MSnet

Ransomware hits Foxconn and more cyberattack trouble for governments around the world.

City of Portland, OR

Exploit: Business Email Compromise 

City of Portland, OR: Municipal Government 

Risk to Business: 1.726 = Severe

Bad actors struck the city of Portland, Oregon in an audacious business email compromise attack that resulted in a $1.4 million fraudulent transaction with city funds in April. City officials say that cybercriminals obtained the money after gaining access to a city email account illegally. The compromise was detected in May when the same account attempted another transfer of funds. The incident is under investigation by the FBI, U.S. Secret Service and the Portland Police Bureau.

How It Could Affect Your Business: From municipalities to major national agencies, government targets have been a favourite of cybercriminals in the last few years.

City of Alexandria, LA

Exploit: Ransomware

City of Alexandria, LA – Municipal Government

Risk to Business: 2.733 = Moderate

The AlphV ransomware gang has added the city of Alexandria, Louisiana to its list of victims. Officials confirmed that the city of 50,000 had fallen victim to a ransomware attack. They don’t believe that any sensitive data was stolen, and city operations will proceed as normal. This is the 22nd reported incident affecting a local government in the U.S. this year. 

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Business Governments have been high on the cybercriminal’s shopping list since they tend to have big data stores.

Mexico – Foxconn

Exploit: Ransomware

Foxconn: Electronics Manufacturing

Risk to Business: 1.349 = Extreme

A major factory for Foxconn located in Tiajuana, Mexico near the California border was hit by a ransomware attack in late May that resulted in a shutdown. The plant specializes in the production of medical devices, consumer electronics and industrial operations. The operators of LockBit have claimed responsibility for the attack.  

How It Could Affect Your Business: Manufacturers have been popular targets for cybercriminals, ranking number one for ransomware attacks in 2021.

Costa Rica – Costa Rican Social Security Fund (CCSS)

Exploit: Ransomware

Costa Rican Social Security Fund (CCSS): Government Agency

Risk to Business: 1.872 = Severe

The Costa Rican Social Security Fund (CCSS)was forced to shut down its digital record-keeping system last week due to a ransomware attack, affecting some 1,200 hospitals and clinics. Officials say that 30 of 1500 of its servers were impacted and they saw no evidence that a critical database or system was compromised. For weeks, Costa Rica has been under siege by ransomware, with a parade of government agencies taking big hits.  

How it Could Affect Your Business: Costa Rica has been continually having problems with cyberattacks to the point that it is having an effect on the government’s stability.

Switzerland – Novartis

Exploit: Ransomware

Novartis: Pharmaceutical Company

Risk to Business: 2.717 = Moderate

Novartis has been the victim of an attack by the Industrial Spy data-extortion gang. Last week, the group began selling data allegedly stolen from Novartis on their Tor extortion marketplace for $500,000 in bitcoins. The threat actors claim that the data that they have for sale is related to RNA and DNA-based drug technology and tests from Novartis. The drug company says that no sensitive information was taken. Bleeping Computer reports that the data being sold consists of 7.7 MB of PDF files, which all have a timestamp of 2/25/2022 04:26, likely when the data was stolen. 

How it Could Affect Your Business Cybercriminals aren’t just hunting for PII, they’re also in the market for proprietary data, formulas, research and information about operational technology

Russia – Rustam Kurmaev and Partners

Exploit: Hacking

Rustam Kurmaev and Partners: Law Firm 

Risk to Business: 2.733-Moderate

The Anonymous hacktivists collective claims to have struck another Russian organization. The group leaked approximately 1TB of data from a leading Russian law firm identified as Rustam Kurmaev and Partners (RKP Law). The firm works with major banking, media, oil, and industrial firms and state interests. This incident follows on the heels of another incident two days before in which the collective snatched hundreds of gigabytes of data from the servers of Russia’s largest media holding with over 100 regional radio stations, Vyberi Radio.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Anonymous and its’ associates have been continually hammering at Russian targets in opposition to the Russian invasion of Ukraine.

Australia – iCare 

Exploit: Insider Risk (Employee Error)

iCare: Insurer

Risk to Business: 1.780 = Severe

State insurer iCare is in the hot seat after an employee mistakenly shared the details of almost 200,000 injured workers with 587 employers and insurance brokers after sending the incorrect cost of claims analysis reports to the wrong recipients. The employee information was contained in spreadsheets that were mistakenly sent as attachments to the wrong employers. The company sent impacted workers an apology for the incident in May 2022.  

Risk to Individual: 2.263 = Severe

The missent cost of claims reports included a summary of workers’ claims history, their name, date of birth and injury category, workers’ policy number, a breakdown of weekly payments, claim costs and gross amounts paid, but no banking or contact details. 

How it Could Affect Your Business Employee mistakes can be just as dangerous, damaging and expensive as many cyberattacks.

Australia – ACY Securities

Exploit: Misconfiguration

ACY Securities: Financial Services

Risk to Business: 1.871 = Severe

A misconfigured database owned by ACY Securities is to blame for the exposure of personal and financial data of users and businesses. An estimated 60GB worth of data was left exposed and accessible on the web without any security authentication. The data has since been secured.

Risk to Individual: 2.643 = Severe

Spirit Super says that the information potentially exposed includes client names, addresses, ages, email addresses, telephone numbers, member account numbers and member balances. The company was quick to assure members that the exposed data doesn’t include dates of birth, government identification numbers or any bank details. 

How it Could Affect Your Business This will be a very expensive employee mistake that could have far-reaching effects and regulatory complications.

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident

Government and education targets continue to be rocked by ransomware and GM experiences credential stuffing.

North Orange County Community College District

Exploit: Ransomware

North Orange County Community College District: Institution of Higher Learning

Risk to Business: 2.667 = Moderate

North Orange County Community College District in California has been notifying more than 19,000 people about a data security incident. A statement on the school’s website disclosed that Cypress College and Fullerton College in the NOCCCD system experienced a ransomware attack in March 2022. The notice was also posted to the website for Fullerton College for International Students and the Cypress College on-campus Dental Hygiene Clinic, but no confirmation that students in these locations were impacted.

Risk to Individual: 2.901 = Moderate

Exposed information may include a student’s name and passport number or other unique identification number issued on a government document (such as Social Security number or driver’s license number) and possibly financial account information and/or medical information for some students. 

How It Could Affect Your Business: Schools have been a favourite target of bad actors and school system databases are popular targets because they often hold big stores of information.

