MSnet

Ransomware may make headlines, but this week’s report shows that cybercriminals aren’t limiting themselves to just one threat.

Twitch

Exploit: Hacking

Twitch: Streaming Platform

Risk to Business: 1.402 = Extreme

Leading streaming and gaming platform Twitch has been hacked. Source code for the company’s upcoming expansion to its streaming service, an unreleased Steam competitor from Amazon Game Studios, has appeared on message boards as well as data that details the terms and amounts of content creator payouts. An anonymous poster on the 4chan messaging board delivered the data in a 125GB torrent. That poster also claimed that the stream includes the entirety of Twitch and its commit history including the aforementioned creator payouts, twitch.tv, source code for the mobile, desktop and video game console Twitch clients, code related to proprietary SDKs and internal AWS services used by Twitch, data on other Twitch properties like IGDB and CurseForge and, details about the AGS project and information about the platform’s internal security tools.

Individual Impact: No consumer PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business: Data is of immense value to cybercriminals in the booming dark web data markets, and this data will appeal to many different cybercriminal operations.

MoneyLion

Exploit: Credential Stuffing

MoneyLion: Financial Services Platform 

Risk to Business: 1.712=Severe

That old favorite credential stuffing makes an appearance this week with an attack on the financial services platform MoneyLion. The Utah-based fintech company provides mobile banking services for borrowing, saving, and investing money. MoneyLion informed customers that “an unauthorized outside party appears to have been attempting to gain access to your account on the application using an account password and/or possibly email address that appear to have been potentially compromised in a prior event”. The data breach notice outlined the attacks as taking place over the course of several weeks spanning June and July 2021. The company assured users that no information was stolen.   

Individual Impact: No consumer PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted: 8.5 million

How It Could Affect Your Customers’ Business Credential stuffing is a classic that is even easier these days thanks to the huge amount of data that includes huge batches of stolen passwords available on the dark web.

Next Level Apparel

Exploit: Phishing

Next Level Apparel: Clothing Manufacturer

Risk to Business: 2.771 = Moderate

Next Level Apparel, a US-based clothing manufacturer, has announced that several of its employee accounts were compromised in a phishing attack. In a press release late last week, the company noted that cybercriminals were able to access the contents of several employee email accounts at various times between February 17, 2021, and April 28, 2021, including viewing customer and employee PII although the company could not confirm that any data was stolen.    

Individual Risk: 2.802 = Moderate

Next Level Apparel noted that the customer and employee data accessible through the compromised accounts included names accompanied by Social Security numbers, financial/checking account numbers, payment card numbers, driver’s license numbers, and limited medical/health information.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business More than 80% of reported security incidents in 2020 were phishing-related, making this the biggest cyberattack vector for every business.

United Kingdom – Welland Park Academy 

Exploit: Hacking

Welland Park Academy: Secondary School 

Risk to Business: 2.883 = Moderate

Hell hath no fury like an IT employee scorned, as Welland Park Academy discovered after a fired IT admin entered its environment and wreaked havoc. After his termination, the former employee wiped data on the school’s systems and changed all employee credentials. These actions made it impossible for the school to conduct distance learning. The same malicious individual also took revenge on the next company fired from, creating lockout chaos and wiping data at an unnamed IT company, as well as mucking up the company’s phone systems.   

Individual Impact: No consumer PII or financial data exposure was disclosed in this breach as of press time.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business Malicious insider threats are a hazard that very business should remember, because vengeful employees can do serious damage quickly.

United Kingdom – The Telegraph

Exploit: Misconfiguration

The Telegraph: News Organization

Risk to Business: 2.122=Severe

UK news giant The Telegraph is in hot water after researchers discovered an unsecured database that exposed an enormous amount of information, an estimated 10 TB of data. Much of the data appears to apply to Apple News customers. The researcher who discovered it noted that at least 1,200 unencrypted contacts were accessible without a password. The Telegraph announced that it quickly secured the database as soon as it was informed of the issue, which impacted less than 0.1% of its subscribers.  

Risk to Business: 2.801=Moderate

The exposed information includes internal logs, full subscriber names, email addresses, device info, URL requests, IP addresses, authentication tokens and unique reader identifiers, mostly for users who accessed The Telegraph through Apple News.  

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business It pays to make sure that companies are building a strong security culture to discourage neglectful practices.

Scotland – Weir 

Exploit: Ransomware

Weir: Heavy Equipment Manufacturer 

Risk to Business: 1.616 = Severe

Scottish heavy equipment company Weir was hit with a ransomware attack. The BBC reports the company was essentially shut down briefly by the incident, which took place sometime in September 2021, forcing the company to delay shipments of mining equipment worth more than £50m in revenue. The company noted in its release that because the attackers did not exfiltrate or encrypt any data, it was confident that no financial or sensitive data had been stolen about employees or customers. 

Individual Impact: No employee or customer PII or financial data exposure was disclosed in this breach as of press time.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Ransomware gangs don’t just want to steal data anymore. They’re also more than happy to shut down production lines to obatain ransoms.

Scotland – BrewDog

Exploit: Misconfiguration

BrewDog: Bar and Restaurant Chain 

Risk to Business: 1.615 = Severe

Scottish bar and restaurant chain BrewDog was responsible for exposing the data of 200,000 shareholders and customers, The company, famous for its crowd-ownership model as well as its beer, exposed that data over an 18-month period through a glitch in its mobile app that hard-coded authentication tokens for users into the mobile application instead of being transmitted to it following a successful user authentication event. Interested parties could simply append any customer ID to the end of the API endpoint URL and access sensitive PII (personally identifiable information) for that customer. 

Individual Risk: 1.701 = Severe

Potentially exposed customer/shareholder details include, the customer’s name, date of birth, email address, gender, all previously used delivery addresses, telephone number, number of shares held, shareholder number, bar discount amount, bar discount ID, number of referrals and types of beer previously purchased 

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Having this data exposed through a blunder will hurt the reputation of a company that relies on customers as investors to stay in business.

Hong Kong – Fimmick Limited

Exploit: Ransomware

Fimmick Limited: Marketing Company

Risk to Business: 1.631 = Severe

Hong Kong marketing firm Fimmick has been hit with a ransomware attack that is purportedly the work of REvil. Cybersecurity researchers caught wind of the incident after REvil claimed to have burglarized Fimmick’s databases, snatching data that pertained to Fimmick’s work with a number of major brands. Sample data provided on REvil’s website as proof of the hack included data pertaining to the company’s work with Cetaphil, Coca-Cola and Kate Spade.  

Individual Impact: No consumer PII or financial data exposure was disclosed in this breach as of press time, although the sample points to employee information exposure.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Companies that provide services like this are especially tasty targets for ransomware gangs because even if they don’t pay the ransom their data on other businesses opens new doors.

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

Ransomware is on a round-the-world tour this week, visiting major players like JVCKenwood, Marketron and Sandhills Global.

Sandhills Global

Exploit: Ransomware

Sandhills Global: IT & Digital Publishing

Risk to Business: 1.337 = Extreme

Digital publishing giant Sandhills Global was shut down this week by a ransomware attack. The company handles trade magazines and websites for major publications in the transportation, agricultural, aerospace, heavy machinery and technology industries. Publications that Sandhills produces include TractorHouse, Machinery Trader, Machinery Trader Auction Results, Truck Paper, RentalYard, and AuctionTime, as well as Controller, Executive Controller, and Charter Hub, are among its trade magazines. Sandhills Global’s website, as well as all of their hosted publications, went offline recently, and their phones stopped working after a successful ransomware attack purportedly by Conti. Investigation of the breach and restoration of the impacted sites is underway.

Individual Impact: No consumer PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted: Unknown

Marketron 

Exploit: Ransomware

Marketron: Marketing Services Company 

Risk to Business: 1.606=Severe

Marketron has been hit by the busy BlackMatter crew. The company provides cloud-based revenue and traffic management tools for broadcast and media organizations with an emphasis on revenue management and audience engagement. The company disclosed that it had been contacted by the Russian gang on Sunday with a ransom demand.  The attack affected the Marketron Traffic, Visual Traffic Cloud, Exchange and Advertiser Portal services. RadioTraffic and RepPak services were not hit in the attack but were taken offline in the aftermath as a precaution and authorities including the FBI were informed. The BlackMatter organization is suspected to be the new guise of DarkSide.  

Individual Impact: No consumer PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted: 320,000

How It Could Affect Your Customers’ Business Today’s tricky ransomware landscape holds more traps than many organizations are expecting and the damage can be widespread if an attack strikes home.

Portpass

Exploit: Misconfiguration

Portpass: COVID-19 Vaccine Passport Platform 

Risk to Business: 1.636 = Severe

Canadian proof-of-vaccination app Portpass is having misconfiguration problems. That unfortunately led to exposed personal information for more than 650,000 registered users. CBC News reported that the problem was discovered by an anonymous tipster on its website. An investigation revealed that the company had not encrypted any of the data that it was maintaining and some could be viewed in plain text. The company claimed that the data was only exposed for a few minutes, but investigative reporting disproved that claim. The Alberta privacy commissioner’s office said in an emailed statement that it has not yet received a report and the progress of a formal investigation is unclear.

Individual Risk: 1.636 = Severe

A swathe of personal data was exposed on the leaky site for an estimated 650,000 users including email addresses, names, blood types, phone numbers, birthdays, as well as photos of identification like driver’s licenses and passports. 

Customers Impacted: 650,000

How It Could Affect Your Customers’ Business Cybercrime threat risk is bad enough without shooting yourself in the foot through sloppy IT practices.

United Kingdom – Giant Group

Exploit: Ransomware

Giant Group: Payroll Services Firm 

Risk to Business: 1.713 = Severe

Giant Group, also known as Giant Pay, was hit with a suspected ransomware attack that caused its operations to grind to a halt. The payroll services company was forced to shut down its whole network, including its phone and email systems, in order to begin recovery attempts. The company noted that it was still able to pay 8,000 workers whose contract pay it handled last week, but payees are reporting widespread delays and uncertain timelines for receiving that pay. The investigation is ongoing.

Individual Impact: No consumer PII or financial data exposure was disclosed in this breach as of press time.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business Cybercriminals know that they can get organizations that need to operate on tight timelines to pay ransoms and they don’t hesitate to take advantage of that fact.

France – TiteLive

Exploit: Ransomware

TiteLive: Bookstore Support Platform Provider

Risk to Business: 1.661=Severe

Bookstores across France, Belgium, and the Netherlands have had a rough week after a suspected ransomware attack crippled the IT systems of TiteLive, a French company that operates a widely used SaaS platform for book sales and inventory management. The attack caused outages of MediaLog, the company’s primary product, used by more than 1,000 bookstores, according to TiteLive’s website. An investigation and recovery are ongoing. No gang has claimed responsibility. 

Individual Impact: No consumer PII or financial data exposure was disclosed in this breach as of press time.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business This is a good illustration of today’s third-party/supply perils. One ransomware attack on a company like this can ripple out to impact many businesses.

Israel – E.M.I.T Aviation Consulting

Exploit: Ransomware

E.M.I.T Aviation Consulting: Defense Aviation Consulting 

Risk to Business: 1.699 = Severe

A ransomware attack against the Israeli firm E.M.I.T Aviation Consulting is presumed to be the work of LockBit 2.0 after the group claimed responsibility for the incident. The ransomware gang has not yet published any files or sample data as proof of the successful attack, but they’ve scheduled the countdown to the reveal to end on 10/07/21. LockBit operators recently made a splash by setting up their dedicated leak site to also promote the latest variant of their ransomware and advertise the LockBit 2.0 affiliate program after hacking-related posts were banned on a number of Russian forums.

Individual Impact: No consumer PII or financial data exposure was disclosed in this breach as of press time.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Ransomware gangs don’t just want consumer data. They’re more than happy to steal trade secrets and national security-related documents too.

New Zealand – Aquila Technology 

Exploit: Credential Compromise

Aquila Technology: Communications Equipment Retailer

Risk to Business: 1.699 = Severe

Technology retailer Aquila Technology, based in Lower Hutt, has disclosed that the company has been affected by a data breach. This breach is suspected to be the result of credential compromise. The company suggests that all customers reset their passwords immediately. Aquila Technology has formally notified the Privacy Commissioner and an investigation is underway.

Individual Risk: 1.699 = Severe

The company said in its statement that some customers may have had personal and credit card information compromised, but no further information was available at press time.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Credit card information is highly desitrable on the dark web, spurring a fresh round of attacks on retailers, es[pecially those that maintain large databases.

Japan – JVCKenwood 

Exploit: Ransomware

JVCKenwood: Audio Equipment Manufacturer 

Risk to Business: 1.699 = Severe

Conti ransomware came calling at JVCKenwood this week. The Japanese audio equipment powerhouse. The threat actors claim to have stolen 1.7 TB of data and are demanding a cool $7 million ransom in crypto. JVCKenwood disclosed that servers belonging to its sales companies in Europe were breached on September 22nd, and the threat actors may have accessed data during the attack. The extortionists published a sample of the stolen data as proof of their success, and it appears to be a scanned passport for a JVCKenwood employee.

Individual Impact: No consumer PII or financial data exposure was disclosed in this breach as of press time, although the sample points to employee information exposure.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Big companies have big targets painted on their backs for ransomware gangs because they have deep pockets to exploit.

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

It’s Double Trouble Week! Cybercriminals are double-dipping in an array of industries including agriculture, healthcare, customer service and real estate plus why data breach risk is on the rise again.

United States –  New Cooperative & Crystal Valley Cooperative  Exploit: Ransomware New Cooperative & Crystal Valley Cooperative: Agricultural Services   >> Read full details on our blog

United States – Simon Eye & US Vision  Exploit: Hacking Simon Eye & US Vision: Optometry Clinic Operators  >> Read full details on our blog

United States – Marcus & Millichap  Exploit: Ransomware Marcus & Millichap: Real Estate Investment Firm  >> Read full details on our blog

Colombia – Coninsa Ramon H  Exploit: Misconfiguration Coninsa Ramon H: Real Estate Firm  >> Read full details on our blog

Italy – Covisian  Exploit: Ransomware Covisian: Call Center Operator  >> Read full details on our blog

Israel – Voicenter Exploit: Ransomware Voicenter: Call Center Operator  >> Read full details on our blog

Pacific City Bank

Exploit: Ransomware

Pacific City Bank: Financial Institution

Risk to Business: 1.623 = Severe

Pacific City Bank, a California-based bank that focuses on the Korean-American community, was rocked by ransomware. The bank was hit by the AVOS Locker ransomware gang last week. On Saturday, September 4, 2021, the ransomware gang added the bank to its leak site and published some screenshots as proof of the hack including a ZIP archive that contains a series of documents allegedly stolen from the bank. The incident is under investigation.

Individual Impact: No information was available at press time to say if employee, customer or consumer financial details or PII was compromised in this incident but since it is a bank that’s highly likely.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business: Ransomware gangs have been hungry for financial industry data and they’ve been stepping up attacks against targets that have it, especially small-time players that tend to have weak security.

DuPage Medical Group

Exploit: Hacking

DuPage Medical Group: Healthcare Practice 

Risk to Business: 1.636 = Severe

DuPage Medical Group is notifying 600,000 patients that their personal information may have been compromised during a July cyberattack. The largest independent physician group in Illinois experienced a computer and phone outage that lasted nearly a week in mid-July. Investigators determined that the incident was caused by unauthorized actors who accessed its network between July 12 and July 13.

Individual Risk: 1.866 = Severe

The investigators determined that files containing patient information including names, addresses, dates of birth, diagnosis codes, codes identifying medical procedures and treatment dates may have been exposed. For a small number of people, Social Security numbers may have been compromised.

Customers Impacted: 600,000 patients

How It Could Affect Your Customers’ Business Exposed medical data isn’t just a disaster upfront. Big penalties from state and federal regulators can cause damage that’s hard to recover from.

Career Group, Inc. 

Exploit: Ransomware

Career Group, Inc.: Staffing Company

Risk to Business: 1.673=Severe

California-based staffing service Career Group, Inc. Experienced a data breach, between June 28 and July 7. In the company’s letter to regulators, it stated that it had received assurances from the cybercriminals involved that its data would be deleted, indicating a probable ransomware incident.

Individual Risk: 1.673=Severe

The company noted in a letter to the Maine Attorney General’s Office the fact that the stolen data included PII from applicants and placements including Social Security numbers, but no further details were available at press time.

Customers Impacted: 49,476

How It Could Affect Your Customers’ Business Staffing services are a goldmine for cybercriminals because they offer the opportunity to quickly score a large amount of desirable financial data and PII.

Howard University

Exploit: Ransomware

Howard University: Institution of Higher Learning

Risk to Business: 1.917 = Severe

Howard University announced that they are investigating a ransomware attack. The incident disrupted online classes for several days. In person instruction was unaffected. The school’s Enterprise Technology Services (ETS) intentionally shut down the university’s network to investigate. So far, investigators have not found that any personal data on staff or students has been stolen.

Individual Impact: No information was available at press time about the types of data that was stolen if any.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business Schools of every size have been prime targets for cybercriminals since the beginning of the pandemic, and that pressure is not relenting.

France – Francetest 

Exploit: Misconfiguration

Francetest: COVID-19 Test & Trace Platform 

Risk to Business: 1.721 = Severe

A misconfiguration in an online platform used to transfer data from antigen tests carried out at pharmacies to the government platform SI-DEP has made hundreds of thousands of COVID-19 test results public, along with the PII of the patients who took them. In a particularly interesting detail of this story, the misconfiguration was discovered when a patient with IT expertise discovered that the open-source content management system WordPress was being used to manage sensitive data. She could access files containing other patients’ information via the URL tree and even create an account without being a pharmacist.

Individual Risk: 1.761 = Severe

Exposed data included patients’ full names, genders, dates of birth, social security numbers, contact details (including email address, telephone number and postal address) and test results including COVID-19 status.

Customers Impacted: 700,000

How it Could Affect Your Customers’ Business Human error is still the biggest cause of a data breach and this is one mistake that’s going to cost a fortune by the time GDPR penalties are calculated.

France – France-Visas

Exploit: Hacking

France-Visas: Government Services Platform 

Risk to Business: 1.919 = Severe

A cyber-attack has compromised the data of around 8,700 people applying for visas to visit or move to France via the official government-run France-Visas website. No details of the nationalities affected or other information about the applicants that had information exposed was released, but French officials say that they have been contacted by mail.

Individual Risk: 1.778 = Severe

Applicant PII including names, passport and identity card numbers, nationalities and birth dates was snatched by the hackers. No financial information was exposed. Officials noted a low potential for misuse because of strict GDPR compliance procedures.

Customers Impacted: 8,700

How it Could Affect Your Customers’ Business Their compliance may be stringent, but their security is lacking, and that’s going to cost a pretty penny when penalties are handed down from GDPR regulators.

Japan – Fujitsu 

Exploit: Hacking

Fujitsu: Information Technology

Risk to Business: 1.802 = Severe

Data from Japanese tech giant Fujitsu is being sold on the dark web. The type of data available is unclear, but the cybercriminals responsible for the hack claim to have 4GB of company data to offload. In their announcement, the cybercriminals provided samples of the data and claimed they had confidential customer information, company data, budget data, reports and other company documents, including project information.

Individual Impact: No information was available at press time to say if employee, customer or consumer financial details or PII was compromised in this incident

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware is the weapon of choice for both run-of-the-mill cybercriminals and nation-state threat actors. Every business needs to be ready for it.

Indonesia – electronic Health Alert Card

Exploit: Misconfiguration 

electronic Health Alert Card (eHAC): COVID-19 Test & Trace Platform

Risk to Business: 1.802 = Severe

A storage snafu has exposed a big pool of personal data from Indonesia’s test and trace tool electronic Health Alert Card (eHAC). Researchers discovered that an unsecured Elasticsearch database was being used to store over 1.4 million records from approximately 1.3 million eHAC users. Both foreigners and Indonesian citizens must download the app, even those traveling domestically within the country and it contains data personal data for travelers including a person’s health status, personal information, contact information, COVID-19 test results and other information.

Individual Risk: 1.5882 = Severe

The data involved in the leak includes user IDs including passports and national Indonesian ID numbers, COVID-19 test results and data, hospital IDs, addresses, phone numbers, URN ID numbers and URN hospital ID numbers. For Indonesians, their full names, numbers, dates of birth, citizenship, jobs and photos were included in the leaked data. Private information about Indonesian hospitals and government officials who used the app was also exposed.

How it Could Affect Your Customers’ Business: A misconfiguration of this scale is embarrassing and demonstrates a slapdash security system that won’t fill users with confidence.

Ransomware comes calling at a Nokia subsidiary, cyber criminals check data out of the Boston Public Library, personal data is snatched from Bangkok Airlines

SAC Wireless

Exploit: Ransomware

SAC Wireless: Mobile Network Services 

Risk to Business: 1.486 = Extreme

AC Wireless, a US-based Nokia subsidiary, has disclosed a data breach following a ransomware attack attributed to the Conti ransomware gang. The company disclosed that personal information belonging to current and former employees (and their health plans’ dependents
or beneficiaries) was also stolen during the ransomware attack. Conti ransomware gang revealed on their leak site that they stole over 250 GB of data. The investigation and remediation is ongoing.

Individual Risk : 1.311 = Extreme

SAC Wireless has announced that they believe that the stolen files contain the following categories of personal info about current and former employees: name, date of birth, contact information (such as home address, email, and phone), government ID numbers (such as driver’s license, passport, or military ID), social security number, citizenship status, work information (such as title, salary, and evaluations), medical history, health insurance policy information, license plate numbers, digital signatures, certificates of marriage or birth, tax return information, and dependent/beneficiary names. 

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business: Ransomware gangs are increasingly targeting the partners of major companies to find security flaws that enable them to gain valuable access or information that can then be translated into action against the major target.

Boston Public Library (BPL)

Exploit: Ransomware

Boston Public Library (BPL): Library System 

Risk to Business: 2.336 = Severe

The Boston Public Library (BPL) has disclosed that its network was hit by a cyberattack leading to a system-wide technical outage. BPL serves almost 4 million visitors per year through its central library and twenty-five neighborhood branches, as well as millions more online. The library experienced a significant system outage and as well as disruption of its online library services. Branch It has been restored and online services are slowly being recovered.

Individual Impact: There has not yet been an announcement that employee, customer or consumer personal or financial information was compromised in this incident but the investigation is ongoing

Customers Impacted: 4 million

How It Could Affect Your Customers’ Business Government and government-adjacent municipal targets have been especially under the gun recently as cybercriminals seek easy routes to gaining big scores of personal data from targets with historically poor security.

Envision Credit Union

Exploit: Ransomware

Envision Credit Union: Bank 

Risk to Business: 1.673=Severe

The LockBit 2.0 ransomware group has threatened to publish stolen data of its newest target, Envision Credit Union in Florida, on August 30. Envision Credit Union disclosed to the media that recently began “experiencing technical difficulties on certain systems” after the LockBit announcement went up on the gang’s leak site. An investifation is ongoing and the bank has not yet disclosed exactly what (if any) data was stolen.  

Individual Impact: There has not yet been an announcement that employee, customer or consumer personal or financial information was compromised in this incident but the investigation is ongoing

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business Financial services and fintec organizations have been a prime target for hackers recently, and regulators have not been shy about raising the alarm.

Atlanta Allergy & Asthma 

Exploit: Hacking

Liquid: Cryptocurrency Exchange 

Risk to Business: 1.917 = Severe

Atlanta Allergy & Asthma (AAA), the largest allergy treatment healthcare business in the region, is notifying 9,800 patients that they experienced a data breach that involved protected health information. Bloggers spotted the data on the dark web, where it had been posted by the Nefilim ransomware group, also known as Nempty. The gang nabbed 2.5 GB of data consisting of 597 files with PHI.

Individual Risk: 1.835 = Severe

The data seen by researchers includes what appears to be thousands of records for patients. The files are not just current or recent billing-related files but also included spreadsheets organized by type of health insurance, records on outstanding claims from 2017 and 2018 and more than 100 audits including a multi-page detailed review of a patient’s case. 

Customers Impacted: 9,800

How It Could Affect Your Customers’ Business Medical data is a big revenue driver for cybercriminals but it is an even bigger revenue disaster for the medical practices that lose it to cybercrime.

Germany – Puma

Exploit: Hacking

Puma: Sportswear Brand 

Risk to Business: 1.721 = Severe

Threat actors claim to have stolen data from German sportswear giant Puma. The cybercriminals announced the score in a post on a message board at the rising dark web marketplace Marketo claims to have about 1GB of data stolen from the company. Published samples contain the source code of internal management applications potentially linked to the company’s Product Management Portal.

Individual Impact: There has not yet been an announcement that employee, customer or consumer personal or financial information was compromised in this incident but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Hackers are hungry for data to turn for a quick profit in the booming dark web data markets. Reports note there are more than 150 bids on this little cache already.

Thailand – Bangkok Airways 

Exploit: Ransomware

Bangkok Airways: Airline 

Risk to Business: 1.802 = Severe

Bangkok Airways has announced that it has experienced a “cybersecurity attack which resulted in unauthorized and unlawful access to its information system”. There’s no word from the company about how many customers were involved in the breach or what timeframe the data came from, but they were quick to assure customers that no operations or aeronautics systems or data was impacted.

Individual Risk: 1.761 = Severe

The company said in a statement that their initial an investigation revealed that the names, nationalities, genders, phone numbers, emails, addresses, contact information, passport information, historical travel information, partial credit card information and special meal information for passengers of the airline were accessed by the hackers.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware is the weapon of choice for both run-of-the-mill cybercriminals and nation-state threat actors. Every business needs to be ready for it.

Shopping platforms are on the hit list this week

Memorial HealthCare 

Exploit: Third-Party Data Breach 

Northwestern Memorial HealthCare: Hospital System 

Risk to Business: 1.771= Severe

A data breach at a third-party provider, Elekta, has potentially exposed the private medical information of patients at Northwestern Memorial HealthCare (NMHC) providers. Unknown cybercriminals were able to access a database owned by Elekta, a company that provides a cloud-based platform that handles legally required cancer reporting to the State of Illinois. Those potentially affected are patients of Northwestern Medicine Central DuPage Hospital, Northwestern Medicine Delnor Community Hospital, Northwestern Medicine Huntley Hospital, Northwestern Medicine Kishwaukee Hospital, Northwestern Medicine Lake Forest Hospital, Northwestern Medicine McHenry Hospital, Northwestern Memorial Hospital, Northwestern Medicine Valley West Hospital and Northwestern Medicine Valley West Hospital. 

Individual Risk: 1.603= Severe

The hospital system has announced that attackers made a copy of datasets, which include patient names, dates of birth, Social Security numbers, health insurance information, and medical record numbers. The database also contained clinical information related to cancer treatment, including medical histories, physician names, dates of service, treatment plans, diagnoses, and/or prescription information. 

Customers Impacted: Unknown

Morgan Stanley

Exploit: Third-Party Data Breach

Morgan Stanley: Financial Services Firm 

Risk to Business: 2.216 = Severe

Morgan Stanley has reported a third-party data breach after attackers reportedly stole customer data by hacking into the Accellion FTA server of a third-party vendor. That vendor, Guidehouse, is a third-party vendor that provides account maintenance services to Morgan Stanley’s StockPlan Connect business. Guidehouse notified the investment banking company in May 2021 that attackers had accessed its Accellion FTA server. The Clop ransomware gang claimed responsibility for the original Accellion hack. 

Risk to Individual: 2.462 = Severe

Morgan Stanley says that the information stolen in this incident does not include financial information but does include stock plan participants’ names, addresses (last known address), dates of birth, social security numbers and corporate/company names. The files stolen from Guidehouse’s FTA server did not contain password information or credentials that the threat actors could use to gain access to impacted Morgan Stanley customers’ financial accounts. 

Customers Impacted: Unknown

Republican National Committee (RNC) 

Exploit: Nation-State Cybercrime

Republican National Committee (RNC): Political Organization

Risk to Business: 2.223=Severe

Russian-aligned nation-state cybercriminals hacked into the Republican National Committee last week. Initially dismissive of the hack, RNC officials ultimately admitted that their security had been breached. However, those officials attributed the hack to a data security incident at a subcontractor, Synnex. The RNC announced that they are working with experts at Microsoft to investigate this incident.

Individual Impact: There has not yet been confirmation that consumer personal or financial information has been compromised in this incident but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Reviewing potential avenues of risk can help you and your customers make a strong defensive plan.

ID Agent to the Rescue:  Learn more about the factors that make it easy for employees to make mistakes and how you can mitigate them for a better staff. SEE THIS WEBINAR>>

GETTR

Exploit: Hacking

GETTR: Social Media Platform 

Risk to Business: 1.575 = Severe

A hacker has reported that they have breached GETTR, a new right-wing social media platform popular with personalities who have been banned from mainstream social media. The data was purportedly collected in two batches, on July 1 and July 5. According to copies of the leaked file and the leaker’s claims, the first batch of the stolen data was collected through scraping on July 1 and the second batch was obtained through endpoint exploitation. The sum of the data collected in both leaks is estimated at more than 90,065 user profiles.

Individual Risk: 1.502 = Severe

According to the hackers, the snatched data included information such as real names, profile descriptions, site usernames, along with other public information, but also non-public information such as a user’s email address, birth year, and location information.

Customers Impacted: 40,000

Switzerland – Comparis

Exploit: Hacking

Comparis: Shopping Platform 

Risk to Business: 1.302 = Extreme

Swiss online consumer outlet Comparis has disclosed a ransomware attack by filing a criminal complaint. The attack purportedly blocked some of the information technology systems, causing scattered disruptions for several days. Sister company Credaris, a financial services provider that uses the same server environment, may also have experienced unconfirmed malicious access to unspecified information. According to the hackers, the snatched data included information such as real names, profile descriptions, site usernames, along with other public information, but also non-public information such as a user’s email address, birth year, and location information.

Individual Impact: There has not yet been confirmation that consumer personal or financial information has been compromised in this incident but the investigation is ongoing.

Customers Impacted: Unknown

Germany – Spreadshop 

Exploit: Hacking 

Spreadshop: Shopping Platform 

Risk to Business: 1.919 = Severe

German merchandise platform Spreadshop has disclosed that on July 8th, 2021, it was the victim of a malicious cyberattack. The company confirmed that personal user data, including bank account details, were compromised. The platform is the commerce arm of a web of businesses that also includes Spreadshirt and TeamShirts. 

Individual Risk: 2.271 = Severe

According to a statement from Spreadshop, the compromised data includes address and contractual data belonging to customers, partners, employees and external suppliers. Also affected are the payment details of a small number of customers who made payments to Spreadshirt, Spreadshop, or TeamShirts via bank transfer or who have received a refund via bank transfer.

Customers Impacted: Unknown

India – Technisanct 

Exploit: Hacking 

Technisanct: Trading Platform

Risk to Business: 2.801 = Moderate

Big data startup Technisanct has disclosed a data breach in a trading platform that it operates in India. Information from over 3.4 million customers was compromised. The security breach was identified by Technisanct’s digital risk monitoring tool. Researchers have reported that the pilfered data was for sale in an online platform dedicated to these kinds of transactions, and some of the information was published on June 15. 

Idividual Risk: 2.766 = Moderate

The company has disclosed that Personal Identifiable Information (PII) was exposed including name, customer ID, contact number, email ID, trade login ID, branch ID, city and country.

Customers Impacted: 3.4 million

Taiwan – Adata

Exploit: Ransomware

Adata: Computer Chip Maker 

Risk to Business: 1.801 = Severe

The Ragnar Locker ransomware gang has announced that they’ve acquired more than 700GB of archived data stolen from Taiwanese memory and storage chip maker ADATA. A set of 13 archives, allegedly containing sensitive ADATA files, have been publicly available at a cloud-based storage service, at least for some time. According to reports, the largest archive is close to 300GB, and the second largest is 117GB and the archives likely contain corporate financial information, non-disclosure agreements and sales data.

Individual Impact: There has not yet been confirmation that consumer personal or financial information has been compromised in this incident but the investigation is ongoing.

Customers Impacted: Unknown

Healthcare cyberattacks are popping up fast this week

United Kingdom – Salvation Army

Exploit: Hacking

Salvation Army – Non-Profit 

Risk to Business: 2.424= Severe

The United Kingdom arm of the evangelical Christian nonprofit Salvation Army disclosed that it had been the victim of an unspecified cyberattack. The industry press are reporting that the attack was purportedly ransomware but no confirmation is available at this time. The fundamentalist charity says that no programs were impacted and has not released information about the type of data that was stolen.

Individual Impact: There has not yet been confirmation that consumer personal or financial information has been compromised in this incident but the investigation is ongoing.

Customers Impacted: Unknown

Spain – MasMovil

Exploit: Ransomware

MasMovil: Telecommunications

Risk to Business: 1.801 = Severe

Cybercrime gang REvil struck Spain’s fourth-largest telecom over the 4th of July weekend. The group claims to have “downloaded databases and other important data” belonging to the telecom giant, sharing screenshots apparently of the stolen MasMovil data that shows folders named Backup, RESELLERS, PARLEM and OCU.

Individual Impact: There has not yet been confirmation that consumer personal or financial information has been compromised in this incident but the investigation is ongoing.

Customers Impacted: Unknown

Arthur J. Gallagher

Exploit: Ransomware

Arthur J. Gallagher (AJG): Insurance Broker 

Risk to Business: 1.673= Severe

Arthur J. Gallagher (AJG), a US-based global insurance brokerage and risk management firm, is mailing breach notification letters to customers impacted in a previously unannounced ransomware attack that hit its systems in late September 2020. The company said that an unknown party accessed data contained within their network between June 3, 2020, and September 26, 2020. The company has apparently just completed its investigation.

Individual Risk: 1.522= Severe

While the company did not specify the types of data exposed, their SEC filing did and PII starred heavily on the list. Data exposed may include a client’s Social Security number or tax identification number, driver’s license, passport or other government identification number, date of birth, username and password, employee identification number, financial account or credit card information, electronic signature, medical treatment, claim, diagnosis, medication or other medical information, health insurance information, medical record or account number and biometric information.

Customers Impacted: Unknown

Washington State Department of Labor and Industries

Exploit: Third-Party Data Breach

Washington State Department of Labor and Industries: Government Agency

Risk to Business: 1.816 = Severe

Washington State informed over 16,000 workers that their PII may have been exposed in a ransomware attack on Renton market research company Pacific Market Research (PMR). The contractor was hit with a ransomware attack in May 2021.

Risk to Business: 1.516 = Severe

The exposed information for workers includes claim numbers and dates of birth for 16,466 workers who had workers’ compensation claims in 2019, which PMR had used to conduct a customer service survey for the agency.

Customers Impacted: Unknown

Practicefirst

Exploit: Ransomware

Practicefirst: Healthcare Technology Services

Risk to Business: 2.223=Severe

Practicefirst announced that a 2020 healthcare ransomware attack may have exposed personally identifiable information (PII) of patients and employees. The service provider specializes in medical billing, coding, credentialing, bookkeeping, and practice management solutions. When they detected suspicious activity on December 30th, 2020, they shut down all systems, changed passwords and notified authorities but not before the bad guys scooped up data.

Risk to Business: 2.201=Severe

Practicefirst disclosed that patient and employee information has been impacted including birthdates, names, addresses, driver’s license numbers, Social Security numbers, email addresses and tax identification numbers employee usernames and passwords, bank account information. Other data that may have been stolen is primarily treatment-focused like diagnoses, lab and treatment information, medication information and health insurance identification.

Customers Impacted: Unknown

UofL Health

Exploit: Insider Threat (Employee Error)

UofL Health: Healthcare System

Risk to Business: 1.575 = Severe

Kentucky-based UofL Health has notified more than 40,000 patients of an employee blunder that resulted in their personal health information being emailed to the wrong address. In this case, a UofL employee accidentally sent personal health information from UofL patients to an email address outside of the health system’s network. According to UofL, the accidental recipient of the data did not view or access any patient information.

Risk to Business: 1.502 = Severe

Patients whose data was impacted by the incident have been offered free identity protection services. No specifics about what exact data was accessed have been released beyond personal health information.

Customers Impacted: 40,000

This week the cybercrime gangs were busy! Nobelium, the gang behind the SolarWinds hack, is giving Microsoft and others a world of trouble with unexpected attacks. REvil scores medical data, a new ransomware gang debuts with a hit on Altus Group

United Kingdom – French Connection UK (FCUK) 

Exploit: Ransomware

French Connection UK (FCUK): Clothing Brand

Risk to Business: 2.351= Severe

United Kingdom-based clothing company French Connection UK has been hit by a major cybercrime gang: REvil. The ransomware gang was able to get away with a plethora of internal company data after taking control of the company’s back-end servers. The type of data has not been specified, but both business and employee data is at risk.

Individual Impact: There has not yet been confirmation that consumer personal or financial information has been compromised in this incident but the investigation is ongoing.

Customers Impacted: Unknown

Mercedes Benz USA 

Exploit: Third Party Risk 

Mercedes Benz USA: Carmaker 

Risk to Business: 1.611= Severe

Mercedes-Benz USA has disclosed a data breach impacting some of its US customers. The data breach exposed PII of under 1,000 Mercedes-Benz customers and potential buyers. This breach was announced after a Mercedes-Benz vendor informed the company that the personal information of select customers was exposed due to an insufficiently secured cloud storage instance.

Individual Risk: 1.802= Severe

According to the company, the breach affects some customers and potential vehicle buyers who had entered sensitive information on Mercedez-Benz company and dealer websites between 2014 and 2017. The vendor who notified Mercedez-Benz of the data breach states that the exposed information included: self-reported customer credit scores, driver license numbers, Social Security numbers (SSNs), credit card numbers and dates of birth.

Individual Impact: No sensitive personal or financial information for clients has been declared compromised in this incident and the investigation is ongoing.

Customers Impacted: 1,000

Washington Suburban Sanitary Commission (WSSC) 

Exploit: Ransomware

Washington Suburban Sanitary Commission (WSSC): Utility 

Risk to Business: 2.116 = Severe

Washington Suburban Sanitary Commission (WSSC) has disclosed a ransomware attack that impacted some of its systems. The utility noted that the incident impacted a portion of their network that operates non-essential business systems. The company has admitted that cybercriminals were able to gain access to internal files but no more information has been provided. The incident is still under investigation. WSSC is the utility that provides water and sewer services to the Washington, DC metropolitan area.

Individual Impact: No sensitive personal or financial information for clients has been declared compromised in this incident and the investigation is ongoing.

Customers Impacted: Unknown

DreamHost 

Exploit: Unsecured Database

DreamHost: WordPress Hosting Service 

Risk to Business: 1.823=Severe

A misconfigured cloud database exposed over 800 million records linked to WordPress users through hosting provider DreamHost. The 814 million records came from the firm’s managed WordPress hosting business DreamPress and appeared to date back to 2018. In this 86GB database, researchers noted admin and user information, including WordPress login location URLs, first and last names, email addresses, usernames, roles, host IP addresses, timestamps and configuration and security information, some linked to users with .gov and .edu email addresses. The database was purportedly secured within hours but the damage had already been done.

Individual Impact: There has not yet been confirmation that consumer personal or financial information has been compromised in this incident but the investigation is ongoing.

Customers Impacted: Unknown

Altus Group 

Exploit: Ransomware

Altus Group: Real Estate Software 

Risk to Business: 1.775 = Severe

Altus Group, a commercial real estate software solutions company, has announced that its data was breached. The company initially said that no data was stolen, a new ransomware group begs to differ. New cybercrime gang Hive has published samples of data allegedly stolen from Altus Group on its new dark website. The provided sample of exfiltrated files includes business data and documents, as well as Argus certificates and development files. No ransom amount has been confirmed and the incident is under investigation.

Individual Impact: There has not yet been confirmation that consumer personal or financial information has been compromised in this incident but the investigation is ongoing.

Customers Impacted: Unknown

Sweden – InfoSolutions 

Exploit: Hacking

InfoSolutions: Medical IT Solutions 

Risk to Business: 1.661 = Severe

InfoSolutions, a company that provides IT services to Swedish Public Health Agency including maintaining journals and COVID-19 databases in Sweden, published a statement claiming that it detected an intrusion to a database employed by 15 of 21 Sweden’s regions. The company says that there is no indication that any information has been passed on and that the databases were locked quickly. The internal investigation is ongoing.

Individual Impact: There has not yet been confirmation that consumer personal or financial information has been compromised in this incident but the investigation is ongoing.

Customers Impacted: Unknown

Brazil – Grupo Fleury 

Exploit: Ransomware

Grupo Fleury: Medical Diagnostics Laboratory 

Risk to Business: 1.702 = Severe

REvil had a busy week. They also struck medical services company Grupo Fleury, Brazil’s largest laboratory operator. The REvil gang is demanding $5 million to receive a decryptor and not leak allegedly stolen files, and it has published a sample according to its usual protocol. Grupo Fleury’s data could potentially contain enormous amounts of personal and medical data of patients, but no specifics of what was stolen have been made available.

Individual Impact: No sensitive personal or financial information has been confirmed as stolen in this incident but it is highly likely that will be the case as the incident progresses..

Customers Impacted: Unknown