Categories
The Week in Breach

The Week in Breach News: 10/08/22 – 16/08/22


 An employee’s compromised Google account is to blame for a nasty incident at Cisco and 7-11 is closed by ransomware in Denmark.



Cisco

Exploit: Hacking 

Cisco: Networking Technology Company

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.211 = Severe

Cisco Systems confirmed experiencing a cyberattack in May 2022 that was caused by the compromise of an employee’s Google account, The company’s investigation determined that the attackers obtained details of an employee’s private Google account, which contained passwords synced with Cisco’s web browser. The attackers parlayed that into initial access to Cisco’s VPN. The employee’s credentials were synced through the Chrome browser, where the targeted employee had also stored their Cisco credentials. The Yanluowang ransomware gang has claimed responsibility by publishing files stolen in the incident on its dark web leak site.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Business: Insecure or compromised employee credentials can do big damage in a very short span of time.


PlatformQ

Exploit: Misconfiguration

PlatformQ: Digital Engagement Solutions

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.687 = Severe

PlatformQ, a provider of digital engagement solutions for healthcare (PlatformQ Health) and education (PlatformQ Education) sector entities, experienced a data breach after an employee accidentally published a database backup stored in a misconfigured AWS S3 bucket. The data appears to be about marketing the drug Zarex to doctor’s offices and similar places, and PII for healthcare professionals was involved.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.733 = Severe

The leak exposed sensitive information including the full names, personal email addresses, job titles work email addresses, home, work and private phone numbers and National Provider Identifier (NPI) numbers of an estimated 99,000 healthcare professionals

How It Could Affect Your Customers’ Business Employee mistakes and negligence are responsible for more data breaches than any other cause, but training helps fix that.


Behavioral Health Group

Exploit: Hacking

Behavioral Health Group: Addiction Treatment Center Operator 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.716 = Severe

Behavioral Health Group recently began notifying 197,507 patients that their data was stolen in a December 2021 cyberattack. The opioid treatment provider’s 80 clinics suffered a week of IT outages that disrupted patient care after a cyberattack forced the team to shut down portions of the network. That in turn caused delays for health services like refilling patient medications, a critical part of the recovery process for many addiction treatment patients.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.802 = Severe

The stolen data varied by patient and could include patient names, Social Security numbers, driver’s licenses, passports, biometrics, health insurance information, diagnoses, treatments, prescriptions, dates of service, and medical record numbers. Only patients whose SSNs were compromised will receive free credit monitoring. 

How It Could Affect Your Business: Medical entities of all sorts have been high on cybercriminal hit lists because they know that it’s a rich and time-sensitive industry.


Acorn Financial Services

Exploit: Phishing

Acorn Financial Services: Financial Planners

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.837 = Severe

In April 2022, Acorn Financial Services discovered unusual activity within an employee email account that ultimately led to uncovering a data breach. Acorn says that the incident was kicked off by an employee falling for a phishing email. The company acted to secure the employee’s email account and confirmed that an unauthorized actor has potentially gained access to sensitive customer data. The company has filed data breach notifications and is informing the impacted customers via mail. 

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.646 = Severe

While the breached information varies depending on the individual, it may include the client’s name, address, date of birth, driver’s license number, financial account number, Social Security number and other account-related information.  

How it Could Affect Your Business: The financial services sector was the most heavily under seige by ransomware last year, a pattern that continues in 2022.


Klaviyo

Exploit: Phishing

Klaviyo: Email Marketing Firm

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.284 = Severe

In an interesting twist on the usual data breach incident, email marketing firm Klaviyo suffered a concentrated and specific data breach on August 3, 2022. After gaining access to an employee’s account thanks to a successful phishing attack, bad actors then downloaded marketing lists used by cryptocurrency-related clients for outreach efforts and for Klaviyo product and marketing updates. The threat actor used the internal customer support tools to search for primarily crypto-related accounts and viewed list and segment information for 44 Klaviyo accounts, downloading data from at least 38 accounts. 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.284 = Severe

 Stolen data includes customers’ names, addresses, email addresses, account profile information and phone numbers. The hackers also downloaded two internal lists used by Klaviyo for product and marketing updates that contain names, addresses, email addresses, and phone numbers.

How it Could Affect Your Business Phishing is the most likely way for any organization to open the door to a data breach.



Bombardier Recreational Products (BRP) Inc.

Exploit: Ransomware

Bombardier Recreational Products (BRP) Inc.: Recreational Equipment Manufacturer 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.529 = Severe

 BRP, Inc, manufacturer of the Ski-Doo and other all-terrain vehicles, watercraft and snowmobiles, has been hit with a suspected ransomware attack that shut down operations briefly at its plants. This attack may have resulted from exposure by a third-party service provider. After an initial complete closure of manufacturing operations, the company expects its manufacturing sites in Valcourt, Canada, Rovaniemi, Finland, Gunskirchen, Austria and Sturtevant in to resume operations imminently. 

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Service disruptions from cyberattacks can cost manufacturers and the companies that they supply a fortune.


Union des producteurs agricoles (UPA)

Exploit: Ransomware

Union des producteurs agricoles (UPA): Agricultural Trade Organization 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.017 = Severe

Hackers launched a ransomware attack on the Union des producteurs agricoles (UPA) on Sunday, a regional agriculture organization. Bad actors deployed ransomware that paralyzed the network, leaving an estimated 160 UPA employees and 23 UPA client organizations, like the union of grain producers, unable to connect. An investigation is ongoing, and services are expected to be quickly restored.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Groups like this offer a great opportunity for cybercriminals to snatch profitable and useful data.



Denmark – 7 –11 Stores

Exploit: Hacking

7-11 Stores: Convenience Store Chain 

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.211 = Extreme

The chain of 7-11 stores in Denmark was forced to shut down after a cyberattack disrupted stores’ payment and checkout systems throughout the country. The attack occurred on August 8th, and all stores remain closed while the company investigates the incident. No word on when they’ll reopen or the nature of the attack, although ransomware is suspected.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business No company can afford to be shut down entirely for days or weeks because of a cyberattack, especially not in retail.



1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident

Categories
The Week in Breach

The Week in Breach News: 03/08/22 – 09/08/22


Supply chain breaches lead to expensive problems for the UK NHS and Aetna, a ransomware kerfuffle in an Iowa school district.



Aetna

Exploit: Supply Chain

Aetna: Insurer

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.631 = Moderate

Health insurance heavyweight Aetna has reported a data breach to federal regulators affecting nearly 326,000 individuals. This breach was spurred by a ransomware attack at a service provider for an Aetna subcontractor, mailing company OneTouchPoint. This incident is one of the first reported as a direct result of that cyberattack. The OneTouchPoint breach is expected to impact over 30 large and small health insurers and plan providers.  

cybersecurity news represented by a gauge indicating moderate risk

Individual Risk: 2.755 = Moderate

Aetna said that the exposed information for individuals may include names, addresses, dates of birth, and limited medical information. 

How It Could Affect Your Business: Business services companies are becoming choice targets for cybercriminals looking for quick scores of data.


Lin-Mar School District

Exploit: Ransomware

Lin-Mar School District: Local Public Education Authority

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.372 = Severe

Thanks to a bit of timely reporting by local media, it has been revealed that the Lin-Mar School District in Iowa has become a victim of the Vice Society ransomware group. Screenshots of the group’s ransom note were given to the media by an anonymous district staff member. This leak occurred after the school district informed parents and students that it was suffering unspecified “technical difficulties”, raising concerns about the district’s readiness to open for the new school year. The school district has so far refused further comment.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Business School districts will be especially appealing right now since the new school year time crunch makes them more likely to pay a ransom.


Wisan Smith Racker & Prescott

Exploit: Hacking

Wisan Smith Racker & Prescott: Accounting Firm

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.716 = Severe

Salt Lake City Utah Based accounting firm Wisan Smith Racker & Prescott has disclosed that they have experienced a data breach. On June 14, 2022, the firm learned that an unauthorized party had penetrated its IT security and accessed information about their clients. That information was subsequently used to file fraudulent tax returns supposedly on behalf of several of the company’s clients. Data breach letters have been sent to all of the clients impacted by this breach.  

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.788 = Severe

The exposed information varies depending on the individual, but it may include a clients’ name, Social Security number, driver’s license or state identification card number, passport number, military identification number, government-issued identification number, financial account information, date of birth, electronic signature, medical information and health insurance information. 

How It Could Affect Your Business: Ransomware attacks on service providers in the supply chain are an ongoing problem that won’t be going away anytime soon.


Goodman Campbell Brain and Spine

Exploit: Ransomware

Goodman Campbell Brain and Spine: Specialty Medical Practice

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.719 = Severe

Goodman Campbell Brain and Spine, a medical practice in Indiana, has disclosed that it has experienced a data breach as a result of a suspected ransomware attack. The Hive ransomware group is implicated in the attack. The practice noted that they discovered the attack had been successful on May 20, 2022. An estimated 363,000 people had data exposed in this incident.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.606 = Severe

Information affected in the incident includes patient PII and PHI including name, date of birth, address, telephone number, email addresses, medical record number, patient account number, diagnosis and treatment information, physician name, insurance information, dates of service and Social Security numbers. 

How it Could Affect Your Business: Healthcare is the industry with the highest data breach cost, and its’ been beleaguered by ransomware.



United Kingdom – National Health Service

Exploit: Supply Chain

National Health Service: Healthcare System

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.304 = Severe

United Kingdom’s National Health Service (NHS) has experienced a service outage of its 111 non-emergency medical service system that was triggered by a cyberattack that hit the systems of British MSP Advanced. The MSP’s Adastra system is used by 85% of NHS 111 services for patient management. Advanced said that the suspected ransomware attack was spotted at 07:00 BST last Thursday. This attack has had a widespread impact, affecting ambulance dispatch, out-of-hours appointment bookings and emergency prescriptions throughout the UK. Advanced says that the issue may not be resolved until this week. The emergency 999 system was not impacted.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business This is a great illustration of how no organization is safe from potential supply chain trouble.


Germany – Semikron

Exploit: Ransomware

Semikron: Semiconductor Manufacturer

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.529 = Severe

Semikron, a manufacturer of semiconductors for electric vehicles and industrial automation systems, has confirmed it has fallen victim to a ransomware attack, likely by the LV ransomware group. The attackers are demanding an unspecified ransom after stealing an estimated 2TB of documents and encrypting systems at the Nuremberg-based company. No specifications have been given for the exact data types stolen or the ransom amount demanded.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Service disruptions from cyberattacks can cost manufacturers and the companies that they supply a fortune.


Germany – The Association of German Chambers of Industry and Commerce (DIHK)

Exploit: Ransomware

The Association of German Chambers of Industry and Commerce (DIHK): Business Association

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.017 = Severe

The Association of German Chambers of Industry and Commerce (DIHK) has announced that it has been the victim of what it characterized as a “massive cyberattack”. The organization said that all internet connections at the organization were shut off as a way to address the issue, leading to phone, email and website outages that impacted all 79 local outposts to varying degrees. The DIHK is a business association that notes that it helps companies with legal issues, provides general support and promotes German businesses internationally.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Groups like this offer a great opportunity for cybercriminals to snatch profitable and useful data.


Luxembourg – Encevo Group

Exploit: Ransomware

Encevo Group: Energy Conglomerate

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.017 = Severe

The BlackCat/ AlphV ransomware group is allegedly responsible for a ransomware attack that landed on two subsidiaries of the Encevo Group, a Luxembourg-based energy supplier. The company disclosed that energy network operator Creos and supplier Enovos had been affected. The attack took down customer portals for both companies but did not affect the supply of electricity and gas. The Encevo Group is partially owned by the government of Luxembourg. The attackers claim to have stolen 150 GB of data that they said includes contracts, passports, bills and emails although that has not been confirmed by Creos, Enovos or the Encevo Group. 

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business The energy sector has been a popular target for the bad guys who are continuing to pound critical infrastructure with ransomware attacks.



1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident

Categories
The Week in Breach

The Week in Breach News: 27/07/22 – 02/08/22


A new ransomware group makes a splash and more supply chain security problems.



OneTouchPoint 

Exploit: Ransomware

OneTouchPoint: Business Services

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.772 = Severe

OneTouchPoint, a provider of mailing and printing services, fell victim to a ransomware attack that has resulted in the compromise of personally identifiable information (PII) stored on its system. The company discovered encrypted files on some of its systems on April 28. It was later determined that the attackers had accessed its network on April 27 determined that the compromised systems contained PII provided by its customers. 

cybersecurity news represented by agauge showing severe risk

Individual Risk: 2.335 = Severe

 Exposed information includes names, addresses, birth dates, date of service, description of service, diagnosis codes, information provided as part of a health assessment and member ID. OneTouchPoint lists 34 healthcare insurance carriers and healthcare services providers that have been impacted, but the number appears to be larger. 

How It Could Affect Your Business: This is going to end up costing this company a fortune in both incident costs and regulatory penalties.


NetStandard 

Exploit: Ransomware

NetStandard: MSP 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.672 = Severe

Kansas-based managed service provider NetStandard suffered a cyberattack that resulted in the company pressing pause on its MyAppsAnywhere cloud services, consisting of hosted Dynamics GP, Exchange, Sharepoint and CRM services. The MSP detected signs of a cyberattack last Tuesday morning and quickly shut down cloud services to prevent the attack’s spread. The company announced that only the MyAppsAnywhere services are affected, but news outlets report that the attack may have had a broader impact, with the company’s main site shut down as well.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Business MSPs have been squarely in cybercriminals’ sights as they concentrate firepower on the supply chain.


WordFly

Exploit: Ransomware

WordFly: Business Services

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.773 = Moderate

Email list provider WordFly has been the victim of a ransomware attack. WordFly’s main website is unavailable and has been offline for the past two weeks. The company says that they discovered the problem on July 10. WordFly said that they believe that customer data was accessed but they didn’t specify the nature of that data. The Smithsonian Museums, Canada’s Toronto Symphony Orchestra and the Courtauld Institute of Art in London are among the company’s clientele.   

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Business: Ransomware attacks on service providers in the supply chain are an ongoing problem that won’t be going away anytime soon.


DuPage Medical Group

Exploit: Hacking

DuPage Medical Group: Healthcare Organization 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.619 = Severe

Illinois-based DuPage Medical Group, an organization with more than 700 doctors in 100 locations, has been the victim of a cyberattack that exposed patient data. The incident occurred between July 12-13 and caused a network outage. An investigation determined that bad actors had likely accessed patient data. The medical group is notifying 600,000 patients that their personal information may have been compromised.  

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.619 = Severe

Illinois-based DuPage Medical Group, an organization with more than 700 doctors in 100 locations, has been the victim of a cyberattack that exposed patient data. The incident occurred between July 12-13 and caused a network outage. An investigation determined that bad actors had likely accessed patient data. The medical group is notifying 600,000 patients that their personal information may have been compromised.  

How it Could Affect Your Business: Healthcare is the industry with the highest data breach cost, and its’ been beleaguered by ransomware.



United Kingdom – Wooton Academy Trust

Exploit: Ransomware

Wooton Academy Trust: School Operator

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.304 = Severe

The Hive ransomware group is claiming responsibility for a ransomware attack against the Wooton Academy Trust, operators of Wooton Secondary School and the Kimberley college for 16-19-year-olds. The gang is demanding a $500,000 ransom, the amount it claims the school has available in cyber insurance. In an unusual twist, the gang allegedly messaged students and parents, informing them that they had stolen the students’ home addresses, bank details, medical records and even psychological reviews. The school says that the incident has affected scheduling for next year, along with the production of some grade sheets. It hopes to retrieve lost data from backups in order to resume normal operations within 10 days.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Cybercriminals have been going after schools consistently for the last few years as virtual learning pens up profit opportunities for them.


United Kingdom – Bromford Housing Association

Exploit: Hacking

Bromford Housing Association: Housing Assistance Organization

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.929 = Severe

Bromford Housing Association, a housing program with tenants across Gloucestershire, has been the victim of a cyberattack. Bromford manages 40,000 homes across central and southwest England, providing services for around 90,000 people. The company says it was forced to shut down its technology systems including communications, appointments and online payments. Clients are limited to service and payments by phone. There’s been no word on what if any data was stolen.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Service disruptions from cyberattacks can cost companies big in both productivity and reputation.


France – MDBA

Exploit: Hacking

MDBA: Defense Contractor

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.017 = Severe

A new cybercrime group claims that it has snatched data from European missile developer and manufacturer MDBA. The bad actors call themselves Adrastea and claim to have obtained 60GB of confidential data by exploiting vulnerabilities in the company’s network. Adrastea claims to have taken information about the company’s projects, OT, defense systems the company has worked on, and other sensitive data about military matters.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Cybercriminals are hungry for OT information and similar proprietary data, especially of this sensitive nature.


Italy – Italian Revenue Agency (Agenzia delle Entrate)

Exploit: Ransomware

Italian Revenue Agency (Agenzia delle Entrate): Government Agency 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.017 = Severe

A ransomware attack has hit the town of St Mary’s in Ontario, locking staff out of internal systems and encrypted data. The ransomware group LockBit has claimed responsibility. The cybercriminals uploaded a sample to their leak site containing directories corresponding to municipal operations like finance, health and safety, sewage treatment, property files, and public works. Town officials were quick to reassure citizens that essential municipal services like transit and water systems haven’t been impacted. No word on any ransom demand or if the municipality plans to pay. LockBit is also responsible for another attack on a small town this week, hitting Frederick, Colorado on July 14. The group is demanding $200,000 not to publish the data snatched from Frederick, CO. 

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business The bad guys know they have a higher chance of getting paid thanks to the time-sensitive nature of government services, making them prime targets



1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident

Categories
The Week in Breach

The Week in Breach News: 20/07/22 – 26/07/22


A new Twitter hack exposes data for 5.4 million accounts and LockBit scores hits on two municipalities.



Twitter 

Exploit: Hacking

Twitter: Social Media Network

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.783 = Moderate

Cybercriminals say that they’ve exploited a vulnerability in the Twitter platform to obtain data about 5.4 million accounts. Altogether, bad actors claim to have snatched data from 5.4 million accounts, with the data now up for sale on a hacker forum for $30,000. Twitter was alerted to the exploit in January 2022 and fixed it quickly, but the damage had already been done. The method used to scrape the data was similar to an attack on Facebook in 2021. Twitter has not confirmed or denied the attack as of press time, saying that the incident is under investigation.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Business: Cybercriminals are always happy to exploit vulnerabilities and security gaps that allow them to obtain data.


AllOne Health Resources, INC.

Exploit: Business Email Compromise (BEC)

AllOne Health Resources: Insurance Company

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.672 = Severe

AllOne Health Resources, Inc. Has experienced a data breach as the result of a business email compromise attack. The company says that an unauthorized party gained access to sensitive consumer data contained on its network after landing the BEC attack. According to AllOne Health, the company discovered the breach after it realized that the company’s finance department had sent several wire transfers to a fraudulently created bank account. That prompted an investigation which revealed that bad actors had gained access to an employee’s email account and snatched sensitive data.  

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.703 = Severe

Exposed information includes the names, addresses, dates of birth, driver’s license numbers, Social Security numbers and health information of 13,669 individuals.  

How It Could Affect Your Business A data security disaster in the healthcare sector is extra expensive and damaging after regulators weigh in.


Blue Cross and Blue Shield (BCBS) of Massachusetts

Exploit: Supply Chain Risk

Blue Cross and Blue Shield (BCBS) of Massachusetts: Insurance Company 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.701 = Severe

Blue Cross and Blue Shield (BCBS) of Massachusetts has filed a notice with the Maine Attorney General’s Office stating that the company had suffered a breach of employee pension data thanks to an insider incident at a vendor, LifeWorks US. BCBS of Massachusetts and BCBS of Massachusetts HMO Blue used the vendor for services related to employee pension plan payments. BCBS says that on May 17, 2022, a now former LifeWorks employee mishandled data by emailing spreadsheets containing identifiable information about BCBS employees to both their personal email address and the personal email address of another former LifeWorks employee.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Business: Supply chain risk is an ongoing problem that won’t be going away anytime soon, and cybercrime doesn’t even have to be involved for it to damage a business.


Entrust 

Exploit: Ransomware

Entrust: Software Company

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.776 = Severe

Digital security software maker Entrust has confirmed that it suffered a cyberattack where threat actors breached its network and stole data from internal systems. Entrust says that about two weeks ago, bad actors penetrated security and gained access to corporate data. The company maintains that data theft does not have an impact on its products and services. No ransomware group has claimed responsibility for the attack as of press time, and no ransom demand has been released. 

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business: Bad actors aren’t just looking for PII/PHI or financial data, they’re also in the market to steal data about OT and proprietary data.


Neopets 

Exploit: Hacking

Neopets: Video Game Website

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.304 = Severe

Virtual pet website Neopets has suffered a data breach that resulted in the theft of source code and a database containing the personal information of over 69 million members. A hacker on the dark web going by the name TarTarX is selling the source code and database for the Neopets.com website for four bitcoins. Neopets recently launched NFTs that will be an element in an upcoming online Metaverse game.  

cybersecurity news represented by agauge showing severe risk

Individual Risk: 2.215 = Severe

The data includes members’ usernames, names, email addresses, zip code, date of birth, gender, country, an initial registration email and other site/game-related information. 

How it Could Affect Your Business The bad guys are always hungry for big pools of data, and adding some source code to the mix makes it even better.


Gas South, LLC

Exploit: Hacking

Gas South, LLC.: Natural Gas Company 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.929 = Severe

Atlanta, Georgia natural gas provider Gas South has disclosed a data breach that may have exposed consumer data. The company says that an unauthorized party had access to its network between February 13 and February 23, 2022, with access to sensitive consumer data related to 38,000 individuals. Gas South is the largest natural gas provider in the Southeastern United States. 

cybersecurity news represented by agauge showing severe risk

Individual Risk: 2.215 = Severe

The consumer information exposed may have included customers’ Social Security numbers, driver’s license numbers and financial data.    

How it Could Affect Your Business Utilities and other infrastructure targets have been under the gun for the last year, with 14 of 16 critical infrastructure sectors hit by a cyberattack in 2021.



Qmunity

Exploit: Hacking

Qmunity: Non-Profit 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.017 = Severe

Non-profit Qmunity, a 2SLGBTQ+ resource and online community provider, says that its website has been hacked, leading to service disruptions. Cybercriminals injected malicious code into the site, deferring users to download apps and illicit third-party pages. Most website functions have been restored and no client or personal data stored was accessed. This is the second cyberattack aimed at a Vancouver-based 2SLGBTQ+ resource in the past few weeks. 

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Adding or adjusting links to be malicious is a signature trick of cybercriminals and they never stop using it.


The Town of St. Mary’s, Ontario 

Exploit: Ransomware

St. Mary’s, Ontario: Municipality 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.017 = Severe

A ransomware attack has hit the town of St Mary’s in Ontario, locking staff out of internal systems and encrypted data. The ransomware group LockBit has claimed responsibility. The cybercriminals uploaded a sample to their leak site containing directories corresponding to municipal operations like finance, health and safety, sewage treatment, property files, and public works. Town officials were quick to reassure citizens that essential municipal services like transit and water systems haven’t been impacted. No word on any ransom demand or if the municipality plans to pay. LockBit is also responsible for another attack on a small town this week, hitting Frederick, Colorado on July 14. The group is demanding $200,000 not to publish the data snatched from Frederick, CO. 

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Governments and agencies have been targets for ransomware because the bad guys know they have a higher chance of getting paid thanks to the time-sensitive nature of government services.



1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident

Categories
The Week in Breach

The Week in Breach News: 13/07/22 – 19/07/22


It’s game over for security at Bandai Namco, human error causes a breach at a UK college and Lending Tree admits they’ve been breached.



Narragansett Bay Commission

Exploit: Ransomware

Narragansett Bay Commission: Utility Company

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.783 = Moderate

The Narragansett Bay Commission has been hit with a ransomware attack. The utility runs sewer systems in parts of the Providence and Blackstone Valley areas in Rhode Island.  A spokesperson for the company said that the company experiences the encryption of data on some computers and systems in its network. However, service was not interrupted, and the utility does not store customer payment data. No word on what data was stolen or if the Narragansett Bay Commission paid a ransom.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Business: Experts have warned that utilities are key targets for cybercriminals looking for quick money.


Lending Tree

Exploit: Hacking

Lending Tree: Financial & Mortgage Services

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.672 = Severe

Mortgage giant Lending Tree, LLC recently confirmed that the company has experienced a data breach after cybercriminals discovered a code vulnerability on its website. According to a notice filed by the company, on June 3, 2022, Lending Tree discovered a code vulnerability on the company’s website that likely resulted in bad actors gaining access to sensitive personal information for customers. Lending Tree believes that the vulnerability was in place since mid-February 2022.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.703 = Severe

Exposed information varies depending on the individual, but may include client names, Social Security numbers, dates of birth and street addresses.

How It Could Affect Your Business The financial sector was at the top of the cybercriminal hit list in 2021 and that hasn’t changed in 2022.


Family Practice Center

Exploit: Hacking

Family Practice Center: Medical Clinic Operator

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.701 = Severe

Pennsylvania-based medical clinic chain Family Practice Center has experienced a data breach. The company filed a notice with the U.S. Department of Health and Human Services saying that on October 11, 2021, it was the target of a cyberattack that attempted to shut down its computer systems. This may have led to an unauthorized party gaining access to sensitive data about 83,969 patients.  

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.641 = Severe

The breached information includes a patient’s name, Social Security number, address, medical insurance information and health/ treatment information.

How It Could Affect Your Business: Medical facilities of all kinds should be strengthening security in response to non-stop threats in the sector.



United Kingdom – Morgan Hunt

Exploit: Supply Chain Risk

Morgan Hunt: Recruiting Firm

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.776 = Severe

British recruitment agency Morgan Hunt confirmed that it has experienced a data breach that resulted in intruders snatching personal data for some of the freelancers on its books. The recruiter pointed the finger at a third party service provider as the source of the problem. Impacted freelancers were sent a letter informing them of the incident.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.741 = Severe

The information accessed included contractors’ names, contact details, identity documents, proof of address documents (including any bank or building society statement provided), National Insurance number, and date of birth.

How it Could Affect Your Business: Cybercriminals are hungry for fresh stores of data, making service providers very attractive targets


United Kingdom – City College Norwich

Exploit: Human Error

City College Norwich: Institution of Higher Learning 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.304 = Severe

City College of Norwich is in hot water after an employee mistakenly sent the wrong information to a student’s family. A parent tipped off officials after they were sent an expected attachment in an email exchange with one of the college’s customer service team when she received an unanticipated attachment, a spreadsheet titled “P2E links for scheduled applicants”. That spreadsheet contained the personal data of hundreds of people associated with the college. The incident is under investigation.  

cybersecurity news represented by agauge showing severe risk

Individual Risk: 2.215 = Severe

The spreadsheet included names, telephone numbers, postal and email addresses and other identifying details of students and applicants.

How it Could Affect Your Business Humans will make mistakes, but training can help reduce the chance that employees make security errors like this one.



Japan – Bandai Namco

Exploit: Ransomware

Bandai Namco: Videogame & Toy Maker

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 1.929 = Severe

The ransomware group Black Cat is claiming responsibility for a ransomware attack that hit Japanese entertainment company Bandai Namco. The video gaming giant confirmed that the group’s companies in Asian regions, excluding Japan, were breached by a third party on July 3, 2022. Bandai Namco appeared on the cybercriminal operation’s dark web site immediately afterward. The company said that in a statement “It is a possibility that customer information related to the Toys and Hobby Business in Asian regions (excluding Japan) was included in the servers and PCs, and we are currently identifying the status about [the] existence of leakage, scope of the damage, and investigating the cause.” 

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Ransomware attacks on all sorts of businesses have soared in the last 12 months as cybercriminals search for new revenue streams.



Australia – Deakin University 

Exploit: Credential Compromise

Deakin University: Institution of Higher Learning

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.017 = Severe

Deakin University in Melbourne has experienced a data security incident. The username and password of a single staff member at Deakin University was hacked and then used to unlock private details of 46,980 past and current students. The hackers then used that data to send phishing messages to students. In the messages, the cybercriminals sent out two links, both of which took the student to a malicious form that phished for information including credit card details. The breach will be reported to the Office of the Victorian Information Commissioner (OVIC). 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.213 = Severe

Altogether, bad actors obtained the contact details of 46,980 past and current Deakin students. The haul included student names, IDs, mobile numbers, email addresses and even recent university results.

How it Could Affect Your Business Just one compromised credential can open organizations up to a world of hurt and an expensive security nightmare.



1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident

Categories
The Week in Breach

The Week in Breach News: 06/07/22 – 12/07/22


Marriott gets hit by ransomware.



Marriott International 

Exploit: Ransomware

Marriott International: Hotel Operator 

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.783 = Moderate

Marriott is looking at another big data breach after a group of cybercriminals claims to have stolen an estimated 20 gigabytes of data, including financial data like credit card information and confidential information about guests and workers from an employee at the BWI Airport Marriott in Baltimore. The group identified themselves as GNN or “Group with No Name” to media outlets and sent along samples of the purportedly stolen data. Marriott contends that the stolen data consisted of “non-sensitive internal business files regarding the operation of the property.” The incident remains under investigation. 

How It Could Affect Your Business: Hotels are a prime target for cybercriminals because they often have stores of valuable financial and personal data on guests.


American Marriage Ministries (AMM)

Exploit: Misconfiguration

American Marriage Ministries (AMM): Non-Profit  

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.617 = Moderate

American Marriage Ministries (AMM), a Seattle-based non-denominational religious organization that ordains wedding officiants, has suffered a data breach. Researchers say they’ve discovered 630 GB of data on about 185,000 officiants and roughly 15,000 married couples as well as their wedding guests exposed in an unsecured Amazon Web Services bucket. The data trove contained Ministers’ program application forms, over 500,000 ordination certificates and minister identification documents, and marriage licenses that contain details about newly wedded couples and more was included in the bucket. The incident was reported to FBI IC3.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Business SMBs that handle or store large amounts of data have been high on cybercriminal shopping lists, particularly in recent months.


SHI International

Exploit: Malware

SHI International: IT Services 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.601 = Severe

New Jersey-based IT services provider SHI international suffered a major business disruption over the July 4 weekend after being forced offline by a cyberattack. The company disclosed that the defensive measures it had been forced to take to stop the attack included taking SHI’s public websites and email offline while the attack was investigated. Website and email outages lasted for several days before finally being resolved about July 10. Customers were told that they could still access their representatives by phone throughout the incident which remains under investigation. 

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Business: MSPs, MSSPs and other IT/technical services providers have been frequent targets of cybercriminals recently and should strengthen security.


Yuma Regional Medical Centre (YRMC)

Exploit: Ransomware

Yuma Regional Medical Center (YMMC): Medical System

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.903 = Severe

A ransomware attack that landed on Yuma Regional Medical Center (YRMC) in Arizona has exposed the protected health information of an estimated 700,000 patients. The company has disclosed that it experienced the ransomware attack in late April and that an unauthorized individual had access to YRMC’s systems from April 21 to April 25, allowing them to steal a subset of files from the systems. There was no impact on patient care.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business: A data breach for a healthcare organization is especially damaging between incident costs and regulatory penalties.


WellDyneRx, LLC 

Exploit: Hacking

WellDyneRx, LLC: Pharmacy Benefits Management

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.304 = Severe

WellDyneRx has reported a data breach that resulted from unauthorized access to one of the company’s email accounts. The company filed a notice with the U.S. Department of Health and Human Services Office for Civil Rights regarding a data breach in December 2021, indicating that the company estimates the breach affected 38,401 individuals. WellDyneRX is a pharmacy benefit manager and oversees the administration of the pharmacy benefits portion of insurance policies on behalf of insurance companies at 65,000 retail pharmacies from major chains to mom-and-pop shops. 

cybersecurity news represented by agauge showing severe risk

Individual Risk: 2.215 = Severe

Cybercriminals may have accessed the names, dates of birth, Social Security numbers, driver’s license numbers, treatment information, health insurance information, contact information, prescription information, and other medical and healthcare-related information of individuals served by WellDyneRx.  

How it Could Affect Your Business It’s not just hospitals and doctor’s offices, medical services providers are also experiencing surging risk with big penalties for failure to keep data safe.



United Kingdom – Aon, PLC

Exploit: Hacking

Aon, PLC: Professional Services Provider 

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.829 = Moderate

AON, PLC, a U.K.-based company that handles risk mitigation for insurance, pension administration, and health insurance plans, has experienced a data breach that was recently disclosed in a notice on the Maine Attorney General’s Office website. Aon says that the data breach is believed to have affected as many as 31,799 individuals who have been informed via letter.  

cybersecurity news represented by a gauge indicating moderate risk

Individual Risk: 2.836 = Moderate

 The company says that an unauthorized party temporarily obtained documents that contained the names, driver’s license numbers, Social Security numbers, and some benefit enrollment information of plan enrollees.

How it Could Affect Your Business professional services companies are prime targets for bad guys that are on the hunt for rich stores of data.


France – La Poste Mobile

Exploit: Ransomware

La Poste Mobile: Telecommunications Company

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.206 = Extreme

The Lockbit ransomware group has claimed responsibility for a ransomware attack on French telecommunications giant La Poste Mobile. The virtual mobile telephone operator La Poste Mobile was walloped by a ransomware attack on July 4 that paralyzed administrative and management services. The company was forced to suspend operations on its website and customer areas as part of its incident remediation.   

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Telecoms are prime targets for ransomware because of the y cannot afford any network downtime, making them likely to pay the ransom fast.



1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident

Categories
The Week in Breach

The Week in Breach News: 29/06/22 – 05/07/22

July 06, 2022


An insider incident causes trouble for OpenSea, cybercriminals claim to have scored data from AMD and ransomware stops the presses at Macmillan plus.



Geographic Solutions Inc.

Exploit: Ransomware

Geographic Solutions Inc.: Software Company 

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.427 = Extreme

A ransomware attack on a major provider of software to state government agencies around the U.S. has resulted in website outages that impacted government services. Geographic Solutions provides workforce development, labor market information, and unemployment insurance software solutions to 35 U.S. states including Nebraska, Tennessee, Texas, Florida, North Carolina, California and Indiana. Labor department job search and unemployment program website outages left citizens and government officials scrambling. The company has engaged a third-party firm to help with the cleanup and most services have been restored.  

How It Could Affect Your Business: A data security incident at a service provider can be a disaster for any business and it will be especially damaging for the healthcare clients involved here.


California Department of Justice

Exploit: Human Error

California Department of Justice: State Government Agency 

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.617 = Moderate

The California Department of Justice has disclosed a messy data breach courtesy of its Firearms Dashboard Portal. In the course of an update in late June, user data for anyone who had applied for a concealed carry firearms permit from 2011 through 2021 using the site was exposed for an estimated 24 hours in an unsecured spreadsheet.  Data was also exposed on several other state-maintained gun-related online dashboards, including the Assault Weapon Registry, Handguns Certified for Sale, Dealer Record of Sale, Firearm Safety Certificate and Gun Violence Restraining Order dashboards. 

cybersecurity news represented by a gauge indicating moderate risk

Individual Risk: 2.613 = Moderate

User data that may have been exposed includes names, dates of birth, gender, race, driver license numbers, addresses, and criminal histories. Social Security numbers and financial information were not involved. 

