s license numbers, passport number, financial account information (including debit card and credit card numbers), medical and insurance information and other information, such as date of birth. 

How it Could Affect Your Business: Manufacturing companies have ad it rough as bad actors seek valuable OT and personal data.

The Government of Fremont County, Colorado

Exploit: Ransomware

The Government of Fremont County, Colorado: Regional Government 

Risk to Business: 1.684 = Severe

The government of Fremont County, Colorado has been paralyzed by a cyberattack that left employees unable to connect to networks or access email. Local reports say that the Fremont County Administration Building, Garden Park Building, Department of Human Services and Fremont County Sheriff’s Office are closed to the public, although the Sherrif’s Office is still operating. The phone systems for the impacted offices are still working. A spokesperson said that they do not believe that any data was stolen. Efforts are underway to restore services.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business It pays to remember that the most likely vector for ransomware is a phishing message.

Argentina – Judiciary of Córdoba

Exploit: Ransomware

Judiciary of Córdoba: Government Entity

Risk to Business: 1.429 = Severe

New ransomware group Play has hit Argentina’s Judiciary of Córdoba. The government entity was forced to shut down its IT systems last week and its online portal and was left only able to conduct business through old-fashioned paper and pen. The Judiciary confirmed that it was hit by ransomware and engaged with Microsoft, Cisco, Trend Micro, and local specialists to investigate the attack and restore services.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Governments have been popular targets for cybercriminals even when they’re not nation-state aligned.

United Kingdom – South Staffordshire PLC 

Exploit: Ransomware

South Staffordshire PLC: Utility Company

Risk to Business: 2.173 = Severe

This week’s most interesting story starts with South Staffordshire PLC. The parent company of South Staffs Water and Cambridge Water confirmed on Monday that it was the victim of a ransomware attack. The Cl0p ransomware gang claimed responsibility but named the wrong water company on its dark web leak site. The group initially said that the victim was Thames Water and not South Staffordshire. Thames Water is the United Kingdom’s largest water supplier, serving 15 million customers in Greater London and other areas on the river that runs through the city. Data posted to the gang’s dark web site includes a spreadsheet of usernames and passwords featuring South Staff Water and South Staffordshire email addresses.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Cybercriminals love to go after utility companies because of the high chance they’ll get paid to avoid service disruptions.

United Kingdom – Holdcroft Motor Group

Exploit: Ransomware

Holdcroft Motor Group: Car Dealerships

Risk to Business: 1.634 = Severe

U.K. auto retailer Holdcroft Motor Group has admitted that it has fallen victim to a ransomware attack that has led to some dire consequences. The company said that the July 2022 attack caused significant damage, resulting in the deletion of data from its servers. Internal investigations revealed that some of the data that was compromised may have contained employee personal information. Holdcroft Motor Group operates nine different dealer franchises across 23 locations in the Midlands and north of England. 

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Paying the bad guys doesn’t mean you’re getting your data back, more than 90% of organizations that pay don’t get all their data back.

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident