Categories
The Week in Breach

The Week in Breach News: 30/03/22 – 05/04/22


The Conti ransomware gang focuses on Shutterfly, an incident sours business at Japanese confectioner Morinaga, Anonymous continues its pressure on Russian organizations and Lapsus$ is back.



The Partnership HealthPlan of California (PHC)

Exploit: Ransomware

The Partnership HealthPlan of California (PHC): Health Insurer

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.227 = Severe

The Hive ransomware group says that they’re responsible for a ransomware attack on The Partnership HealthPlan of California (PHC), claiming to have snatched 400 GB of data including 850,000 unique records. PHC has been experiencing computer system disruptions and the organization said that it is working to investigate and recover from the attacks with support from third-party forensic specialists. The stolen data is known to include names, Social Security numbers, and addresses of current and past PHC members. 

How It Could Affect Your Business: Healthcare data is an especially popular commodity for bad actors and incidents like this are expensive disasters for the institutions that have them.


The New York City Department of Education 

Exploit: Supply Chain Risk

The New York City Department of Education: Government Agency

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.829 = Moderate

The New York City Department of Education has discovered that the personal information of an estimated 850,000 students was exposed in a supply chain service provider data breach in January. That incident occurred at Illuminate Education, a California-based company that provides software to track grades and attendance.  An agreement that the vendor had with NYC Schools called for the data to be encrypted, but it was discovered to not have occurred at the time of the breach. The incident is under investigation by New York state officials. 

Individual Impact: No information about the student data or any consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Business A security failure at a supplier can lead to a headache like a data breach for any organization.


United States – Shutterfly

Exploit: Ransomware

Shutterfly: Photography Retail Platform

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.735 = Moderate

Shutterfly has disclosed a data breach that exposed employee information in a ransomware attack by the Conti group. Shutterfly disclosed that its network was breached on December 3rd, 2021, and threat actors gained access to employee information.  The company went on to disclose that documents stolen during the attack may have contained employees’ personal information, including names, salary and compensation information and FMLA leave or workers’ compensation claims. Shutterfly is offering two years of free credit monitoring from Equifax for those affected. 

How It Could Affect Your Business: Personal data is a hot ticket item, and big companies often have a storehouse of it in their employee records.



Argentina – Globant 

Exploit: Ransomware

Globant: IT and Software Development

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.969 = Severe

Cybercrime outfit Lapsus$ is back in the saddle, claiming responsibility for a successful ransomware attack against IT powerhouse Globant. The company confirmed the incident. Lapsus$ posted images that it claims are of extracted data and credentials belonging to the company’s DevOps infrastructure on its Telegram channel. They also shared a torrent file that they claims holds around 70GB of Globant’s source code as well as other data including administrator passwords associated with the firm’s Atlassian suite, including Confluence and Jira, and the Crucible code review tool. One unusual detail: Lapsus$ pointed out the fact that a number of the stolen passwords had been reused several times and were compromised before they got ahold of them, chiding the company for weak password security.  

How it Could Affect Your Customers’ Business The Information Technology sector was the third most impacted sector for ransomware in 2021.




Germany – Nordex Group 

Exploit: Hacking (Nation-State)

Nordex Group: Wind Turbine Manufacturer 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.017 = Severe

The Nordex Group, a major manufacturer of wind turbines, has announced that it has been experiencing systems outages since March 31, 2022, due to an unnamed cyberattack. The company claims to have detected the attack in its early stages and successfully moved to contain it, going on to say that the outage may impact employees, customers and stakeholders. This is the second hit on a German wind turbine company since the start of the Russia/Ukraine conflict and early reports say that this may be a nation-state incident.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Nation-state cybercriminals are all about infrastructure attacks, as illustrated in the run-up to the Russia/Ukraine conflict.


Spain – Iberdrola 

Exploit: Hacking (Nation-State)

Iberdrola: Energy Company

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.017 – Severe

Spanish power company Iberdrola has disclosed a cyberattack that exposed data for an estimated 1.3 million customers. Iberdrola said that the attack was part of a pattern of attacks on utility and infrastructure targets in Spain and Europe that are suspected to be related to the Russia/Ukraine conflict. The incident is under investigation by the National Cryptology Centre. Exposed customer data includes ID numbers, addresses, phone numbers and email addresses, but not bank account details, credit card numbers or information about the clients’ use of energy.  

How it Could Affect Your Business The US government recently warned infrastructure operators to expect a fresh wave of attacks by nation-state actors aligned with Russia.


Russia – Marathon Group 

https://securityaffairs.co/wordpress/129713/hacktivism/anonymous-hacked-marathon-group.html

Exploit: Nation-State (Hacktivism)

Marathon Group: Investment Firm

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.176 = Severe

Anonymous announced that it has hacked into the Marathon Group, releasing 62,000 company emails (a 52GB archive) through DDoSecrets. Reports identify the Marathon Group as a Russian investment firm owned by EU-sanctioned oligarch Alexander Vinokuro, the son-in-law of Russian Foreign Minister Lavrov. The firm and its owner are suspected of financing Russian government activities. 

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Anonymous has been hard at work hacking assets that belong to Russia and its allies after the Collective announced it was siding with Ukraine.



Japan – Morinaga 

Exploit: Hacking 

Morinaga: Confectioner 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.176 = Severe

Candy company Morinaga has announced that it has had a data breach impacting its online store. The incident has potentially exposed the personal information of more than 1.6 million customers who bought products from the candy maker between May 1, 2018, and March 13, 2022. The company also disclosed that their initial investigation confirmed that several of their servers had been subjected to unauthorized access “and that access to some data had been locked,” although there has been no clarification as to whether or not this was a ransomware attack. The confectioner also noted that there may be minor production impacts. 

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Manufacturers of all kinds have been high on the cybercriminal hit list in recent months.



1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

Categories
The Week in Breach

The Week in Breach News: 23/03/22 – 29/03/22


Lapsus$ scores two big hits but it may have done itself in, a vishing tale at Morgan Stanley, a new checklist for your prospects and three risks your clients need to know about right now.  



Microsoft 

Exploit: Unauthorized Access

Microsoft: Software Company 

cybersecurity news gauge indicating extreme risk

Risk to Business: 2.337 = Severe

The Lapsus$ gang has released 37GB of source code that they snatched in a brazen hit on Microsoft’s Azure DevOps server. Microsoft confirmed the incident, saying that the threat actors gained access through a compromised employee account. The source code looks to pertain to various internal Microsoft projects, including for Bing, Cortana and Bing Maps. Microsoft made a blog post about its recent operations to track and potentially interfere with Lapsus$ last week. The company was quick to state, “Microsoft does not rely on the secrecy of code as a security measure and viewing source code does not lead to elevation of risk.” Lapsus$ is known to be a ransomware outfit, but no ransom activity was disclosed in this incident.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Business: Source code is a useful asset for cybercriminals that can help them develop new malware and attack techniques.


Okta

Exploit: Credential Compromise (Supply Chain Risk)

Okta: Identity and Access Management Solutions

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 1.299 = Extreme

Lapsus$ also pulled off another high-profile attack, this time against access management company Okta. Lapsus$ announced that it had breached Okta’s security in January on March 22. Supporting the claim, the group published screenshots related to Okta’s internal apps and systems. This one had a bit of a bumpy acknowledgment process by Okta who originally said no customer data was accessed but later clarified, saying “a small percentage of customers – approximately 2.5% – have potentially been impacted and (their) data may have been viewed or acted upon.” A third-party service provider’s previous breach likely also played a part in the incident. No specifics on the data were given. As we stated above, Lapsus$ is typically involved in ransomware operations but no details of any ransomware activity have been reported.

NOTE: Lapsus$ hackers were allegedly detained by UK police following these incidents. 

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Customers’ Business Cybercriminals know that service providers are a quick avenue to exploit for vulnerabilities that may allow them to penetrate a bigger company’s security.


United States – Morgan Stanley

Exploit: Social Engineering (Vishing)

Morgan Stanley: Financial Services

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.721 = Severe

Morgan Stanley Wealth Management, the wealth and asset management division of Morgan Stanley, says some of its customers had their accounts compromised in a vishing attack. The company notified clients that on or around February 11, 2022, a threat actor impersonating Morgan Stanley gained access to their accounts by impersonating a Morgan Stanley representative and persuading those victims to provide the imposter their Morgan Stanley Online account info. After successfully breaching their accounts, the attacker also electronically transferred money to themselves using the Zelle payment service. No specifics have been given regarding the number of customers swindled, but the firm has stated that those clients were reimbursed. 

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Business: Brand impersonation is a rising risk that businesses and consumers need to be aware of. It always pays to check for authenticity before handing over your data.



Russia – Miratorg Agribusiness Holding 

Exploit: Malware (Nation-State)

Miratorg Agribusiness Holding: Meat Distributor

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.909 = Severe

Russian meat wholesaler Miratorg Agribusiness Holding has suffered a major cyberattack that encrypted its IT systems. The attack was reported by Rosselkhoznadzor, Russia’s veterinary medicine and agricultural production and byproducts oversight body. The attackers reportedly made use of the Windows BitLocker feature to encrypt files, possibly gaining access through a state veterinary information service. Rosselkhoznadzor has suggested that this may be a nation-state cyberattack. Miratorg Agribusiness Holding promised that attack will not affect its supply and shipments to Russian citizens.

How it Could Affect Your Customers’ Business Nation-state cybercrime is booming, especially around the Russia/Ukraine conflict.


Greece – Hellenic Post (ELTA)

Exploit: Ransomware

Hellenic Post (ELTA): National Postal Service

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.017 = Severe

ELTA, the state-owned provider of postal services in Greece, has disclosed a ransomware incident that has knocked most of the organization’s services offline. The organization announced that its IT teams have determined that the threat actors exploited an unpatched vulnerability to drop malware that allowed access to one workstation using an HTTPS reverse shell, encrypting systems critical to ELTA’s business operation. ELTA is currently unable to process mail, bill payments or any form of financial transaction orders with no estimate of when these services will be made available again. 

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Cybercriminals love to target organizations in time-sensitive fields to increase their chance of scoring a big payday.


United Kingdom – Ministry of Defence

Exploit: Nation-State Hacking (Hacktivism)

Ministry of Defence: National Government Agency 

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.811 = Moderate

The Ministry of Defence has suspended online application and support services for the British Army’s Defence Recruitment System after bad actors compromised some data held on applicants. The army was informed of the break-in on March 14 along with a rumored threat to expose the stolen data on the dark web. The recruitment operations system is run by Capita, a vendor that handles marketing, processing applications and candidate assessment centers. No further information on what data was stolen or when systems will be restored to full operations has been released.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Cybercriminals are always hungry for fresh data, especially valuable personal or financial information.


Scotland – Scottish Association for Mental Health

Exploit: Ransomware

Scottish Association for Mental Health: Healthcare Provider

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.176 = Severe

The RansomEXX ransomware group hit the Scottish Association for Mental Health, snatching 12 GB of sensitive client data from the charity. The organization confirmed the attack in a statement, explaining “We are devastated by this attack. It is difficult to understand why anyone would deliberately try to disrupt the work of an organisation that is relied on by people at their most vulnerable.” Attackers reportedly gained access to internal employee communications as well as other data sources. The charity has also said that they’re working with Police Scotland to resolve the situation. No ransom demand was made public.   

cybersecurity news represented by agauge showing severe risk

Rist to Individuals: 2.307 = Severe

The exposed data includes unredacted photographs of individuals’ driving licenses, passports, personal information such as volunteers’ home addresses and phone numbers, and some clients’ passwords and credit card details.  

How it Could Affect Your Business This situation is especially unfortunate because in addition to an expensive incident response, the organization likely faces costly penalties.



1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

Categories
The Week in Breach

The Week in Breach News: 16/03/22 – 22/03/22

More trouble for crypto and DeFi outfits thanks to a supply chain incident, Anonymous isn’t letting up on Russia and a cyberattack sours milk processing in the US.



H.P. Hood Dairy 

Exploit: Hacking

H.P. Hood Dairy: Milk Producer

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.411 = Extreme

Major New England dairy producer Hood announced that it had been hit with a cyberattack that has impacted milk production. The company stated that the unnamed attack caused milk processing and dairy production to halt at its 13 plants around the U.S. This has led to dairy shortages in some school systems and the waste of a large volume of milk. Production and processing operations have been restored and the incident is under investigation.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Business: Cybercriminals have been hitting major food producers hard, looking for a quick score from a time-sensitive business.


BlockFi

Exploit: Supply Chain Risk

BlockFi: Cryptocurrency Finance

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.799 = Moderate

Crypto financial institution BlockFi has announced that it had experienced a data breach incident via one of its third-party vendors, HubSpot. BlockFi says that the hackers gained access to BlockFi client data stored on HubSpot on Friday, March 18. BlockFi was quick to assure investors that its internal system and client funds were not accessed and that the breach remains limited to a very narrow pool of data stored with the third-party vendor, HubSpot.

cybersecurity news represented by a gauge indicating moderate risk

Individual Risk: 2.806 = Severe

The exposed information from this breach may have included user data such as names, email addresses and phone numbers.

NOTE: The attackers in this incident likely also accessed similar data on HubSpot belonging to Swan Bitcoin, NYDIG and Circle.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Business Cryptocurrency and DeFi have been catnip for cybercriminals and that’s not going to stop anytime soon.


United States – Creative Services Inc.

Exploit: Hacking 

Creative Services Inc.: Employment Investigations

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.721 = Severe

Hackers cracked into Massachusetts background check firm Creative Services and snatched highly sensitive personal records on more than 164,000 job-seekers and license applicants on November 26, 2021. The company’s internal investigation determined that an unauthorized party may have copied certain files on the company’s computer systems. This is a particularly tricky incident because of the confidential nature of the information that this firm handles.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.763 = Severe

Investigators found that the hackers obtained access to names, dates of birth, Social Security numbers and driver’s license numbers in the attack as well as access to other sensitive data that could be used for nefarious purposes.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Business: This kind of sensitive information isn’t what anyone wants falling into the wrong hands and should be stored with extra safety.


Wheeling Health Right, Inc.

Exploit: Ransomware

Wheeling Health Right Inc.: Healthcare Non-Profit

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.867 = Severe

Wheeling Health Right Inc (WHR), a United Way medical services non-profit, announced that on January 18, 2022, the organization was the victim of a “sophisticated cyberattack”, likely ransomware, that encrypted its systems as well as giving the threat actors access to protected patient health information. The organization is working with a technology services provider to decrypt the data as well as add other safeguards, and the investigation is ongoing.  

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.772 = Severe

Information that may have been accessed includes full name, postal address, email address, phone number, driver’s license number, medical record number, Social Security number. tax information, income information, and other health information about patients who applied for or received services from WHR.  

How it Could Affect Your Business This isn’t a problem that any medical facility can afford with high HIPAA penalties, especially a non-profit.



Ireland – The Rehab Group 

Exploit: Malware

The Rehab Group: Disability Services Provider 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.661 = Severe

One of the largest disability services providers in Ireland, The Rehab Group has fallen victim to a cyberattack. The company says that there is no evidence that data had been accessed. The investigation is still ongoing, with the Garda National Cyber Crime Bureau and the National Cyber Security Centre involved.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Any organization that holds a large quantity of personal or financial data will be an attractive target for cybercriminals.


Russia – Transneft

Exploit: Nation-State Hacking (Hacktivism)

Transneft: State-Owned Oil Pipeline Company

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.902 = Moderate

Anonymous is back at it, this time leaking documents stolen from the Omega Company, the research and development division of Russian oil pipeline company Transneft. The hacktivist collective, who have publicly sided with Ukraine in response to Russia’s invasion of the country, got ahold of 79GB of the company’s emails and published them on the leak site of the non-profit whistleblower organization Distributed Denial of Secrets. The stolen data includes invoices, equipment technical configurations, and product shipment information. One unusual detail: the hackers responsible dedicated the hack to Hillary Clinton after she mentioned that Ukraine-aligned hackers should attack Russian targets in a recent interview.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Political upheaval can place organizations within hacktivist sights, creating unforeseen security complications.



South Africa – TransUnion

Exploit: Ransomware

TransUnion: Credit Bureau

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.905 = Severe

TransUnion has reported that it experienced a data breach as a result of a ransomware attack. The company states that cybercriminals obtained access to their systems through credential compromise. TransUnion received a $15 million ransom demand from a group identifying themselves as N4ughtySec that they do not intend to pay. The group says they’re based in Brazil and that they have over 4TB of stolen data touching over 200 companies.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Organizations in the Financial sector from bans to credit organizations have been getting walloped by cybercrime, beating out healthcare to become the top cyberattack target.



1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

Categories
The Week in Breach

The Week in Breach News: 09/03/22 – 15/03/22

We’re going on a world tour this week as anime and gaming fans get a few nasty surprises from Ubisoft and Toei Animation hacks, Lapsus$ keeps up the bad work and Anonymous continues hammering Russia.



South Denver Cardiology Associates

Exploit: Hacking

South Denver Cardiology Associates: Medical Clinic

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.214 = Severe

South Denver Cardiology Associates apparently kicked off 2022 with a data breach that they’ve just disclosed to their patients on their website. The medical practice believes that an unauthorized party gained access to its systems between January 2, 2022, and January 5, 2022. During that time, certain files stored on the system were accessed that contained the protected health information of patients. They were careful to note that there was no impact to the contents of patient medical records and no unauthorized access to the patient portal.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 2.371 = Severe

Information potentially exposed includes names, dates of birth, Social Security numbers and/or drivers’ license numbers, patient account numbers, health insurance information, and clinical information, such as physician names, dates/types of service and diagnoses. South Denver Cardiology Associates is offering credit monitoring to impacted patients who have been informed by mail.  

How It Could Affect Your Business: This incident could end up being very expensive even if no real damage was done to the practice after regulators get finished with them.



Argentina – Mercado Libre 

Exploit: Ransomware

Mercado Libre: E-commerce & Payments

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.872 = Severe

E-commerce giant Mercado Libre has confirmed that an unauthorized party accessed its systems last week, snatching up a part of its source code. The ransomware gang Lapsus$ has claimed responsibility. Mercado admitted that threat actors had accessed data of around 300,000 of its users but stopped short of disclosing that this was a ransomware attack, clarifying what data was stolen or sharing ransom demands.  The company said that they do not believe “any users’ passwords, account balances, investments, financial information, or credit card information were obtained”. 

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Business Ransomware gangs have been quick to snatch data from large repositories, especially personal data or payment card information.



United Kingdom – Vodafone

Exploit: Ransomware

Vodafone: Telecom

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.311 = Severe

Lapsus$ was busy this week. The group also claimed responsibility for a hack at Vodafone. In a Telegram message to its subscribers, Lapsus$ claimed to have 200GB of Vodafone source code in its possession, allegedly the fruit of 5,000 GitHub repositories. No word on the specifics of the stolen data. Lapsus$ is reportedly a South American gang that also claimed responsibility for recent attacks on Nvidia and Impresa.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Business: Source code can be very profitable for ransomware gangs, and companies need to ensure that they’re protecting their proprietary resources well.


France – Ubisoft 

Exploit: Ransomware

Ubisoft: Video Game Studio

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.867 = Severe

French video game company Ubisoft has admitted that a cyber security incident knocked many games, services and systems offline. Guess who claimed responsibility? If you answered “Lapsus$”, you’re right!  Ubisoft says that no customer information was accessed, and games should be operating normally now. Credential compromise appears to have been a factor as Ubisoft employees have reportedly been required to change their passwords.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Protecting proprietary digital assets is especially important for companies like this who rely on them completely to do business.


Russia – Roskomnadzor (Federal Service for Supervision of Communications, Information Technology and Mass Media)

Exploit: Nation-State Hacking

Roskomnadzor (aka Federal Service for Supervision of Communications, Information Technology and Mass Media): Government Agency 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.661 = Severe

Hacktivist collective Anonymous is still hard at work disrupting Russia’s technology infrastructure in response to that country’s continued aggression in Ukraine. This week, Anonymous chose to hit Roskomnadzor (Federal Service for Supervision of Communications, Information Technology and Mass Media). That agency is the watchdog that censors media outlets within Russia. The group leaked around 820 GB of data, available on the website Distributed Denial of Secrets (aka DDoSecrets). Roskomnadzor was recently tasked by the Putin regime to block Facebook, Twitter, and other online platforms within Russia. Anonymous had been loud, open and very busy in its support of Ukraine, claiming attacks on more than 300 Russian strategic targets within the first 72 hours of the Russian invasion of Ukraine.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Nation-state cybercriminals are highly likely to strategically attack Government, Utilities and Infrastructure targets during times of trouble but every business is at risk.


Russia – PJSC Rosneft Oil Company (Rosneft)

Exploit: Nation-State Cyberattack

PJSC Rosneft Oil Company (Rosneft): Oil Company

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.601 = Severe

The German subsidiary of the Russian energy company Rosneft has disclosed that they’d experienced a cyberattack. The attack snarled operations from last Friday night through the weekend. Reuters reports that German news outlet Die Welt points to “Anonymous” as the source behind the attack as part of its ongoing campaign against Russia in opposition to its invasion of Ukraine. 

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Political upheaval can place organizations within hacktivist sights, creating unforeseen security complications.



Japan – Denso 

Exploit: Ransomware

Denso: Automotive Parts Manufacturer

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.402 = Extreme

Cybercrime group Pandora released a statement on Sunday saying it had snatched sensitive data from Denso, a supplier to Toyota. Just two weeks ago, Toyota had been forced to halt production in Japan because of a supply chain cybersecurity incident and this appears to be it. The company disclosed that it had detected unauthorized access to its network using ransomware at DENSO Automotive Deutschland GmbH, an associated firm in Germany. No information about the ransom or specifics on stolen data were available.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Supply chain issues have plagued businesses as cybercriminals seek fast ransom payments from manufacturers or critically needed goods.


Japan – Toei Animation 

Exploit: Ransomware

Toei Animation: Animation Studio

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.436 = Extreme

 Major Japanese animation studio Toei announced that there will be delays in the release of several popular anime series, including the long-awaited episode 1000 of ONE PIECE, because of a cyberattack. The anime studio said that they detected unauthorized access to their systems on March 6th, 2022, forcing a system-wide shutdown that impacted their production schedule. In a statement, Toei revealed that new releases for series including Dragon Quest Dai no Daibouken, Delicious Party Precure, Digimon Ghost Game and ONE PIECE will be delayed until further notice.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Cybercriminals love to hit organizations that are under time pressure or handle time-sensitive products because of the higher chance they’ll get paid.



1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.


Categories
Cyber Security Data Protection

Ukraine Charity Phishing Scams Are Hitting Employee Inboxes

In times of trouble, it’s heart-warming to see people band together to help other people who are suffering, a welcome reminder that there’s more good in this world than we may sometimes think. But for every group of people trying to make a difference by doing good deeds, there’s another group of people doing bad deeds, and the only thing they want to make a difference in is your wallet – and if they can perpetrate some profitable cybercrime at the same time, they won’t hesitate to capitalise on the opportunity, which has resulted in a host of fresh Ukraine charity phishing scams.

It’s unfortunate that tragedies like Russia’s invasion of Ukraine can lead to increase in cybercrime like phishing, but it is the sad truth. Scammers started working on fleecing sympathetic people right away, just like they do whenever there’s a crisis. Russian cybercriminals got right to work too.

Phishing attacks from Russia-based sources have boomed, increasing eight-fold since their attack on Ukraine began. Suspected Russian threat actors also used a stolen legitimate Ukrainian military email address to phish EU personnel working on the scene in Ukraine. Bad actors know that tumultuous times are golden opportunities for social engineering with loads of victims ripe for the picking. With people already unsettled, the bad guys just have to push a little bit to put their victims where they want them.

This was evident from the start of the COVID-19 pandemic, as COVID-19 themed phishing scams bombarded inboxes using fake COVID-19 tracking maps, spoofed government notices, bogus company policy updates and other scams to phish for credentials and spread malware like ransomware. Another major wave of scams hit with the Omicron variant, with email phishing abounding using even more ghoulish lues like spurious layoff or termination announcements, malicious exposure notices and even false information about funeral expense assistance.

Now the bad guys are back at it, and a Ukraine charity phishing scam is sure to be popping up in an inbox near you soon. Make no mistake – scams like these are just as much of a risk to businesses as they are to consumers. With the lines between work and personal devices becoming more invisible every day, chances are high that employees are using work devices for personal business like charitable donations. Plus, with millions around the world still working from home, cybercriminals will be quick to exploit the fact that remote workers are more susceptible to phishing than office workers. Altogether, this is the perfect opportunity for cybercriminals to do a little phishing.

Please don’t let the fact that there are bad actors exploiting this tragedy put you off from helping the millions of Ukrainian victims of Russian aggression. The US Federal Trade Commission (FTC) has guidance available for spotting fake charities.


Fake Email & Website Phishing

There are a host of scams in action doing some old-fashioned email phishing, clever spoofing and malware distribution that are risky for both individuals and businesses. Here are a few Ukraine charity phishing scams to be on the lookout for to avoid ending up on their hooks.

  • Approach emails asking for help for very specific population segments or causes, like orphaned children or homeless pets with extreme caution. While most are generic (everyone wants to help kittens and kids), some of these are tailored spear-phishing efforts. It’s not hard for bad actors to find out what their target is interested in from their social media accounts to up the chance that they’ll successfully snatch the recipient’s credentials.
  • Of course, beware of malicious attachments purporting to share things like war photos, maps, and in one scam, information about companies that are still doing business in Russia. Of course, the only thing these attachments have to offer is malware including ransomware.
  • Be on the alert for sophisticated emails loaded with legitimate-looking formatting like the Ukrainian flag and fancy logos that are supposedly from humanitarian organizations including fake UNICEF and UNHCR abound.
  • Analysts warn of a scheme that uses a Microsoft sign-in theme. In the bogus email, users are warned that there have been unauthorized log in attempts on the recipient’s account, and the location of those attempts was listed as “Russia/Moscow”. The user is urged to update their login info, giving the bad guys their credentials.
  • Another Ukraine email phishing scam discovered in the wild targets organizations in the manufacturing sector for malware using a .zip attachment named “REQ Supplier Survey”. The attackers ask recipients to fill out a survey concerning their backup plans in response to the war in Ukraine. When the target proceeds to open the attached survey, the malicious payload is downloaded and deployed from a Discord link immediately. This attack aims to infect recipients with two well-known remote access Trojans – Agent Tesla and Remcos.
  • Fake charity websites are popping up, too. MSN reported that researchers had discovered a handful of sites decked out in trappings like Ukraine’s colours and war or refugee images that solicit donations but are actually scams. Sites like these often host ransomware.
Categories
The Week in Breach

The Week in Breach News: 02/03/22 – 08/03/22

Nation-state hacking impacts thousands and Lapsus$ spills the beans on Samsung’s source code..



Washington State Department of Licensing

Exploit: Hacking

Washington State Department of Licensing: Government Agency

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.337= Severe

Washington State Department of Licensing (DOL) experienced a data breach that has impacted approximately 650,000 former and current licensees. After discovering unexpected activity, the agency’s website was taken offline in January. At the time, no data loss was expected but that has since changed. 

cybersecurity news represented by agauge showing severe risk

Individual Risk: 2.416= Severe

The exposed data includes former and current licensing information as well as licensees’ social security numbers, driver’s license or ID numbers and dates of birth.  

How It Could Affect Your Customers’ Business: This trove of data combines business and personal information, making it especially useful and potentially profitable for the bad guys


AON

Exploit: Ransomware

AON: Insurer

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.176=Moderate

Insurance giant AON disclosed that it had suffered a cyberattack last week in a filing with the U.S. Securities and Exchange Commission (SEC). The company said that it had discovered an incident that impacted some systems. AON does not suspect that there will be a material impact on clients or operations. The incident is suspected to involve ransomware. It is under investigation and the company has brought in outside experts.

How It Could Affect Your Customers’ Business Companies like this that hold or store large amounts of valuable data are high on cybercriminal shopping lists.


Monongalia Health System

Exploit: Hacking

Monongalia Health System: Healthcare Provider

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.367 = Extreme

West Virginia healthcare organization Monongalia Health System (Mon Health) has announced another data breach. The company operators of Monongalia County General Hospital, Preston Memorial Hospital, Stonewall Jackson Memorial Hospital and other healthcare centers, is informing patients and staffers that they had data stolen in December 2021. This is the second breach announcement in 3 months for Mon Health. Attackers did not gain access to the organization’s health electronic records systems.

cybersecurity news gauge indicating extreme risk

Individual Risk: 1.377 = Extreme

Exposed data may include patient, employee, provider and contractor data including names, addresses, birth dates, Social Security numbers, health insurance claim numbers, medical record numbers, patient account numbers, medical treatment information, and various other data. 

How It Could Affect Your Customers’ Business: Every medical sector organization needs to take extra precautions against data-hungry cybercriminals to avoid a major HIPAA fine. Or two in this case.


Adafruit

Exploit: Insider Risk

Adafruit: Open-Source Hardware

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.847 = Moderate

An employee’s publicly accessible GitHub repository is to blame for a data security breach at New York hardware developer Adafruit, resulting in exposure of information about some users on or before 2019. The company was quick to provide assurances that the data set did not contain any user passwords or financial information such as credit cards, but not so quick to send emails to impacted users, waiting until after publishing a notification on its blog that was picked up by media outlets.

cybersecurity news represented by a gauge indicating moderate risk

Individual Risk: 2.802 = Moderate

Exposed data for users may include names, email addresses, shipping/billing addresses, order details and order placement status via payment processor or PayPal.

How it Could Affect Your Customers’ Business Whether they’re malicious or not, insider actions can have a major effect on companies even if the insider no longer works there.


Viasat

Exploit: Nation-State Cyberattack

Viasat: Internet Service Provider

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.661=Severe

An estimated 10 thousand people found themselves without internet access after a cyberattack took down service to fixed broadband customers in Ukraine and elsewhere on its European KA-SAT network. The attack, starting about the same time as the Russian invasion of Ukraine, is suspected to be the work of Russia-aligned nation-state threat actors. No data was accessed or stolen in the incident, which is still under investigation.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Customers’ Business Nation-state cybercriminals are highly likely to strategically attack Utilities and Infrastructure targets during times of trouble.




PressReader 

Exploit: Nation-State CyberattackPressReader: Media App

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.719 = Severe

A cyberattack impacting PressReader, the world’s largest digital newspaper and magazine distribution platform, left readers in the US, UK, Australia and Canada unable to access more than 7000 publications. Some of the unavailable publications include The Guardian, Vogue, Forbes and the New York Times. PressReader said it has resolved the issue and is working to make missed content available to users after experiencing an unspecified cybersecurity event. This may be a nation-state attack; the incident happened shortly after PressReader announced that it was removing dozens of Russian titles from its catalog and publicly stated that it would help the Ukrainian citizens access the news following Russia’s invasion of their country.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Customers’ Business Unsurprisingly, Russia-aligned threat actors are trying to control the flow of information about the invasion of Ukraine, leaving news outlets especially vulnerable right now.




Japan – Acro

Exploit: Third-Party Risk

Acro: Beauty Retailer

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.826 = Severe

Japanese e-commerce beauty company Acro has disclosed a data breach that has exposed the details of more than 100,000 payment cards. The incident included two of the company’s four retail websites. Acro is pointing to a security incident at a third-party service provider as the cause. The company specified that the compromised data related to 89,295 payment cards used to pay for goods on the Three Cosmetics domain and 103,935 cards used on its Amplitude site. Victims potentially include anyone who made purchases on either of the two sites between May 21, 2020, and August 18, 2021.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.713 = Severe

The stolen data potentially contains credit card information including cardholder names, payment card numbers, expiration dates and security codes.

How it Could Affect Your Customers’ Business Cybercriminals love credit card data because it’s a reliable commodity in dark web markets for quick profits.


Korea – Samsung

Exploit: Ransomware

Samsung: Electronics Maker

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.664 = Severe

The Lapsus$ hacking group just published a 190-gigabyte trove of confidential data including source code that it claims to have seized from Samsung Electronics in a ransomware attack. Reports say that the stolen code contains the source for every Trusted Applet in Samsung’s TrustZone environment, which handles sensitive tasks such as hardware cryptography and access control. It may also include biometric unlock operation algorithms, the bootloader source for recent devices, activation server source code and the full source code used to authenticate and authorize Samsung accounts. Samsung says that they’re investigating the incident.  

No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Customers’ Business Proprietary data is just as much of a win for cybercriminals as credit card or personal data, and worth a chunk of change for the right buyer.


1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

Categories
The Week in Breach

The Week in Breach News: 15/12/21 – 21/12/21

Cryptocurrency handlers continue to get pounded as cybercriminals steal an estimated $135 million from a blockchain game developer & Brazil’s Ministry of Health was creamed by ransomware two times in one week!


Virginia Museum of Fine Arts

Exploit: Ransomware

Virginia Museum of Fine Arts: Art Museum 

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.822=Moderate

A system security breach prompted the Virginia Museum of Fine Arts to shut down its website for a state investigation in late November 2021. The museum, an independent agency of the state, said the Virginia Information Technologies Agency detected an intrusion by an unauthorized third party to the museum’s environment in late November. An investigation is underway, and a temporary website has been established.  

Individual Impact: No consumer/employee PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted: Unknown


McMenamins

Exploit: Ransomware 

McMenamins: Hotel and Restaurant Chain

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.612=Severe

Family-owned hotel and restaurant chain McMenamins received an unwelcome holiday gift: ransomware. The company says that it has had to shut down credit card point-of-sale systems and corporate email but can still serve customers. The Conti ransomware group is thought to be responsible but the group has not claimed responsibility. The popular chain of restaurants, pubs, breweries and hotels is located in the Pacific Northwest: specifically, Washington and Oregon. The company has announced that it is working with the FBI and a third-party cybersecurity firm to investigate the attack. 

Individual Impact: No consumer/employee PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted: Unknown


The Oregon Anesthesiology Group (OAG)

Exploit: Ransomware

The Oregon Anesthesiology Group (OAG): Medical Care Provider  

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.717= Severe

 The Oregon Anesthesiology Group (OAG) disclosed that a ransomware attack in July led to the breach of sensitive employee and patient information. The company said it was contacted by the FBI on October 21 and informed that the Bureau had seized an account that contained OAG patient and employee files from Ukrainian ransomware group HelloKitty. The FBI also told OAG that the Bureau believes the group exploited a vulnerability in OAG’s third-party firewall to gain entry to its network.   

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.802=Severe

The information of 750,000 patients and 522 current and former OAG employees was impacted in this incident. Patient information potentially involved in this incident included names, addresses, date(s) of service, diagnosis and procedure codes with descriptions, medical record numbers, insurance provider names, and insurance ID numbers. Cybercriminals also potentially accessed current and former OAG employee data, including names, addresses, Social Security numbers and other details from W-2 forms. OAG will provide victims of the incident 12 months of Experian identity protection services and credit monitoring.  

Customers Impacted: Unknown



Superior Plus

Exploit: Ransomware

Superior Plus: Propane Distributor 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.229 = Severe

Canadian propane distributor Superior Plus has fallen victim to a ransomware attack. The company announced that it was subject to a ransomware incident on Sunday, December 12, 2021, which impacted its computer system, resulting in the company temporarily disabling some computer systems and applications as it investigates this incident. The company is in the process of bringing these systems back online. The statement goes on to say that it has no evidence that the safety or security of any customer or other personal data has been compromised. Superior Plus supplies propane gas to more than 780,000 customers in the US and Canada, a hot commodity during the winter season. 

Individual Impact: No consumer/employee PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted:



Brazil – Ministry of Health (MoH)

Exploit: Ransomware

Ministry of Health (MoH) – National Government Agency

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.107= Extreme

Brazil’s Ministry of Health (MoH) suffered not one but two ransomware attacks in the last week, seriously impacting its operations. The agency was still in the process of recovering from a ransomware attack on 12/10 when they were hit again on 12/13. In the initial attack, all of MoH’s websites, including ConecteSUS, which tracks the trajectory of citizens in the public healthcare system, became unavailable. This includes the COVID-19 digital vaccination certificate, which is available via the ConecteSUS app. The Lapsus$ Group has claimed responsibility for the first attack, claiming that it has stolen some 50TB worth of data. The department was quick to assure the public that it has the relevant data backed up. The second attack set recovery back, preventing Brazil’s platform that issues COVID-19 vaccine certificates, ConecteSUS , from coming back online as scheduled. Ministry officials said that the second attack had been unsuccessful and that no data had been compromised in that incident, but it had affected that timeline for recovery. The National Data Protection Authority (ANPD) is also working on the case and has contacted the Institutional Security Office and the Federal Police to collaborate with the investigations.    

Individual Impact: No consumer or employee PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown



Ireland – Coombe Hospital

Exploit: Hacking

Coombe Hospital: Medical Center 

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.711 = Moderate

The Coombe Hospital announced that it has been hit by a ransomware attack that has impacted its IT systems. The hospital stated that it had isolated and locked down its IT services on a precautionary basis.  The maternity and infants’ hospital said that services are continuing as normal and no disruptions to patient care are expected. The HSE is assessing whether this will have a broader impact on the health service. 

Individual Impact: No consumer or employee PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown


Greece – VulcanForged

Exploit: Ransomware

VulcanForged: Cryptocurrency Gaming Company 

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.7684 = Severe

Hackers stole around $135 million from users of the blockchain gaming company VulcanForge. Blockchain games appear chiefly designed as vehicles to buy and sell in-game items linked to NFTs using PYR. VulcanForge creates games such as VulcanVerse, which it describes as an MMORPG and an online card game called Berserk. Hackers stole the private keys to access 96 wallets, siphoning off 4.5 million PYR, VulcanForge’s token that can be used across its ecosystem, with an estimate $135 million in value.

Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown



Australia – Finite Recruitment

Exploit: Ransomware

Finite Recruitment: Staffing Firm 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.223 = Severe

IT recruitment firm Finite Recruitment has confirmed it experienced a cyberattack in October 2021 that resulted in some of the company’s data getting stolen and published on the dark web. The Conti ransomware group listed Finite Recruitment as a victim on its dark web leak site, claiming to have acquired 300GB of the company’s data. Finite Recruitment services several NSW government agencies as well as private clients.  

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.015 = Severe

An estimated 38,000 employees and up to 80,000 government employees may have had their data exposed and that data may include financial data, contracts, customer databases with phone numbers and addresses, contracts with employees’ passport details, phone numbers, mail correspondence, and other information. 

Customers Impacted: Unknown



1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

Categories
The Week in Breach

The Week in Breach News: 08/12/21 – 14/12/21

Cox Communications gets caught by phishing, Atalanta imports some ransomware, another crypto exchange gets hacked for millions & a shocking ransomware attack on the Virginia Legislature.



Atalanta

Exploit: Ransomware

Atalanta: Food Importer

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.616= Severe

Imported foods outfit Atalanta has admitted that it suffered a data breach involving employees’ personal information as the result of a ransomware attack in July 2021. An investigation concluded that information related to Atalanta’s current and former employees and some visitors was accessed and acquired by an unauthorized party. Atalanta is North America’s largest privately-held specialty food importer. No details were offered by the company about how many records were exposed and what personal information they contained. 

Individual Impact: No details were offered by the company about how many records were exposed and what personal information they contained. 

Customers Impacted: Unknown


Cox Communications 

Exploit: Phishing (Vishing)

Cox Communications: Digital Cable Provider

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.773=Severe

Cox Communications has disclosed a data breach after a hacker impersonated a support agent to gain access to customers’ personal information. The story goes that on October 11th, 2021, a bad actor impersonated a Cox support agent by phone to gain access to customer information. Cox is the third-largest cable television provider in the US with around 3 million customers. 

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.813=Severe

Customers may have had information material to their Cox account exposed including name, address, telephone number, Cox account number, Cox.net email address, username, PIN code, account security question and answer, and/or the types of services that they receive from Cox. 

Customers Impacted: 3 million


The Virginia Division of Legislative Automated Systems (DLAS)

Exploit: Ransomware

The Virginia Division of Legislative Automated Systems (DLAS): Government Technology Services 

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.318=Extreme

A ransomware attack has hit the division of Virginia’s state government that handles IT for agencies and commissions within the Virginia legislature. Hackers accessed the agency’s system late Friday, then deployed ransomware. A ransom demand was received on Monday. A Virginia state official told CNN that DLAS was shutting down many of its computer servers in an attempt to stop the spread of ransomware. No information was available at press time about the amount of the ransom demand or what if any data was stolen. AP reports that this attack is the first recorded on a state legislature.  

Individual Impact: No consumer/employee PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted: Unknown


Kronos Ultimate Group 

Exploit: Ransomware

Kronos Ultimate Group: Payroll Services

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.619= Severe

HR management company Ultimate Kronos Group has been hit by a ransomware attack that could have devastating ongoing repercussions. The company’s Kronos Workforce Central was paralyzed in the attack. That prevents its clients, including heavyweights like Tesla and Puma, from processing payroll, handling timesheets and managing their workforce. Kronos first became aware of unusual activity on Kronos Private Cloud on Saturday evening. The company’s blog says that it is likely the issue may require several weeks to resolve. 

Individual Impact: No consumer/employee PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted:



United Kingdom – SPAR Convenience Stores

Exploit: Ransomware

SPAR Convenience Stores: Convenience Store Chain 

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.412= Extreme

UK convenience store chain SPAR fell victim to a cyberattack that impacted operations at a store level. SPAR has around 2600 stores located across the UK. The suspected ransomware attack impacted 330 SPAR locations primarily located in the north of England. Those stores were left unable to process payments made using credit or debit cards for a time. The attack also prevented the stores from using their accounting or stock control systems. Some of the affected shops remain closed in the wake of the attack, but some have reopened accepting only cash payments. An investigation is ongoing. 

Individual Impact: No consumer or employee PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown


Sweden – Volvo Cars

Exploit: Hacking

Volvo Cars: Automotive Manufacturer

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.112 = Severe

Swedish automotive company Volvo announced that hackers had violated its network and made off with valuable research and development data in a cyberattack. The company went on to say that its investigation confirmed that a limited amount of the company’s R&D property was stolen during the intrusion, but no other data was accessed. The company was quick to assure Volvo owners that there would be no impact on the safety or security of their cars or their personal data. 

Individual Impact: No consumer or employee PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown


Germany – Hellmann Worldwide Logistics

Exploit: Ransomware

Hellmann Worldwide Logistics: Transportation Logistics Firm 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.7684 = Severe

Hellmann Worldwide Logistics reported a cyberattack this week that packed a punch. The company said that a cyberattack, suspected to be ransomware, caused them to have to temporarily remove all connections to their central data center. Hellmann said its Global Crisis Taskforce discovered the attack but outside cybersecurity experts were brought in to help with the response.  The company serves clients in 173 countries, running logistics for a range of air, sea, rail and road freight services. 

Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown


France – Régie Autonome des Transports Parisiens (RATP) 

Exploit: Misconfiguration

Régie Autonome des Transports Parisiens (RATP): Transportation Authority 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.723 = Severe

A state-owned French transportation giant is in hot water after exposing personal information for nearly 60,000 employees via an unsecured HTTP server. Researchers discovered the server on October 13 left open and accessible to anyone. It contained an SQL database backup dating back to 2018 with over three million records. This featured the details of 57,000 RATP employees — including senior executives and the cybersecurity team. Source code related to RATP’s employee benefits web portal was also exposed with API keys that enabled access to the sensitive info about the website’s backend and RATP’s GitHub account. 

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.723 = Severe

The exposed employee data includes full names, email addresses, logins for their RATP employee accounts and MD5-hashed passwords. 

Customers Impacted: Unknown



Singapore – AscendEX 

Exploit: Hacking

AscendEX: Cryptocurrency Trading Platform 

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.223 = Extreme

Cryptocurrency exchange AscendEX suffered a hack for an estimated $77 million following a breach of one its hot wallets. The company announced the hack on Twitter, saying that it had identified a number of unauthorized transactions from one of its hot wallets on Saturday. Blockchain analytics firm PeckShield estimated that the stolen funds amounted to $77 million spread across three chains: Ethereum ($60 million), Binance Smart Chain ($9.2 million) and Polygon ($8.5 million). The largest share of the $77 million was accounted for by the relatively minor taraxa (TARA) with $10.8 million, while the combined shares of stablecoins USDT and USDC accounted for $10.7 million. The Singapore-based exchange, which was formerly known as BitMax, claims to serve one million institutional and retail clients.   

Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown



Australia – Frontier Software 

Exploit: Ransomware 

Frontier Software: Payroll Services Technology Provider 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.323 = Severe

 South Australia’s state government announced that state government employee data has been exfiltrated as part of a ransomware attack on payroll provider Frontier Software. The company has informed the government that at least up to 80,000 government employees and 38,000 employees of other businesses may have had their data snatched by bad actors in the November 13 incident.    

cybersecurity news represented by agauge showing severe risk

Individual Risk: 2.401 = Severe

 The stolen employee data contained names, dates of birth, tax file numbers, home addresses, bank account details, employment start dates, payroll period, remuneration, and other payroll-related information.  

Customers Impacted: Unknown



1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

Categories
The Week in Breach

The Week in Breach News: 01/12/21 – 07/12/21

Cybercriminals snatched millions from three cryptocurrency platforms, PII and PHI were exposed in major medical clinic snafus.



Planned Parenthood

Exploit: Ransomware

Planned Parenthood: Healthcare Provider

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.616= Severe

Bad actors gained access to the personal information of an estimated 400,000 patients of Planned Parenthood in Los Angeles this past October in a probable ransomware attack.  A spokesperson said that someone gained access to Planned Parenthood Los Angeles’ network between October 9 and 17, deployed and exfiltrated an undisclosed number of files. The breach is limited to the Los Angeles affiliate and an investigation is underway. 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.703= Severe

PPLA told clients that PII and PHI had been exposed including the patient’s name, address, insurance information, date of birth, and clinical information, such as diagnosis, procedure, and/or prescriptions.

Customers Impacted: 400,000

How It Could Affect Your Business: Medical information is valuable, especially sensitive information like this that can be used for both cybercrime and blackmail, and patients expect that healthcare providers will protect it.


Gale Healthcare Solutions

Exploit: Misconfiguration

Gale Healthcare Solutions: Healthcare Job Placement

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.611=Severe

More than 30,000 US healthcare workers’ personal information was recently exposed due to a non-password-protected database owned by Gale Healthcare Solutions, a Florida-based healthcare staffing provider. Files containing the PII of healthcare workers that the company placed were hosted on an unsecured AWS cloud server that was uncovered by security researchers in September. Gale Health Solutions says that the environment has been deactivated and secured. The company also says that there is no evidence there was any further unauthorized access beyond the researcher or that any personal data has been, or will be, misused. 

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.813=Severe

Researchers reported that the files they saw contained a healthcare worker’s face image or ID badge, full name and a number consistent with an SSN. Other personal data about the impacted workers may also have been exposed.  

Customers Impacted: 300,000

How It Could Affect Your Business This mistake will be expensive and coveted healthcare workers may be inclined to choose a different staffing agency because of this carelessness.


MonoX

Exploit: Hacking

MonoX: Cryptocurrency Finance

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.318=Extreme

The MonoX DEX platform has experienced a breach that did damage to the tune of $31 million. The breach took place after hackers exploited a vulnerability in smart contract software, then exploited the vulnerability to increase the price of MONO through smart contracts and bought assets with MONO tokens. DeFi platform Badger was also reportedly hit by hackers for $120 million last week after they gained access by targeting a protocol on the Ethereum network.  

Individual Impact: No consumer PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted: Unknown


DNA Diagnostics Centre

Exploit: Ransomware

DNA Diagnostics Center: Healthcare Services

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.819= Severe

DNA Diagnostics Center said that on August 6, the company discovered that there had been unauthorized access to its network that enabled someone to access and exfiltrate an archived database that contained patient PII collected between 2004 and 2012. The Ohio-based company says that 2,102,436 people had their information exposed. Victims may have been ordered to undergo genetic testing as part of a legal matter.

cybersecurity news represented by agauge showing severe risk

Individual Risk 1.617= Severe

The company is sending letters to impacted individuals warning them that they may have had their PII and sensitive data such as Social Security number or payment information exposed. Anyone whose personal information was accessed is being offered Experian credit monitoring.

Customers Impacted: 2,102,436

How it Could Affect Your Business Companies that store two kinds of valuable data like this are at high risk for an expensive and damaging ransomware incident that will have lasting financial results.



United Kingdom – BitMart

Exploit: Hacking

BitMart: Cryptocurrency Exchange 

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.212= Extreme

Cryptocurrency trading platform BitMart has been hacked resulting in the loss of an estimated $150 million in funds. Portswigger reports that Blockchain security firm Peckshield has estimated losses of around $200 million following an attack on the platform on Saturday (December 4), comprising $100 million on the Ethereum blockchain and $96 million on the Binance Smart Chain. BitMart said n a statement that it was temporarily suspending withdrawals until further notice after detecting a large-scale security breach centered on two ‘hot’ wallets. BitMart claims that it has more than nine million customers across more than 180 countries. 

Individual Impact: No consumer or employee PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

How it Could Affect Your Business Crypto platforms have been squarely in cybercriminals’ sights in the last few months and consumers are watching to see which ones are able to avoid trouble.



Japan – Panasonic

Exploit: Hacking

Panasonic: Electronics Manufacturer 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.919 = Severe

Panasonic has confirmed that it’s had a security breach after unauthorized users accessed its network on November 11. The company says that an internal investigation revealed that some data on a file server had been accessed by intruders. No information was given about what data was accessed or how much. Panasonic says that it is working with an outside firm to get to the bottom of the matter and expressed its apologies for the incident.  

Individual Impact: No consumer or employee PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown



Australia – CS Energy

Exploit: Ransomware

CS Energy: Energy Company 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.723 = Severe

CS Energy confirmed it experienced a ransomware attack on November 27.  The company said the incident was limited to its corporate network and did not impact operations at its Callide and Kogan Creek power stations. CS Energy’s CEO said that the company contained the ransomware attack by segregating the corporate network from other internal networks and enacting business continuity processes. CS Energy is owned by the Queensland government.  

Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown



1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

Categories
The Week in Breach

The Week in Breach News: 24/11/21 – 30/11/21

Cybercriminals haven’t had any trouble assembling a phishing campaign at IKEA, the NCSC sounds the alarm about escalating ransomware danger, wild accusations of treachery and sabotage add a whole new twist to a ransomware attack at BTC Alpha.



Cronin

Exploit: Misconfiguration

Cronin: Digital Marketing Firm

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.917= Severe

Researchers discovered a non-password-protected database that contained 92 million records belonging to the digital marketing firm Cronin last week. The exposed server was named “Cronin-Main” and many of the records contained references to Cronin. Exposed client records include internal logging of client advertisement campaigns, keywords, Google analytics data, session IDs, Client IDs, device data and other identifying information. Sales data was also exposed in a “Master Mailing List” with direct physical names, addresses, Salesforce IDs, phone numbers, and references to where the leads came from for customers and prospects. Internal Cronin employee usernames, emails, and hashed passwords and some unspecified PII and financial data were also exposed.

Individual Impact: Reports of this breach include mention of exposed employee financial data and PIIbut no details were available as of press time.

Customers Impacted: Unknown


Supernus Pharmaceuticals

Exploit: Ransomware

Supernus Pharmaceuticals: Pharmaceutical Company

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.702=Severe

Maryland-based Supernus Pharmaceuticals fell prey to a ransomware attack that resulted in a large amount of data being exfiltrated from its networks in mid-November. The Hive ransomware group claimed responsibility for the attack over the Thanksgiving holiday weekend. The group claims to have breached Supernus Pharmaceuticals’ network on November 14 and exfiltrated a total of 1,268,906 files, totaling 1.5 terabytes of data. Supernus Pharmaceuticals says it did not plan to pay a ransom. In a statement, Supernus Pharmaceuticals also disclosed that it did not experience a significant impact on its business, they were quickly able to restore lost data and the company has enacted stronger security measures.  

Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown


Butler County Community College

Exploit: Ransomware

Butler County Community College: Institution of Higher Learning

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.728=Moderate

Butler County Community College in Pennsylvania was forced to suspend classes for at least two days in the wake of a ransomware attack that has crippled the college’s systems. The college says it is working to restore databases, hard drives, servers and other devices. In a release, the college also announced the cancellation of all remote and online credit classes as it works to restore data, servers and other systems affected by the attack. Noncredit courses are canceled as well for November 29 and 30. The college will not provide services on its main campus or at its additional locations on those days. The incident is under investigation and the college is being assisted in recovery by a local cybersecurity firm.  

Individual Impact: No consumer PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted: Unknown



Brazil – WSpot

Exploit: Misconfiguration

WSpot: WiFi Security Software Provider

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.109= Severe

Researchers uncovered a misconfigured Amazon Web Services S3 bucket containing 10 GB worth of data that belonged to Wi-Fi software services company WSpot. The bucket was discovered on Sep 2nd, and WSpot was notified on Sep 7th, after which the company was able to secure it immediately. The company stated that they are in the process of notifying legal authorities including the National Data Protection Authority regarding the incident. WSpot, estimated that 5% of its customer base was impacted by this leak. 

cybersecurity news represented by a gauge indicating moderate risk

Individual Risk 2.811= Severe

 An estimated 226,000 files were exposed including the personal details of at least 2.5 million users who connected to WSpot’s client’s public Wi-Fi networks. 

Customers Impacted: 2.5 million users




United Kingdom – BTC-Alpha 

Exploit: Ransomware

BTC-Alpha: Cryptocurrency Exchange

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.512= Severe

This week’s most bizarre breach saga belongs to BTC-Alpha. The UK-based cryptocurrency exchange was hit with a ransomware attack in early November. The Lockbit ransomware group claimed responsibility and posted a threat to its leak site to expose BTC-Alpha’s data if a ransom was not paid by December 1. Here’s where it gets strange. Alpha founder and CEO Vitalii Bodnar alleged the attack was the work of a competing cryptocurrency firm in a press release on the same day that Lockbit’s announcement was made. The release goes on to state that a rival was launching a cryptocurrency exchange on the same day as the attack and may be involved in the incident. The full text of the release is available here: https://www.prleap.com/pr/282919/vitaliy-bodnar-founder-of-btc-alpha-comments-on-the-pressure-and-threats The company disclosed that although hashed passwords were compromised, users’ balances were not impacted, and the company and its users lost no money. The company also advised users to avoid password reuse, update or reinstall their apps, and employ MFA. The odd incident is under investigation.  

Individual Impact: No consumer or employee PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown


Sweden – IKEA 

Exploit: Phishing

IKEA:  Furniture & Home Goods Retailer 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.595 = Extreme

IKEA is battling a nasty phishing attack on its employee email accounts that is using reply chains to try to trick employees. A reply-chain email attack is a type of spoofing in which the bad guys steal legitimate corporate email messages and send links to malicious documents to the chain as a reply. The messages seem legit and can be hard to catch. Malicious messages are being sent from inside the main IKEA organization as well as from other compromised IKEA organizations and business partners. The fight is ongoing and no direct cause has been announced, although analysts are saying that signs point to a Microsoft Exchange on-premises server compromise. 

Individual Impact: No consumer or employee PII or financial data exposure was disclosed in this incident as of press time.



Singapore – Swire Pacific Offshore 

Exploit: Ransomware

Swire Pacific Offshore: Maritime Services 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.712 = Moderate

Singapore-based shipping firm Swire Pacific Offshore has announced a data breach after it fell victim to a possible ransomware attack. The company’s press release stated that unauthorized access had resulted in the loss of some confidential proprietary commercial information and some personal data. The statement went on to note that appropriate authorities have been notified. Singapore has mandatory data breach notification laws that require organizations to report incidents like this to the government. The company also announced that it is working with data security experts to investigate the incident and implement stricter security measures.  

Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown



1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.