How It Could Affect Your Business SMBs that handle or store large amounts of data have been high on cybercriminal shopping lists, particularly in recent months.


Napa Valley Community College

Exploit: Ransomware

Napa Valley Community College: Institution for Higher Learning 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.601 = Severe

Napa Valley College has experienced a ransomware attack that resulted in its website and network systems being knocked offline. The incident, which started over two weeks ago, knocked systems including the college’s on-campus telephones and employee email accounts out, leaving social media and an athletic department website run on a separate network as the only communication channels for the college. Professors and staff have since had email restored.  The college also announced that it will continue teaching summer-session classes both in-person and remotely using an online platform that includes email and communication with professors. The incident is under investigation. 

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Business: The education sector has been hammered by cyberattacks for the last few years impacting schools at every level.


OpenSea

Exploit: Insider Threat

OpenSea: Non-Fungible Token Marketplace 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.903 = Severe

NFT giant OpenSea has had a data breach caused by an employee at a third-party service provider misusing their access to data. OpenSea announced last week that an employee of email vendor Customer.io, misused their employee access to download and share email addresses of OpenSea’s users and newsletter subscribers with an unauthorized external party. Customer.io told TechCrunch that the culprit was likely an employee who abused their role-specific access privileges and that no other company’s data was involved in this incident.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business: Finance sector organizations have been at the top of the cybercriminal hit list, especially crypto-related entities.


New Peoples Bank

Exploit: Hacking

New Peoples Bank: Financial Institution 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.304 = Severe

New Peoples Bank, a bank with branches in Virginia, West Virginia and Tennessee, has announced that it has experienced a data breach. An unauthorized person accessed bank systems on June 9, leading to data exposure for customers as well as disrupting banking and financial services. The bank is providing one year of free credit monitoring for impacted clients. Services have since been restored.

cybersecurity news represented by agauge showing severe risk

Individual Impact: 2.383 = Severe

New Peoples Bank, a bank with branches in Virginia, West Virginia and Tennessee, has announced that it has experienced a data breach. An unauthorized person accessed bank systems on June 9, leading to data exposure for customers as well as disrupting banking and financial services. The bank is providing one year of free credit monitoring for impacted clients. Services have since been restored.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Banks of every size are a likely target of ransomware attacks and need to take extra security precautions.


Advanced Micro Devices (AMD) 

Exploit: Hacking

Advanced Micro Devices (AMD): Semiconductor Company 

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.822 = Moderate

Chipmaker AMD is investigating a security breach after cybercrime gang RansomHouse, published a claim that they have obtained the company’s data. claims to have breached AMD on January 5 to steal 450GB of data. The group claims to be targeting companies with weak security, boasting that it was able to compromise AMD due to the organization’s weak passwords. In addition to the passwords, RansomHouse claims to have snatched network files and system information from AMD as well.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Manufacturers aren’t safe from cybercriminals looking to snatch information about operational technology.



United Kingdom – Macmillan Publishing

Exploit: Ransomware

Macmillan Publishing: Media Company 

cybersecurity news gauge indicating extreme risk

Risk to Business: 2.206 = Severe

Major publisher Macmillan has experienced a ransomware attack that impacted its offices and warehouses in the U.S. and U.K.. The late June incident caused the company to shut down all of its IT systems. The company said in a statement that “certain files on its network” had been encrypted. Macmillan employees were briefly unable to access email and sales representatives shared that there may be publishing delays as a result of the attack.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Companies that handle time-sensitive business are prime targets for cybercriminals looking for a quick payoff.


United Kingdom – Apetito 

Exploit: Hacking

Apetito: Meal Delivery Service 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.922 = Severe

UK meal delivery company Apetito has announced that meal service to thousands of people in western England was disrupted for several days due to a cyberattack. Apetito delivers ready-to-eat meals to hospitals, elder care facilities, schools, childcare facilities and the homes of vulnerable people. The attack also impacted Apetito’s subsidiary Wiltshire Farm Foods, which delivers frozen heat-and-eat meals. Service was expected to be restored around July 4.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Service providers have been popular targets for cybercriminals hunting for data to sell.


Austria – The Medical University of Innsbruck 

Exploit: Ransomware 

The Medical University of Innsbruck: Institution of Higher Learning 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.922 = Severe

The ransomware group Vice Society has claimed responsibility for a ransomware attack against the Medical University of Innsbruck. That attack took place last week, causing major disruptions and resulting in data exposure. A report in Bleeping Computer noted that the attack forced the university’s IT team to reset all 3,400 student and 2,200 employee account passwords in an arduous process that required everyone to personally collect their new credentials manually. Operations have since been restored. Vice Society has posted a sample of the stolen documents on its website. 

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Universities are major targets for cyberattacks thanks to the amount of data they store and the need to maintain constant uptime.



1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident

Categories
The Week in Breach

The Week in Breach News: 22/06/22 – 28/06/22


Two automotive companies get hit by ransomware and, a remarkable tale of a data loss incident for one Japanese city.



Flagstar Bank

Exploit: Hacking

Flagstar Bank: Banking & Financial Services

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.617 = Severe

Flagstar Bank disclosed that they’ve had a data breach that impacts an estimated 1.5 million customers. The Michigan-based bank says that the cyberattack occurred on Dec. 3 and Dec. 4, 2021. However, the company did not determine who was affected until June 2022. The data breach happened during Flagstar Bancorp’s acquisition by New York Community Bank. The US financial organization is headquartered in Michigan and operates over 150 branches in areas including Indiana, California, Wisconsin, and Ohio. 

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.878 = Severe

The only available information about the breached data says that the Social Security numbers were exposed.

How It Could Affect Your Customers’ Business: Banking & Finance was the sector that experienced the most cyberattacks including ransomware in 2021.


ADM Associates, Inc.

Exploit: Hacking

ADM Associates: Energy Consulting 

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.785 = Moderate

Energy evaluation company ADM Associates has reported a data breach impacting consumers. The company said that between August and September 2021 an unauthorized individual may have accessed and acquired certain information from its systems. ADM associates does energy research and evaluation for public utility companies. Affected individuals have been informed via letter and the company is offering free credit monitoring.  

cybersecurity news represented by a gauge indicating moderate risk

Individual Risk: 2.831 = Moderate

Exposed information may include customer PII including names, addresses and other identifying data as well as sensitive financial information and Social Security numbers.

How It Could Affect Your Business SMBs that handle or store large amounts of data have been high on cybercriminal shopping lists, particularly in recent months.


Atrium Health

Exploit: Phishing

Atrium Health: Medical System 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.601 = Severe

North Carolina-based Atrium Health has announced a data breach impacting 7,000 patients. The healthcare provider says that an employee at Atrium Health at Home fell victim to a phishing attack, resulting in bad actors accessing that employee’s email and messaging account in April 2021. Atrium is mailing letters to the affected patients and hasn’t determined whether the unauthorized user accessed the protected health information in the accounts. 

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.733 = Severe

Patient PII that was exposed included names, addresses, dates of birth and health insurance information. A limited number of patients may have also had their Social Security numbers, driver’s license numbers and financial account numbers compromised in the breach.    

How It Could Affect Your Business: Healthcare data is always a desirable commodity for bad actors and letting them get their hands on it is always an expensive mistake for healthcare providers.



