Category: The Week in Breach

Lapsus$ scores two big hits but it may have done itself in, a vishing tale at Morgan Stanley, a new checklist for your prospects and three risks your clients need to know about right now.  

Microsoft 

Exploit: Unauthorized Access

Microsoft: Software Company 

Risk to Business: 2.337 = Severe

The Lapsus$ gang has released 37GB of source code that they snatched in a brazen hit on Microsoft’s Azure DevOps server. Microsoft confirmed the incident, saying that the threat actors gained access through a compromised employee account. The source code looks to pertain to various internal Microsoft projects, including for Bing, Cortana and Bing Maps. Microsoft made a blog post about its recent operations to track and potentially interfere with Lapsus$ last week. The company was quick to state, “Microsoft does not rely on the secrecy of code as a security measure and viewing source code does not lead to elevation of risk.” Lapsus$ is known to be a ransomware outfit, but no ransom activity was disclosed in this incident.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Business: Source code is a useful asset for cybercriminals that can help them develop new malware and attack techniques.

Okta

Exploit: Credential Compromise (Supply Chain Risk)

Okta: Identity and Access Management Solutions

Risk to Business: 1.299 = Extreme

Lapsus$ also pulled off another high-profile attack, this time against access management company Okta. Lapsus$ announced that it had breached Okta’s security in January on March 22. Supporting the claim, the group published screenshots related to Okta’s internal apps and systems. This one had a bit of a bumpy acknowledgment process by Okta who originally said no customer data was accessed but later clarified, saying “a small percentage of customers – approximately 2.5% – have potentially been impacted and (their) data may have been viewed or acted upon.” A third-party service provider’s previous breach likely also played a part in the incident. No specifics on the data were given. As we stated above, Lapsus$ is typically involved in ransomware operations but no details of any ransomware activity have been reported.

NOTE: Lapsus$ hackers were allegedly detained by UK police following these incidents. 

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Customers’ Business Cybercriminals know that service providers are a quick avenue to exploit for vulnerabilities that may allow them to penetrate a bigger company’s security.

United States – Morgan Stanley

Exploit: Social Engineering (Vishing)

Morgan Stanley: Financial Services

Risk to Business: 1.721 = Severe

Morgan Stanley Wealth Management, the wealth and asset management division of Morgan Stanley, says some of its customers had their accounts compromised in a vishing attack. The company notified clients that on or around February 11, 2022, a threat actor impersonating Morgan Stanley gained access to their accounts by impersonating a Morgan Stanley representative and persuading those victims to provide the imposter their Morgan Stanley Online account info. After successfully breaching their accounts, the attacker also electronically transferred money to themselves using the Zelle payment service. No specifics have been given regarding the number of customers swindled, but the firm has stated that those clients were reimbursed. 

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Business: Brand impersonation is a rising risk that businesses and consumers need to be aware of. It always pays to check for authenticity before handing over your data.

Russia – Miratorg Agribusiness Holding 

Exploit: Malware (Nation-State)

Miratorg Agribusiness Holding: Meat Distributor

Risk to Business: 1.909 = Severe

Russian meat wholesaler Miratorg Agribusiness Holding has suffered a major cyberattack that encrypted its IT systems. The attack was reported by Rosselkhoznadzor, Russia’s veterinary medicine and agricultural production and byproducts oversight body. The attackers reportedly made use of the Windows BitLocker feature to encrypt files, possibly gaining access through a state veterinary information service. Rosselkhoznadzor has suggested that this may be a nation-state cyberattack. Miratorg Agribusiness Holding promised that attack will not affect its supply and shipments to Russian citizens.

How it Could Affect Your Customers’ Business Nation-state cybercrime is booming, especially around the Russia/Ukraine conflict.

Greece – Hellenic Post (ELTA)

Exploit: Ransomware

Hellenic Post (ELTA): National Postal Service

Risk to Business: 2.017 = Severe

ELTA, the state-owned provider of postal services in Greece, has disclosed a ransomware incident that has knocked most of the organization’s services offline. The organization announced that its IT teams have determined that the threat actors exploited an unpatched vulnerability to drop malware that allowed access to one workstation using an HTTPS reverse shell, encrypting systems critical to ELTA’s business operation. ELTA is currently unable to process mail, bill payments or any form of financial transaction orders with no estimate of when these services will be made available again. 

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Cybercriminals love to target organizations in time-sensitive fields to increase their chance of scoring a big payday.

United Kingdom – Ministry of Defence

Exploit: Nation-State Hacking (Hacktivism)

Ministry of Defence: National Government Agency 

Risk to Business: 2.811 = Moderate

The Ministry of Defence has suspended online application and support services for the British Army’s Defence Recruitment System after bad actors compromised some data held on applicants. The army was informed of the break-in on March 14 along with a rumored threat to expose the stolen data on the dark web. The recruitment operations system is run by Capita, a vendor that handles marketing, processing applications and candidate assessment centers. No further information on what data was stolen or when systems will be restored to full operations has been released.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Cybercriminals are always hungry for fresh data, especially valuable personal or financial information.

Scotland – Scottish Association for Mental Health

Exploit: Ransomware

Scottish Association for Mental Health: Healthcare Provider

Risk to Business: 2.176 = Severe

The RansomEXX ransomware group hit the Scottish Association for Mental Health, snatching 12 GB of sensitive client data from the charity. The organization confirmed the attack in a statement, explaining “We are devastated by this attack. It is difficult to understand why anyone would deliberately try to disrupt the work of an organisation that is relied on by people at their most vulnerable.” Attackers reportedly gained access to internal employee communications as well as other data sources. The charity has also said that they’re working with Police Scotland to resolve the situation. No ransom demand was made public.   

Rist to Individuals: 2.307 = Severe

The exposed data includes unredacted photographs of individuals’ driving licenses, passports, personal information such as volunteers’ home addresses and phone numbers, and some clients’ passwords and credit card details.  

How it Could Affect Your Business This situation is especially unfortunate because in addition to an expensive incident response, the organization likely faces costly penalties.

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

More trouble for crypto and DeFi outfits thanks to a supply chain incident, Anonymous isn’t letting up on Russia and a cyberattack sours milk processing in the US.

H.P. Hood Dairy 

Exploit: Hacking

H.P. Hood Dairy: Milk Producer

Risk to Business: 1.411 = Extreme

Major New England dairy producer Hood announced that it had been hit with a cyberattack that has impacted milk production. The company stated that the unnamed attack caused milk processing and dairy production to halt at its 13 plants around the U.S. This has led to dairy shortages in some school systems and the waste of a large volume of milk. Production and processing operations have been restored and the incident is under investigation.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Business: Cybercriminals have been hitting major food producers hard, looking for a quick score from a time-sensitive business.

BlockFi

Exploit: Supply Chain Risk

BlockFi: Cryptocurrency Finance

Risk to Business: 2.799 = Moderate

Crypto financial institution BlockFi has announced that it had experienced a data breach incident via one of its third-party vendors, HubSpot. BlockFi says that the hackers gained access to BlockFi client data stored on HubSpot on Friday, March 18. BlockFi was quick to assure investors that its internal system and client funds were not accessed and that the breach remains limited to a very narrow pool of data stored with the third-party vendor, HubSpot.

Individual Risk: 2.806 = Severe

The exposed information from this breach may have included user data such as names, email addresses and phone numbers.

NOTE: The attackers in this incident likely also accessed similar data on HubSpot belonging to Swan Bitcoin, NYDIG and Circle.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Business Cryptocurrency and DeFi have been catnip for cybercriminals and that’s not going to stop anytime soon.

United States – Creative Services Inc.

Exploit: Hacking 

Creative Services Inc.: Employment Investigations

Risk to Business: 1.721 = Severe

Hackers cracked into Massachusetts background check firm Creative Services and snatched highly sensitive personal records on more than 164,000 job-seekers and license applicants on November 26, 2021. The company’s internal investigation determined that an unauthorized party may have copied certain files on the company’s computer systems. This is a particularly tricky incident because of the confidential nature of the information that this firm handles.

Individual Risk: 1.763 = Severe

Investigators found that the hackers obtained access to names, dates of birth, Social Security numbers and driver’s license numbers in the attack as well as access to other sensitive data that could be used for nefarious purposes.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Business: This kind of sensitive information isn’t what anyone wants falling into the wrong hands and should be stored with extra safety.

Wheeling Health Right, Inc.

Exploit: Ransomware

Wheeling Health Right Inc.: Healthcare Non-Profit

Risk to Business: 1.867 = Severe

Wheeling Health Right Inc (WHR), a United Way medical services non-profit, announced that on January 18, 2022, the organization was the victim of a “sophisticated cyberattack”, likely ransomware, that encrypted its systems as well as giving the threat actors access to protected patient health information. The organization is working with a technology services provider to decrypt the data as well as add other safeguards, and the investigation is ongoing.  

Individual Risk: 1.772 = Severe

Information that may have been accessed includes full name, postal address, email address, phone number, driver’s license number, medical record number, Social Security number. tax information, income information, and other health information about patients who applied for or received services from WHR.  

How it Could Affect Your Business This isn’t a problem that any medical facility can afford with high HIPAA penalties, especially a non-profit.

Ireland – The Rehab Group 

Exploit: Malware

The Rehab Group: Disability Services Provider 

Risk to Business: 1.661 = Severe

One of the largest disability services providers in Ireland, The Rehab Group has fallen victim to a cyberattack. The company says that there is no evidence that data had been accessed. The investigation is still ongoing, with the Garda National Cyber Crime Bureau and the National Cyber Security Centre involved.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Any organization that holds a large quantity of personal or financial data will be an attractive target for cybercriminals.

Russia – Transneft

Exploit: Nation-State Hacking (Hacktivism)

Transneft: State-Owned Oil Pipeline Company

Risk to Business: 2.902 = Moderate

Anonymous is back at it, this time leaking documents stolen from the Omega Company, the research and development division of Russian oil pipeline company Transneft. The hacktivist collective, who have publicly sided with Ukraine in response to Russia’s invasion of the country, got ahold of 79GB of the company’s emails and published them on the leak site of the non-profit whistleblower organization Distributed Denial of Secrets. The stolen data includes invoices, equipment technical configurations, and product shipment information. One unusual detail: the hackers responsible dedicated the hack to Hillary Clinton after she mentioned that Ukraine-aligned hackers should attack Russian targets in a recent interview.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Political upheaval can place organizations within hacktivist sights, creating unforeseen security complications.

South Africa – TransUnion

Exploit: Ransomware

TransUnion: Credit Bureau

Risk to Business: 1.905 = Severe

TransUnion has reported that it experienced a data breach as a result of a ransomware attack. The company states that cybercriminals obtained access to their systems through credential compromise. TransUnion received a $15 million ransom demand from a group identifying themselves as N4ughtySec that they do not intend to pay. The group says they’re based in Brazil and that they have over 4TB of stolen data touching over 200 companies.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Organizations in the Financial sector from bans to credit organizations have been getting walloped by cybercrime, beating out healthcare to become the top cyberattack target.

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

We’re going on a world tour this week as anime and gaming fans get a few nasty surprises from Ubisoft and Toei Animation hacks, Lapsus$ keeps up the bad work and Anonymous continues hammering Russia.

South Denver Cardiology Associates

Exploit: Hacking

South Denver Cardiology Associates: Medical Clinic

Risk to Business: 2.214 = Severe

South Denver Cardiology Associates apparently kicked off 2022 with a data breach that they’ve just disclosed to their patients on their website. The medical practice believes that an unauthorized party gained access to its systems between January 2, 2022, and January 5, 2022. During that time, certain files stored on the system were accessed that contained the protected health information of patients. They were careful to note that there was no impact to the contents of patient medical records and no unauthorized access to the patient portal.

Individual Risk: 2.371 = Severe

Information potentially exposed includes names, dates of birth, Social Security numbers and/or drivers’ license numbers, patient account numbers, health insurance information, and clinical information, such as physician names, dates/types of service and diagnoses. South Denver Cardiology Associates is offering credit monitoring to impacted patients who have been informed by mail.  

How It Could Affect Your Business: This incident could end up being very expensive even if no real damage was done to the practice after regulators get finished with them.

Argentina – Mercado Libre 

Exploit: Ransomware

Mercado Libre: E-commerce & Payments

Risk to Business: 1.872 = Severe

E-commerce giant Mercado Libre has confirmed that an unauthorized party accessed its systems last week, snatching up a part of its source code. The ransomware gang Lapsus$ has claimed responsibility. Mercado admitted that threat actors had accessed data of around 300,000 of its users but stopped short of disclosing that this was a ransomware attack, clarifying what data was stolen or sharing ransom demands.  The company said that they do not believe “any users’ passwords, account balances, investments, financial information, or credit card information were obtained”. 

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Business Ransomware gangs have been quick to snatch data from large repositories, especially personal data or payment card information.

United Kingdom – Vodafone

Exploit: Ransomware

Vodafone: Telecom

Risk to Business: 2.311 = Severe

Lapsus$ was busy this week. The group also claimed responsibility for a hack at Vodafone. In a Telegram message to its subscribers, Lapsus$ claimed to have 200GB of Vodafone source code in its possession, allegedly the fruit of 5,000 GitHub repositories. No word on the specifics of the stolen data. Lapsus$ is reportedly a South American gang that also claimed responsibility for recent attacks on Nvidia and Impresa.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Business: Source code can be very profitable for ransomware gangs, and companies need to ensure that they’re protecting their proprietary resources well.

France – Ubisoft 

Exploit: Ransomware

Ubisoft: Video Game Studio

Risk to Business: 1.867 = Severe

French video game company Ubisoft has admitted that a cyber security incident knocked many games, services and systems offline. Guess who claimed responsibility? If you answered “Lapsus$”, you’re right!  Ubisoft says that no customer information was accessed, and games should be operating normally now. Credential compromise appears to have been a factor as Ubisoft employees have reportedly been required to change their passwords.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Protecting proprietary digital assets is especially important for companies like this who rely on them completely to do business.

Russia – Roskomnadzor (Federal Service for Supervision of Communications, Information Technology and Mass Media)

Exploit: Nation-State Hacking

Roskomnadzor (aka Federal Service for Supervision of Communications, Information Technology and Mass Media): Government Agency 

Risk to Business: 1.661 = Severe

Hacktivist collective Anonymous is still hard at work disrupting Russia’s technology infrastructure in response to that country’s continued aggression in Ukraine. This week, Anonymous chose to hit Roskomnadzor (Federal Service for Supervision of Communications, Information Technology and Mass Media). That agency is the watchdog that censors media outlets within Russia. The group leaked around 820 GB of data, available on the website Distributed Denial of Secrets (aka DDoSecrets). Roskomnadzor was recently tasked by the Putin regime to block Facebook, Twitter, and other online platforms within Russia. Anonymous had been loud, open and very busy in its support of Ukraine, claiming attacks on more than 300 Russian strategic targets within the first 72 hours of the Russian invasion of Ukraine.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Nation-state cybercriminals are highly likely to strategically attack Government, Utilities and Infrastructure targets during times of trouble but every business is at risk.

Russia – PJSC Rosneft Oil Company (Rosneft)

Exploit: Nation-State Cyberattack

PJSC Rosneft Oil Company (Rosneft): Oil Company

Risk to Business: 2.601 = Severe

The German subsidiary of the Russian energy company Rosneft has disclosed that they’d experienced a cyberattack. The attack snarled operations from last Friday night through the weekend. Reuters reports that German news outlet Die Welt points to “Anonymous” as the source behind the attack as part of its ongoing campaign against Russia in opposition to its invasion of Ukraine. 

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Political upheaval can place organizations within hacktivist sights, creating unforeseen security complications.

Japan – Denso 

Exploit: Ransomware

Denso: Automotive Parts Manufacturer

Risk to Business: 1.402 = Extreme

Cybercrime group Pandora released a statement on Sunday saying it had snatched sensitive data from Denso, a supplier to Toyota. Just two weeks ago, Toyota had been forced to halt production in Japan because of a supply chain cybersecurity incident and this appears to be it. The company disclosed that it had detected unauthorized access to its network using ransomware at DENSO Automotive Deutschland GmbH, an associated firm in Germany. No information about the ransom or specifics on stolen data were available.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Supply chain issues have plagued businesses as cybercriminals seek fast ransom payments from manufacturers or critically needed goods.

Japan – Toei Animation 

Exploit: Ransomware

Toei Animation: Animation Studio

Risk to Business: 1.436 = Extreme

 Major Japanese animation studio Toei announced that there will be delays in the release of several popular anime series, including the long-awaited episode 1000 of ONE PIECE, because of a cyberattack. The anime studio said that they detected unauthorized access to their systems on March 6th, 2022, forcing a system-wide shutdown that impacted their production schedule. In a statement, Toei revealed that new releases for series including Dragon Quest Dai no Daibouken, Delicious Party Precure, Digimon Ghost Game and ONE PIECE will be delayed until further notice.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business Cybercriminals love to hit organizations that are under time pressure or handle time-sensitive products because of the higher chance they’ll get paid.

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

Nation-state hacking impacts thousands and Lapsus$ spills the beans on Samsung’s source code..

Washington State Department of Licensing

Exploit: Hacking

Washington State Department of Licensing: Government Agency

Risk to Business: 2.337= Severe

Washington State Department of Licensing (DOL) experienced a data breach that has impacted approximately 650,000 former and current licensees. After discovering unexpected activity, the agency’s website was taken offline in January. At the time, no data loss was expected but that has since changed. 

Individual Risk: 2.416= Severe

The exposed data includes former and current licensing information as well as licensees’ social security numbers, driver’s license or ID numbers and dates of birth.  

How It Could Affect Your Customers’ Business: This trove of data combines business and personal information, making it especially useful and potentially profitable for the bad guys

AON

Exploit: Ransomware

AON: Insurer

Risk to Business: 2.176=Moderate

Insurance giant AON disclosed that it had suffered a cyberattack last week in a filing with the U.S. Securities and Exchange Commission (SEC). The company said that it had discovered an incident that impacted some systems. AON does not suspect that there will be a material impact on clients or operations. The incident is suspected to involve ransomware. It is under investigation and the company has brought in outside experts.

How It Could Affect Your Customers’ Business Companies like this that hold or store large amounts of valuable data are high on cybercriminal shopping lists.

Monongalia Health System

Exploit: Hacking

Monongalia Health System: Healthcare Provider

Risk to Business: 1.367 = Extreme

West Virginia healthcare organization Monongalia Health System (Mon Health) has announced another data breach. The company operators of Monongalia County General Hospital, Preston Memorial Hospital, Stonewall Jackson Memorial Hospital and other healthcare centers, is informing patients and staffers that they had data stolen in December 2021. This is the second breach announcement in 3 months for Mon Health. Attackers did not gain access to the organization’s health electronic records systems.

Individual Risk: 1.377 = Extreme

Exposed data may include patient, employee, provider and contractor data including names, addresses, birth dates, Social Security numbers, health insurance claim numbers, medical record numbers, patient account numbers, medical treatment information, and various other data. 

How It Could Affect Your Customers’ Business: Every medical sector organization needs to take extra precautions against data-hungry cybercriminals to avoid a major HIPAA fine. Or two in this case.

Adafruit

Exploit: Insider Risk

Adafruit: Open-Source Hardware

Risk to Business: 2.847 = Moderate

An employee’s publicly accessible GitHub repository is to blame for a data security breach at New York hardware developer Adafruit, resulting in exposure of information about some users on or before 2019. The company was quick to provide assurances that the data set did not contain any user passwords or financial information such as credit cards, but not so quick to send emails to impacted users, waiting until after publishing a notification on its blog that was picked up by media outlets.

Individual Risk: 2.802 = Moderate

Exposed data for users may include names, email addresses, shipping/billing addresses, order details and order placement status via payment processor or PayPal.

How it Could Affect Your Customers’ Business Whether they’re malicious or not, insider actions can have a major effect on companies even if the insider no longer works there.

Viasat

Exploit: Nation-State Cyberattack

Viasat: Internet Service Provider

Risk to Business: 1.661=Severe

An estimated 10 thousand people found themselves without internet access after a cyberattack took down service to fixed broadband customers in Ukraine and elsewhere on its European KA-SAT network. The attack, starting about the same time as the Russian invasion of Ukraine, is suspected to be the work of Russia-aligned nation-state threat actors. No data was accessed or stolen in the incident, which is still under investigation.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Customers’ Business Nation-state cybercriminals are highly likely to strategically attack Utilities and Infrastructure targets during times of trouble.

PressReader 

Exploit: Nation-State CyberattackPressReader: Media App

Risk to Business: 1.719 = Severe

A cyberattack impacting PressReader, the world’s largest digital newspaper and magazine distribution platform, left readers in the US, UK, Australia and Canada unable to access more than 7000 publications. Some of the unavailable publications include The Guardian, Vogue, Forbes and the New York Times. PressReader said it has resolved the issue and is working to make missed content available to users after experiencing an unspecified cybersecurity event. This may be a nation-state attack; the incident happened shortly after PressReader announced that it was removing dozens of Russian titles from its catalog and publicly stated that it would help the Ukrainian citizens access the news following Russia’s invasion of their country.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Customers’ Business Unsurprisingly, Russia-aligned threat actors are trying to control the flow of information about the invasion of Ukraine, leaving news outlets especially vulnerable right now.

Japan – Acro

Exploit: Third-Party Risk

Acro: Beauty Retailer

Risk to Business: 1.826 = Severe

Japanese e-commerce beauty company Acro has disclosed a data breach that has exposed the details of more than 100,000 payment cards. The incident included two of the company’s four retail websites. Acro is pointing to a security incident at a third-party service provider as the cause. The company specified that the compromised data related to 89,295 payment cards used to pay for goods on the Three Cosmetics domain and 103,935 cards used on its Amplitude site. Victims potentially include anyone who made purchases on either of the two sites between May 21, 2020, and August 18, 2021.

Individual Risk: 1.713 = Severe

The stolen data potentially contains credit card information including cardholder names, payment card numbers, expiration dates and security codes.

How it Could Affect Your Customers’ Business Cybercriminals love credit card data because it’s a reliable commodity in dark web markets for quick profits.

Korea – Samsung

Exploit: Ransomware

Samsung: Electronics Maker

Risk to Business: 1.664 = Severe

The Lapsus$ hacking group just published a 190-gigabyte trove of confidential data including source code that it claims to have seized from Samsung Electronics in a ransomware attack. Reports say that the stolen code contains the source for every Trusted Applet in Samsung’s TrustZone environment, which handles sensitive tasks such as hardware cryptography and access control. It may also include biometric unlock operation algorithms, the bootloader source for recent devices, activation server source code and the full source code used to authenticate and authorize Samsung accounts. Samsung says that they’re investigating the incident.  

No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Customers’ Business Proprietary data is just as much of a win for cybercriminals as credit card or personal data, and worth a chunk of change for the right buyer.

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

Cryptocurrency handlers continue to get pounded as cybercriminals steal an estimated $135 million from a blockchain game developer & Brazil’s Ministry of Health was creamed by ransomware two times in one week!

Virginia Museum of Fine Arts

Exploit: Ransomware

Virginia Museum of Fine Arts: Art Museum 

Risk to Business: 2.822=Moderate

A system security breach prompted the Virginia Museum of Fine Arts to shut down its website for a state investigation in late November 2021. The museum, an independent agency of the state, said the Virginia Information Technologies Agency detected an intrusion by an unauthorized third party to the museum’s environment in late November. An investigation is underway, and a temporary website has been established.  

Individual Impact: No consumer/employee PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted: Unknown

McMenamins

Exploit: Ransomware 

McMenamins: Hotel and Restaurant Chain

Risk to Business: 1.612=Severe

Family-owned hotel and restaurant chain McMenamins received an unwelcome holiday gift: ransomware. The company says that it has had to shut down credit card point-of-sale systems and corporate email but can still serve customers. The Conti ransomware group is thought to be responsible but the group has not claimed responsibility. The popular chain of restaurants, pubs, breweries and hotels is located in the Pacific Northwest: specifically, Washington and Oregon. The company has announced that it is working with the FBI and a third-party cybersecurity firm to investigate the attack. 

Individual Impact: No consumer/employee PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted: Unknown

The Oregon Anesthesiology Group (OAG)

Exploit: Ransomware

The Oregon Anesthesiology Group (OAG): Medical Care Provider  

Risk to Business: 1.717= Severe

 The Oregon Anesthesiology Group (OAG) disclosed that a ransomware attack in July led to the breach of sensitive employee and patient information. The company said it was contacted by the FBI on October 21 and informed that the Bureau had seized an account that contained OAG patient and employee files from Ukrainian ransomware group HelloKitty. The FBI also told OAG that the Bureau believes the group exploited a vulnerability in OAG’s third-party firewall to gain entry to its network.   

Risk to Business: 1.802=Severe

The information of 750,000 patients and 522 current and former OAG employees was impacted in this incident. Patient information potentially involved in this incident included names, addresses, date(s) of service, diagnosis and procedure codes with descriptions, medical record numbers, insurance provider names, and insurance ID numbers. Cybercriminals also potentially accessed current and former OAG employee data, including names, addresses, Social Security numbers and other details from W-2 forms. OAG will provide victims of the incident 12 months of Experian identity protection services and credit monitoring.  

Customers Impacted: Unknown

Superior Plus

Exploit: Ransomware

Superior Plus: Propane Distributor 

Risk to Business: 2.229 = Severe

Canadian propane distributor Superior Plus has fallen victim to a ransomware attack. The company announced that it was subject to a ransomware incident on Sunday, December 12, 2021, which impacted its computer system, resulting in the company temporarily disabling some computer systems and applications as it investigates this incident. The company is in the process of bringing these systems back online. The statement goes on to say that it has no evidence that the safety or security of any customer or other personal data has been compromised. Superior Plus supplies propane gas to more than 780,000 customers in the US and Canada, a hot commodity during the winter season. 

Individual Impact: No consumer/employee PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted:

Brazil – Ministry of Health (MoH)

Exploit: Ransomware

Ministry of Health (MoH) – National Government Agency

Risk to Business: 1.107= Extreme

Brazil’s Ministry of Health (MoH) suffered not one but two ransomware attacks in the last week, seriously impacting its operations. The agency was still in the process of recovering from a ransomware attack on 12/10 when they were hit again on 12/13. In the initial attack, all of MoH’s websites, including ConecteSUS, which tracks the trajectory of citizens in the public healthcare system, became unavailable. This includes the COVID-19 digital vaccination certificate, which is available via the ConecteSUS app. The Lapsus$ Group has claimed responsibility for the first attack, claiming that it has stolen some 50TB worth of data. The department was quick to assure the public that it has the relevant data backed up. The second attack set recovery back, preventing Brazil’s platform that issues COVID-19 vaccine certificates, ConecteSUS , from coming back online as scheduled. Ministry officials said that the second attack had been unsuccessful and that no data had been compromised in that incident, but it had affected that timeline for recovery. The National Data Protection Authority (ANPD) is also working on the case and has contacted the Institutional Security Office and the Federal Police to collaborate with the investigations.    

Individual Impact: No consumer or employee PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

Ireland – Coombe Hospital

Exploit: Hacking

Coombe Hospital: Medical Center 

Risk to Business: 2.711 = Moderate

The Coombe Hospital announced that it has been hit by a ransomware attack that has impacted its IT systems. The hospital stated that it had isolated and locked down its IT services on a precautionary basis.  The maternity and infants’ hospital said that services are continuing as normal and no disruptions to patient care are expected. The HSE is assessing whether this will have a broader impact on the health service. 

Individual Impact: No consumer or employee PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

Greece – VulcanForged

Exploit: Ransomware

VulcanForged: Cryptocurrency Gaming Company 

Risk to Business: 1.7684 = Severe

Hackers stole around $135 million from users of the blockchain gaming company VulcanForge. Blockchain games appear chiefly designed as vehicles to buy and sell in-game items linked to NFTs using PYR. VulcanForge creates games such as VulcanVerse, which it describes as an MMORPG and an online card game called Berserk. Hackers stole the private keys to access 96 wallets, siphoning off 4.5 million PYR, VulcanForge’s token that can be used across its ecosystem, with an estimate $135 million in value.

Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

Australia – Finite Recruitment

Exploit: Ransomware

Finite Recruitment: Staffing Firm 

Risk to Business: 2.223 = Severe

IT recruitment firm Finite Recruitment has confirmed it experienced a cyberattack in October 2021 that resulted in some of the company’s data getting stolen and published on the dark web. The Conti ransomware group listed Finite Recruitment as a victim on its dark web leak site, claiming to have acquired 300GB of the company’s data. Finite Recruitment services several NSW government agencies as well as private clients.  

Risk to Business: 2.015 = Severe

An estimated 38,000 employees and up to 80,000 government employees may have had their data exposed and that data may include financial data, contracts, customer databases with phone numbers and addresses, contracts with employees’ passport details, phone numbers, mail correspondence, and other information. 

Customers Impacted: Unknown

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

Cox Communications gets caught by phishing, Atalanta imports some ransomware, another crypto exchange gets hacked for millions & a shocking ransomware attack on the Virginia Legislature.

Atalanta

Exploit: Ransomware

Atalanta: Food Importer

Risk to Business: 1.616= Severe

Imported foods outfit Atalanta has admitted that it suffered a data breach involving employees’ personal information as the result of a ransomware attack in July 2021. An investigation concluded that information related to Atalanta’s current and former employees and some visitors was accessed and acquired by an unauthorized party. Atalanta is North America’s largest privately-held specialty food importer. No details were offered by the company about how many records were exposed and what personal information they contained. 

Individual Impact: No details were offered by the company about how many records were exposed and what personal information they contained. 

Customers Impacted: Unknown

Cox Communications 

Exploit: Phishing (Vishing)

Cox Communications: Digital Cable Provider

Risk to Business: 1.773=Severe

Cox Communications has disclosed a data breach after a hacker impersonated a support agent to gain access to customers’ personal information. The story goes that on October 11th, 2021, a bad actor impersonated a Cox support agent by phone to gain access to customer information. Cox is the third-largest cable television provider in the US with around 3 million customers. 

Individual Risk: 1.813=Severe

Customers may have had information material to their Cox account exposed including name, address, telephone number, Cox account number, Cox.net email address, username, PIN code, account security question and answer, and/or the types of services that they receive from Cox. 

Customers Impacted: 3 million

The Virginia Division of Legislative Automated Systems (DLAS)

Exploit: Ransomware

The Virginia Division of Legislative Automated Systems (DLAS): Government Technology Services 

Risk to Business: 1.318=Extreme

A ransomware attack has hit the division of Virginia’s state government that handles IT for agencies and commissions within the Virginia legislature. Hackers accessed the agency’s system late Friday, then deployed ransomware. A ransom demand was received on Monday. A Virginia state official told CNN that DLAS was shutting down many of its computer servers in an attempt to stop the spread of ransomware. No information was available at press time about the amount of the ransom demand or what if any data was stolen. AP reports that this attack is the first recorded on a state legislature.  

Individual Impact: No consumer/employee PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted: Unknown

Kronos Ultimate Group 

Exploit: Ransomware

Kronos Ultimate Group: Payroll Services

Risk to Business: 1.619= Severe

HR management company Ultimate Kronos Group has been hit by a ransomware attack that could have devastating ongoing repercussions. The company’s Kronos Workforce Central was paralyzed in the attack. That prevents its clients, including heavyweights like Tesla and Puma, from processing payroll, handling timesheets and managing their workforce. Kronos first became aware of unusual activity on Kronos Private Cloud on Saturday evening. The company’s blog says that it is likely the issue may require several weeks to resolve. 

Individual Impact: No consumer/employee PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted:

United Kingdom – SPAR Convenience Stores

Exploit: Ransomware

SPAR Convenience Stores: Convenience Store Chain 

Risk to Business: 1.412= Extreme

UK convenience store chain SPAR fell victim to a cyberattack that impacted operations at a store level. SPAR has around 2600 stores located across the UK. The suspected ransomware attack impacted 330 SPAR locations primarily located in the north of England. Those stores were left unable to process payments made using credit or debit cards for a time. The attack also prevented the stores from using their accounting or stock control systems. Some of the affected shops remain closed in the wake of the attack, but some have reopened accepting only cash payments. An investigation is ongoing. 

Individual Impact: No consumer or employee PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

Sweden – Volvo Cars

Exploit: Hacking

Volvo Cars: Automotive Manufacturer

Risk to Business: 2.112 = Severe

Swedish automotive company Volvo announced that hackers had violated its network and made off with valuable research and development data in a cyberattack. The company went on to say that its investigation confirmed that a limited amount of the company’s R&D property was stolen during the intrusion, but no other data was accessed. The company was quick to assure Volvo owners that there would be no impact on the safety or security of their cars or their personal data. 

Individual Impact: No consumer or employee PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

Germany – Hellmann Worldwide Logistics

Exploit: Ransomware

Hellmann Worldwide Logistics: Transportation Logistics Firm 

Risk to Business: 1.7684 = Severe

Hellmann Worldwide Logistics reported a cyberattack this week that packed a punch. The company said that a cyberattack, suspected to be ransomware, caused them to have to temporarily remove all connections to their central data center. Hellmann said its Global Crisis Taskforce discovered the attack but outside cybersecurity experts were brought in to help with the response.  The company serves clients in 173 countries, running logistics for a range of air, sea, rail and road freight services. 

Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

France – Régie Autonome des Transports Parisiens (RATP) 

Exploit: Misconfiguration

Régie Autonome des Transports Parisiens (RATP): Transportation Authority 

Risk to Business: 1.723 = Severe

A state-owned French transportation giant is in hot water after exposing personal information for nearly 60,000 employees via an unsecured HTTP server. Researchers discovered the server on October 13 left open and accessible to anyone. It contained an SQL database backup dating back to 2018 with over three million records. This featured the details of 57,000 RATP employees — including senior executives and the cybersecurity team. Source code related to RATP’s employee benefits web portal was also exposed with API keys that enabled access to the sensitive info about the website’s backend and RATP’s GitHub account. 

Individual Risk: 1.723 = Severe

The exposed employee data includes full names, email addresses, logins for their RATP employee accounts and MD5-hashed passwords. 

Customers Impacted: Unknown

Singapore – AscendEX 

Exploit: Hacking

AscendEX: Cryptocurrency Trading Platform 

Risk to Business: 1.223 = Extreme

Cryptocurrency exchange AscendEX suffered a hack for an estimated $77 million following a breach of one its hot wallets. The company announced the hack on Twitter, saying that it had identified a number of unauthorized transactions from one of its hot wallets on Saturday. Blockchain analytics firm PeckShield estimated that the stolen funds amounted to $77 million spread across three chains: Ethereum ($60 million), Binance Smart Chain ($9.2 million) and Polygon ($8.5 million). The largest share of the $77 million was accounted for by the relatively minor taraxa (TARA) with $10.8 million, while the combined shares of stablecoins USDT and USDC accounted for $10.7 million. The Singapore-based exchange, which was formerly known as BitMax, claims to serve one million institutional and retail clients.   

Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

Australia – Frontier Software 

Exploit: Ransomware 

Frontier Software: Payroll Services Technology Provider 

Risk to Business: 2.323 = Severe

 South Australia’s state government announced that state government employee data has been exfiltrated as part of a ransomware attack on payroll provider Frontier Software. The company has informed the government that at least up to 80,000 government employees and 38,000 employees of other businesses may have had their data snatched by bad actors in the November 13 incident.    

Individual Risk: 2.401 = Severe

 The stolen employee data contained names, dates of birth, tax file numbers, home addresses, bank account details, employment start dates, payroll period, remuneration, and other payroll-related information.  

Customers Impacted: Unknown

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

Cybercriminals snatched millions from three cryptocurrency platforms, PII and PHI were exposed in major medical clinic snafus.

Planned Parenthood

Exploit: Ransomware

Planned Parenthood: Healthcare Provider

Risk to Business: 1.616= Severe

Bad actors gained access to the personal information of an estimated 400,000 patients of Planned Parenthood in Los Angeles this past October in a probable ransomware attack.  A spokesperson said that someone gained access to Planned Parenthood Los Angeles’ network between October 9 and 17, deployed and exfiltrated an undisclosed number of files. The breach is limited to the Los Angeles affiliate and an investigation is underway. 

Risk to Business: 1.703= Severe

PPLA told clients that PII and PHI had been exposed including the patient’s name, address, insurance information, date of birth, and clinical information, such as diagnosis, procedure, and/or prescriptions.

Customers Impacted: 400,000

How It Could Affect Your Business: Medical information is valuable, especially sensitive information like this that can be used for both cybercrime and blackmail, and patients expect that healthcare providers will protect it.

Gale Healthcare Solutions

Exploit: Misconfiguration

Gale Healthcare Solutions: Healthcare Job Placement

Risk to Business: 1.611=Severe

More than 30,000 US healthcare workers’ personal information was recently exposed due to a non-password-protected database owned by Gale Healthcare Solutions, a Florida-based healthcare staffing provider. Files containing the PII of healthcare workers that the company placed were hosted on an unsecured AWS cloud server that was uncovered by security researchers in September. Gale Health Solutions says that the environment has been deactivated and secured. The company also says that there is no evidence there was any further unauthorized access beyond the researcher or that any personal data has been, or will be, misused. 

Individual Risk: 1.813=Severe

Researchers reported that the files they saw contained a healthcare worker’s face image or ID badge, full name and a number consistent with an SSN. Other personal data about the impacted workers may also have been exposed.  

Customers Impacted: 300,000

How It Could Affect Your Business This mistake will be expensive and coveted healthcare workers may be inclined to choose a different staffing agency because of this carelessness.

MonoX

Exploit: Hacking

MonoX: Cryptocurrency Finance

Risk to Business: 1.318=Extreme

The MonoX DEX platform has experienced a breach that did damage to the tune of $31 million. The breach took place after hackers exploited a vulnerability in smart contract software, then exploited the vulnerability to increase the price of MONO through smart contracts and bought assets with MONO tokens. DeFi platform Badger was also reportedly hit by hackers for $120 million last week after they gained access by targeting a protocol on the Ethereum network.  

Individual Impact: No consumer PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted: Unknown

DNA Diagnostics Centre

Exploit: Ransomware

DNA Diagnostics Center: Healthcare Services

Risk to Business: 1.819= Severe

DNA Diagnostics Center said that on August 6, the company discovered that there had been unauthorized access to its network that enabled someone to access and exfiltrate an archived database that contained patient PII collected between 2004 and 2012. The Ohio-based company says that 2,102,436 people had their information exposed. Victims may have been ordered to undergo genetic testing as part of a legal matter.

Individual Risk 1.617= Severe

The company is sending letters to impacted individuals warning them that they may have had their PII and sensitive data such as Social Security number or payment information exposed. Anyone whose personal information was accessed is being offered Experian credit monitoring.

Customers Impacted: 2,102,436

How it Could Affect Your Business Companies that store two kinds of valuable data like this are at high risk for an expensive and damaging ransomware incident that will have lasting financial results.

United Kingdom – BitMart

Exploit: Hacking

BitMart: Cryptocurrency Exchange 

Risk to Business: 1.212= Extreme

Cryptocurrency trading platform BitMart has been hacked resulting in the loss of an estimated $150 million in funds. Portswigger reports that Blockchain security firm Peckshield has estimated losses of around $200 million following an attack on the platform on Saturday (December 4), comprising $100 million on the Ethereum blockchain and $96 million on the Binance Smart Chain. BitMart said n a statement that it was temporarily suspending withdrawals until further notice after detecting a large-scale security breach centered on two ‘hot’ wallets. BitMart claims that it has more than nine million customers across more than 180 countries. 

Individual Impact: No consumer or employee PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

How it Could Affect Your Business Crypto platforms have been squarely in cybercriminals’ sights in the last few months and consumers are watching to see which ones are able to avoid trouble.

Japan – Panasonic

Exploit: Hacking

Panasonic: Electronics Manufacturer 

Risk to Business: 1.919 = Severe

Panasonic has confirmed that it’s had a security breach after unauthorized users accessed its network on November 11. The company says that an internal investigation revealed that some data on a file server had been accessed by intruders. No information was given about what data was accessed or how much. Panasonic says that it is working with an outside firm to get to the bottom of the matter and expressed its apologies for the incident.  

Individual Impact: No consumer or employee PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

Australia – CS Energy

Exploit: Ransomware

CS Energy: Energy Company 

Risk to Business: 1.723 = Severe

CS Energy confirmed it experienced a ransomware attack on November 27.  The company said the incident was limited to its corporate network and did not impact operations at its Callide and Kogan Creek power stations. CS Energy’s CEO said that the company contained the ransomware attack by segregating the corporate network from other internal networks and enacting business continuity processes. CS Energy is owned by the Queensland government.  

Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

Cybercriminals haven’t had any trouble assembling a phishing campaign at IKEA, the NCSC sounds the alarm about escalating ransomware danger, wild accusations of treachery and sabotage add a whole new twist to a ransomware attack at BTC Alpha.

Cronin

Exploit: Misconfiguration

Cronin: Digital Marketing Firm

Risk to Business: 1.917= Severe

Researchers discovered a non-password-protected database that contained 92 million records belonging to the digital marketing firm Cronin last week. The exposed server was named “Cronin-Main” and many of the records contained references to Cronin. Exposed client records include internal logging of client advertisement campaigns, keywords, Google analytics data, session IDs, Client IDs, device data and other identifying information. Sales data was also exposed in a “Master Mailing List” with direct physical names, addresses, Salesforce IDs, phone numbers, and references to where the leads came from for customers and prospects. Internal Cronin employee usernames, emails, and hashed passwords and some unspecified PII and financial data were also exposed.

Individual Impact: Reports of this breach include mention of exposed employee financial data and PIIbut no details were available as of press time.

Customers Impacted: Unknown

Supernus Pharmaceuticals

Exploit: Ransomware

Supernus Pharmaceuticals: Pharmaceutical Company

Risk to Business: 1.702=Severe

Maryland-based Supernus Pharmaceuticals fell prey to a ransomware attack that resulted in a large amount of data being exfiltrated from its networks in mid-November. The Hive ransomware group claimed responsibility for the attack over the Thanksgiving holiday weekend. The group claims to have breached Supernus Pharmaceuticals’ network on November 14 and exfiltrated a total of 1,268,906 files, totaling 1.5 terabytes of data. Supernus Pharmaceuticals says it did not plan to pay a ransom. In a statement, Supernus Pharmaceuticals also disclosed that it did not experience a significant impact on its business, they were quickly able to restore lost data and the company has enacted stronger security measures.  

Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

Butler County Community College

Exploit: Ransomware

Butler County Community College: Institution of Higher Learning

Risk to Business: 2.728=Moderate

Butler County Community College in Pennsylvania was forced to suspend classes for at least two days in the wake of a ransomware attack that has crippled the college’s systems. The college says it is working to restore databases, hard drives, servers and other devices. In a release, the college also announced the cancellation of all remote and online credit classes as it works to restore data, servers and other systems affected by the attack. Noncredit courses are canceled as well for November 29 and 30. The college will not provide services on its main campus or at its additional locations on those days. The incident is under investigation and the college is being assisted in recovery by a local cybersecurity firm.  

Individual Impact: No consumer PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted: Unknown

Brazil – WSpot

Exploit: Misconfiguration

WSpot: WiFi Security Software Provider

Risk to Business: 2.109= Severe

Researchers uncovered a misconfigured Amazon Web Services S3 bucket containing 10 GB worth of data that belonged to Wi-Fi software services company WSpot. The bucket was discovered on Sep 2nd, and WSpot was notified on Sep 7th, after which the company was able to secure it immediately. The company stated that they are in the process of notifying legal authorities including the National Data Protection Authority regarding the incident. WSpot, estimated that 5% of its customer base was impacted by this leak. 

Individual Risk 2.811= Severe

 An estimated 226,000 files were exposed including the personal details of at least 2.5 million users who connected to WSpot’s client’s public Wi-Fi networks. 

Customers Impacted: 2.5 million users

United Kingdom – BTC-Alpha 

Exploit: Ransomware

BTC-Alpha: Cryptocurrency Exchange

Risk to Business: 1.512= Severe

This week’s most bizarre breach saga belongs to BTC-Alpha. The UK-based cryptocurrency exchange was hit with a ransomware attack in early November. The Lockbit ransomware group claimed responsibility and posted a threat to its leak site to expose BTC-Alpha’s data if a ransom was not paid by December 1. Here’s where it gets strange. Alpha founder and CEO Vitalii Bodnar alleged the attack was the work of a competing cryptocurrency firm in a press release on the same day that Lockbit’s announcement was made. The release goes on to state that a rival was launching a cryptocurrency exchange on the same day as the attack and may be involved in the incident. The full text of the release is available here: https://www.prleap.com/pr/282919/vitaliy-bodnar-founder-of-btc-alpha-comments-on-the-pressure-and-threats The company disclosed that although hashed passwords were compromised, users’ balances were not impacted, and the company and its users lost no money. The company also advised users to avoid password reuse, update or reinstall their apps, and employ MFA. The odd incident is under investigation.  

Individual Impact: No consumer or employee PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

Sweden – IKEA 

Exploit: Phishing

IKEA:  Furniture & Home Goods Retailer 

Risk to Business: 1.595 = Extreme

IKEA is battling a nasty phishing attack on its employee email accounts that is using reply chains to try to trick employees. A reply-chain email attack is a type of spoofing in which the bad guys steal legitimate corporate email messages and send links to malicious documents to the chain as a reply. The messages seem legit and can be hard to catch. Malicious messages are being sent from inside the main IKEA organization as well as from other compromised IKEA organizations and business partners. The fight is ongoing and no direct cause has been announced, although analysts are saying that signs point to a Microsoft Exchange on-premises server compromise. 

Individual Impact: No consumer or employee PII or financial data exposure was disclosed in this incident as of press time.

Singapore – Swire Pacific Offshore 

Exploit: Ransomware

Swire Pacific Offshore: Maritime Services 

Risk to Business: 2.712 = Moderate

Singapore-based shipping firm Swire Pacific Offshore has announced a data breach after it fell victim to a possible ransomware attack. The company’s press release stated that unauthorized access had resulted in the loss of some confidential proprietary commercial information and some personal data. The statement went on to note that appropriate authorities have been notified. Singapore has mandatory data breach notification laws that require organizations to report incidents like this to the government. The company also announced that it is working with data security experts to investigate the incident and implement stricter security measures.  

Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

GoDaddy is back in the hot seat after another massive breach exposes data for more than 1 million users, an insider incident in Ohio raises election security concerns & a data breach at Australia’s copyright authority.

GoDaddy

Exploit: Credential Compromise

GoDaddy: Web Hosting Provider 

Risk to Business: 1.527= Severe

GoDaddy has reported a data breach that may impact more than 1 million customers who use the service for WordPress hosting. The company detailed the incident in an SEC filing, declaring that it had detected unauthorized access to its systems where it hosts and manages its customers’ WordPress servers when someone used a compromised password for access around September 6. GoDaddy said it discovered the breach last week on November 17. The company warned that active customers had their sFTP credentials (for file transfers), and the usernames and passwords for their WordPress databases, which store all the user’s content, exposed in the breach. In some cases, the customer’s SSL (HTTPS) private key was exposed, which if abused could allow an attacker to impersonate a customer’s website or services. 1.2 million active and inactive managed WordPress users had their email addresses and customer numbers exposed in this incident.

Individual Impact: No consumer PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted: 1.2 million

California Pizza Kitchen

Exploit: Hacking

California Pizza Kitchen: Fast Casual Restaurant Chain

Risk to Business: 2.212=Severe

US casual dining chain California Pizza Kitchen has had a data security breach that impacts current and past employees. In a statement, the company disclosed that its systems were infiltrated by an unauthorized user on September 15. Those cybercriminals gained access to an undisclosed amount of data including employee records that contained at least employee names and SSNs.

Individual Risk: 1.907=Severe

In a filing with the Maine attorney general’s office, the company reported that 103,767 current and former employees had their names and Social Security numbers exposed.

Customers Impacted: 103,767

Lake County Board of Commissioners 

Exploit: Insider Incident

Lake County Board of Commissioners: Election Regulator

Risk to Business: 1.502=Severe

The Washington Post is reporting that a data security incident occurred at the Lake County, Ohio Board of Elections. The attempted breach occurred on May 4 inside the county office of John ­Hamercheck (R), president of the Lake County Board of Commissioners. In this incident, a private laptop was plugged into the county network in Hamercheck’s office, capturing routine network traffic. That information was then distributed at an August “cyber symposium” on election fraud hosted by MyPillow executive Mike Lindell. Officials say that no sensitive data was obtained. This is substantially similar to an incident in Colorado earlier this year. Data from the Colorado incident was circulated at the same event. The FBI is investigating the incident.

Individual Impact: No consumer PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted: Unknown

Cyprus – StripChat 

Exploit: Misconfiguration

StripChat: Adult Content Platform

Risk to Business: 1.615= Severe

StripChat, one of the world’s top 5 adult cam sites, has suffered a data breach that exposed more than its usual fare, including the personal data of millions of users and adult models. In a blunder discovered by security researchers, StripChat failed to properly configure an ElasticSearch database cluster, leaving data exposed for at least 3 days.

Individual Risk 1.802= Severe

Researchers listed the exposed data pertaining to 65 million users registered on the site including their username, email, IP address, ISP details, tip balance, account creation date, last login date and account status. Data for 421,000 models broadcasting on the site was also exposed including username, gender, studio ID, live status, tip menus/prices and strip scores. Other transaction data was also exposed.

Customers Impacted: Unknown

Denmark – Vestas

Exploit: Ransomware

Vestas: Wind Turbine Manufacturer

Risk to Business: 1.512= Severe

The world’s largest supplier of wind turbines Vestas has announced that it has experienced a suspected ransomware incident. The company says that its initial investigation has determined that data has been compromised, although no specifics about that data were given. The company says that the incident forced the shutdown of IT systems and has damaged parts of Vestas’ internal IT infrastructure. Recovery has begun, and the company has stressed that the impact on its manufacturing, construction and service arms has been minimal.

Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

Australia – Copyright Agency

Exploit: Hacking

Copyright Agency: Royalty Collection Agency

Risk to Business: 1.595 = Extreme

Australia’s Copyright Agency has suffered a data breach The agency which distributes royalties to authors, photographers and other creators for the reuse of their text and images, notified members of the incident last Friday. No information is yet available about what data may have been impacted, but there’s a possibility that extensive personal and financial data may have been exposed for the 37,000 creators that it services.

Customers Impacted: 37,000

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

Hackers manage a shocking breach that leads to ATO at the FBI, beer production goes flat after a cyberattack at S.A. Damm, Robinhood takes a beating and welcome good news about business security spending increases.

Federal Bureau of Investigation (FBI) 

Exploit: Account Takeover

 Federal Bureau of Investigation (FBI): Federal Government Agency 

Risk to Business: 1.417= Severe

A shocking email security breach at the US Federal Bureau of Investigation (FBI) led to the takeover of a user account. The cybercriminals that accomplished the feat were able to use that compromised email account to send tens of thousands of fraudulent emails warning recipients of impending cyberattacks. Messages reached celebrities like Jay Z and journalists including investigative reporter Brian Krebs. The Bureau later confirmed that its Law Enforcement Enterprise Portal (LEEP) was compromised in a cyberattack Friday. FBI officials were quick to stress the fact that the malicious emails originated from an FBI-operated server that was solely dedicated to pushing notifications for LEEP and not part of the FBI’s corporate email service.

Individual Impact: No consumer PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business: This incident shows that no organization is immune to a cyberattack, and even the best defenses can fail.

West Virginia Parkways Authority

Exploit: Ransomware

West Virginia Parkways Authority: State Government Agency 

Risk to Business: 1.822=Severe

A suspected ransomware attack snarled operations at the West Virginia Parkways Authority last Friday. Officials announced that a cyberattack had hit the agency’s internal computer systems, knocking out email, telephones, and various non-critical applications for several hours. According to the statement, no data was extracted or exposed in the incident which only impacted operational technology. Systems have since been restored and the incident is under investigation.

Individual Impact: No consumer PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business Using ransomware against infrastructure targets to shut down their operations has become much more common.

Robinhood

Exploit: Phishing (Vishing)

Robinhood: Financial Services Platform 

Risk to Business: 1.542=Extreme

Financial services platform Robinhood is in the news again after disclosing a data breach on 11/03. The company blamed the security incident on vishing. Threat actors obtained access to the organization’s customer support systems by obtaining systems access over the phone. This is the same technique that proved successful in the 2020 Twitter hack. According to reports, after accessing the data, the cybercriminals then demanded an extortion payment to keep the data safe. No word on the amount of this demand. The incident is under investigation.

Individual Risk: 1.312=Extreme

The company disclosed that it estimates a total of seven million users are apparently affected by this breach. Threat actors accessed email addresses for five million customers and a separate list of full names for two million customers. Robinhood says that the bad guys gained access to varying levels of user information including in-depth PII including full names, date of birth and zip code for around 310 users, and extensive records for a subset of 10 users.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business Vishing threats are popping up more frequently as cybercriminals look to vary their approach to obtaining credentials in unexpected ways.

Hewlett Packer Enterprise (HPE)

Exploit: Credential Compromise

Hewlett Packer Enterprise: Business Technology Services

Risk to Business: 1.615= Severe

Hewlett Packer Enterprise (HPE) just informed customers that use its Aruba networking unit that their information may have been exposed in a cyberattack on its Aruba Central cloud environment in late October. The company outlined the incident in a statement to the press “On 2 November, HPE discovered that an access key to data related to the network analytics and contact-tracing features of Aruba Central, our cloud-based network management and monitoring solution, was compromised and used by an external actor to access the environment over a period of 18 days between 9 and 27 October 2021.” HPE went on to specify that the data in question included “identifying device media access control (MAC) addresses, IP addresses, device operating systems type and hostnames, and user names for Wi-FI networks where authentication is used, as well as dates, times, and physical Wi-Fi access points (APs) to which devices connected.” The incident is under investigation

Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Cybercriminals will do anything to obtain a legitimate user credential because it gives them the keys to the kingdom, enabling them to do massive damage quickly.

United Kingdom – Simplify Group

Exploit: Hacking

Simplify Group: Conveyancing & Property Services

Risk to Business: 1.512= Severe

UK property services giant Simplify Group has been experiencing a cyberattack that impacted operations at many of its divisions. The company operates brands like Premier Property Lawyers, My Home Move and DC Law. The outage was a spanner in the works for new and prospective homebuyers, including some that were mid-move, and they were quick to take to social media. Some systems have been restored and the incident is under investigation.

Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Operational disruption from a ransomware attack is just as likely as data theft and sometimes even more damaging.

Spain – S.A. Damm 

Exploit: Ransomware 

S.A. Damm: Brewing  

Risk to Business: 1.595 = Extreme

Operations went flat at Spanish brewer S.A. Damm after a ransomware attack crippled production. The company disclosed that the cyberattack hit the brewery on Tuesday night and for a few hours the plant in El Prat de Llobregat, which produces 7 million hectolitres of beer a year, was “entirely paralyzed”. Operations were partially restored quickly and the rest of the recovery is expected to be completed soon.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Ransomware gangs have been stopping production in factories rather than stealing data in the hopes of scoring a quick ransom from desperate businesses.

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.