Categories
The Week in Breach

The Week in Breach News: 04/05/22 – 10/05/22


Ransomware sprouts up at a major U.S. agricultural company, insider risk strikes home at IKEA and more trouble for government agencies.




AGCO 

Exploit: Ransomware

AGCO: Agricultural Machinery Manufacturer

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.471 = Extreme

Major U.S. agricultural machinery manufacturer AGCO announced that they have suffered a ransomware attack that is impacting some of the company’s production facilities. A statement from the company provided few details but specified that its operations including production “Will likely be adversely affected for several days and potentially longer.” No group has claimed responsibility or publicized a ransom demand. 

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

EXTRA: The FBI recently released an alert about elevated ransomware risk in the Food & Agriculture sector.  

How It Could Affect Your Business: Ransomware gangs love to pounce on industries at critical times. This is a massive problem at the height of spring planting season in the US.


The State Bar of Georgia 

Exploit: Hacking

State Bar of Georgia: Professional Organization 

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.804 = Moderate

The State Bar of Georgia has experienced a cyberattack that crippled the organization’s network, website and email system. Officials say that the attack began last Monday when an unauthorized user was discovered and that the organization’s IT team swung into action quickly to secure the network from further trouble. There was a continued impact on the Bar’s website throughout the week. The incident is under investigation.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Business Professional organizations have been on cybercriminal hit lists thanks to the abundant personal and sometimes financial data they tend to hold.



IKEA

Exploit: Insider Threat

IKEA: Home Goods Retailer

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.711 = Moderate

 Furniture and home goods giant IKEA announced that it had experienced a data breach in its Canadian operations that impacted an estimated 95,000 customers. The company said that sensitive customer information was mistakenly provided to an employee in an internal search between March 1 and March 3, 2022. No specifics about the compromise data were offered beyond confirmation that no financial or banking information was accessed. IKEA says that it has notified any customers that were impacted by the breach and the Office of the Privacy Commissioner of Canada.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Business: Internal information security foul-ups by employees like this are embarrassing and potentially expensive mistakes that no company wants to handle.




Peru – Dirección General de Inteligencia (DIGIMIN)

Exploit: Ransomware

Dirección General de Inteligencia (DIGIMIN): National Government Agency

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.316 = Extreme

Conti ransomware is to blame for continued trouble in Costa Rica’s public sector. After crippling several federal departments last week, the group has not snarled operations at Junta Administrativa del Servicio Eléctrico de Cartago (JASEC), electricity manager for the city of Cartago, population 160,000. Officials said that the attack has encrypted the servers used to manage the organization’s website, e-mail, administrative collection systems and more, rendering customers unable to pay for electricity and internet bills.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business An attack of this nature is a major national security threat to Peru with the potential to expose a great deal of sensitive foreign and domestic intelligence data.



Bulgaria – The Bulgarian State Agency for Refugees Under the Council of Ministers 

Exploit: Ransomware (Nation-State)

The Bulgarian State Agency for Refugees Under the Council of Ministers: National Government Agency 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.811 = Severe

LockBit 2.0, a cybercrime gang known to have strong ties to Russia, announced that it intends to publish data it claims to have stolen in an attack on The Bulgarian State Agency for Refugees Under the Council of Ministers. That agency is experiencing extra stress right now as it oversees the flow of Ukrainian refugees in Bulgaria. The agency’s website is up but warns that some email addresses may not be working. An estimated 230,000 refugees have fled to Bulgaria in the wake of Russia’s invasion of Ukraine.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Although this is not confirmed as a nation-state incident, both “official” and nation-state adjacent threat actors on both sides of this conflict have been active in a flood of invasion-related cyberattacks.  


Germany – Sixt

Exploit: Hacking

Sixt: Car Rental Company

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.909-Severe

Major car rental company Sixt has suffered IT disruptions at some locations in the wake of a cyberattack. The company says that the attack on April 29 forced them to restrict access to all their internal IT systems, snarling operations for clients and agents. The nature of the attack was not disclosed, and the incident remains under investigation. Sixt rents out cars from over two thousand locations in more than 100 countries. 

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Incidents like this can spawn customer headaches that do damage to a company’s reputation.


Russia – Qiwi

Exploit: Nation-State (Hacktivism)

Qiwi: Payment Processor

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.096 = Severe

Anonymous and its associates continue a cyberattack offensive against Russian businesses and agencies in the wake of Russia’s invasion of Ukraine. This time, Anonymous affiliate Network Battalion (NB65) group claims that it has hacked and deployed ransomware against the Russian payment processing platform Qiwi. NB65 says that it managed to extract 10.5TB of data from Qiwi, including 30 million payment records and the data from 12.5 million credit cards of Qiwi customers. The group has posted a host of examples of the stolen data as proof of the hack, threatening to release 1 million cards worth of data daily. Qiwi denies the event.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business This is the latest in a long string of strikes by Anonymous against Russian and Russia-aligned businesses that shows no signs of stopping.



Australia – Naru Police Force

Exploit: Hacking

Naru Police Force: Law Enforcement Agency

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.776 = Moderate

The Anonymous collective released 82GB worth of emails apparently belonging to the Nauru Police Force on May 2 as a protest against the alleged ill-treatment of asylum seekers and refugees carried out by the Naru Police Force on behalf of the Australian government. The total number of leaked emails is reported to be 285,635 and the data is available for direct and torrent download. Anonymous claims that the stolen emails contain details of a cover-up of abuses against prisoners in refugee camps on the island by the Nauru Police Force and the Australian government.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Hacktivisim isn’t only a factor in nation-state cybercrime and could impact all kinds of businesses and institutions.



1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident

Categories
The Week in Breach

The Week in Breach News: 27/04/22 – 03/05/22


May the 4th be with you as you fight the good fight against cybercrime! This week, we’ll look at two attacks by the new ransomware group Black Basta and more trouble for power companies..  



American Dental Association 

Exploit: Ransomware

American Dental Association: Professional Organization

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.802 = Severe

The American Dental Association (ADA) was hit by a ransomware attack, allegedly conducted by new ransomware group Black Basta. The attack disrupted various online services, telephones, email, and webchat. Outage at the ADA website has caused some online services to be inaccessible, including the ADA Store, the ADA Catalog, MyADA, Meeting Registration, Dues pages, ADA CE Online, the ADA Credentialing Service and the ADA Practice Transitions.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Business: The healthcare sector has been under siege from cybercriminals and the pressure isn’t letting up anytime soon.


The Coca-Cola Company

Exploit: Ransomware

The Coca-Cola Company: Beverage Manufacturer & Distributor

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.804 = Moderate

The new ransomware group Stormous claims they’ve pulled off a ransomware attack against The Coca-Cola Company, claiming that it snatched 161 gigabytes of data. The hacking group has been linked with Russian nationalist cybercrime following its public statement vowing to take action against companies that pulled out of Russia in the wake of Russia’s invasion of Ukraine. Financial data, passwords and commercial account records are said to be among the stolen data. Coca-Cola says that it is investigating the matter.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Business ransomware can have a negative impact on a business even if it doesn’t shut down operations.


ARcare

Exploit: Hacking

ARcare: Medical Clinics

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.711 = Severe

 ARcare, a medical services company that operates clinics for underserved communities in Arkansas, Kentucky and Mississippi, disclosed a data breach impacting an estimated 345,000 patients in a filing with The U.S. Department of Health and Human Services (HSS). After a disruptive incident on February 24, 2022, an investigation turned up the unwelcome news that a malicious hacker had access to ARcare’s network over a five-week period between January 18 and February 24.  

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.814 = Severe

Potentially exposed patient data includes names, Social Security numbers, drivers’ license or state identification numbers, dates of birth, financial account information, medical treatment information, prescription information, medical diagnosis or condition information and health insurance information.  

How It Could Affect Your Business: This is going to be a very expensive problem once regulators get finished with it.



Costa Rica – Junta Administrativa del Servicio Eléctrico de Cartago (JASEC)

Exploit: Ransomware

Junta Administrativa del Servicio Eléctrico de Cartago (JASEC): Power Company

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.626 = Severe

Conti ransomware is to blame for continued trouble in Costa Rica’s public sector. After crippling several federal departments last week, the group has not snarled operations at Junta Administrativa del Servicio Eléctrico de Cartago (JASEC), electricity manager for the city of Cartago, population 160,000. Officials said that the attack has encrypted the servers used to manage the organization’s website, e-mail, administrative collection systems and more, rendering customers unable to pay for electricity and internet bills.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Infrastructure targets have had increasing trouble in the past 12 months, with the FBI reporting ransomware attacks in 14 of 16 infrastructure sectors.


Trinidad and Tobago – Massy Stores

Exploit: Hacking

Massy Stores: Supermarket Chain

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.311 = Extreme

The biggest supermarket chain in Trinidad, Massy Stores, was forced to temporarily suspend operations over the weekend after a cyberattack took out key systems, including cash registers. Surepay and Moneygram services were also impacted. The company says that no customer or employee data was stolen. Some stores have resumed operations, and the incident is under investigation.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Retailers have been getting hammered by cyberattacks coming in at 3rd on the list of industries most hit by ransomware attacks.



UK – The General Council of the Bar (GCB)

Exploit: Hacking

The General Council of the Bar (GCB): Regulatory Body

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.909-Severe

The General Council of the Bar (GCB) notified users of its website that it has been the victim of a cyberattack. GCB comprises the representative Bar Council and regulator Bar Standards Board. The attack has rendered several systems temporarily inaccessible including MyBar. The body’s statement notes that Authorisation to Practise and Court ID cards have both been extended due to this technical difficulty. The incident has been reported to ICO, National Cyber Security Centre and the Police. 

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business In a challenging economy, no government can afford this kind of incident or the associated bills.


Germany – Deutsche Windtechnik

Exploit: Ransomware

Deutsche Windtechnik: Power Company 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.096 = Severe

German wind farm operator Deutsche Windtechnik has disclosed that it was the victim of a ransomware attack. The Black Basta group is thought to be behind the attack after the company’s data appeared on its leak site. The attack took place April 11-12, 2022.  Deutsche Windtechnik noted that after shutting off systems for safety, they were able to reactivate the remote data monitoring connections to their wind turbines within a day or two. The incident was reported to the German Federal Office for Information Security (BSI). 

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business This is the latest in a long string of strikes against energy sector targets in Germany.


Russia – Petersburg Social Commercial Bank

Exploit: Nation-State Hacking (Hacktivism)

Tender

Petersburg Social Commercial Bank: Financial Institution 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.976 = Severe

Anonymous has not let up on hacking aimed at Russian targets. This week, the group published accounts of several more successful operations by its affiliates, including an operation against Petersburg Social Commercial bank, a major Russian bank. The group claimed vis DDoSecrets to have snatched 542 GB of data containing 229,000 emails and 630,000 files from the bank. Anonymous also announced successful forays against Elektrocentromontazh and ALET. 

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Nation-state cybercrime can impact businesses outside the government or military sphere quickly when risk continues to ripple.



1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident

Categories
The Week in Breach

The Week in Breach News: 20/04/22 – 26/04/22


 Two big ransomware attacks impact governments in Costa Rica and Brazil, supply chain risk takes the glow off of vacations for passengers on Canada’s Sunwing Airlines.



Christie Clinic

Exploit: Business Email Compromise

Christie Clinic: Healthcare Provider

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.802 = Severe

Illinois medical services provider Christie Clinic has informed an estimated 500,000 individuals that their personal information was potentially compromised in a data breach that occurred last year. In the incident, a bad actor gained unauthorized access to one of the practice’s email accounts in a suspected business email compromise operation with the intent of interrupting financial communications between July 14 and August 19, 2021. The practice assured patients that the bad actor did not compromise other systems, electronic medical records, or the firm’s patient portal.  

cybersecurity news represented by a gauge indicating moderate risk

Risk to Individual: 2.771 = Moderate

Christie Clinic is unsure of the scope of the breach but says that the bad actor may have gained access to patient names, addresses, medical and health insurance information and Social Security numbers through the compromised account.  

How It Could Affect Your Business: Business email compromise is the most expensive cyberattack businesses face and in this case, that price will come with regulatory trouble.


The Unified Government of Wyandotte County and Kansas City, Kansas

Exploit: Hacking

The Unified Government of Wyandotte County and Kansas City, Kansas: Regional Government

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.802 = Severe

Residents of Wyandotte Country and Kansas City, Kansas (UG) are missing access to several government services after an Easter weekend cyberattack snarled the regional government’s IT systems. Some systems have been restored, but many services remain unavailable including appraisals, court cases, motor vehicle services and procurement. A UG statement said that it is actively working with the U.S. Department of Homeland Security, Federal Bureau of Investigation, and the Mid-America Regional Council cybersecurity task force to investigate the incident. 

How It Could Affect Your Customers’ Business Government entities have been popular cybercrime targets for both data theft and ransomware in the last two years.


Bob’s Red Mill Natural Foods

Exploit: Malware

Bob’s Red Mill Natural Foods: Grocery Brand

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.761 = Moderate

Bob’s Red Mill Natural Foods has announced that it has experienced a data breach after data scraping malware was found to be operating on its website. The company said on April 15 that the malware was in operation between February 23 and March 1, 2022. The company’s initial investigation did not uncover any exfiltration, but after a customer complaint that has changed.  

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.814 = Moderate

Customer information impacted includes online customers’ payment card information, billing and shipping addresses, email addresses, phone numbers and purchase amounts. The company said that no information had been found to indicate that any Social Security numbers, dates of birth, driver’s license numbers or other government-issued ID numbers had been exposed in the attack. 

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Business: Customers aren’t going to respond well to companies that can’t keep their payment card data safe.



Sunwing Airlines 

Exploit: Supply Chain Attack

Sunwing Airlines: Passenger Air Carrier 

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.346 = Extreme

Sunwing Airlines passengers are finding themselves delayed or stranded in airports across the Caribbean after a cyberattack brought down boarding and check-in services maintained by Illinois-based service provider Airline Choice. The airline has been forced to manually check in passengers and handwrite boarding passes, causing massive delays, with passengers stranded in the Caribbean, Mexico and Central America, some for days. The company says it’s working to resolve the situation and get stranded passengers to their destinations as quickly as possible.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business This is a nightmare scenario that will have a serious impact on Sunwing’s future business.



Costa Rica – The Government of Costa Rica

Exploit: Ransomware

The Government of Costa Rica: National Government

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.271 = Extreme

The Conti group has claimed responsibility for a ransomware attack on the federal government of Costa Rica that has caused trouble in several government agencies for more than a week. Government ministries impacted include Finance, experiencing impacts in customs and tax collection, Labor and the social security agency’s human resources system. Conti’s extortion site claims that the group has published 50% of the stolen data including more than 850 gigabytes of material from the Finance Ministry and other institutions’ databases. Reports say that the group has demanded a $10 million ransom, which the Costa Rican government has stated it will not pay.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Ransomware is a major threat to governments and cybercriminals have not been shy about using it.


Brazil – The City of Rio de Janeiro

Exploit: Ransomware

The City of Rio de Janeiro: Municipal Government

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.909-Severe

 The LockBit ransomware group claimed to have attacked systems connected to the Finance department of the city government in Rio de Janeiro, stealing about 420 GB of data. The Secretary of State for Finance confirmed the attack. The ministry has said that the attackers only captured a small fraction of the ministry’s data. Spokespeople also said that the gang was demanding an unspecified ransom to keep the data from publication. Rio de Janeiro’s economy ranks 30th in GDP among all cities in the world.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business In a challenging economy, no government can afford this kind of incident or the associated bills.



United Kingdom – Funky Pigeon

Exploit: Hacking

Funky Pigeon: Retailer 

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.776 = Moderate

Gift card retailer Funky Pigeon, a division of UK retail giant WHSmith, has announced that it was the victim of a cyberattack that has seriously impacted its operations. Funky Pigeon was forced offline, suspending sales temporarily. The company was quick to reassure consumers that no payment data was at risk and did not believe any account passwords were compromised. The incident remains under investigation. 

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Online retailers have been a popular target for cybercriminals, especially for payment skimming attacks.


Russia – Tendertech 

Exploit: Nation-State Hacking (Hacktivism)

Tendertech: Documents Processor 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.976 = Severe

The Anonymous collective has announced that it penetrated systems at Tendertech, a Russia-based processor of financial services and banking documents. The firm counts Transcapitalbank, Bank Uralsib, Bank Soyuz, RGS Bank, Bank ZENIT and Otkritie Bank among its customers. Anonymous claims to have stolen 426,000 emails and leaked an archive of 160 GB in size through Demonstrated Denial of Secrets. Anonymous also claims to have hit other Russian government and quasi-governmental targets including GUOV i GS – General Dept. of Troops and Civil Construction,  Neocom Geoservice and Gazregion. 

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Nation-state cybercrime can impact businesses outside the government or military sphere quickly.



1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident

Categories
The Week in Breach

The Week in Breach News: 13/04/22 – 19/04/22


New information is available about Panasonic’s Canadian data breach, McDonald’s serves up risk to customers in Costa Rica and Anonymous continues its campaign against Russia.  



Contra Costa County Government

Exploit: Hacking

Contra Costa County Government: Regional Government

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.677 = Severe

Contra Costa County officials have begun sending out letters this week to potential victims, after investigating a data breach from Q3 2021. The county’s investigation determined that an unauthorized person accessed several county employee email accounts at various times between June 24, 2021, and August 12, 2021. The intruder accessed emails and attachments containing information pertaining to certain county employees, as well as individuals who communicated with the county’s Employment and Human Services Department.

cybersecurity news represented by agauge showing severe risk

Risk to Individual: 1.702 = Severe

The exposed data includes names and one or more of the following: Social Security numbers, driver’s license or state-issued identification numbers, financial account numbers, passport numbers and medical information or health insurance information.

How It Could Affect Your Business: Government bodies have been a popular target for cybercriminals because they usually provide access to lots of valuable data.


Newman Regional Health

Exploit: Hacking

Newman Regional Health: Healthcare Facility

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.802 = Severe

Newman Regional Health is a tiny facility that’s notifying patients and employees of a big breach. The 25-bed not-for-profit hospital in Kansas informed patients that their data may have been exposed in a yearlong data breach. More than 52,000 patients are being notified of the incident after an investigation revealed unauthorized access to a limited number of the hospital’s employee e-mail accounts between January 26, 2021, and November 23, 2021. 

cybersecurity news represented by agauge showing severe risk

Risk to Individual: 1.809 = Severe

Exposed patient and employee information includes names, dates of birth, medical record or other identification numbers, addresses, phone numbers, or email addresses, limited health, treatment or insurance information, or employee information collected in connection with an individual’s receipt of services from or employment. A limited group of individuals may have social security numbers or financial information affected.

How It Could Affect Your Business No non-profit can afford the huge penalties that this organization will potentially incur after regulators get finished with them.


Florida International University 

Exploit: Ransomware

Florida International University: Institution of Higher Learning

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.177 = Severe

The BlackCat ransomware outfit has claimed they’re behind a ransomware attack at Florida International University. The group said that it has stolen a range of personal information from students, teachers and staff, amounting to 1.2 TB of data. Among the stolen data, the group says it obtained contracts, accounting documents, social security numbers, email databases and more. No further details about the stolen data was available at press time.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Business: The Education sector has been getting hammered by cybercrime since the start of the global pandemic.



Panasonic 

Exploit: Ransomware

Panasonic: Electronics Manufacturer

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.217 = Severe

The Conti ransomware group has claimed responsibility for an attack on Panasonic’s Canadian operations in February 2022. Panasonic confirmed that it had been the victim of a ransomware attack that impacted its systems, processes and networks. The company says that it has contracted with outside experts to investigate the attack as well as clean and restore servers and rebuild applications. No word was available about what if any data was stolen by the attackers. Panasonic says that relevant authorities have been informed.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Manufacturers and industrial targets have been high on the cybercriminal hit list for months.



Costa Rica – McDonald’s

Exploit: Supply Chain Risk

McDonald’s: Fast Food Restaurant Chain 

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.734 = Moderate

McDonald’s is informing customers in Costa Rica that they may have had data exposed after a data breach at one of the company’s service providers. The company says it has notified relevant authorities and the incident is under investigation. The name, location or type of the service provider was not disclosed, nor how many customers had their data exposed. 

cybersecurity news represented by a gauge indicating moderate risk

Risk to Individual: 2.623 = Moderate

McDonald’s is informing customers in Costa Rica that they may have had data exposed after a data breach at one of the company’s service providers. The company says it has notified relevant authorities and the incident is under investigation. The name, location or type of the service provider was not disclosed, nor how many customers had their data exposed. 

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Cybercriminals have been hitting small supply chain targets to gain access to their clients, especially big-name companies.



UK – CitySprint 

Exploit: Hacking

CitySprint: Courier

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.417 – Severe

 UK same-day delivery company CitySprint has informed its drivers of a data breach that may have exposed their personal information. The company says that an unauthorized party gained access to its iFleet internal management and routing system. While CitySprint says that it doesn’t think that drivers’ personal data was compromised, it can’t be sure.

cybersecurity news represented by a gauge indicating moderate risk

Risk to Individual: 2.766 – Moderate

Drivers may have had information exposed including photos of their driving license, vehicle pictures, and records of their weekly earnings. 

How it Could Affect Your Business UK GDPR ensures means that this could be a very expensive incident when all the penalties are added up.


Spain – The Royal Spanish Football Federation (RFEF)

Exploit: Hacking

The Royal Spanish Football Federation (RFEF): Sports Organization

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.176 = Severe

RFEF announced that it has been the victim of hacking after a journalist warned the organization that they’d been offered stolen data. The organization has determined that documents and information from email accounts, private texts and audio conversations from top executives of the federation are among the stolen data. The journalist claimed to have received or gained access to confidential contracts, private WhatsApp conversations, emails and abundant documents regarding the RFEF management. An investigation is ongoing. 

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business It pays to keep an eye on your network for intrusions instead of waiting for the media to tell you about one.


Russia- Ministry of Culture of the Russian Federation

Exploit: Nation-State Hacking (Hacktivism)

Ministry of Culture of the Russian Federation: Federal Government Agency 

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.976 = Moderate

The Anonymous Collective hasn’t stopped its push against Russia after the country’s unjust invasion of Ukraine. This time, Anonymous hackers obtained and exposed 446 GB of data from Russia’s Ministry of Culture as part of a larger hacking operation targeting Russia’s national government. The trove of data purportedly includes more than 200,000 emails. The information was published by Demonstrated Denial of Secrets, a hacktivist organization that has been involved in the Anonymous effort.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business It pays to keep an eye on your network for intrusions instead of waiting for the media to tell you about one.



1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident

Categories
The Week in Breach

The Week in Breach News: 06/04/22 – 12/04/22


A former employee spawns a security nightmare at CashApp Investing, Conti scores ransomware hits in two industrial attacks.


nation state cyberattacks represented by a dark green and white skull and crossbones over a pea green world map


Block Inc.

Exploit: Insider Risk

Block Inc: Financial Services Platforms 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.706 = Severe

More than 8 million customers of Cash App Investing may have had their personal information exposed thanks to an incident involving an ex-employee of the app’s parent company Block Inc. In an SEC filing, the company disclosed that a former employee had downloaded reports that contained customer data. This breach does not impact customers using this app’s sister product, CashApp.

cybersecurity news represented by agauge showing severe risk

Risk to Individual: 1.663 = Severe

The pilfered reports included customers’ full names and brokerage account numbers. For some customers, the data accessed also included the value and holdings of the brokerage portfolio, as well as some trading activity. 

How It Could Affect Your Business: Companies that are sloppy about removing past users’ access are likely to find themselves in this position.


Snap-on

Exploit: Ransomware

Snap-on: Tool Manufacturer

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.976 = Severe

Major tool manufacturer Snap-on has disclosed that it has been the victim of a ransomware attack. The Conti ransomware group has claimed responsibility. The group has already begun leaking Snap-on’s data online. Snap-on reported that the breach was discovered when it detected suspicious network activity, which led to them shutting down company systems. Employee and franchisee data was compromised. 

cybersecurity news represented by agauge showing severe risk

Risk to Individual: 1.899 = Severe

Snap-on told the California Attorney General’s Office in a filing that the exposed data included associate and franchisee names, Social Security Numbers, dates of birth and employee identification numbers.  

How It Could Affect Your Business Attacks against industrial and manufacturing targets have been accelerating as bad actors look for fast ransoms from time-sensitive businesses.


Fox News 

Exploit: Misconfiguration

Fox News: Television Network

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.722 = Moderate

Researchers at Website Planet have announced that they discovered a trove of information about employees of Fox News exposed in a misconfigured database. The 58GB of exposed data includes almost 13 million records of content management data, employee details, internal Fox emails, usernames, employee ID numbers, affiliate station information and more. 65,000 names of celebrities, cast and production crew members and their internal Fox ID reference numbers were also in the mix. No further specifics about exposed employee data were available at press time.  

How It Could Affect Your Business: Personal data is a hot ticket item, and big companies often have a storehouse of it in their employee records.


Parker Hannifin

Exploit: Ransomware

Parker Hannifin: Industrial Components Manufacturer

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.969 = Severe

Conti ransomware is to blame for an attack on major industrial supplier Parker Hannifin, a manufacturer of specialized in motion and control technologies used by aerospace, defense and industrial manufacturers. Conti has already published more than 5 GB of the company’s stolen data but stated that is only a small fraction of the total data they snatched. 

How it Could Affect Your Business Cybercriminals aren’t just after personal data, they’ll gladly take proprietary technical data like spec sheets, blueprints and formulas too.



United Kingdom – The Works 

Exploit: Ransomware

The Works: Discount Retailer

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.227 = Extreme

Discount stationers and craft store The Works had to shut down several stores temporarily after a cyberattack crippled payment systems, identified as ransomware by media outlets. Reports also say that the attack was precipitated by an employee falling for a phishing email. The incident is under investigation and has been reported to the UK Commissioner’s Office. No word on what if any data was stolen

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Cybercriminals know that hitting businesses like this will often result in a quick ransom payment to avoid business interruption.


Russia – Gazprom Neft

Exploit: Nation-State (Hacktivism)

Gazprom Neft: Oil Company

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.017 – Severe

Russian oil heavyweight Gazprom Neft had its website, resulting in an outage. The hackers reportedly hijacked the company’s site on April 6 displaying imagery and messaging that depicted the company’s president speaking out against the Russian invasion of Ukraine. Gazprom Neft is the oil handling subsidiary of Russia’s major-league state-owned gas company Gazprom.   

How it Could Affect Your Business Hacktivists have been working to damage Russian infrastructure and assets since the invasion of Ukraine.



Nigeria – Bet9ja 

Exploit: Ransomware

Bet9ja: Gambling Platform 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.176 = Severe

Popular Nigerian betting platform Bet9ja disclosed that it has been hit by a ransomware attack perpetrated by BlackCat. The company said in a statement that they had received an unspecified ransomware demand but did not plan to pay. The CEO was quick to assure users in another statement that their funds and data were secure. The company says that it is working to resolve the matter.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Ransomware is the most versatile weapon in the cybercriminal arsenal and building a strong defense is essential.



1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident

Categories
The Week in Breach

The Week in Breach News: 30/03/22 – 05/04/22


The Conti ransomware gang focuses on Shutterfly, an incident sours business at Japanese confectioner Morinaga, Anonymous continues its pressure on Russian organizations and Lapsus$ is back.



The Partnership HealthPlan of California (PHC)

Exploit: Ransomware

The Partnership HealthPlan of California (PHC): Health Insurer

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.227 = Severe

The Hive ransomware group says that they’re responsible for a ransomware attack on The Partnership HealthPlan of California (PHC), claiming to have snatched 400 GB of data including 850,000 unique records. PHC has been experiencing computer system disruptions and the organization said that it is working to investigate and recover from the attacks with support from third-party forensic specialists. The stolen data is known to include names, Social Security numbers, and addresses of current and past PHC members. 

How It Could Affect Your Business: Healthcare data is an especially popular commodity for bad actors and incidents like this are expensive disasters for the institutions that have them.


The New York City Department of Education 

Exploit: Supply Chain Risk

The New York City Department of Education: Government Agency

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.829 = Moderate

The New York City Department of Education has discovered that the personal information of an estimated 850,000 students was exposed in a supply chain service provider data breach in January. That incident occurred at Illuminate Education, a California-based company that provides software to track grades and attendance.  An agreement that the vendor had with NYC Schools called for the data to be encrypted, but it was discovered to not have occurred at the time of the breach. The incident is under investigation by New York state officials. 

Individual Impact: No information about the student data or any consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Business A security failure at a supplier can lead to a headache like a data breach for any organization.


United States – Shutterfly

Exploit: Ransomware

Shutterfly: Photography Retail Platform

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.735 = Moderate

Shutterfly has disclosed a data breach that exposed employee information in a ransomware attack by the Conti group. Shutterfly disclosed that its network was breached on December 3rd, 2021, and threat actors gained access to employee information.  The company went on to disclose that documents stolen during the attack may have contained employees’ personal information, including names, salary and compensation information and FMLA leave or workers’ compensation claims. Shutterfly is offering two years of free credit monitoring from Equifax for those affected. 

How It Could Affect Your Business: Personal data is a hot ticket item, and big companies often have a storehouse of it in their employee records.



Argentina – Globant 

Exploit: Ransomware

Globant: IT and Software Development

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.969 = Severe

Cybercrime outfit Lapsus$ is back in the saddle, claiming responsibility for a successful ransomware attack against IT powerhouse Globant. The company confirmed the incident. Lapsus$ posted images that it claims are of extracted data and credentials belonging to the company’s DevOps infrastructure on its Telegram channel. They also shared a torrent file that they claims holds around 70GB of Globant’s source code as well as other data including administrator passwords associated with the firm’s Atlassian suite, including Confluence and Jira, and the Crucible code review tool. One unusual detail: Lapsus$ pointed out the fact that a number of the stolen passwords had been reused several times and were compromised before they got ahold of them, chiding the company for weak password security.  

How it Could Affect Your Customers’ Business The Information Technology sector was the third most impacted sector for ransomware in 2021.




Germany – Nordex Group 

Exploit: Hacking (Nation-State)

Nordex Group: Wind Turbine Manufacturer 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.017 = Severe

The Nordex Group, a major manufacturer of wind turbines, has announced that it has been experiencing systems outages since March 31, 2022, due to an unnamed cyberattack. The company claims to have detected the attack in its early stages and successfully moved to contain it, going on to say that the outage may impact employees, customers and stakeholders. This is the second hit on a German wind turbine company since the start of the Russia/Ukraine conflict and early reports say that this may be a nation-state incident.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Nation-state cybercriminals are all about infrastructure attacks, as illustrated in the run-up to the Russia/Ukraine conflict.


Spain – Iberdrola 

Exploit: Hacking (Nation-State)

Iberdrola: Energy Company

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.017 – Severe

Spanish power company Iberdrola has disclosed a cyberattack that exposed data for an estimated 1.3 million customers. Iberdrola said that the attack was part of a pattern of attacks on utility and infrastructure targets in Spain and Europe that are suspected to be related to the Russia/Ukraine conflict. The incident is under investigation by the National Cryptology Centre. Exposed customer data includes ID numbers, addresses, phone numbers and email addresses, but not bank account details, credit card numbers or information about the clients’ use of energy.  

How it Could Affect Your Business The US government recently warned infrastructure operators to expect a fresh wave of attacks by nation-state actors aligned with Russia.


Russia – Marathon Group 

Exploit: Nation-State (Hacktivism)

Marathon Group: Investment Firm

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.176 = Severe

Anonymous announced that it has hacked into the Marathon Group, releasing 62,000 company emails (a 52GB archive) through DDoSecrets. Reports identify the Marathon Group as a Russian investment firm owned by EU-sanctioned oligarch Alexander Vinokuro, the son-in-law of Russian Foreign Minister Lavrov. The firm and its owner are suspected of financing Russian government activities. 

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Anonymous has been hard at work hacking assets that belong to Russia and its allies after the Collective announced it was siding with Ukraine.



Japan – Morinaga 

Exploit: Hacking 

Morinaga: Confectioner 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.176 = Severe

Candy company Morinaga has announced that it has had a data breach impacting its online store. The incident has potentially exposed the personal information of more than 1.6 million customers who bought products from the candy maker between May 1, 2018, and March 13, 2022. The company also disclosed that their initial investigation confirmed that several of their servers had been subjected to unauthorized access “and that access to some data had been locked,” although there has been no clarification as to whether or not this was a ransomware attack. The confectioner also noted that there may be minor production impacts. 

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Manufacturers of all kinds have been high on the cybercriminal hit list in recent months.



1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

Categories
The Week in Breach

The Week in Breach News: 23/03/22 – 29/03/22


Lapsus$ scores two big hits but it may have done itself in, a vishing tale at Morgan Stanley, a new checklist for your prospects and three risks your clients need to know about right now.  



Microsoft 

Exploit: Unauthorized Access

Microsoft: Software Company 

cybersecurity news gauge indicating extreme risk

Risk to Business: 2.337 = Severe

The Lapsus$ gang has released 37GB of source code that they snatched in a brazen hit on Microsoft’s Azure DevOps server. Microsoft confirmed the incident, saying that the threat actors gained access through a compromised employee account. The source code looks to pertain to various internal Microsoft projects, including for Bing, Cortana and Bing Maps. Microsoft made a blog post about its recent operations to track and potentially interfere with Lapsus$ last week. The company was quick to state, “Microsoft does not rely on the secrecy of code as a security measure and viewing source code does not lead to elevation of risk.” Lapsus$ is known to be a ransomware outfit, but no ransom activity was disclosed in this incident.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Business: Source code is a useful asset for cybercriminals that can help them develop new malware and attack techniques.


Okta

Exploit: Credential Compromise (Supply Chain Risk)

Okta: Identity and Access Management Solutions

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 1.299 = Extreme

Lapsus$ also pulled off another high-profile attack, this time against access management company Okta. Lapsus$ announced that it had breached Okta’s security in January on March 22. Supporting the claim, the group published screenshots related to Okta’s internal apps and systems. This one had a bit of a bumpy acknowledgment process by Okta who originally said no customer data was accessed but later clarified, saying “a small percentage of customers – approximately 2.5% – have potentially been impacted and (their) data may have been viewed or acted upon.” A third-party service provider’s previous breach likely also played a part in the incident. No specifics on the data were given. As we stated above, Lapsus$ is typically involved in ransomware operations but no details of any ransomware activity have been reported.

NOTE: Lapsus$ hackers were allegedly detained by UK police following these incidents. 

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Customers’ Business Cybercriminals know that service providers are a quick avenue to exploit for vulnerabilities that may allow them to penetrate a bigger company’s security.


United States – Morgan Stanley

Exploit: Social Engineering (Vishing)

Morgan Stanley: Financial Services

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.721 = Severe

Morgan Stanley Wealth Management, the wealth and asset management division of Morgan Stanley, says some of its customers had their accounts compromised in a vishing attack. The company notified clients that on or around February 11, 2022, a threat actor impersonating Morgan Stanley gained access to their accounts by impersonating a Morgan Stanley representative and persuading those victims to provide the imposter their Morgan Stanley Online account info. After successfully breaching their accounts, the attacker also electronically transferred money to themselves using the Zelle payment service. No specifics have been given regarding the number of customers swindled, but the firm has stated that those clients were reimbursed. 

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Business: Brand impersonation is a rising risk that businesses and consumers need to be aware of. It always pays to check for authenticity before handing over your data.



Russia – Miratorg Agribusiness Holding 

Exploit: Malware (Nation-State)

Miratorg Agribusiness Holding: Meat Distributor

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.909 = Severe

Russian meat wholesaler Miratorg Agribusiness Holding has suffered a major cyberattack that encrypted its IT systems. The attack was reported by Rosselkhoznadzor, Russia’s veterinary medicine and agricultural production and byproducts oversight body. The attackers reportedly made use of the Windows BitLocker feature to encrypt files, possibly gaining access through a state veterinary information service. Rosselkhoznadzor has suggested that this may be a nation-state cyberattack. Miratorg Agribusiness Holding promised that attack will not affect its supply and shipments to Russian citizens.

How it Could Affect Your Customers’ Business Nation-state cybercrime is booming, especially around the Russia/Ukraine conflict.


Greece – Hellenic Post (ELTA)

Exploit: Ransomware

Hellenic Post (ELTA): National Postal Service

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.017 = Severe

ELTA, the state-owned provider of postal services in Greece, has disclosed a ransomware incident that has knocked most of the organization’s services offline. The organization announced that its IT teams have determined that the threat actors exploited an unpatched vulnerability to drop malware that allowed access to one workstation using an HTTPS reverse shell, encrypting systems critical to ELTA’s business operation. ELTA is currently unable to process mail, bill payments or any form of financial transaction orders with no estimate of when these services will be made available again. 

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Cybercriminals love to target organizations in time-sensitive fields to increase their chance of scoring a big payday.


United Kingdom – Ministry of Defence

Exploit: Nation-State Hacking (Hacktivism)

Ministry of Defence: National Government Agency 

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.811 = Moderate

The Ministry of Defence has suspended online application and support services for the British Army’s Defence Recruitment System after bad actors compromised some data held on applicants. The army was informed of the break-in on March 14 along with a rumored threat to expose the stolen data on the dark web. The recruitment operations system is run by Capita, a vendor that handles marketing, processing applications and candidate assessment centers. No further information on what data was stolen or when systems will be restored to full operations has been released.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Cybercriminals are always hungry for fresh data, especially valuable personal or financial information.


Scotland – Scottish Association for Mental Health

Exploit: Ransomware

Scottish Association for Mental Health: Healthcare Provider

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.176 = Severe

The RansomEXX ransomware group hit the Scottish Association for Mental Health, snatching 12 GB of sensitive client data from the charity. The organization confirmed the attack in a statement, explaining “We are devastated by this attack. It is difficult to understand why anyone would deliberately try to disrupt the work of an organisation that is relied on by people at their most vulnerable.” Attackers reportedly gained access to internal employee communications as well as other data sources. The charity has also said that they’re working with Police Scotland to resolve the situation. No ransom demand was made public.   

cybersecurity news represented by agauge showing severe risk

Rist to Individuals: 2.307 = Severe

The exposed data includes unredacted photographs of individuals’ driving licenses, passports, personal information such as volunteers’ home addresses and phone numbers, and some clients’ passwords and credit card details.  

How it Could Affect Your Business This situation is especially unfortunate because in addition to an expensive incident response, the organization likely faces costly penalties.



1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

Categories
The Week in Breach

The Week in Breach News: 16/03/22 – 22/03/22

More trouble for crypto and DeFi outfits thanks to a supply chain incident, Anonymous isn’t letting up on Russia and a cyberattack sours milk processing in the US.



H.P. Hood Dairy 

Exploit: Hacking

H.P. Hood Dairy: Milk Producer

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.411 = Extreme

Major New England dairy producer Hood announced that it had been hit with a cyberattack that has impacted milk production. The company stated that the unnamed attack caused milk processing and dairy production to halt at its 13 plants around the U.S. This has led to dairy shortages in some school systems and the waste of a large volume of milk. Production and processing operations have been restored and the incident is under investigation.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Business: Cybercriminals have been hitting major food producers hard, looking for a quick score from a time-sensitive business.


BlockFi

Exploit: Supply Chain Risk

BlockFi: Cryptocurrency Finance

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.799 = Moderate

Crypto financial institution BlockFi has announced that it had experienced a data breach incident via one of its third-party vendors, HubSpot. BlockFi says that the hackers gained access to BlockFi client data stored on HubSpot on Friday, March 18. BlockFi was quick to assure investors that its internal system and client funds were not accessed and that the breach remains limited to a very narrow pool of data stored with the third-party vendor, HubSpot.

cybersecurity news represented by a gauge indicating moderate risk

Individual Risk: 2.806 = Severe

The exposed information from this breach may have included user data such as names, email addresses and phone numbers.

NOTE: The attackers in this incident likely also accessed similar data on HubSpot belonging to Swan Bitcoin, NYDIG and Circle.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Business Cryptocurrency and DeFi have been catnip for cybercriminals and that’s not going to stop anytime soon.


United States – Creative Services Inc.

Exploit: Hacking 

Creative Services Inc.: Employment Investigations

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.721 = Severe

Hackers cracked into Massachusetts background check firm Creative Services and snatched highly sensitive personal records on more than 164,000 job-seekers and license applicants on November 26, 2021. The company’s internal investigation determined that an unauthorized party may have copied certain files on the company’s computer systems. This is a particularly tricky incident because of the confidential nature of the information that this firm handles.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.763 = Severe

Investigators found that the hackers obtained access to names, dates of birth, Social Security numbers and driver’s license numbers in the attack as well as access to other sensitive data that could be used for nefarious purposes.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Business: This kind of sensitive information isn’t what anyone wants falling into the wrong hands and should be stored with extra safety.


Wheeling Health Right, Inc.

Exploit: Ransomware

Wheeling Health Right Inc.: Healthcare Non-Profit

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.867 = Severe

Wheeling Health Right Inc (WHR), a United Way medical services non-profit, announced that on January 18, 2022, the organization was the victim of a “sophisticated cyberattack”, likely ransomware, that encrypted its systems as well as giving the threat actors access to protected patient health information. The organization is working with a technology services provider to decrypt the data as well as add other safeguards, and the investigation is ongoing.  

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.772 = Severe

Information that may have been accessed includes full name, postal address, email address, phone number, driver’s license number, medical record number, Social Security number. tax information, income information, and other health information about patients who applied for or received services from WHR.  

How it Could Affect Your Business This isn’t a problem that any medical facility can afford with high HIPAA penalties, especially a non-profit.



Ireland – The Rehab Group 

Exploit: Malware

The Rehab Group: Disability Services Provider 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.661 = Severe

One of the largest disability services providers in Ireland, The Rehab Group has fallen victim to a cyberattack. The company says that there is no evidence that data had been accessed. The investigation is still ongoing, with the Garda National Cyber Crime Bureau and the National Cyber Security Centre involved.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Any organization that holds a large quantity of personal or financial data will be an attractive target for cybercriminals.


Russia – Transneft

Exploit: Nation-State Hacking (Hacktivism)

Transneft: State-Owned Oil Pipeline Company

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.902 = Moderate

Anonymous is back at it, this time leaking documents stolen from the Omega Company, the research and development division of Russian oil pipeline company Transneft. The hacktivist collective, who have publicly sided with Ukraine in response to Russia’s invasion of the country, got ahold of 79GB of the company’s emails and published them on the leak site of the non-profit whistleblower organization Distributed Denial of Secrets. The stolen data includes invoices, equipment technical configurations, and product shipment information. One unusual detail: the hackers responsible dedicated the hack to Hillary Clinton after she mentioned that Ukraine-aligned hackers should attack Russian targets in a recent interview.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Political upheaval can place organizations within hacktivist sights, creating unforeseen security complications.



South Africa – TransUnion

Exploit: Ransomware

TransUnion: Credit Bureau

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.905 = Severe

TransUnion has reported that it experienced a data breach as a result of a ransomware attack. The company states that cybercriminals obtained access to their systems through credential compromise. TransUnion received a $15 million ransom demand from a group identifying themselves as N4ughtySec that they do not intend to pay. The group says they’re based in Brazil and that they have over 4TB of stolen data touching over 200 companies.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Organizations in the Financial sector from bans to credit organizations have been getting walloped by cybercrime, beating out healthcare to become the top cyberattack target.



1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

Categories
The Week in Breach

The Week in Breach News: 09/03/22 – 15/03/22

We’re going on a world tour this week as anime and gaming fans get a few nasty surprises from Ubisoft and Toei Animation hacks, Lapsus$ keeps up the bad work and Anonymous continues hammering Russia.



South Denver Cardiology Associates

Exploit: Hacking

South Denver Cardiology Associates: Medical Clinic

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.214 = Severe

South Denver Cardiology Associates apparently kicked off 2022 with a data breach that they’ve just disclosed to their patients on their website. The medical practice believes that an unauthorized party gained access to its systems between January 2, 2022, and January 5, 2022. During that time, certain files stored on the system were accessed that contained the protected health information of patients. They were careful to note that there was no impact to the contents of patient medical records and no unauthorized access to the patient portal.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 2.371 = Severe

Information potentially exposed includes names, dates of birth, Social Security numbers and/or drivers’ license numbers, patient account numbers, health insurance information, and clinical information, such as physician names, dates/types of service and diagnoses. South Denver Cardiology Associates is offering credit monitoring to impacted patients who have been informed by mail.  

How It Could Affect Your Business: This incident could end up being very expensive even if no real damage was done to the practice after regulators get finished with them.



Argentina – Mercado Libre 

Exploit: Ransomware

Mercado Libre: E-commerce & Payments

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.872 = Severe

E-commerce giant Mercado Libre has confirmed that an unauthorized party accessed its systems last week, snatching up a part of its source code. The ransomware gang Lapsus$ has claimed responsibility. Mercado admitted that threat actors had accessed data of around 300,000 of its users but stopped short of disclosing that this was a ransomware attack, clarifying what data was stolen or sharing ransom demands.  The company said that they do not believe “any users’ passwords, account balances, investments, financial information, or credit card information were obtained”. 

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Business Ransomware gangs have been quick to snatch data from large repositories, especially personal data or payment card information.



United Kingdom – Vodafone

Exploit: Ransomware

Vodafone: Telecom

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.311 = Severe

Lapsus$ was busy this week. The group also claimed responsibility for a hack at Vodafone. In a Telegram message to its subscribers, Lapsus$ claimed to have 200GB of Vodafone source code in its possession, allegedly the fruit of 5,000 GitHub repositories. No word on the specifics of the stolen data. Lapsus$ is reportedly a South American gang that also claimed responsibility for recent attacks on Nvidia and Impresa.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Business: Source code can be very profitable for ransomware gangs, and companies need to ensure that they’re protecting their proprietary resources well.


France – Ubisoft 

Exploit: Ransomware

Ubisoft: Video Game Studio

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.867 = Severe

French video game company Ubisoft has admitted that a cyber security incident knocked many games, services and systems offline. Guess who claimed responsibility? If you answered “Lapsus$”, you’re right!  Ubisoft says that no customer information was accessed, and games should be operating normally now. Credential compromise appears to have been a factor as Ubisoft employees have reportedly been required to change their passwords.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Protecting proprietary digital assets is especially important for companies like this who rely on them completely to do business.


Russia – Roskomnadzor (Federal Service for Supervision of Communications, Information Technology and Mass Media)

Exploit: Nation-State Hacking

Roskomnadzor (aka Federal Service for Supervision of Communications, Information Technology and Mass Media): Government Agency 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.661 = Severe

Hacktivist collective Anonymous is still hard at work disrupting Russia’s technology infrastructure in response to that country’s continued aggression in Ukraine. This week, Anonymous chose to hit Roskomnadzor (Federal Service for Supervision of Communications, Information Technology and Mass Media). That agency is the watchdog that censors media outlets within Russia. The group leaked around 820 GB of data, available on the website Distributed Denial of Secrets (aka DDoSecrets). Roskomnadzor was recently tasked by the Putin regime to block Facebook, Twitter, and other online platforms within Russia. Anonymous had been loud, open and very busy in its support of Ukraine, claiming attacks on more than 300 Russian strategic targets within the first 72 hours of the Russian invasion of Ukraine.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Nation-state cybercriminals are highly likely to strategically attack Government, Utilities and Infrastructure targets during times of trouble but every business is at risk.


Russia – PJSC Rosneft Oil Company (Rosneft)

Exploit: Nation-State Cyberattack

PJSC Rosneft Oil Company (Rosneft): Oil Company

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.601 = Severe

The German subsidiary of the Russian energy company Rosneft has disclosed that they’d experienced a cyberattack. The attack snarled operations from last Friday night through the weekend. Reuters reports that German news outlet Die Welt points to “Anonymous” as the source behind the attack as part of its ongoing campaign against Russia in opposition to its invasion of Ukraine. 

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Political upheaval can place organizations within hacktivist sights, creating unforeseen security complications.



Japan – Denso 

Exploit: Ransomware

Denso: Automotive Parts Manufacturer

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.402 = Extreme

Cybercrime group Pandora released a statement on Sunday saying it had snatched sensitive data from Denso, a supplier to Toyota. Just two weeks ago, Toyota had been forced to halt production in Japan because of a supply chain cybersecurity incident and this appears to be it. The company disclosed that it had detected unauthorized access to its network using ransomware at DENSO Automotive Deutschland GmbH, an associated firm in Germany. No information about the ransom or specifics on stolen data were available.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Supply chain issues have plagued businesses as cybercriminals seek fast ransom payments from manufacturers or critically needed goods.


Japan – Toei Animation 

Exploit: Ransomware

Toei Animation: Animation Studio

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.436 = Extreme

 Major Japanese animation studio Toei announced that there will be delays in the release of several popular anime series, including the long-awaited episode 1000 of ONE PIECE, because of a cyberattack. The anime studio said that they detected unauthorized access to their systems on March 6th, 2022, forcing a system-wide shutdown that impacted their production schedule. In a statement, Toei revealed that new releases for series including Dragon Quest Dai no Daibouken, Delicious Party Precure, Digimon Ghost Game and ONE PIECE will be delayed until further notice.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Cybercriminals love to hit organizations that are under time pressure or handle time-sensitive products because of the higher chance they’ll get paid.



1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.


Categories
The Week in Breach

The Week in Breach News: 02/03/22 – 08/03/22

Nation-state hacking impacts thousands and Lapsus$ spills the beans on Samsung’s source code..



Washington State Department of Licensing

Exploit: Hacking

Washington State Department of Licensing: Government Agency

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.337= Severe

Washington State Department of Licensing (DOL) experienced a data breach that has impacted approximately 650,000 former and current licensees. After discovering unexpected activity, the agency’s website was taken offline in January. At the time, no data loss was expected but that has since changed. 

cybersecurity news represented by agauge showing severe risk

Individual Risk: 2.416= Severe

The exposed data includes former and current licensing information as well as licensees’ social security numbers, driver’s license or ID numbers and dates of birth.  

How It Could Affect Your Customers’ Business: This trove of data combines business and personal information, making it especially useful and potentially profitable for the bad guys


AON

Exploit: Ransomware

AON: Insurer

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.176=Moderate

Insurance giant AON disclosed that it had suffered a cyberattack last week in a filing with the U.S. Securities and Exchange Commission (SEC). The company said that it had discovered an incident that impacted some systems. AON does not suspect that there will be a material impact on clients or operations. The incident is suspected to involve ransomware. It is under investigation and the company has brought in outside experts.

How It Could Affect Your Customers’ Business Companies like this that hold or store large amounts of valuable data are high on cybercriminal shopping lists.


Monongalia Health System

Exploit: Hacking

Monongalia Health System: Healthcare Provider

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.367 = Extreme

West Virginia healthcare organization Monongalia Health System (Mon Health) has announced another data breach. The company operators of Monongalia County General Hospital, Preston Memorial Hospital, Stonewall Jackson Memorial Hospital and other healthcare centers, is informing patients and staffers that they had data stolen in December 2021. This is the second breach announcement in 3 months for Mon Health. Attackers did not gain access to the organization’s health electronic records systems.

cybersecurity news gauge indicating extreme risk

Individual Risk: 1.377 = Extreme

Exposed data may include patient, employee, provider and contractor data including names, addresses, birth dates, Social Security numbers, health insurance claim numbers, medical record numbers, patient account numbers, medical treatment information, and various other data. 

How It Could Affect Your Customers’ Business: Every medical sector organization needs to take extra precautions against data-hungry cybercriminals to avoid a major HIPAA fine. Or two in this case.


Adafruit

Exploit: Insider Risk

Adafruit: Open-Source Hardware

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.847 = Moderate

An employee’s publicly accessible GitHub repository is to blame for a data security breach at New York hardware developer Adafruit, resulting in exposure of information about some users on or before 2019. The company was quick to provide assurances that the data set did not contain any user passwords or financial information such as credit cards, but not so quick to send emails to impacted users, waiting until after publishing a notification on its blog that was picked up by media outlets.

cybersecurity news represented by a gauge indicating moderate risk

Individual Risk: 2.802 = Moderate

Exposed data for users may include names, email addresses, shipping/billing addresses, order details and order placement status via payment processor or PayPal.

How it Could Affect Your Customers’ Business Whether they’re malicious or not, insider actions can have a major effect on companies even if the insider no longer works there.


Viasat

Exploit: Nation-State Cyberattack

Viasat: Internet Service Provider

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.661=Severe

An estimated 10 thousand people found themselves without internet access after a cyberattack took down service to fixed broadband customers in Ukraine and elsewhere on its European KA-SAT network. The attack, starting about the same time as the Russian invasion of Ukraine, is suspected to be the work of Russia-aligned nation-state threat actors. No data was accessed or stolen in the incident, which is still under investigation.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Customers’ Business Nation-state cybercriminals are highly likely to strategically attack Utilities and Infrastructure targets during times of trouble.




PressReader 

Exploit: Nation-State CyberattackPressReader: Media App

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.719 = Severe

A cyberattack impacting PressReader, the world’s largest digital newspaper and magazine distribution platform, left readers in the US, UK, Australia and Canada unable to access more than 7000 publications. Some of the unavailable publications include The Guardian, Vogue, Forbes and the New York Times. PressReader said it has resolved the issue and is working to make missed content available to users after experiencing an unspecified cybersecurity event. This may be a nation-state attack; the incident happened shortly after PressReader announced that it was removing dozens of Russian titles from its catalog and publicly stated that it would help the Ukrainian citizens access the news following Russia’s invasion of their country.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Customers’ Business Unsurprisingly, Russia-aligned threat actors are trying to control the flow of information about the invasion of Ukraine, leaving news outlets especially vulnerable right now.




Japan – Acro

Exploit: Third-Party Risk

Acro: Beauty Retailer

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.826 = Severe

Japanese e-commerce beauty company Acro has disclosed a data breach that has exposed the details of more than 100,000 payment cards. The incident included two of the company’s four retail websites. Acro is pointing to a security incident at a third-party service provider as the cause. The company specified that the compromised data related to 89,295 payment cards used to pay for goods on the Three Cosmetics domain and 103,935 cards used on its Amplitude site. Victims potentially include anyone who made purchases on either of the two sites between May 21, 2020, and August 18, 2021.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.713 = Severe

The stolen data potentially contains credit card information including cardholder names, payment card numbers, expiration dates and security codes.

How it Could Affect Your Customers’ Business Cybercriminals love credit card data because it’s a reliable commodity in dark web markets for quick profits.


Korea – Samsung

Exploit: Ransomware

Samsung: Electronics Maker

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.664 = Severe

The Lapsus$ hacking group just published a 190-gigabyte trove of confidential data including source code that it claims to have seized from Samsung Electronics in a ransomware attack. Reports say that the stolen code contains the source for every Trusted Applet in Samsung’s TrustZone environment, which handles sensitive tasks such as hardware cryptography and access control. It may also include biometric unlock operation algorithms, the bootloader source for recent devices, activation server source code and the full source code used to authenticate and authorize Samsung accounts. Samsung says that they’re investigating the incident.  

No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Customers’ Business Proprietary data is just as much of a win for cybercriminals as credit card or personal data, and worth a chunk of change for the right buyer.


1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.