Brazil – Fast Shop

Exploit: Ransomware

Fast Shop: Online Retailer 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.872 = Severe

 A ransomware attack at Brazilian retailer Fast Shop ended up shutting down the company’s online store briefly. The outage impacted the company’s main website, mobile apps and online ordering system. An unnamed hacking group claimed that they’ve snatched the company’s data from various cloud services including AWS, AZURE, GITLAB and IBM cloud including source codes, PCI data, and various user and corporate data. Bad actors also took control of the company’s Twitter account where they announced the breach.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business: Cybercriminals love to hit online retailers because of the possibility they’re storing profitable sensitive personal and financial customer data



United Kingdom – Yodel 

Exploit: Ransomware

Yodel: Logistics Company

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.183 = Severe

UK delivery company Yodel has experienced a suspected ransomware attack that has disrupted its services. Yodel’s tracking and customer services went down over the weekend as a result of the attack and the company is working to restore its services. The firm says that it doesn’t hold any customer payment information, and Yodel is currently investigating whether any personally identifiable information (PII) pertaining to clients has been taken. 

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Aside from the initial expense, ransomware can also lead to lost productivity, lost business and reputation loss.



Japan – Nichirin

Exploit: Ransomware

Nichirin: Auto Parts Manufacturer 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.206= Severe

Auto hose manufacturer Nichirin has announced that its U.S. subsidiary, Nichirin-Flex USA, has experienced a ransomware attack. The incident has caused the company to take production and technology systems offline, potentially impacting the manufacturing and delivery of customer orders. The firm’s website was briefly taken offline, and the damage appears to have been limited to the company’s U.S. operations.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Manufacturers aren’t safe from cybercriminals looking to score fast payments to prevent supply chain disruption.


Japan – TB Kawashima

Exploit: Ransomware

TB Kawashima: Auto Parts Manufacturer

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.206 = Severe

In this week’s second incident at a Japanese auto parts company, automotive fabrics company TB Kawashima has disclosed that it has been the victim of a ransomware attack. The LockBit group has claimed responsibility. TB Kawashima is a division of Toyota Boshoku of the Toyota Group of companies. The company’s website was knocked offline, but they expect minimal impact on production or sales.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Manufacturers that are linchpins in a supply chain are prime targets for hackers these days.


Japan – The City of Amagasaki

Exploit: Insider Threat (Employee Mistake)

Amagasaki: Municipal Government 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.772 = Severe

In this week’s most interesting breach tale, the city of Amagasaki, Japan has found itself embroiled in a data breach thanks to the actions of one careless worker. A contractor who was working for this city to disburse pandemic subsidies took a USB drive containing numerous city records out of the office. But rather than heading straight home, the worker decided to go out on the town. That resulted in the worker passing out in the street and losing the bag containing the USB and all that city data.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.613 = Severe

The USB contained names, birth dates, addresses, tax details, banking information and social security records for city residents.  

How it Could Affect Your Business Data stored on physical devices is data that can be more easily misplaced or lost with careless handling.



1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident

Categories
The Week in Breach

The Week in Breach News: 15/06/22 – 21/06/22


Healthcare and education have a bad week nad political hacking intrigue in Germany. 




Kaiser Permanente

Exploit: Credential Compromise

Kaiser Permanente: Healthcare Provider 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.176 = Severe

A data breach at healthcare and insurance giant Kaiser Permanente has exposed the personal information and health data of patients in the state of Washington. The company says that an unauthorized party gained access to its systems through a compromised employee email account in April 2022. The U.S. Department of Health and Human Services Office for Civil Rights reports that 69,589 records were potentially exposed as a result of the email security slip-up at Kaiser’s Washington unit. 

cybersecurity news represented by agauge showing severe risk

Individual Risk: 2.278 = Severe

Exposed data includes a patient’s first and last name, medical record number, dates of service, and laboratory test result information of the health plan provider. 

How It Could Affect Your Business: This will be an expensive employee mistake (and training failure) once regulators get finished with penalties for this incident.


Comstar

Exploit: Hacking

Comstar: Medical Billing Service 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.742 = Severe

U.S. ambulance billing service Comstar has disclosed that it has exposed sensitive information belonging to medical patients. The company stated that it notices suspicious activity in March 2022, and an investigation determined that certain systems on Comstar’s network were subject to unauthorized access, but investigators were ultimately unable to confirm what specific information on those systems was accessed.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.861 = Severe

Exposed information may include patient names, dates of birth, information regarding medical assessment and medication administration, health insurance information, drivers’ licenses, financial account information, and Social Security numbers.

How It Could Affect Your Business Any breach that involves healthcare data is going to cost the company a pretty penny in clean-up and fines.


Robert Half

Exploit: Credential Stuffing

Robert Half: Staffing Company

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.601 = Moderate

Robert Half has determined that more than 1000 job seekers and employees placed by the firm had their accounts accessed by an unauthorized source between April 26 and May 16, 2022, exposing potentially sensitive information that may have been stolen. The company says that there is no evidence that the information was actually accessed or downloaded, and current users are required to update their passwords.  

cybersecurity news represented by a gauge indicating moderate risk

Individual Risk: 2.612 = Moderate

The release disclosed that the targeted accounts stored information such as name, address, and social security number, as well as wage and tax information. The company noted that bank account numbers for direct deposits are stored in these accounts, but only the last four digits are visible.

How It Could Affect Your Business: Teaching employees to make good, strong passwords and handle them safely with security awareness training prevents problems like this.


Eyecare Leaders

Exploit: Hacking

Eyecare Leaders: Medical Records Service 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.872 = Severe

An estimated two million eyecare patients may have had their personal and health data exposed by medical billing service Eyecare Leaders. 1.3 million of those patients sought treatment at Texas Tech University Health Sciences Center. The company, provider of the myCare Integrity electronic medical record platform has disclosed that it suffered a data security incident in December 2021 that resulted in “the deletion of databases and systems configuration data”. Over 20 other eyecare practices have also had patient data exposed in this incident.  

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.721 = Severe

The customer data that was compromised may include names, Social Security numbers, tax ID numbers, driver’s license numbers, passport numbers, financial account/payment card account numbers, and medical or health insurance information.

How it Could Affect Your Business: Service providers can be a source of data breach risk and an incident like this will be very expensive for every organization involved.



Memorial University

Exploit: Employee Error 

Memorial University: Institution of Higher Learning

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.077 = Severe

Students at Memorial University have been informed that their data has been exposed after an employee error. The blunder involved a university employee sending the wrong data to several students. About 1,000 students received emails that contained other students’ personal information, according to a statement from Memorial.  

cybersecurity news represented by agauge showing severe risk

Individual Risk: 2.021 = Severe

Leaked details included names, email addresses, student numbers and programs of study. No financial or medical data was included. 

How it Could Affect Your Customers’ Business Employee errors can lead to big headaches and big bills to clean up the messes left behind.


Regina Public Schools 

Exploit: Ransomware

Regina Public Schools: Local Education Authority

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.206= Severe

Regina Public Schools are experiencing technical difficulties in the wake of a late-May cyberattack. The ransomware group BlackCat has claimed responsibility. The group claims to have encrypted 500 gigabytes of files belonging to RPS. BlackCat has also said that the group now possesses employee data from a wide range of sources like tax reports, health information, passports and social insurance numbers, but the school system disputes those assertions. Many schools are still experiencing internet outages, leaving teachers unable to access learning tools, grading systems and other educational assets. Services are slowly being restored. 