Somerset County Government

Exploit: Ransomware

Somerset County Government: Local Government

Risk to Business: 1.963 = Severe

The government of Somerset County, New Jersey with an estimated population of about 350,000, announced on Tuesday that a ransomware attack had caused some systems outages. The county government said that its email system was down. County offices were using temporary Gmail accounts to enable residents to contact critical departments such as the County Commissioners, Health, Emergency Operations, the County Clerk, Sheriff and Surrogate. The county says that it expects the outages to continue for a week. The County Clerk’s office also disclosed that it has been rendered unable to provide most services that require internet access, including gaining access to land records, vital statistics, probate records and title searchers before 1977 In response, the county has activated its Emergency Operations Center and Continuity of Operations of Government Plan.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Business Governments have been high on the cybercriminal’s shopping list since they tend to have big data stores.

Verizon

Exploit: Hacking

Verizon: Wireless Network Provider

Risk to Business: 2.802 = Moderate

Verizon has announced that hackers obtained access to a database. The hacked database includes the full name, email address, corporate ID numbers, and phone number of hundreds of Verizon employees. According to reports, the hacker contacted Verizon to ask for an extortion payment of $250,000 to prevent the release of the stolen data. Verizon has said that they do not plan to pay.

Risk to Business: 2.773 = Moderate

Information exposed in the database includes employee names, email addresses, corporate ID numbers, and phone numbers. Verizon says that the database does not include Social Security Numbers, passwords or credit card numbers.

How It Could Affect Your Business: Data security must be a priority for protecting employee PII as well as customer PII.

General Motors (GM)

Exploit: Credential Stuffing

General Motors (GM): Automobile Manufacturer

Risk to Business: 2.872 = Moderate

General Motors (GM) has announced that it was hit by a credential stuffing attack last month that exposed customer information. GM said that they detected the malicious login activity between April 11-29, 2022, and that hackers obtained access through credential stuffing. GM said in a statement “We believe that unauthorized parties gained access to customer login credentials that were previously compromised on other non-GM sites and then reused those credentials on the customer’s GM account.” The bad actors also redeemed loyalty points from some customers’ accounts for gift cards.

Risk to Individual: 2.583 = Moderate

Customer data that was exposed in this incident includes first and last names, personal email addresses, home addresses, usernames and phone numbers for registered family members tied to the account, last known and saved favorite location information, currently subscribed OnStar package (if applicable), family members’ avatars and photos (if uploaded), profile pictures and search and destination information, car mileage history, service history, emergency contacts and Wi-Fi hotspot settings (including passwords).

How it Could Affect Your Business: Dark web data is a credential compromise hazard that can bite any business big or small leading to a data exposure disaster. 

Scarborough Health Network

Exploit: Hacking

Scarborough Health Network: Healthcare Network

Risk to Business: 1.917 = Severe

Toronto healthcare provider Scarborough Health Network has disclosed that it has experienced a data breach. Officials say that an unauthorized actor gained access to the organization’s systems around January 25, 2022. The attacker was shut out of the system by February 1, 2022. The information of anyone treated before February 1, 2022, may have been compromised. The organization says that patients who received care prior to the amalgamation of SHN Centenary Hospital (also known as Scarborough Centenary Hospital), SHN General (also known as Scarborough General), and Birchmount Hospital (also known as Scarborough Grace) under one network in 2016 might be impacted as well as patients who received care at hospitals that were part of the former Rouge Valley Hospital Network, including RVHS Ajax and Pickering Campus or Ajax-Pickering Hospital.

Risk to Business: 1.917 = Severe

The health network says a big pool of information may have been accessed, including patients’ names, dates of birth, marital statuses, home addresses, phone numbers, email addresses, OHIP numbers, insurance policy numbers, lab results, diagnosis information, COVID-19 immunization records. Staff names and numbers may have also been accessed. 

How it Could Affect Your Business Medical data is very profitable for the bad guys, and data security incidents are sure to be expensive for medical systems.

Austria – Government of Carinthia

Exploit: Ransomware

Government of Carinthia: Regional Government

Risk to Business: 1.733-Severe

The Black Cat ransomware gang has struck the government of the Austrian state of Carinthia, demanding a ransom of $5 million. The government of Carinthia disclosed that 3,000 IT workstations were affected. Among services that were impacted by this incident include the issuance of passports and the payment of traffic fines. It doesn’t plan to pay the attackers.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Ransomware is a go-to attack against governments because bad actors gave had plenty of success getting them to pay up.

Turkey – Pegasus Airlines

Exploit: Misconfiguration

Pegasus Airlines: Air Carrier

Risk to Business: 1.963 = Severe

Turkish carrier Pegasus Airlines has disclosed that data including the personal information of flight crew alongside source code and flight data has been exposed as the result of a misconfiguring an AWS bucket. Researchers discovered an estimated 23 million files were found on the bucket, totaling around 6.5TB of leaked data. This included over three million files containing sensitive flight data including flight charts and revisions, insurance documents, details of issues found during pre-flight checks and information on crew shifts. Over 1.6 million of the exposed files contained personally identifiable information (PII) on airline crew, including photos and signatures. Source code and data from Pegasus’s proprietary software was also exposed, including plain text passwords and secret keys.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Employee mistakes can be just as dangerous, damaging and expensive as many cyberattacks.

Australia – Spirit Super

Exploit: Phishing 

Spirit Super: Financial Services

Risk to Business: 2.771 = Severe

Spirit Super has announced that a cyberattack caused by an employee falling for a phishing message is the cause of a cyberattack that has led to data exposure for an estimated approximately 50,000 member records from 2019/2020. The company said that the incident was quickly mitigated, and the damage contained, with new security measures added. 

Risk to Individual: 2.643 = Severe

Spirit Super says that the information potentially exposed includes client names, addresses, ages, email addresses, telephone numbers, member account numbers and member balances. The company was quick to assure members that the exposed data doesn’t include dates of birth, government identification numbers or any bank details. 

How it Could Affect Your Business Phishing is the first step in more than 90% of data breaches, making stopping it a top security priority.

Australia – National Disability Insurance Scheme (NDIS)

Exploit: Supply Chain Risk 

National Disability Insurance Scheme (NDIS): Government Program 

Risk to Business: 2.654 = Severe

A client management system provided by a service provider and used by the National Disability Insurance Scheme (NDIS) has exposed sensitive data. The system was maintained by CTARS, a Sydney-based software and analytics provider for the disability and care sectors. NDIS disclosed that an unauthorized third party had gained access to its systems on May 15, 2022.

Risk to Individual: 2.643 = Severe

NDIS says that personal information relating to patients may have been exposed including details of the diagnoses, treatment, or recovery of a medical condition or disability. Other data possibly compromised includes Medicare and pensioner cards, as well as tax file numbers. 

How it Could Affect Your Business Supply chain risk has been escalating as cybercriminals tap lynchpins in the supply chain and it’s sure to be a major risk for every business this year too.

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident

Multiple attacks disrupt education and expose data at U.S. public schools and a novel response to a ransom demand in Zambia. 

Chicago Public Schools

Exploit: Supply Chain Risk

Chicago Public Schools: Regional Education Agency

Risk to Business: 1.944 = Severe

Chicago Public Schools is facing a big breach of student data after a technology vendor experienced a data security incident. CPS has disclosed that it was recently informed that an unauthorized access incident took place at Battelle for Kids in December 2021. In that incident, a server that housed four years’ worth of personal information about students and staff from the 2015-16 through 2018-2019 school years was breached. Officials say that no Social Security numbers, no financial information, no health data, no current course or schedule information, no home addresses and no course grades, standardized test scores, or teacher evaluation scores were exposed in this incident. 

Risk to Individual: 1.672 = Severe

The improperly accessed data included students’ names, schools, dates of birth, gender, CPS identification numbers, state student identification numbers, class schedule information and scores on course-specific assessments used for teacher evaluations. Employee data included names, employee identification numbers, school and course information and emails and usernames.

How It Could Affect Your Business: School system databases are popular targets because they often hold big stores of information.

Fort Sumner Municipal Schools (New Mexico) & Washington Local Schools (Ohio)

Exploit: Ransomware

Fort Sumner Municipal Schools (New Mexico) & Washington Local Schools (Ohio): Local Education Agency 

Risk to Business: 1.804 = Severe

The Cl0p ransomware gang has posted information that points to a successful ransomware attack against the Fort Sumner Municipal Schools agency in New Mexico. The Superintendent of Schools in the district confirmed the incident. This is just the latest in a long string of ransomware attacks that have impacted public school systems in the US. Just this week, the Washington Local Schools district in Ohio was also hit with a ransomware attack, this time impacting the district’s phone, email, internet and WiFi networks as well as Google Classroom.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Business Bad actors know that using ransomware against targets with time-sensitive business can be profitable.

The U.S. Drug Enforcement Agency (DEA)

Exploit: Hacking

The U.S. Drug Enforcement Agency (DEA): Federal Government Agency

Risk to Business: 1.763 = Severe

Officials are investigating a potential breach that could allow bad actors to access key systems used by law enforcement agencies in the U.S. A tip pointed officials to information that the LAPSUS$ hacking group may have gained access to the esp.usdoj.gov data portal, the Law Enforcement Inquiry and Alerts (LEIA) system, the U.S. Drug Enforcement Agency (DEA)’s El Paso Intelligence Center (EPIC) and other DEA systems. That unauthorized access may be used by cybercriminals in myriad ways including for impersonation efforts and doxing, as well as affording the bad guys the opportunity to search databases and to obtain sensitive data. 

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Business: This kind of access and information in the wrong hands could be beneficial to cybercriminals including nation-state actors.

Greenland – Agency for Health and Prevention   

Exploit: Hacking

Agency for Health and Prevention: National Agency

Risk to Business: 2.864 = Moderate

The government of Greenland has announced that healthcare services have become extremely limited as a result of a cyberattack. While the nature of the incident was not specified, government officials noted that the network for the entire system had to be shut down, resulting in medical care providers becoming unable to access patient records and creating delays in care. The government says that patient data is not at risk, and that emergency treatment will not be impacted.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business: Healthcare targets have been at the top of the cybercriminal hit list since the start of the pandemic.  

Zambia – National Bank of Zambia

Exploit: Ransomware

National Bank of Zambia: Banking & Financial Services

Risk to Business: 1.917 = Severe

A cyberattack at the National Bank of Zambia has played out with a bizarre twist. After experiencing a ransomware attack by the Hive ransomware outfit that purportedly encrypted the bank’s Network Attached Storage (NAS) device, officials responded to the cybercriminals’ ransom demands with a refusal to pay. Bloomberg reports that the refusal was accompanied by images of male genitalia and a message referencing a common NSFW insult about what the bad guys could do with their demands. In a statement, the bank said that it had experienced an incident that impacted some systems such as the Bureau De Change Monitoring System and the bank’s website.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Organisations in the Banking & Finance sector suffered the most cyberattacks in 2021, and pressure isn’t letting up.

South Africa – Dis-Chem

Exploit: Supply Chain Risk 

Dis-Chem: Pharmaceutical Company

Risk to Business: 1.733-Severe

Major pharmaceutical retailer Dis-Chem recently announced that it had been hit by a data breach that may have exposed the personal details of 3.6 million customers thanks to a data security incident at a third-party service provider on May 1, 2022. Dis Chem is the second-largest retail pharmacy chain in South Africa. An investigation is underway, and the company has stated that it will not be offering further comment on the incident.

Risk to Business: 1.733-Severe

The investigation has determined that the incident affected a total of 3,687,881 data subjects so far, exposing subjects’ first name and surname, email addresses, and cell phone numbers. 

How it Could Affect Your Business Defence industry contractors and military-adjacent service providers are tempting targets for cybercriminals looking for back doors.

Singapore – Nikkei Business Publications 

Exploit: Ransomware

Nikkei Business Publications: Publishing Company 

Risk to Business: 2.786 = Moderate

Asian publishing giant Nikkei has disclosed that the organization’s headquarters was hit by a ransomware attack on May 13, 2022. The company, the publisher of several business and technology magazines, said that it is still investigating the incident and has not yet determined if bad actors accessed customer data. Officials in both Singapore and Japan have been notified.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business More than half of APAC organizations experienced a cyberattack in 2021.

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident

Data security trouble has emerged in government agencies and healthcare organisations around the U.S. and nation-state-related cyberattacks keep popping up in Europe.

Omnicell

Exploit: Ransomware

Omnicell: Healthcare Technology

Risk to Business: 1.944 = Severe

Omnicell revealed that its internal systems were impacted by a ransomware attack on May 4, 2022, in an SEC filing. The company further explained that it expected the attack to have an impact on some of its products and services, but it did not specify which ones. Omnicell says that it is in the early stage of an investigation, but the attack has been contained and appropriate authorities have been informed.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Business: Everything in the healthcare sector has been under siege since the start of the global pandemic and pressure isn’t easing up.

Texas Department of Insurance (TDI)

Exploit: Misconfiguration

Texas Department of Insurance (TDI): Regional Government Agency

Risk to Business: 1.804 = Severe

A routine audit discovered that a misconfigured server at the Texas Department of Insurance has been leaking information for three years. The report disclosed that the personal information of an estimated 1.8 million Texas workers who have filed compensation claims between March 2019 and January 2022 has been exposed. TDI says that the problem has been corrected and that its investigation found no evidence that the information had been stolen or used unlawfully.   

Risk to Individual: 1.923 = Severe

The personal information of 1.8 million workers who have filed compensation claims in Texas was exposed including Social Security numbers, addresses, dates of birth, phone numbers and information about workers’ injuries.  

How It Could Affect Your Business Misconfiguration errors are common and just as costly and problematic as many cyberattacks.

The Oregon Elections Division

Exploit: Supply Chain Risk

The Oregon Elections Division: Regional Government Agency

Risk to Business: 2.702 = Moderate

The Oregon Elections Division has announced that it has informed an estimated 1,100 people that their information may have been exposed in a data breach after the online system where campaign finance records are published was hit by a ransomware attack at its web hosting provider. The Oregon Elections Division said it was informed by C&E systems, a campaign finance firm that its web hosting provider Opus Interactive was the victim of a ransomware attack. Through that incident, C&E’s database was compromised, which includes their client’s log-in credentials for ORESTAR accounts. C7E disputes the number of affected accounts, placing it closer to 300. This attack has no impact on the voting or elections process outside campaign finance.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Business:

Oklahoma City Indian Clinic (OKCIC)

Exploit: Hacking

Oklahoma City Indian Clinic (OKCIC): Healthcare Provider

Risk to Business: 2.302 = Severe

Oklahoma City Indian Clinic (OKCIC) this week announced that it experienced a data breach exposing personally identifiable information (PII) on May 12 when unauthorized parties obtained access to its data and systems. A third-party forensic firm has been brought in to investigate. So far, the investigation has confirmed that an unauthorized party accessed and may have retained sensitive customer information. 

Risk to Individual: 2.327 = Severe

At present, 38,239 individuals are reportedly impacted by the breach. The compromised files include a patient’s name, date of birth, treatment information, prescription information, medical records, physician information, health insurance policy numbers, phone numbers, Tribal ID numbers, Social Security numbers and driver’s license numbers. 

How it Could Affect Your Business: Government and quasi-governmental agencies have been popular targets for cybercriminals looking for big stores of data. 

Illinois Gastroenterology Group (IGG)

Exploit: Hacking

Illinois Gastroenterology Group (IGG): Healthcare Provider 

Risk to Business: 1.917 = Severe

Illinois Gastroenterology Group (IGG) announced that it has experienced a data security problem that potentially impacted 227,943 individuals. IGG disclosed that it had discovered unusual network activity on October 22, 2021, and that it believed that information may have been stolen. IGG also said it had no evidence of related identity theft or fraud.

Risk to Individual: 1.929 = Severe

The stolen data includes patient names, birth dates, Social Security numbers, driver’s license numbers, passport information, financial account information, addresses, payment card information, biometric data, employer-assigned identification numbers and medical information.

How it Could Affect Your Business This type of incident is expensive in more ways than one and will spin out into a long, draining regulatory nightmare. 

Top Aces 

Exploit: Ransomware

Top Aces: Flight Training Company

Risk to Business: 1.733-Severe

Montreal-based company Top Aces, a provider of fighter jets for airborne training exercises, has been hit with a ransomware attack by the LockBit group. The company says that it is the exclusive adversary air provider to the Canadian and German armed forces. LockBit says it stole 44 GB of data and has given Top Aces a deadline of May 15 to pay them and avoid publication of the stolen data. No ransom amount is available.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Defence industry contractors and military-adjacent service providers are tempting targets for cybercriminals looking for back doors.

Italy – Senato della Repubblica (Senate of the Republic)

Exploit: Nation-State

Senato della Repubblica (Senate of the Republic) – Governing Body 

Risk to Business: 2.096 = Severe

Pro-Russian hacking group Killnet has claimed responsibility for a cyberattack that briefly interrupted business in Italy’s Senate. The group also targeted the National Health Institute (ISS) and the Automobile Club d’Italia. A tweet by the Speaker of the Senate disclosed that there was no significant damage in the Senate attack.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Unexpected nation-state danger is always just around the corner for government agencies, legislative bodies and government-related entities.

Russia – SOCAR Energoresource

Exploit: Nation-State (Hacktivism)

SOCAR Energoresource: Oil Company

Risk to Business: 2.776 = Moderate

SOCAR Energoresource, a company partially owned by the State Oil Company of Azerbaijan Republic (SOCAR), has been hit in a cyberattack by the Anonymous Collective. The company operates the Antipinsky Refinery and several oilfields in Russia. The hacktivist group released a 130 GB archive via DDoSecrets that contains nearly 116,500 emails. Other Russian organizations also felt the sting of an attack by Anonymous in the last week or so including the Polar Branch of the Russian Federal Research Institute of Fisheries and Oceanography, the Achinsk City Government and the Port and Railway Projects Service of JSC UMMC.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Hacktivism isn’t only a factor in nation-state cybercrime and could impact all kinds of businesses and institutions.

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident

Ransomware sprouts up at a major U.S. agricultural company, insider risk strikes home at IKEA and more trouble for government agencies.

AGCO 

Exploit: Ransomware

AGCO: Agricultural Machinery Manufacturer

Risk to Business: 1.471 = Extreme

Major U.S. agricultural machinery manufacturer AGCO announced that they have suffered a ransomware attack that is impacting some of the company’s production facilities. A statement from the company provided few details but specified that its operations including production “Will likely be adversely affected for several days and potentially longer.” No group has claimed responsibility or publicized a ransom demand. 

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

EXTRA: The FBI recently released an alert about elevated ransomware risk in the Food & Agriculture sector.  

How It Could Affect Your Business: Ransomware gangs love to pounce on industries at critical times. This is a massive problem at the height of spring planting season in the US.

The State Bar of Georgia 

Exploit: Hacking

State Bar of Georgia: Professional Organization 

Risk to Business: 2.804 = Moderate

The State Bar of Georgia has experienced a cyberattack that crippled the organization’s network, website and email system. Officials say that the attack began last Monday when an unauthorized user was discovered and that the organization’s IT team swung into action quickly to secure the network from further trouble. There was a continued impact on the Bar’s website throughout the week. The incident is under investigation.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Business Professional organizations have been on cybercriminal hit lists thanks to the abundant personal and sometimes financial data they tend to hold.

IKEA

Exploit: Insider Threat

IKEA: Home Goods Retailer

Risk to Business: 2.711 = Moderate

 Furniture and home goods giant IKEA announced that it had experienced a data breach in its Canadian operations that impacted an estimated 95,000 customers. The company said that sensitive customer information was mistakenly provided to an employee in an internal search between March 1 and March 3, 2022. No specifics about the compromise data were offered beyond confirmation that no financial or banking information was accessed. IKEA says that it has notified any customers that were impacted by the breach and the Office of the Privacy Commissioner of Canada.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Business: Internal information security foul-ups by employees like this are embarrassing and potentially expensive mistakes that no company wants to handle.

Peru – Dirección General de Inteligencia (DIGIMIN)

Exploit: Ransomware

Dirección General de Inteligencia (DIGIMIN): National Government Agency

Risk to Business: 1.316 = Extreme

Conti ransomware is to blame for continued trouble in Costa Rica’s public sector. After crippling several federal departments last week, the group has not snarled operations at Junta Administrativa del Servicio Eléctrico de Cartago (JASEC), electricity manager for the city of Cartago, population 160,000. Officials said that the attack has encrypted the servers used to manage the organization’s website, e-mail, administrative collection systems and more, rendering customers unable to pay for electricity and internet bills.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business An attack of this nature is a major national security threat to Peru with the potential to expose a great deal of sensitive foreign and domestic intelligence data.

Bulgaria – The Bulgarian State Agency for Refugees Under the Council of Ministers 

Exploit: Ransomware (Nation-State)

The Bulgarian State Agency for Refugees Under the Council of Ministers: National Government Agency 

Risk to Business: 1.811 = Severe

LockBit 2.0, a cybercrime gang known to have strong ties to Russia, announced that it intends to publish data it claims to have stolen in an attack on The Bulgarian State Agency for Refugees Under the Council of Ministers. That agency is experiencing extra stress right now as it oversees the flow of Ukrainian refugees in Bulgaria. The agency’s website is up but warns that some email addresses may not be working. An estimated 230,000 refugees have fled to Bulgaria in the wake of Russia’s invasion of Ukraine.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Although this is not confirmed as a nation-state incident, both “official” and nation-state adjacent threat actors on both sides of this conflict have been active in a flood of invasion-related cyberattacks.  

Germany – Sixt

Exploit: Hacking

Sixt: Car Rental Company

Risk to Business: 1.909-Severe

Major car rental company Sixt has suffered IT disruptions at some locations in the wake of a cyberattack. The company says that the attack on April 29 forced them to restrict access to all their internal IT systems, snarling operations for clients and agents. The nature of the attack was not disclosed, and the incident remains under investigation. Sixt rents out cars from over two thousand locations in more than 100 countries. 

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Incidents like this can spawn customer headaches that do damage to a company’s reputation.

Russia – Qiwi

Exploit: Nation-State (Hacktivism)

Qiwi: Payment Processor

Risk to Business: 2.096 = Severe

Anonymous and its associates continue a cyberattack offensive against Russian businesses and agencies in the wake of Russia’s invasion of Ukraine. This time, Anonymous affiliate Network Battalion (NB65) group claims that it has hacked and deployed ransomware against the Russian payment processing platform Qiwi. NB65 says that it managed to extract 10.5TB of data from Qiwi, including 30 million payment records and the data from 12.5 million credit cards of Qiwi customers. The group has posted a host of examples of the stolen data as proof of the hack, threatening to release 1 million cards worth of data daily. Qiwi denies the event.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business This is the latest in a long string of strikes by Anonymous against Russian and Russia-aligned businesses that shows no signs of stopping.

Australia – Naru Police Force

Exploit: Hacking

Naru Police Force: Law Enforcement Agency

Risk to Business: 2.776 = Moderate

The Anonymous collective released 82GB worth of emails apparently belonging to the Nauru Police Force on May 2 as a protest against the alleged ill-treatment of asylum seekers and refugees carried out by the Naru Police Force on behalf of the Australian government. The total number of leaked emails is reported to be 285,635 and the data is available for direct and torrent download. Anonymous claims that the stolen emails contain details of a cover-up of abuses against prisoners in refugee camps on the island by the Nauru Police Force and the Australian government.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Hacktivisim isn’t only a factor in nation-state cybercrime and could impact all kinds of businesses and institutions.

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident

May the 4^th be with you as you fight the good fight against cybercrime! This week, we’ll look at two attacks by the new ransomware group Black Basta and more trouble for power companies..  

American Dental Association 

Exploit: Ransomware

American Dental Association: Professional Organization

Risk to Business: 1.802 = Severe

The American Dental Association (ADA) was hit by a ransomware attack, allegedly conducted by new ransomware group Black Basta. The attack disrupted various online services, telephones, email, and webchat. Outage at the ADA website has caused some online services to be inaccessible, including the ADA Store, the ADA Catalog, MyADA, Meeting Registration, Dues pages, ADA CE Online, the ADA Credentialing Service and the ADA Practice Transitions.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Business: The healthcare sector has been under siege from cybercriminals and the pressure isn’t letting up anytime soon.

The Coca-Cola Company

Exploit: Ransomware

The Coca-Cola Company: Beverage Manufacturer & Distributor

Risk to Business: 2.804 = Moderate

The new ransomware group Stormous claims they’ve pulled off a ransomware attack against The Coca-Cola Company, claiming that it snatched 161 gigabytes of data. The hacking group has been linked with Russian nationalist cybercrime following its public statement vowing to take action against companies that pulled out of Russia in the wake of Russia’s invasion of Ukraine. Financial data, passwords and commercial account records are said to be among the stolen data. Coca-Cola says that it is investigating the matter.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Business ransomware can have a negative impact on a business even if it doesn’t shut down operations.

ARcare

Exploit: Hacking

ARcare: Medical Clinics

Risk to Business: 1.711 = Severe

 ARcare, a medical services company that operates clinics for underserved communities in Arkansas, Kentucky and Mississippi, disclosed a data breach impacting an estimated 345,000 patients in a filing with The U.S. Department of Health and Human Services (HSS). After a disruptive incident on February 24, 2022, an investigation turned up the unwelcome news that a malicious hacker had access to ARcare’s network over a five-week period between January 18 and February 24.  

Risk to Business: 1.814 = Severe

Potentially exposed patient data includes names, Social Security numbers, drivers’ license or state identification numbers, dates of birth, financial account information, medical treatment information, prescription information, medical diagnosis or condition information and health insurance information.  

How It Could Affect Your Business: This is going to be a very expensive problem once regulators get finished with it.

Costa Rica – Junta Administrativa del Servicio Eléctrico de Cartago (JASEC)

Exploit: Ransomware

Junta Administrativa del Servicio Eléctrico de Cartago (JASEC): Power Company

Risk to Business: 1.626 = Severe

Conti ransomware is to blame for continued trouble in Costa Rica’s public sector. After crippling several federal departments last week, the group has not snarled operations at Junta Administrativa del Servicio Eléctrico de Cartago (JASEC), electricity manager for the city of Cartago, population 160,000. Officials said that the attack has encrypted the servers used to manage the organization’s website, e-mail, administrative collection systems and more, rendering customers unable to pay for electricity and internet bills.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Infrastructure targets have had increasing trouble in the past 12 months, with the FBI reporting ransomware attacks in 14 of 16 infrastructure sectors.

Trinidad and Tobago – Massy Stores

Exploit: Hacking

Massy Stores: Supermarket Chain

Risk to Business: 1.311 = Extreme

The biggest supermarket chain in Trinidad, Massy Stores, was forced to temporarily suspend operations over the weekend after a cyberattack took out key systems, including cash registers. Surepay and Moneygram services were also impacted. The company says that no customer or employee data was stolen. Some stores have resumed operations, and the incident is under investigation.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Retailers have been getting hammered by cyberattacks coming in at 3rd on the list of industries most hit by ransomware attacks.

UK – The General Council of the Bar (GCB)

Exploit: Hacking

The General Council of the Bar (GCB): Regulatory Body

Risk to Business: 1.909-Severe

The General Council of the Bar (GCB) notified users of its website that it has been the victim of a cyberattack. GCB comprises the representative Bar Council and regulator Bar Standards Board. The attack has rendered several systems temporarily inaccessible including MyBar. The body’s statement notes that Authorisation to Practise and Court ID cards have both been extended due to this technical difficulty. The incident has been reported to ICO, National Cyber Security Centre and the Police. 

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business In a challenging economy, no government can afford this kind of incident or the associated bills.

Germany – Deutsche Windtechnik

Exploit: Ransomware

Deutsche Windtechnik: Power Company 

Risk to Business: 2.096 = Severe

German wind farm operator Deutsche Windtechnik has disclosed that it was the victim of a ransomware attack. The Black Basta group is thought to be behind the attack after the company’s data appeared on its leak site. The attack took place April 11-12, 2022.  Deutsche Windtechnik noted that after shutting off systems for safety, they were able to reactivate the remote data monitoring connections to their wind turbines within a day or two. The incident was reported to the German Federal Office for Information Security (BSI). 

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business This is the latest in a long string of strikes against energy sector targets in Germany.

Russia – Petersburg Social Commercial Bank

Exploit: Nation-State Hacking (Hacktivism)

Tender

Petersburg Social Commercial Bank: Financial Institution 

Risk to Business: 1.976 = Severe

Anonymous has not let up on hacking aimed at Russian targets. This week, the group published accounts of several more successful operations by its affiliates, including an operation against Petersburg Social Commercial bank, a major Russian bank. The group claimed vis DDoSecrets to have snatched 542 GB of data containing 229,000 emails and 630,000 files from the bank. Anonymous also announced successful forays against Elektrocentromontazh and ALET. 

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Nation-state cybercrime can impact businesses outside the government or military sphere quickly when risk continues to ripple.

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident

 Two big ransomware attacks impact governments in Costa Rica and Brazil, supply chain risk takes the glow off of vacations for passengers on Canada’s Sunwing Airlines.

Christie Clinic

Exploit: Business Email Compromise

Christie Clinic: Healthcare Provider

Risk to Business: 1.802 = Severe

Illinois medical services provider Christie Clinic has informed an estimated 500,000 individuals that their personal information was potentially compromised in a data breach that occurred last year. In the incident, a bad actor gained unauthorized access to one of the practice’s email accounts in a suspected business email compromise operation with the intent of interrupting financial communications between July 14 and August 19, 2021. The practice assured patients that the bad actor did not compromise other systems, electronic medical records, or the firm’s patient portal.  

Risk to Individual: 2.771 = Moderate

Christie Clinic is unsure of the scope of the breach but says that the bad actor may have gained access to patient names, addresses, medical and health insurance information and Social Security numbers through the compromised account.  

How It Could Affect Your Business: Business email compromise is the most expensive cyberattack businesses face and in this case, that price will come with regulatory trouble.

The Unified Government of Wyandotte County and Kansas City, Kansas

Exploit: Hacking

The Unified Government of Wyandotte County and Kansas City, Kansas: Regional Government

Risk to Business: 1.802 = Severe

Residents of Wyandotte Country and Kansas City, Kansas (UG) are missing access to several government services after an Easter weekend cyberattack snarled the regional government’s IT systems. Some systems have been restored, but many services remain unavailable including appraisals, court cases, motor vehicle services and procurement. A UG statement said that it is actively working with the U.S. Department of Homeland Security, Federal Bureau of Investigation, and the Mid-America Regional Council cybersecurity task force to investigate the incident. 

How It Could Affect Your Customers’ Business Government entities have been popular cybercrime targets for both data theft and ransomware in the last two years.

Bob’s Red Mill Natural Foods

Exploit: Malware

Bob’s Red Mill Natural Foods: Grocery Brand

Risk to Business: 2.761 = Moderate

Bob’s Red Mill Natural Foods has announced that it has experienced a data breach after data scraping malware was found to be operating on its website. The company said on April 15 that the malware was in operation between February 23 and March 1, 2022. The company’s initial investigation did not uncover any exfiltration, but after a customer complaint that has changed.  

Risk to Business: 2.814 = Moderate

Customer information impacted includes online customers’ payment card information, billing and shipping addresses, email addresses, phone numbers and purchase amounts. The company said that no information had been found to indicate that any Social Security numbers, dates of birth, driver’s license numbers or other government-issued ID numbers had been exposed in the attack. 

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Business: Customers aren’t going to respond well to companies that can’t keep their payment card data safe.

Sunwing Airlines 

Exploit: Supply Chain Attack

Sunwing Airlines: Passenger Air Carrier 

Risk to Business: 1.346 = Extreme

Sunwing Airlines passengers are finding themselves delayed or stranded in airports across the Caribbean after a cyberattack brought down boarding and check-in services maintained by Illinois-based service provider Airline Choice. The airline has been forced to manually check in passengers and handwrite boarding passes, causing massive delays, with passengers stranded in the Caribbean, Mexico and Central America, some for days. The company says it’s working to resolve the situation and get stranded passengers to their destinations as quickly as possible.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business This is a nightmare scenario that will have a serious impact on Sunwing’s future business.

Costa Rica – The Government of Costa Rica

Exploit: Ransomware

The Government of Costa Rica: National Government

Risk to Business: 1.271 = Extreme

The Conti group has claimed responsibility for a ransomware attack on the federal government of Costa Rica that has caused trouble in several government agencies for more than a week. Government ministries impacted include Finance, experiencing impacts in customs and tax collection, Labor and the social security agency’s human resources system. Conti’s extortion site claims that the group has published 50% of the stolen data including more than 850 gigabytes of material from the Finance Ministry and other institutions’ databases. Reports say that the group has demanded a $10 million ransom, which the Costa Rican government has stated it will not pay.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Ransomware is a major threat to governments and cybercriminals have not been shy about using it.

Brazil – The City of Rio de Janeiro

Exploit: Ransomware

The City of Rio de Janeiro: Municipal Government

Risk to Business: 1.909-Severe

 The LockBit ransomware group claimed to have attacked systems connected to the Finance department of the city government in Rio de Janeiro, stealing about 420 GB of data. The Secretary of State for Finance confirmed the attack. The ministry has said that the attackers only captured a small fraction of the ministry’s data. Spokespeople also said that the gang was demanding an unspecified ransom to keep the data from publication. Rio de Janeiro’s economy ranks 30th in GDP among all cities in the world.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business In a challenging economy, no government can afford this kind of incident or the associated bills.

United Kingdom – Funky Pigeon

Exploit: Hacking

Funky Pigeon: Retailer 

Risk to Business: 2.776 = Moderate

Gift card retailer Funky Pigeon, a division of UK retail giant WHSmith, has announced that it was the victim of a cyberattack that has seriously impacted its operations. Funky Pigeon was forced offline, suspending sales temporarily. The company was quick to reassure consumers that no payment data was at risk and did not believe any account passwords were compromised. The incident remains under investigation. 

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Online retailers have been a popular target for cybercriminals, especially for payment skimming attacks.

Russia – Tendertech 

Exploit: Nation-State Hacking (Hacktivism)

Tendertech: Documents Processor 

Risk to Business: 1.976 = Severe

The Anonymous collective has announced that it penetrated systems at Tendertech, a Russia-based processor of financial services and banking documents. The firm counts Transcapitalbank, Bank Uralsib, Bank Soyuz, RGS Bank, Bank ZENIT and Otkritie Bank among its customers. Anonymous claims to have stolen 426,000 emails and leaked an archive of 160 GB in size through Demonstrated Denial of Secrets. Anonymous also claims to have hit other Russian government and quasi-governmental targets including GUOV i GS – General Dept. of Troops and Civil Construction,  Neocom Geoservice and Gazregion. 

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Nation-state cybercrime can impact businesses outside the government or military sphere quickly.

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident

New information is available about Panasonic’s Canadian data breach, McDonald’s serves up risk to customers in Costa Rica and Anonymous continues its campaign against Russia.  

Contra Costa County Government

Exploit: Hacking

Contra Costa County Government: Regional Government

Risk to Business: 1.677 = Severe

Contra Costa County officials have begun sending out letters this week to potential victims, after investigating a data breach from Q3 2021. The county’s investigation determined that an unauthorized person accessed several county employee email accounts at various times between June 24, 2021, and August 12, 2021. The intruder accessed emails and attachments containing information pertaining to certain county employees, as well as individuals who communicated with the county’s Employment and Human Services Department.

Risk to Individual: 1.702 = Severe

The exposed data includes names and one or more of the following: Social Security numbers, driver’s license or state-issued identification numbers, financial account numbers, passport numbers and medical information or health insurance information.

How It Could Affect Your Business: Government bodies have been a popular target for cybercriminals because they usually provide access to lots of valuable data.

Newman Regional Health

Exploit: Hacking

Newman Regional Health: Healthcare Facility

Risk to Business: 1.802 = Severe

Newman Regional Health is a tiny facility that’s notifying patients and employees of a big breach. The 25-bed not-for-profit hospital in Kansas informed patients that their data may have been exposed in a yearlong data breach. More than 52,000 patients are being notified of the incident after an investigation revealed unauthorized access to a limited number of the hospital’s employee e-mail accounts between January 26, 2021, and November 23, 2021. 

Risk to Individual: 1.809 = Severe

Exposed patient and employee information includes names, dates of birth, medical record or other identification numbers, addresses, phone numbers, or email addresses, limited health, treatment or insurance information, or employee information collected in connection with an individual’s receipt of services from or employment. A limited group of individuals may have social security numbers or financial information affected.

How It Could Affect Your Business No non-profit can afford the huge penalties that this organization will potentially incur after regulators get finished with them.

Florida International University 

Exploit: Ransomware

Florida International University: Institution of Higher Learning

Risk to Business: 2.177 = Severe

The BlackCat ransomware outfit has claimed they’re behind a ransomware attack at Florida International University. The group said that it has stolen a range of personal information from students, teachers and staff, amounting to 1.2 TB of data. Among the stolen data, the group says it obtained contracts, accounting documents, social security numbers, email databases and more. No further details about the stolen data was available at press time.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Business: The Education sector has been getting hammered by cybercrime since the start of the global pandemic.

Panasonic 

Exploit: Ransomware

Panasonic: Electronics Manufacturer

Risk to Business: 2.217 = Severe

The Conti ransomware group has claimed responsibility for an attack on Panasonic’s Canadian operations in February 2022. Panasonic confirmed that it had been the victim of a ransomware attack that impacted its systems, processes and networks. The company says that it has contracted with outside experts to investigate the attack as well as clean and restore servers and rebuild applications. No word was available about what if any data was stolen by the attackers. Panasonic says that relevant authorities have been informed.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Manufacturers and industrial targets have been high on the cybercriminal hit list for months.

Costa Rica – McDonald’s

Exploit: Supply Chain Risk

McDonald’s: Fast Food Restaurant Chain 

Risk to Business: 2.734 = Moderate

McDonald’s is informing customers in Costa Rica that they may have had data exposed after a data breach at one of the company’s service providers. The company says it has notified relevant authorities and the incident is under investigation. The name, location or type of the service provider was not disclosed, nor how many customers had their data exposed. 

Risk to Individual: 2.623 = Moderate

McDonald’s is informing customers in Costa Rica that they may have had data exposed after a data breach at one of the company’s service providers. The company says it has notified relevant authorities and the incident is under investigation. The name, location or type of the service provider was not disclosed, nor how many customers had their data exposed. 

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Cybercriminals have been hitting small supply chain targets to gain access to their clients, especially big-name companies.

UK – CitySprint 

Exploit: Hacking

CitySprint: Courier

Risk to Business: 1.417 – Severe

 UK same-day delivery company CitySprint has informed its drivers of a data breach that may have exposed their personal information. The company says that an unauthorized party gained access to its iFleet internal management and routing system. While CitySprint says that it doesn’t think that drivers’ personal data was compromised, it can’t be sure.

Risk to Individual: 2.766 – Moderate

Drivers may have had information exposed including photos of their driving license, vehicle pictures, and records of their weekly earnings. 

How it Could Affect Your Business UK GDPR ensures means that this could be a very expensive incident when all the penalties are added up.

Spain – The Royal Spanish Football Federation (RFEF)

Exploit: Hacking

The Royal Spanish Football Federation (RFEF): Sports Organization

Risk to Business: 2.176 = Severe

RFEF announced that it has been the victim of hacking after a journalist warned the organization that they’d been offered stolen data. The organization has determined that documents and information from email accounts, private texts and audio conversations from top executives of the federation are among the stolen data. The journalist claimed to have received or gained access to confidential contracts, private WhatsApp conversations, emails and abundant documents regarding the RFEF management. An investigation is ongoing. 

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business It pays to keep an eye on your network for intrusions instead of waiting for the media to tell you about one.

Russia- Ministry of Culture of the Russian Federation

Exploit: Nation-State Hacking (Hacktivism)

Ministry of Culture of the Russian Federation: Federal Government Agency 

Risk to Business: 2.976 = Moderate

The Anonymous Collective hasn’t stopped its push against Russia after the country’s unjust invasion of Ukraine. This time, Anonymous hackers obtained and exposed 446 GB of data from Russia’s Ministry of Culture as part of a larger hacking operation targeting Russia’s national government. The trove of data purportedly includes more than 200,000 emails. The information was published by Demonstrated Denial of Secrets, a hacktivist organization that has been involved in the Anonymous effort.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business It pays to keep an eye on your network for intrusions instead of waiting for the media to tell you about one.

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident

A former employee spawns a security nightmare at CashApp Investing, Conti scores ransomware hits in two industrial attacks.

Block Inc.

Exploit: Insider Risk

Block Inc: Financial Services Platforms 

Risk to Business: 1.706 = Severe

More than 8 million customers of Cash App Investing may have had their personal information exposed thanks to an incident involving an ex-employee of the app’s parent company Block Inc. In an SEC filing, the company disclosed that a former employee had downloaded reports that contained customer data. This breach does not impact customers using this app’s sister product, CashApp.

Risk to Individual: 1.663 = Severe

The pilfered reports included customers’ full names and brokerage account numbers. For some customers, the data accessed also included the value and holdings of the brokerage portfolio, as well as some trading activity. 

How It Could Affect Your Business: Companies that are sloppy about removing past users’ access are likely to find themselves in this position.

Snap-on

Exploit: Ransomware

Snap-on: Tool Manufacturer

Risk to Business: 1.976 = Severe

Major tool manufacturer Snap-on has disclosed that it has been the victim of a ransomware attack. The Conti ransomware group has claimed responsibility. The group has already begun leaking Snap-on’s data online. Snap-on reported that the breach was discovered when it detected suspicious network activity, which led to them shutting down company systems. Employee and franchisee data was compromised. 

Risk to Individual: 1.899 = Severe

Snap-on told the California Attorney General’s Office in a filing that the exposed data included associate and franchisee names, Social Security Numbers, dates of birth and employee identification numbers.  

How It Could Affect Your Business Attacks against industrial and manufacturing targets have been accelerating as bad actors look for fast ransoms from time-sensitive businesses.

Fox News 

Exploit: Misconfiguration

Fox News: Television Network

Risk to Business: 2.722 = Moderate

Researchers at Website Planet have announced that they discovered a trove of information about employees of Fox News exposed in a misconfigured database. The 58GB of exposed data includes almost 13 million records of content management data, employee details, internal Fox emails, usernames, employee ID numbers, affiliate station information and more. 65,000 names of celebrities, cast and production crew members and their internal Fox ID reference numbers were also in the mix. No further specifics about exposed employee data were available at press time.  

How It Could Affect Your Business: Personal data is a hot ticket item, and big companies often have a storehouse of it in their employee records.

Parker Hannifin

Exploit: Ransomware

Parker Hannifin: Industrial Components Manufacturer

Risk to Business: 1.969 = Severe

Conti ransomware is to blame for an attack on major industrial supplier Parker Hannifin, a manufacturer of specialized in motion and control technologies used by aerospace, defense and industrial manufacturers. Conti has already published more than 5 GB of the company’s stolen data but stated that is only a small fraction of the total data they snatched. 

How it Could Affect Your Business Cybercriminals aren’t just after personal data, they’ll gladly take proprietary technical data like spec sheets, blueprints and formulas too.

United Kingdom – The Works 

Exploit: Ransomware

The Works: Discount Retailer

Risk to Business: 1.227 = Extreme

Discount stationers and craft store The Works had to shut down several stores temporarily after a cyberattack crippled payment systems, identified as ransomware by media outlets. Reports also say that the attack was precipitated by an employee falling for a phishing email. The incident is under investigation and has been reported to the UK Commissioner’s Office. No word on what if any data was stolen

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Cybercriminals know that hitting businesses like this will often result in a quick ransom payment to avoid business interruption.

Russia – Gazprom Neft

Exploit: Nation-State (Hacktivism)

Gazprom Neft: Oil Company

Risk to Business: 2.017 – Severe

Russian oil heavyweight Gazprom Neft had its website, resulting in an outage. The hackers reportedly hijacked the company’s site on April 6 displaying imagery and messaging that depicted the company’s president speaking out against the Russian invasion of Ukraine. Gazprom Neft is the oil handling subsidiary of Russia’s major-league state-owned gas company Gazprom.   

How it Could Affect Your Business Hacktivists have been working to damage Russian infrastructure and assets since the invasion of Ukraine.

Nigeria – Bet9ja 

Exploit: Ransomware

Bet9ja: Gambling Platform 

Risk to Business: 2.176 = Severe

Popular Nigerian betting platform Bet9ja disclosed that it has been hit by a ransomware attack perpetrated by BlackCat. The company said in a statement that they had received an unspecified ransomware demand but did not plan to pay. The CEO was quick to assure users in another statement that their funds and data were secure. The company says that it is working to resolve the matter.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Ransomware is the most versatile weapon in the cybercriminal arsenal and building a strong defense is essential.

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident