Categories
The Week in Breach

The Week in Breach News: 10/11/21 – 16/11/21

Hackers manage a shocking breach that leads to ATO at the FBI, beer production goes flat after a cyberattack at S.A. Damm, Robinhood takes a beating and welcome good news about business security spending increases.


Federal Bureau of Investigation (FBI) 

Exploit: Account Takeover

 Federal Bureau of Investigation (FBI): Federal Government Agency 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.417= Severe

A shocking email security breach at the US Federal Bureau of Investigation (FBI) led to the takeover of a user account. The cybercriminals that accomplished the feat were able to use that compromised email account to send tens of thousands of fraudulent emails warning recipients of impending cyberattacks. Messages reached celebrities like Jay Z and journalists including investigative reporter Brian Krebs. The Bureau later confirmed that its Law Enforcement Enterprise Portal (LEEP) was compromised in a cyberattack Friday. FBI officials were quick to stress the fact that the malicious emails originated from an FBI-operated server that was solely dedicated to pushing notifications for LEEP and not part of the FBI’s corporate email service.

Individual Impact: No consumer PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business: This incident shows that no organization is immune to a cyberattack, and even the best defenses can fail.


West Virginia Parkways Authority

Exploit: Ransomware

West Virginia Parkways Authority: State Government Agency 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.822=Severe

A suspected ransomware attack snarled operations at the West Virginia Parkways Authority last Friday. Officials announced that a cyberattack had hit the agency’s internal computer systems, knocking out email, telephones, and various non-critical applications for several hours. According to the statement, no data was extracted or exposed in the incident which only impacted operational technology. Systems have since been restored and the incident is under investigation.

Individual Impact: No consumer PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business Using ransomware against infrastructure targets to shut down their operations has become much more common.


Robinhood

Exploit: Phishing (Vishing)

Robinhood: Financial Services Platform 

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.542=Extreme

Financial services platform Robinhood is in the news again after disclosing a data breach on 11/03. The company blamed the security incident on vishing. Threat actors obtained access to the organization’s customer support systems by obtaining systems access over the phone. This is the same technique that proved successful in the 2020 Twitter hack. According to reports, after accessing the data, the cybercriminals then demanded an extortion payment to keep the data safe. No word on the amount of this demand. The incident is under investigation.

cybersecurity news gauge indicating extreme risk

Individual Risk: 1.312=Extreme

The company disclosed that it estimates a total of seven million users are apparently affected by this breach. Threat actors accessed email addresses for five million customers and a separate list of full names for two million customers. Robinhood says that the bad guys gained access to varying levels of user information including in-depth PII including full names, date of birth and zip code for around 310 users, and extensive records for a subset of 10 users.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business Vishing threats are popping up more frequently as cybercriminals look to vary their approach to obtaining credentials in unexpected ways.


Hewlett Packer Enterprise (HPE)

Exploit: Credential Compromise

Hewlett Packer Enterprise: Business Technology Services

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.615= Severe

Hewlett Packer Enterprise (HPE) just informed customers that use its Aruba networking unit that their information may have been exposed in a cyberattack on its Aruba Central cloud environment in late October. The company outlined the incident in a statement to the press “On 2 November, HPE discovered that an access key to data related to the network analytics and contact-tracing features of Aruba Central, our cloud-based network management and monitoring solution, was compromised and used by an external actor to access the environment over a period of 18 days between 9 and 27 October 2021.” HPE went on to specify that the data in question included “identifying device media access control (MAC) addresses, IP addresses, device operating systems type and hostnames, and user names for Wi-FI networks where authentication is used, as well as dates, times, and physical Wi-Fi access points (APs) to which devices connected.” The incident is under investigation

Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Cybercriminals will do anything to obtain a legitimate user credential because it gives them the keys to the kingdom, enabling them to do massive damage quickly.



United Kingdom – Simplify Group

Exploit: Hacking

Simplify Group: Conveyancing & Property Services

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.512= Severe

UK property services giant Simplify Group has been experiencing a cyberattack that impacted operations at many of its divisions. The company operates brands like Premier Property Lawyers, My Home Move and DC Law. The outage was a spanner in the works for new and prospective homebuyers, including some that were mid-move, and they were quick to take to social media. Some systems have been restored and the incident is under investigation.

Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Operational disruption from a ransomware attack is just as likely as data theft and sometimes even more damaging.


Spain – S.A. Damm 

Exploit: Ransomware 

S.A. Damm: Brewing  

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.595 = Extreme

Operations went flat at Spanish brewer S.A. Damm after a ransomware attack crippled production. The company disclosed that the cyberattack hit the brewery on Tuesday night and for a few hours the plant in El Prat de Llobregat, which produces 7 million hectolitres of beer a year, was “entirely paralyzed”. Operations were partially restored quickly and the rest of the recovery is expected to be completed soon.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Ransomware gangs have been stopping production in factories rather than stealing data in the hopes of scoring a quick ransom from desperate businesses.



1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

Categories
The Week in Breach

The Week in Breach News: 03/11/21 – 09/11/21

Canada’s biggest cyberattack ever disrupts Newfoundland and Labrador healthcare, ransomware is the real villain at Diamond Comic Distributors, phishing wreaks havoc at a defence contractor.



Diamond Comic Distributors

Exploit: Ransomware

Diamond Comic Distributors: Periodical Distributor 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.417= Severe

It’s a bird, it’s a plane, it’s a ransomware attack at Diamond Comic Distributors. The Baltimore-based company, the exclusive distributor of Image Comics and a publishing outlet for dozens of small-press comics publishers, suffered a ransomware attack last Friday that took down the company’s website and customer service platforms all weekend into Monday. Diamond said in a statement that it did not anticipate that any customer financial data had been impacted by this event. Investigation and recovery is underway with some functions already restored.

Individual Impact: No consumer PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business: Ransomware can cost companies a fortune from operational disruption alone even if no data is snatched, not to mention incident response costs.


Electronic Warfare Associates (EWA)

Exploit: Phishing 

Electronic Warfare Associates (EWA): Defense Contractor

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.822=Severe

A phishing attack that snared an employee is the suspected cause of a breach at defense contractor Electronic Warfare Associates (EWA). The company is a major provider of specialized software for the US defense establishment including the Pentagon, the Department of Defense (DoD), the Department of Justice (DoJ) and the Department of Homeland Security (DHS). EWA’s investigation determined that an attacker broke into an EWA email account in August 2021 after a phishing operation. The intrusion was uncovered when the attacker attempted a wire transfer. Employee PII was exposed and concern remains that sensitive defense information may also have been exposed.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.703=Severe

EWA has admitted that the attackers snatched files with certain personal information including name and Social Security Number and/or drivers’ license number for an undisclosed number of EWA employees, but no further information was given.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business Phishing is an equal opportunity offender and no less likely to be successful against the presumably cybersecurity savvy employees of a tech company as any other business.



Newfoundland and Labrador Health

Exploit: Ransomware

Newfoundland and Labrador Health: Healthcare System

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.442=Extreme

What may be the largest cyberattack in Canadian history crippled the healthcare system of the province of Newfoundland and Labrador on October 30th. The suspected ransomware attack hit scheduling and payment systems, causing widespread interruptions in patient care including the cancellation of all non-urgent imaging and medical appointments well as a reduction in chemotherapy sessions and significant complications the province’s COVID-19 response. Eastern Health reported that their payment systems to suppliers and vendors were also targeted by the attack. Email and telephone capability has been restored in some locations and an investigation is ongoing.

Individual Impact: No information about the exposure of patient information was disclosed in this incident as of press time.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business Healthcare has been beleaguered by cyberattacks, especially ransomware, since the start of the global pandemic.



Greece – Danaos Management Consultants

Exploit: Hacking

Danaos Management Consultants: Maritime IT

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.615= Severe

Maritime clients who use the communication systems of Danaos Management Consultants found themselves without some communications capability after a cyberattack blocked their communication with ships, suppliers, agents, charterers and suppliers. Several Greek shipping companies were impacted. The incident also resulted in the loss of an unspecified amount of files and correspondence for the impacted shipping firms.

Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Cyberattacks have rocked the maritime world in 2021, with major attacks against the world’s four biggest shippers complicating the world’s supply chain woes.


Germany – Media Markt

Exploit: Ransomware

Media Markt: Electronics Retailer 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.512= Severe

Electronics retailer MediaMarkt has suffered a ransomware attack that caused the company to shut down some IT systems, impacting store operations in Netherlands and Germany. While cash registers and payment card systems in brick-and-mortar locations were disrupted, online sales were not impacted. The attack was purportedly carried out by the Hive ransomware outfit who initially demanded $240 million in ransom.

Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Operational disruption from a ransomware attack is just as likely as data theft and sometimes even more damaging.



Australia – mySA Gov 

Exploit: Hacking

mySA Gov: Government Services Platform

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.595 = Extreme

South Australia’s Department for Infrastructure and Transport confirmed that mySA Gov accounts were compromised through a cyber attack. Officials went on to say that the hackers gained access to several mySA Gov accounts that were secured with recycled passwords. The department went on to say that there was no evidence of any unauthorized transactions on the impacted accounts while encouraging users to update their passwords.

cybersecurity news gauge indicating extreme risk

Individual Risk: 1.595 = Extreme

A report from ABC says that 2,601 mySA Gov accounts were accessed in the attack, with 2,008 of them containing registration and licensing information. It is unclear if any information was exfiltrated.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Cybercriminals are always hungry for PII, especially identification card or passport data that can help them commit identity theft.



1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

Categories
The Week in Breach

The Week in Breach News: 27/10/21 – 02/11/21

Ransomware sours operations at dairy powerhouse Schreiber Foods, jeweller to the stars Graff is in the wrong kind of spotlight, an old gang with a new name hits the NRA, trouble at the Toronto Transit Commission.


The National Rifle Association (NRA)

Exploit: Ransomware

National Rifle Association: Gun Rights Activist Group

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.417= Severe

Guess who’s back? Cybersecurity researchers believe that the notorious Evil Corp has rebranded itself as Grief, the group that has claimed responsibility for a probable ransomware attack at The National Rifle Association (NRA). Grief posted 13 files to its news website last Wednesday after they claimed to have hacked the NRA. The gang is threatening to release more of the files if they’re not paid, but no ransom demand was specified. NBC News reported that the files it saw were related to grants. The samples provided by the gang include blank grant proposal forms, a list of recent grant recipients, an email to a recent grant winner earlier this month, a W-9 form and the minutes from a September 24th NRA teleconference meeting.

Individual Impact: No consumer PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business: Ransomware can be used to steal and publicize sensitive information that a company doesn’t want exposed.


PracticeMax

Exploit: Ransomware

PracticeMax: Medical Practice Management Services 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.822=Severe

A ransomware attack on medical practice management services firm PracticeMax may have exposed Protected Health Information. The company notified members of Village Health that they may have been impacted by a cyberattack in April and May of 2021. VillageHealth is a care coordination program for patients with chronic conditions run by DaVita Inc. and offered through health plans including Anthem and Humana. PracticeMax indicates the breach affected more than 4,400 of its members in legal filings, but a company statement warns that they cannot say for sure that any data was actually accessed or stolen. 

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.703=Severe

In breach notification letters being sent on behalf of DaVita, Humana and Anthem, PracticeMax says the incident affected PHI including members’ first and last name, date of birth, address, phone number, Social Security Number, member ID number and clinical data pertaining to services received through the VillageHealth program. 

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business Service providers that handle a lot of valuable data have been favored targets of ransomware groups looking to profit in the booming data markets.


United States – Schreiber Foods

Exploit: Ransomware

Schreiber Foods: Dairy Processor

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.442=Extreme

Wisconsin-based dairy powerhouse Schreiber Foods said its plants and distribution centers are back up and running after a ransomware attack ground operations to a halt over the weekend. The company announced that a “cyber event” had disrupted operations at its processing and distribution centers after critical systems were knocked or taken offline. Schreiber uses a variety of digital systems and computers to manage milk processing, so this event impacted the entire dairy supply chain in the US. This is the latest incident in a string of massive production-impacting cyberattacks against agricultural sector targets. The company is the largest milk processor in Wisconsin, and it has reportedly been hit with a $2.5 million ransom demand.

Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business In September, the FBI released a notice warning companies in the food and agriculture sectors to watch out for ransomware attacks aiming to disrupt supply chains.


Canada – Toronto Transit Commission (TTC)

Exploit: Hacking

Toronto Transit Commission (TTC): Government Entity 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.615= Severe

The Toronto Transit Commission was the victim of a ransomware attack that it says began last Thursday night and expanded on Friday. Officials were quick to assure the public that the attack has not caused any significant disruption to transit service and the public and employees are not at risk. They specified that transit vehicles are continuing to service their routes, but apps and computer displays of route information are being affected. There’s no word on when those functions will be restored.

Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Cyberattacks on infrastructure targets are common, and that means that organizations that run and serve them need to step up their security game.



United Kingdom – Graff 

Exploit: Ransomware

Graff: Jeweler

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.512= Severe

The Conti ransomware gang made headlines again with a successful ransomware attack against high-society jeweler Graff. The company counts clients like Donald Trump, David Beckham, Oprah Winfrey and other major-league clientele. Graff operates at the top end of the diamond jewelry market, with more than 60 retail stores worldwide. Reports say that the Conti group has already posted 69,000 confidential documents on its dark web leak site including client lists, contact data and other proprietary information. Ransom demands are reported to be in the millions of pounds.

Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Firms like Graff not only have records on deep-pocketed clients, they also have records on transactions that those clients may want to have kept quiet.


Poland – C.R.E.A.M. Finance   

Exploit: Cryptojacking (Misconfiguration)

C.R.E.A.M. Finance: Decentralized Lending Platform 

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.595 = Extreme

For the third time this year, cybercriminals have hit lending platform C.R.E.A.M. Finance, stealing cryptocurrency. This time, thieves made off with $130 million worth of cryptocurrency assets. According to the experts, the attackers have likely exploited a vulnerability in the platform’s flash loan feature, then transferred the stolen funds to a wallet under their control before splitting them through other wallets.  This is the third successful heist from the platform this year. Crooks jacked $29 million in August 2021 and $37 million in February 2021. 

Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Cybercriminals are always hungry for cash and crypto is the currency that they prefer, so stealing it will continue to be a popular option.



Thailand – Centara Hotels & Resorts

Exploit: Ransomware

Centara Hotels & Resorts: Hotel Chain

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.637 = Severe

The Desorden ransomware group claims to have stolen over 400GB of files and databases containing information belonging to millions of hotel guests of Thailand’s Centara Hotels & Resorts. The hotel chain is part of Central Group, a conglomerate that also includes the Central Restaurants Group, which it hacked earlier this month. The hackers made it clear that this attack was in retaliation for the Central Group’s refusal to pay the ransom for the first attack after negotiating and promising payment. That incident would have provided a ransom payment of $900,000 before Central Group backed out of the deal on Tuesday, spurring the second attack.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.818 = Severe

The company admitted that attackers had in fact breached their system and accessed the data of some customers. The data accessed includes names, booking information, phone numbers, email addresses, home addresses and photos of IDs. Whether or not passport data was included was not specified but it is commonly requested. The theft is said to have affected guests who stayed at the hotel chain between 2003 and 2021, including any guests that made advanced bookings up to December 2021.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Big pools of information are catnip to ransomware gangs, especially highly desirable PII or credit card data.


1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

Categories
The Week in Breach

The Week in Breach News: 20/10/21 – 26/10/21

Ransomware becomes a TV star at Sinclair Broadcast Group, cybercriminals bring tricks and no treats to candymaker Ferrara Candy Company.



Sinclair Broadcast Group

Exploit: Ransomware

Sinclair Broadcast Group: Television Station Operator 

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.227 = Extreme

Sinclair Broadcast Group, the operator of 184 tv stations in 86 US markets, experienced a cyberattack last week that knocked broadcasts offline. The disruption was extensive, knocking local news broadcasts and syndicated programs offline. In some markets, NFL Sunday broadcasts were also disrupted. An unspecified amount of data was also stolen from the company’s network.

Individual Impact: No consumer PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business: Locking down networks and production lines to cause operational disruption is the name of the game for many ransomware groups in order to force a speedy ransom payment.


Ferrara Candy Company

Exploit: Ransomware

Ferrara Candy Company: Candy Manufacturer

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.822=Severe

Boo! Greedy cybercriminals unleashed their tricks on Ferrara Candy Company just one week away from Halloween. The company, maker of Brach’s Candy Corn, Nerds and Trolli gummies among other treats, has been in the confectionary business since 1901. Ferrara said that the attack briefly disrupted production operations. However, they were quick to assure anxious consumers that they didn’t need to worry about missing their Halloween favorites – Halloween orders were shipped to stores in August.

Individual Impact: No consumer PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business Manufacturers have been increasingly falling into cybercriminals’ sights, especially at peak times in their respective industries.


United States – CoinMarketCap

Exploit: Hacking

CoinMarketCap: Cryptoasset Tracker

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.702=Severe

Crypto evaluator CoinMarketCap has had a data leak. First reported by Have I Been Pwned, cybercrime researchers have discovered 3.1 million user email addresses from the site available on the dark web. The company initially denied the hack but ultimately owned up to the security blunder.

Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time. So far it’s only an email address list, no other information.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business Attacks on the banking, crypto and fintech sectors have been growing, creating complications for every financial services organization.


United Kingdom – Tesco

Exploit: Hacking

Tesco: Supermarket Chain

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.115=Extreme

Ubiquitous UK supermarket chain Tesco left customers scrambling after a cyberattack disrupted its web services over the weekend. The company said that unnamed cyberattacks began impacting its systems on Friday night. Beginning Saturday and rolling into Sunday intermittently, shoppers were unable to place orders or track deliveries. The incident also impacted the Tesco app.

Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Cyberattacks can come from myriad sources but they all cause companies to lose revenue and suffer a negative impact on customer relationships.


Switzerland – MCH Group

Exploit: Ransomware

MCH Group: Event Management

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.763 = Moderate

Swiss events management company MCH Group was hit with a suspected ransomware attack late last week that resulted in operational disruption. the company said that it’s back online, upcoming events will not be impacted and it’s in the process of investigating the attack. MCH Group handles events including the Art Basel shows in Basel, Miami Beach, and Hong Kong, as well as the watch and jewelry show Baselworld.

Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Service providers have been popular targets for cyberattacks because they often maintain databases that will score a big payday for cybercriminals on the dark web.


Spain – Atento

Exploit: Hacking

Atento: Customer Service Center Operator

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.615 = Severe

Customer support giant Atento was hit by a cyberattack on its Brazil-based systems that primarily impacted its operations in South America. The company disclosed a business interruption in Brazil as it sought to contain and mitigate the attack. Operations have been fully restored. Brazil is one of Atento’s main global markets, and more than 45% of the company’s global workforce is in that location.

Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Brazil has been experiencing an uptick in cyberattacks in recent months including insurers, retailers and other businesses that store a large volume of data.



Thailand – Centara Hotels & Resorts

Exploit: Hacking

Centara Hotels & Resorts: Hotel Chain

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.631 = Severe

Motherboard manufacturer Gigabyte was clobbered with a ransomware attack last week The ransomware group Avos Locker clobbered the company in a SolarWinds-style supply chain attack. The gang posted samples of the purportedly stolen data on its leak site including confidential details regarding deals with third-party companies and identifiable information about employees. Researchers from ThreatPost were able to view an assortment of data in a 14.9 MB file entitled “proof.zip” containing confidential data on agreements with Gigabyte relationships including Amazon, BestBuy, Black Magic, Blizzard, Intel and Kingston.

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.6808 = Severe

Researchers also noted that some employee and applicant information is included in that file. Researchers spotted employee payroll details, passport scans CVs of applicants, human resources files, consulting agreements, credit card data from 2014 and images from company events.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Computer hardware manufacturers have been very attractive to hacers as teh chip shortage grinds on, putting pressure on the industry, something cybercriminals love to exploit.



1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

Categories
The Week in Breach

The Week in Breach News: 13/10/21 – 19/10/21

Ransomware rocks Ecuador’s largest bank, a malicious insider strikes at a US healthcare organization, everyone in Argentina had their identity stolen



Olympus Corporation of the Americas

Exploit: Ransomware

Olympus Corporation of the Americas: Medical Technology Manufacturer 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.122 = Severe

Olympus was forced to take down IT systems in the U.S., Canada, and Latin America following a cyberattack that hit its network Sunday. The medical equipment manufacturer says that it does not believe that any data was stolen. Olympus also said that the incident was contained to the Americas with no known impact to other regions. Just last month, Olympus suffered another ransomware attack on its EMEA region systems.

Individual Impact: No consumer PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business: Many ransomware gangs aren’t bothering to steal data anymore, opting to lock down networks and production lines to force a speedy ransom payment.


Premier Patient Healthcare

Exploit: Malicious Insider

Premier Patient Healthcare: Medical Clinic Chain 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.712=Severe

Texas-based accountable care organization Premier Patient Healthcare filed a statement this week detailing a malicious insider incident that caused the exposure of PII for over 37,000 patients from around the country. According to the report, a terminated executive had retained credentials that enabled them to access and obtain an unspecified amount of PHI. No further details were included and a HIPAA filing has not yet appeared. When the breach first came to light, the company’s early statements pointed to a fault at a vendor, which turned out to not be the case. 

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.712=Severe

The patient records that were accessed included name, age, sex, race, county and state of residence, and zip code, as well as Medicare beneficiary information, such as Medicare eligibility period, spend information, and hierarchical condition category risk score for an unspecified number of patients.

Customers Impacted: 8.5 million

How It Could Affect Your Customers’ Business This incident isn’t just a double helping of embarrassment for Premier Patient Healthcare, it’s also going to be a financial nightmare after regulators get finished with them.



Ecuador- Banco Pichincha

Exploit: Ransomware

Banco Pichincha: Banking & Financial Services

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.412=Extreme

Ecuador’s largest private bank Banco Pichincha has suffered a suspected ransomware attack that has resulted in some systems being knocked offline for days. Many services of the bank were disrupted, including online banking, its mobile app and ATM network. The bank is working with national authorities at the Superintendency of Banks to investigate the incident. In an internal notification sent to the Bank’s agencies and seen by BleepingComputer, employees are notified that bank applications, email, digital channels, and self-services will not be operational for an unspecified amount of time due to a technology issue, limiting many bank services to in-person transactions. Some ATM services have been restored. The incident is ongoing.    

Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business Attacks on the banking and fintech sectors have been growing, creating complications for every financial services organization.


Argentina – Registro Nacional de las Personas (RENAPER)/National Registry of Persons 

Exploit: Hacking

Registro Nacional de las Personas (RENAPER): National Identity Database 

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.232=Extreme

Hackers have broken into the Argentina Interior Ministry’s IT network and stolen a massive amount of data from Registro Nacional de las Personas (RENAPER)/National Registry of Persons. That extremely sensitive database contains ID card details for the country’s entire population. The leak was announced when a Twitter user posted ID card photos and personal details for 44 Argentinian celebrities including the country’s president Alberto Fernández and soccer superstars Lionel Messi and Sergio Aguero. While the Argentine government admits to the hack, they maintain that no data was stolen. However, cybersecurity experts and journalists were able to contact the threat actors through a dark web posting and confirm the authenticity of the database. The hackers appear to have gained access through a compromised VPN.

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.222= Extreme

According to a sample provided by the hacker online, the information they have access to right now includes full names, home addresses, birth dates, gender info, ID card issuance and expiration dates, labor identification codes, Trámite numbers, citizen numbers, and government photo IDs.

Customers Impacted: The population of Argentina is 45 million

How it Could Affect Your Customers’ Business A strong security culture helps reduce the likelihood of an incident caused by employee carelessness as this one reportedly was.


Brazil – Hariexpress

Exploit: Misconfiguration

Hariexpress: e-Commerce Firm

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.616 = Severe

Brazilian e-commerce firm Hariexpress is in hot water after it exposed an estimated to 1.8 billion client and seller records. The problem appears to have originated with a misconfigured Elasticsearch server, according to researchers. The server was left unencrypted with no password protection in place, exposing 610GB of data and that data may have been exposed for several months.  

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.616 = Severe

Exposed customer data included full names, home and delivery addresses, phone numbers and billing details. Also exposed were sellers’ full names, email and business/home addresses, phone numbers and business/tax IDs (CNPJ/CPF).  

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Human error will always be a company’s biggest cyberattack risk. It pays to make sure that everyone feels like they’re responsible for security to avoid messes like this.



Spain – Meliá Hotels International 

Exploit: Ransomware 

Meliá Hotels International: Hotel Chain 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.615 = Severe

Meliá Hotels International, one of the largest hotel chains in the world, had fallen victim to a suspected ransomware attack. Attackers took down parts of the hotel chain’s internal network and some web-based servers, including its reservation system and public websites. An investigation is underway. No ransomware gang has yet claimed responsibility. 

Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Ransomware is always expensive. Even without the extortion demand, it can cause massive losses simply from business interruption.



Taiwan – Acer 

Exploit: Hacking

Acer: Computer Manufacturer 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.631 = Severe

Acer has just been beleaguered by cyberattacks in 2021. In its second time at the dance this year, Acer’s India after-sales service has suffered a data breach. A threat actor has already claimed the attack on a popular hacker forum, saying that they stole more than 60GB of files and databases from Acer’s servers. The stolen data includes client, corporate, and financial data and login details belonging to Acer retailers and distributors from India. The threat actor posted a  video showcasing the stolen files and databases to a dark web forum showcasing the records of 10,000 customers, and stolen credentials for 3,000 Indian Acer distributors and retailers. 

Individual Impact: No information about the nature of the exposed customer data was available at press time.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Companies that store large amounts of data are hacker catnip. The data that they can steal will not only reap a big profit, it also opens other cybercrime doors.


1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

Categories
The Week in Breach

The Week in Breach News: 06/10/21 – 12/10/21

Ransomware may make headlines, but this week’s report shows that cybercriminals aren’t limiting themselves to just one threat.



Twitch

Exploit: Hacking

Twitch: Streaming Platform

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.402 = Extreme

Leading streaming and gaming platform Twitch has been hacked. Source code for the company’s upcoming expansion to its streaming service, an unreleased Steam competitor from Amazon Game Studios, has appeared on message boards as well as data that details the terms and amounts of content creator payouts. An anonymous poster on the 4chan messaging board delivered the data in a 125GB torrent. That poster also claimed that the stream includes the entirety of Twitch and its commit history including the aforementioned creator payouts, twitch.tv, source code for the mobile, desktop and video game console Twitch clients, code related to proprietary SDKs and internal AWS services used by Twitch, data on other Twitch properties like IGDB and CurseForge and, details about the AGS project and information about the platform’s internal security tools.

Individual Impact: No consumer PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business: Data is of immense value to cybercriminals in the booming dark web data markets, and this data will appeal to many different cybercriminal operations.


MoneyLion

Exploit: Credential Stuffing

MoneyLion: Financial Services Platform 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.712=Severe

That old favorite credential stuffing makes an appearance this week with an attack on the financial services platform MoneyLion. The Utah-based fintech company provides mobile banking services for borrowing, saving, and investing money. MoneyLion informed customers that “an unauthorized outside party appears to have been attempting to gain access to your account on the application using an account password and/or possibly email address that appear to have been potentially compromised in a prior event”. The data breach notice outlined the attacks as taking place over the course of several weeks spanning June and July 2021. The company assured users that no information was stolen.   

Individual Impact: No consumer PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted: 8.5 million

How It Could Affect Your Customers’ Business Credential stuffing is a classic that is even easier these days thanks to the huge amount of data that includes huge batches of stolen passwords available on the dark web.


Next Level Apparel

Exploit: Phishing

Next Level Apparel: Clothing Manufacturer

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.771 = Moderate

Next Level Apparel, a US-based clothing manufacturer, has announced that several of its employee accounts were compromised in a phishing attack. In a press release late last week, the company noted that cybercriminals were able to access the contents of several employee email accounts at various times between February 17, 2021, and April 28, 2021, including viewing customer and employee PII although the company could not confirm that any data was stolen.    

cybersecurity news represented by a gauge indicating moderate risk

Individual Risk: 2.802 = Moderate

Next Level Apparel noted that the customer and employee data accessible through the compromised accounts included names accompanied by Social Security numbers, financial/checking account numbers, payment card numbers, driver’s license numbers, and limited medical/health information.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business More than 80% of reported security incidents in 2020 were phishing-related, making this the biggest cyberattack vector for every business.


United Kingdom – Welland Park Academy 

Exploit: Hacking

Welland Park Academy: Secondary School 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.883 = Moderate

Hell hath no fury like an IT employee scorned, as Welland Park Academy discovered after a fired IT admin entered its environment and wreaked havoc. After his termination, the former employee wiped data on the school’s systems and changed all employee credentials. These actions made it impossible for the school to conduct distance learning. The same malicious individual also took revenge on the next company fired from, creating lockout chaos and wiping data at an unnamed IT company, as well as mucking up the company’s phone systems.   

Individual Impact: No consumer PII or financial data exposure was disclosed in this breach as of press time.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business Malicious insider threats are a hazard that very business should remember, because vengeful employees can do serious damage quickly.


United Kingdom – The Telegraph

Exploit: Misconfiguration

The Telegraph: News Organization

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.122=Severe

UK news giant The Telegraph is in hot water after researchers discovered an unsecured database that exposed an enormous amount of information, an estimated 10 TB of data. Much of the data appears to apply to Apple News customers. The researcher who discovered it noted that at least 1,200 unencrypted contacts were accessible without a password. The Telegraph announced that it quickly secured the database as soon as it was informed of the issue, which impacted less than 0.1% of its subscribers.  

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.801=Moderate

The exposed information includes internal logs, full subscriber names, email addresses, device info, URL requests, IP addresses, authentication tokens and unique reader identifiers, mostly for users who accessed The Telegraph through Apple News.  

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business It pays to make sure that companies are building a strong security culture to discourage neglectful practices.


Scotland – Weir 

Exploit: Ransomware

Weir: Heavy Equipment Manufacturer 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.616 = Severe

Scottish heavy equipment company Weir was hit with a ransomware attack. The BBC reports the company was essentially shut down briefly by the incident, which took place sometime in September 2021, forcing the company to delay shipments of mining equipment worth more than £50m in revenue. The company noted in its release that because the attackers did not exfiltrate or encrypt any data, it was confident that no financial or sensitive data had been stolen about employees or customers. 

Individual Impact: No employee or customer PII or financial data exposure was disclosed in this breach as of press time.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Ransomware gangs don’t just want to steal data anymore. They’re also more than happy to shut down production lines to obatain ransoms.


Scotland – BrewDog

Exploit: Misconfiguration

BrewDog: Bar and Restaurant Chain 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.615 = Severe

Scottish bar and restaurant chain BrewDog was responsible for exposing the data of 200,000 shareholders and customers, The company, famous for its crowd-ownership model as well as its beer, exposed that data over an 18-month period through a glitch in its mobile app that hard-coded authentication tokens for users into the mobile application instead of being transmitted to it following a successful user authentication event. Interested parties could simply append any customer ID to the end of the API endpoint URL and access sensitive PII (personally identifiable information) for that customer. 

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.701 = Severe

Potentially exposed customer/shareholder details include, the customer’s name, date of birth, email address, gender, all previously used delivery addresses, telephone number, number of shares held, shareholder number, bar discount amount, bar discount ID, number of referrals and types of beer previously purchased 

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Having this data exposed through a blunder will hurt the reputation of a company that relies on customers as investors to stay in business.



Hong Kong – Fimmick Limited

Exploit: Ransomware

Fimmick Limited: Marketing Company

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.631 = Severe

Hong Kong marketing firm Fimmick has been hit with a ransomware attack that is purportedly the work of REvil. Cybersecurity researchers caught wind of the incident after REvil claimed to have burglarized Fimmick’s databases, snatching data that pertained to Fimmick’s work with a number of major brands. Sample data provided on REvil’s website as proof of the hack included data pertaining to the company’s work with Cetaphil, Coca-Cola and Kate Spade.  

Individual Impact: No consumer PII or financial data exposure was disclosed in this breach as of press time, although the sample points to employee information exposure.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Companies that provide services like this are especially tasty targets for ransomware gangs because even if they don’t pay the ransom their data on other businesses opens new doors.


1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

Categories
The Week in Breach

The Week in Breach News: 29/09/21 – 05/10/21

Ransomware is on a round-the-world tour this week, visiting major players like JVCKenwood, Marketron and Sandhills Global.



Sandhills Global

Exploit: Ransomware

Sandhills Global: IT & Digital Publishing

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.337 = Extreme

Digital publishing giant Sandhills Global was shut down this week by a ransomware attack. The company handles trade magazines and websites for major publications in the transportation, agricultural, aerospace, heavy machinery and technology industries. Publications that Sandhills produces include TractorHouse, Machinery Trader, Machinery Trader Auction Results, Truck Paper, RentalYard, and AuctionTime, as well as Controller, Executive Controller, and Charter Hub, are among its trade magazines. Sandhills Global’s website, as well as all of their hosted publications, went offline recently, and their phones stopped working after a successful ransomware attack purportedly by Conti. Investigation of the breach and restoration of the impacted sites is underway.

Individual Impact: No consumer PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted: Unknown


Marketron 

Exploit: Ransomware

Marketron: Marketing Services Company 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.606=Severe

Marketron has been hit by the busy BlackMatter crew. The company provides cloud-based revenue and traffic management tools for broadcast and media organizations with an emphasis on revenue management and audience engagement. The company disclosed that it had been contacted by the Russian gang on Sunday with a ransom demand.  The attack affected the Marketron Traffic, Visual Traffic Cloud, Exchange and Advertiser Portal services. RadioTraffic and RepPak services were not hit in the attack but were taken offline in the aftermath as a precaution and authorities including the FBI were informed. The BlackMatter organization is suspected to be the new guise of DarkSide.  

Individual Impact: No consumer PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted: 320,000

How It Could Affect Your Customers’ Business Today’s tricky ransomware landscape holds more traps than many organizations are expecting and the damage can be widespread if an attack strikes home.



Portpass

Exploit: Misconfiguration

Portpass: COVID-19 Vaccine Passport Platform 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.636 = Severe

Canadian proof-of-vaccination app Portpass is having misconfiguration problems. That unfortunately led to exposed personal information for more than 650,000 registered users. CBC News reported that the problem was discovered by an anonymous tipster on its website. An investigation revealed that the company had not encrypted any of the data that it was maintaining and some could be viewed in plain text. The company claimed that the data was only exposed for a few minutes, but investigative reporting disproved that claim. The Alberta privacy commissioner’s office said in an emailed statement that it has not yet received a report and the progress of a formal investigation is unclear.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.636 = Severe

A swathe of personal data was exposed on the leaky site for an estimated 650,000 users including email addresses, names, blood types, phone numbers, birthdays, as well as photos of identification like driver’s licenses and passports. 

Customers Impacted: 650,000

How It Could Affect Your Customers’ Business Cybercrime threat risk is bad enough without shooting yourself in the foot through sloppy IT practices.



United Kingdom – Giant Group

Exploit: Ransomware

Giant Group: Payroll Services Firm 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.713 = Severe

Giant Group, also known as Giant Pay, was hit with a suspected ransomware attack that caused its operations to grind to a halt. The payroll services company was forced to shut down its whole network, including its phone and email systems, in order to begin recovery attempts. The company noted that it was still able to pay 8,000 workers whose contract pay it handled last week, but payees are reporting widespread delays and uncertain timelines for receiving that pay. The investigation is ongoing.

Individual Impact: No consumer PII or financial data exposure was disclosed in this breach as of press time.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business Cybercriminals know that they can get organizations that need to operate on tight timelines to pay ransoms and they don’t hesitate to take advantage of that fact.


France – TiteLive

Exploit: Ransomware

TiteLive: Bookstore Support Platform Provider

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.661=Severe

Bookstores across France, Belgium, and the Netherlands have had a rough week after a suspected ransomware attack crippled the IT systems of TiteLive, a French company that operates a widely used SaaS platform for book sales and inventory management. The attack caused outages of MediaLog, the company’s primary product, used by more than 1,000 bookstores, according to TiteLive’s website. An investigation and recovery are ongoing. No gang has claimed responsibility. 

Individual Impact: No consumer PII or financial data exposure was disclosed in this breach as of press time.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business This is a good illustration of today’s third-party/supply perils. One ransomware attack on a company like this can ripple out to impact many businesses.


Israel – E.M.I.T Aviation Consulting

Exploit: Ransomware

E.M.I.T Aviation Consulting: Defense Aviation Consulting 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.699 = Severe

A ransomware attack against the Israeli firm E.M.I.T Aviation Consulting is presumed to be the work of LockBit 2.0 after the group claimed responsibility for the incident. The ransomware gang has not yet published any files or sample data as proof of the successful attack, but they’ve scheduled the countdown to the reveal to end on 10/07/21. LockBit operators recently made a splash by setting up their dedicated leak site to also promote the latest variant of their ransomware and advertise the LockBit 2.0 affiliate program after hacking-related posts were banned on a number of Russian forums.

Individual Impact: No consumer PII or financial data exposure was disclosed in this breach as of press time.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Ransomware gangs don’t just want consumer data. They’re more than happy to steal trade secrets and national security-related documents too.



New Zealand – Aquila Technology 

Exploit: Credential Compromise

Aquila Technology: Communications Equipment Retailer

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.699 = Severe

Technology retailer Aquila Technology, based in Lower Hutt, has disclosed that the company has been affected by a data breach. This breach is suspected to be the result of credential compromise. The company suggests that all customers reset their passwords immediately. Aquila Technology has formally notified the Privacy Commissioner and an investigation is underway.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.699 = Severe

The company said in its statement that some customers may have had personal and credit card information compromised, but no further information was available at press time.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Credit card information is highly desitrable on the dark web, spurring a fresh round of attacks on retailers, es[pecially those that maintain large databases.



Japan – JVCKenwood 

Exploit: Ransomware

JVCKenwood: Audio Equipment Manufacturer 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.699 = Severe

Conti ransomware came calling at JVCKenwood this week. The Japanese audio equipment powerhouse. The threat actors claim to have stolen 1.7 TB of data and are demanding a cool $7 million ransom in crypto. JVCKenwood disclosed that servers belonging to its sales companies in Europe were breached on September 22nd, and the threat actors may have accessed data during the attack. The extortionists published a sample of the stolen data as proof of their success, and it appears to be a scanned passport for a JVCKenwood employee.

Individual Impact: No consumer PII or financial data exposure was disclosed in this breach as of press time, although the sample points to employee information exposure.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Big companies have big targets painted on their backs for ransomware gangs because they have deep pockets to exploit.



1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

Categories
The Week in Breach

The Week in Breach News: 22/09/21 – 28/09/21

It’s Double Trouble Week! Cybercriminals are double-dipping in an array of industries including agriculture, healthcare, customer service and real estate plus why data breach risk is on the rise again.

 
United States –  New Cooperative & Crystal Valley Cooperative  Exploit: Ransomware
New Cooperative & Crystal Valley Cooperative: Agricultural Services   >> Read full details on our blog
 
  United States – Simon Eye & US Vision  Exploit: Hacking
Simon Eye & US Vision: Optometry Clinic Operators  >> Read full details on our blog  
  United States – Marcus & Millichap  Exploit: Ransomware
Marcus & Millichap: Real Estate Investment Firm  >> Read full details on our blog  
  Colombia – Coninsa Ramon H  Exploit: Misconfiguration
Coninsa Ramon H: Real Estate Firm 
>> Read full details on our blog  
  Italy – Covisian  Exploit: Ransomware
Covisian: Call Center Operator 
>> Read full details on our blog  
  Israel – Voicenter Exploit: Ransomware
Voicenter: Call Center Operator 
>> Read full details on our blog  
Categories
The Week in Breach

The Week in Breach News: 01/09/21 – 07/09/21



Pacific City Bank

Exploit: Ransomware

Pacific City Bank: Financial Institution

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.623 = Severe

Pacific City Bank, a California-based bank that focuses on the Korean-American community, was rocked by ransomware. The bank was hit by the AVOS Locker ransomware gang last week. On Saturday, September 4, 2021, the ransomware gang added the bank to its leak site and published some screenshots as proof of the hack including a ZIP archive that contains a series of documents allegedly stolen from the bank. The incident is under investigation.

Individual Impact: No information was available at press time to say if employee, customer or consumer financial details or PII was compromised in this incident but since it is a bank that’s highly likely.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business: Ransomware gangs have been hungry for financial industry data and they’ve been stepping up attacks against targets that have it, especially small-time players that tend to have weak security.


DuPage Medical Group

Exploit: Hacking

DuPage Medical Group: Healthcare Practice 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.636 = Severe

DuPage Medical Group is notifying 600,000 patients that their personal information may have been compromised during a July cyberattack. The largest independent physician group in Illinois experienced a computer and phone outage that lasted nearly a week in mid-July. Investigators determined that the incident was caused by unauthorized actors who accessed its network between July 12 and July 13.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.866 = Severe

The investigators determined that files containing patient information including names, addresses, dates of birth, diagnosis codes, codes identifying medical procedures and treatment dates may have been exposed. For a small number of people, Social Security numbers may have been compromised.

Customers Impacted: 600,000 patients

How It Could Affect Your Customers’ Business Exposed medical data isn’t just a disaster upfront. Big penalties from state and federal regulators can cause damage that’s hard to recover from.


Career Group, Inc. 

Exploit: Ransomware

Career Group, Inc.: Staffing Company

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.673=Severe

California-based staffing service Career Group, Inc. Experienced a data breach, between June 28 and July 7. In the company’s letter to regulators, it stated that it had received assurances from the cybercriminals involved that its data would be deleted, indicating a probable ransomware incident.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.673=Severe

The company noted in a letter to the Maine Attorney General’s Office the fact that the stolen data included PII from applicants and placements including Social Security numbers, but no further details were available at press time.

Customers Impacted: 49,476

How It Could Affect Your Customers’ Business Staffing services are a goldmine for cybercriminals because they offer the opportunity to quickly score a large amount of desirable financial data and PII.


Howard University

Exploit: Ransomware

Howard University: Institution of Higher Learning

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.917 = Severe

Howard University announced that they are investigating a ransomware attack. The incident disrupted online classes for several days. In person instruction was unaffected. The school’s Enterprise Technology Services (ETS) intentionally shut down the university’s network to investigate. So far, investigators have not found that any personal data on staff or students has been stolen.

Individual Impact: No information was available at press time about the types of data that was stolen if any.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business Schools of every size have been prime targets for cybercriminals since the beginning of the pandemic, and that pressure is not relenting.


France – Francetest 

Exploit: Misconfiguration

Francetest: COVID-19 Test & Trace Platform 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.721 = Severe

A misconfiguration in an online platform used to transfer data from antigen tests carried out at pharmacies to the government platform SI-DEP has made hundreds of thousands of COVID-19 test results public, along with the PII of the patients who took them. In a particularly interesting detail of this story, the misconfiguration was discovered when a patient with IT expertise discovered that the open-source content management system WordPress was being used to manage sensitive data. She could access files containing other patients’ information via the URL tree and even create an account without being a pharmacist.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.761 = Severe

Exposed data included patients’ full names, genders, dates of birth, social security numbers, contact details (including email address, telephone number and postal address) and test results including COVID-19 status.

Customers Impacted: 700,000

How it Could Affect Your Customers’ Business Human error is still the biggest cause of a data breach and this is one mistake that’s going to cost a fortune by the time GDPR penalties are calculated.


France – France-Visas

Exploit: Hacking

France-Visas: Government Services Platform 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.919 = Severe

A cyber-attack has compromised the data of around 8,700 people applying for visas to visit or move to France via the official government-run France-Visas website. No details of the nationalities affected or other information about the applicants that had information exposed was released, but French officials say that they have been contacted by mail.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.778 = Severe

Applicant PII including names, passport and identity card numbers, nationalities and birth dates was snatched by the hackers. No financial information was exposed. Officials noted a low potential for misuse because of strict GDPR compliance procedures.

Customers Impacted: 8,700

How it Could Affect Your Customers’ Business Their compliance may be stringent, but their security is lacking, and that’s going to cost a pretty penny when penalties are handed down from GDPR regulators.



Japan – Fujitsu 

Exploit: Hacking

Fujitsu: Information Technology

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.802 = Severe

Data from Japanese tech giant Fujitsu is being sold on the dark web. The type of data available is unclear, but the cybercriminals responsible for the hack claim to have 4GB of company data to offload. In their announcement, the cybercriminals provided samples of the data and claimed they had confidential customer information, company data, budget data, reports and other company documents, including project information.

Individual Impact: No information was available at press time to say if employee, customer or consumer financial details or PII was compromised in this incident

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware is the weapon of choice for both run-of-the-mill cybercriminals and nation-state threat actors. Every business needs to be ready for it.


Indonesia – electronic Health Alert Card

Exploit: Misconfiguration 

electronic Health Alert Card (eHAC): COVID-19 Test & Trace Platform

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.802 = Severe

A storage snafu has exposed a big pool of personal data from Indonesia’s test and trace tool electronic Health Alert Card (eHAC). Researchers discovered that an unsecured Elasticsearch database was being used to store over 1.4 million records from approximately 1.3 million eHAC users. Both foreigners and Indonesian citizens must download the app, even those traveling domestically within the country and it contains data personal data for travelers including a person’s health status, personal information, contact information, COVID-19 test results and other information.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.5882 = Severe

The data involved in the leak includes user IDs including passports and national Indonesian ID numbers, COVID-19 test results and data, hospital IDs, addresses, phone numbers, URN ID numbers and URN hospital ID numbers. For Indonesians, their full names, numbers, dates of birth, citizenship, jobs and photos were included in the leaked data. Private information about Indonesian hospitals and government officials who used the app was also exposed.

How it Could Affect Your Customers’ Business: A misconfiguration of this scale is embarrassing and demonstrates a slapdash security system that won’t fill users with confidence.

Categories
The Week in Breach

The Week in Breach News: 25/08/21 – 31/08/21

Ransomware comes calling at a Nokia subsidiary, cyber criminals check data out of the Boston Public Library, personal data is snatched from Bangkok Airlines



SAC Wireless

Exploit: Ransomware

SAC Wireless: Mobile Network Services 

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.486 = Extreme

AC Wireless, a US-based Nokia subsidiary, has disclosed a data breach following a ransomware attack attributed to the Conti ransomware gang. The company disclosed that personal information belonging to current and former employees (and their health plans’ dependents
or beneficiaries) was also stolen during the ransomware attack. Conti ransomware gang revealed on their leak site that they stole over 250 GB of data. The investigation and remediation is ongoing.

cybersecurity news gauge indicating extreme risk

Individual Risk : 1.311 = Extreme

SAC Wireless has announced that they believe that the stolen files contain the following categories of personal info about current and former employees: name, date of birth, contact information (such as home address, email, and phone), government ID numbers (such as driver’s license, passport, or military ID), social security number, citizenship status, work information (such as title, salary, and evaluations), medical history, health insurance policy information, license plate numbers, digital signatures, certificates of marriage or birth, tax return information, and dependent/beneficiary names. 

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business: Ransomware gangs are increasingly targeting the partners of major companies to find security flaws that enable them to gain valuable access or information that can then be translated into action against the major target.


Boston Public Library (BPL)

Exploit: Ransomware

Boston Public Library (BPL): Library System 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.336 = Severe

The Boston Public Library (BPL) has disclosed that its network was hit by a cyberattack leading to a system-wide technical outage. BPL serves almost 4 million visitors per year through its central library and twenty-five neighborhood branches, as well as millions more online. The library experienced a significant system outage and as well as disruption of its online library services. Branch It has been restored and online services are slowly being recovered.

Individual Impact: There has not yet been an announcement that employee, customer or consumer personal or financial information was compromised in this incident but the investigation is ongoing

Customers Impacted: 4 million

How It Could Affect Your Customers’ Business Government and government-adjacent municipal targets have been especially under the gun recently as cybercriminals seek easy routes to gaining big scores of personal data from targets with historically poor security.


Envision Credit Union

Exploit: Ransomware

Envision Credit Union: Bank 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.673=Severe

The LockBit 2.0 ransomware group has threatened to publish stolen data of its newest target, Envision Credit Union in Florida, on August 30. Envision Credit Union disclosed to the media that recently began “experiencing technical difficulties on certain systems” after the LockBit announcement went up on the gang’s leak site. An investifation is ongoing and the bank has not yet disclosed exactly what (if any) data was stolen.  

Individual Impact: There has not yet been an announcement that employee, customer or consumer personal or financial information was compromised in this incident but the investigation is ongoing

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business Financial services and fintec organizations have been a prime target for hackers recently, and regulators have not been shy about raising the alarm.


Atlanta Allergy & Asthma 

Exploit: Hacking

Liquid: Cryptocurrency Exchange 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.917 = Severe

Atlanta Allergy & Asthma (AAA), the largest allergy treatment healthcare business in the region, is notifying 9,800 patients that they experienced a data breach that involved protected health information. Bloggers spotted the data on the dark web, where it had been posted by the Nefilim ransomware group, also known as Nempty. The gang nabbed 2.5 GB of data consisting of 597 files with PHI.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.835 = Severe

The data seen by researchers includes what appears to be thousands of records for patients. The files are not just current or recent billing-related files but also included spreadsheets organized by type of health insurance, records on outstanding claims from 2017 and 2018 and more than 100 audits including a multi-page detailed review of a patient’s case. 

Customers Impacted: 9,800

How It Could Affect Your Customers’ Business Medical data is a big revenue driver for cybercriminals but it is an even bigger revenue disaster for the medical practices that lose it to cybercrime.


Germany – Puma

Exploit: Hacking

Puma: Sportswear Brand 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.721 = Severe

Threat actors claim to have stolen data from German sportswear giant Puma. The cybercriminals announced the score in a post on a message board at the rising dark web marketplace Marketo claims to have about 1GB of data stolen from the company. Published samples contain the source code of internal management applications potentially linked to the company’s Product Management Portal.

Individual Impact: There has not yet been an announcement that employee, customer or consumer personal or financial information was compromised in this incident but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Hackers are hungry for data to turn for a quick profit in the booming dark web data markets. Reports note there are more than 150 bids on this little cache already.



Thailand – Bangkok Airways 

Exploit: Ransomware

Bangkok Airways: Airline 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.802 = Severe

Bangkok Airways has announced that it has experienced a “cybersecurity attack which resulted in unauthorized and unlawful access to its information system”. There’s no word from the company about how many customers were involved in the breach or what timeframe the data came from, but they were quick to assure customers that no operations or aeronautics systems or data was impacted.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.761 = Severe

The company said in a statement that their initial an investigation revealed that the names, nationalities, genders, phone numbers, emails, addresses, contact information, passport information, historical travel information, partial credit card information and special meal information for passengers of the airline were accessed by the hackers.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware is the weapon of choice for both run-of-the-mill cybercriminals and nation-state threat actors. Every business needs to be ready for it.