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Schools, universities and colleges have been prime targets for cybercrime since the start of the global pandemic and need to take extra precautions.



Germany – The Green Party

Exploit: Hacking

Green Party: Political Group

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.206 = Severe

The German Green party has disclosed that its IT system was hit by a cyberattack last month. The party is part of Germany’s ruling coalition. Ultimately, 11 email accounts were impacted including email accounts belonging to Foreign Minister Annalena Baerbock and Economy Minister Robert Habeck. The hacked accounts were compromised in such a way that some emails were forwarded to addresses outside the party, possibly in Russia according to Der Spiegel. Both politicians have publicly taken anti-Russia stances. 

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business An unprecedented wave of hacking has emerged in the wake of Russia’s invasion of Ukraine with far-reaching ripples.



South Africa – Shoprite Holdings Ltd.

Exploit: Ransomware 

Shoprite Holdings Ltd.: Supermarket Chain 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.613 = Severe

Africa’s largest supermarket chain has been hit by a ransomware attack. The company warned customers in Eswatini, Namibia and Zambia, that their personal information might have been compromised due to a cyberattack. The RansomHouse group has claimed responsibility for the attack, posting an evidence sample of 600GB of data it claims it stole from the retailer to its dark web site. The attackers were quick to ridicule Shoprite’s cybersecurity practices as part of its leak announcement.

Individual Impact: No specific information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Ransomware is always a business disaster that costs a company time, money and reputation with a long, painful recovery.



1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident

Categories
The Week in Breach

The Week in Breach News: 08/06/22 – 14/06/22


More trouble for two of 2021’s most ransomware-prone sectors and a detailed map of exactly how ransomware hit a Japanese hospital.



Tenafly Public Schools

Exploit: Ransomware

Tenafly Public Schools: Local Government Entity 

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.827 = Moderate

Tenafly Public Schools was forced to cancel student final exams and resort to low-tech teaching methods to finish out the school year after ransomware had encrypted data on some computers in the district’s network. A Tenafly Public School District spokesperson said that administrators first identified the security incident Thursday and discovered that it involved the encryption of data by ransomware on some computers in the district’s network. The spokesperson went on to explain that the district’s technology department responded by isolating devices, shutting down the districtwide computer system, launching an investigation and hiring outside cybersecurity experts. No word on whether or not a ransom was or will be paid.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Business: Schools and education sector organizations at every level have been prime targets for cybercrime in the last few years.


Private Client Services, LLC.

Exploit: Hacking

Private Client Services LLC. : Financial Services

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.801 = Severe

Private Client Services, LLC (“PCS”) has disclosed a data breach that the company is blaming on an unauthorized party gaining access to sensitive consumer information through a compromised employee email account. The company sent data breach letters to 22,554 impacted people on May 27, 2022.

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.822 = Severe

According to PCS, the breach resulted in the names, Social Security numbers, driver’s license numbers and state identification numbers being compromised. 

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Business Financial Services & Banking was the sector that experience the most ransomware attacks in 2021 and that pace isn’t slowing down.


Aesto Health

Exploit: Hacking

Aesto Health: Medical Information Services Provider 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.976 = Severe

Aesto Health has announced it recently experienced a cyberattack that caused disruption to certain internal IT systems. The Alabama-based company disclosed that it had experienced a security breach that was detected on March 8, 2022. Aesto Health has brought in a third-party computer forensics company to assist with the investigation. They’ve also determined that an unauthorized individual had access to the affected systems from December 25, 2021, to March 8, 2022.

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.915 = Severe

A review of the affected files confirmed they contained patients’ protected health information, including names, dates of birth, physician names, and report findings related to radiology imaging at Osceola Medical Center (OMC) in Wisconsin. No Social Security numbers or financial information were viewed or stolen, and OMC systems and electronic medical records were unaffected.   

How It Could Affect Your Business: Healthcare providers in the US don’t just have to worry about the standard expenses of a data breach, they face big regulatory penalties too.


OnDeck Capital

Exploit: Hacking

OnDeck Capital: Financial Services

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.872 = Severe

OnDeck has disclosed that the company experienced a data breach after an unauthorized party gained access to the company’s computer network and transferred sensitive data to a private cloud storage account. OnDeck says that it first detected suspicious activity on March 10 and immediately shut down access to all affected devices. But three days later, OnDeck determined that the attackers had copied sensitive data to a private cloud storage account. On March 17, OnDeck’s team of investigators gained control over the cloud storage account, recovered the data, and shut down access, but there’s no word on what the threat actor might have done with the data.   

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.721 = Severe

The customer data that was compromised may include names, Social Security numbers, tax ID numbers, driver’s license numbers, passport numbers, financial account/payment card account numbers, and medical or health insurance information.

How it Could Affect Your Business: Entities in the financial services sector need to take extra precautions against trouble because it was 2021’s hardest hit sector for ransomware attacks.



Canada – CMC Electronics

Exploit: Ransomware

CMC Electronics: Aerospace & Defense Engineering

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.317 = Severe

The Canadian Department of National Defense (DND) confirmed earlier this week that a defense contractor, CMC Electronics, has alerted the government that it had experienced a cyberattack, suspected to be ransomware, in May. The company says that there is no indication to date that those responsible for the cyberattack have stolen any sensitive military information. The attack was allegedly carried out by the BlackCat ransomware group.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Cybercriminals aren’t just hunting for PII, they’re also in the market for proprietary data, formulas, research and information about operational technology.



Italy – City of Palermo

Exploit: Ransomware

City of Palermo: Municipal Government

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.033= Severe

The cybercrime group Vice Society ransomware group has claimed responsibility for the recent ransomware attack on the city of Palermo in Italy last Friday. The incident has caused a large-scale outage for city services that impacts 1.3 million people. Most internet-reliant services remain unavailable and are expected to be down for days. Vice Society claimed they were behind the attack on Palermo in a post on their dark web data leak site, threatening to publish all stolen documents if not paid. No word on the ransom amount or if the city plans to pay.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Governments and government agencies have been high on the cybercriminal’s shopping list partly due to the high possibility of getting paid.



Japan – Handa Hospital

Exploit: Ransomware

Handa Hospital: Medical Center

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.780 = Severe

Handa Hospital in Tsurugi, Tokushima Prefecture, Japan has announced that it has been the victim of a ransomware attack. Investigators say that the October 2021 cyberattack occurred after a company that was involved in providing an electronic medical record system for the hospital had disabled anti-virus software on the hospital’s computers. Investigators laid out the chain of events and it is a lesson in security woes. Before the cyberattack occurred, the service provider configured the Windows settings of about 200 computers connected to the electronic medical record system to disable functions including anti-virus software and regular Windows updates because they made the electronic medical record system unstable. Investigators also determined that other circumstances contributed to the problem. Windows was never updated on the computers at the hospital and the hospitals’ VPN had never been updated. The investigation ultimately determined that the cybercriminals exploited defects in the hospital’s VPN device and made an unauthorized intrusion to have the ransomware infect the hospital’s system. 

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business This is a great illustration of the unfortunate sequence of events that can lead to disaster.


1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident