Nation-state threat actors hit the Mormon Church and trouble for NHS IT services provider Advanced.
Indianapolis Housing Agency
Indianapolis Housing Agency: Municipal Housing Authority
Risk to Business: 1.743 = Severe
A cyberattack has caused the shutdown of the internal information and email system of the Indianapolis Housing Agency (IHA). The outage began last Monday. Hackers may have accessed the personal information of approximately 25,000 Indianapolis residents served by IHA. Data from vendors and employees as well as the details of financial transactions shared with the Department of Housing and Urban Development (HUD) may also have been exposed. IHA admitted that it discovered the intrusion on October 3, but had not informed residents or issued a public statement until after local news broke the story on October 6. but did not issue a public statement until October 6. The incident is under investigation.
How It Could Affect Your Business: Government agencies are appealing targets for information-hungry cybercriminals thanks to historically poor security.
The Church of Jesus Christ of Latter-day Saints
Exploit: Nation-State Hacking
The Church of Jesus Christ of Latter-day Saints: Religious Organization
Risk to Business: 1.604 = Severe
The Church of Jesus Christ of Latter-day Saints, colloquially known as the LDS Church or Mormon Church, disclosed that it had suffered a data breach in March 2022 that officials believe was the result of a nation-state cyberattack. This breach involved the exposure of sensitive personal information of Church members, employees, contractors and other people the church kept records about. The breach did not include banking information or donation history. The church said that breach occurred on March 23, 2022, but that they’d not released any information about it at the request of federal investigators.
Individual Risk: 1.723 = Severe
Data stolen in this incident included personal information that church members or employees provided to the church, including basic contact information such as a person’s username in the system, membership record number, full name, gender, email address, birth date, mailing address, phone number and preferred language.
How It Could Affect Your Business: This is a goldmine of personal data that will enable cybercrime like phishing and identity theft for years to come.
VisionWeb Holdings, LLC
VisionWeb Holdings, LLC: Software Company
Risk to Business: 2.107 = Severe
VisionWeb Holdings, LLC, a maker of software used in ophthalmology and eye care clinics, has disclosed that it has had a data breach. In a filing with U.S. Department of Health and Human Services (HHS) Office for Civil Rights and the Texas Attorney General, the company said that bad actors were able to access protected health information through a compromised employee email account. The data breach has impacted the confidential information of 35,900 individuals, who have been informed by letter.
Individual Risk: 2.261 = Severe
The breached information varies depending on the individual, it may include your name, Social Security number, government-issued identification number (such as driver’s license or state ID number), medical information and health insurance information.
How It Could Affect Your Business: Every business in the healthcare industry needs to be security conscious to avoid punishing fines from regulators.
UK – Advanced
Advanced: IT Services Provider
Risk to Business: 1.624 = Severe
UK National Health Service (NHS) IT services provider Advanced announced that it had experienced a data breach stemming from a ransomware attack. LockBit 2.0 ransomware was at the root of the attack. The company initially experienced the ransomware incident on August 4 following widespread disruption to NHS services across the UK in a cyber incident. The Advanced attack took down a number of NHS services ices, including its Adastra patient management system and Carenotes, a system used by mental health trusts for patient information. The company revealed that it had determined that hackers gained access to its systems on August 2 using compromised third-party credentials to establish a remote desktop session to the company’s Staffplan Citrix server. After gaining entry, the attacker moved laterally and escalated privileges, enabling them to conduct reconnaissance and ultimately resulting in the deployment of encryption malware. The company says that it has no evidence that data was exposed or stolen.
How it Could Affect Your Business: Service providers are an attractive candidate for ransomware because the bad guys know that those businesses can’t afford downtime.
India – Tata Power
Tata Power: Utility Company
Risk to Business: 2.363 = Severe
Tata Power, a leading power generation company in India, has confirmed that it was hit by a successful cyberattack that impacted some of its IT systems last Friday. The company was quick to reassure customers and investors that its critical systems were unaffected. In a filing with stock exchanges, Tata Power says that it has taken steps to retrieve and restore the systems. The company also said that it has restricted access and put in place preventive checks for employee and customer-facing portals and touchpoints. No further information was available at press time.
How it Could Affect Your Business: Infrastructure is in danger – Bad actors conducted successful cyberattacks against 14 of 16 critical infrastructure sectors in the US in 2021.
Australia – Medibank Private
Medibank Private: Health Insurer
Risk to Business: 1.731 = Severe
Australia’s largest private health insurer Medibank Private has confirmed that it fell victim to a ransomware attack last week. The health insurer said that the cause of the attack was compromised credentials. Bad actors used those credentials to access Medibank’s systems on Wednesday and deploy ransomware. The company says that its investigation has determined that no customer data was accessed or stolen. Medibank temporarily closed some systems while the activity was investigated but resumed normal business last Friday.
How it Could Affect Your Business: Ransomware attacks on healthcare-related sect targets have been a constantly growing problem since 2020.
Australia – MyDeal
Exploit: Credential Compromise
MyDeal: Online Retailer
Risk to Business: 1.816 = Severe
MyDeal, an online shopping site operated by Woolworths Group, has disclosed that it has experienced a data breach as a result of a successful cyberattack. The company points to a compromised credential that gave the hackers access to its customer relationship management system as the cause of the incident. Approximately 2.2 million customers were affected, and those customers were sent emails informing them of the incident.
Individual Risk: 1.837 = Severe
Compromised data for MyDeal users may include email addresses, phone numbers, delivery addresses and dates of birth. The company stated that 1.2 million customers involved in the breach had only had their email addresses exposed.
How it Could Affect Your Business: Online retailers are excellent sources of data for enterprising cybercriminals.
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident