Categories
The Week in Breach

The Week in Breach: 07/06/21 – 13/07/21

Shopping platforms are on the hit list this week

Memorial HealthCare 

Exploit: Third-Party Data Breach 

Northwestern Memorial HealthCare: Hospital System 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.771= Severe

A data breach at a third-party provider, Elekta, has potentially exposed the private medical information of patients at Northwestern Memorial HealthCare (NMHC) providers. Unknown cybercriminals were able to access a database owned by Elekta, a company that provides a cloud-based platform that handles legally required cancer reporting to the State of Illinois. Those potentially affected are patients of Northwestern Medicine Central DuPage Hospital, Northwestern Medicine Delnor Community Hospital, Northwestern Medicine Huntley Hospital, Northwestern Medicine Kishwaukee Hospital, Northwestern Medicine Lake Forest Hospital, Northwestern Medicine McHenry Hospital, Northwestern Memorial Hospital, Northwestern Medicine Valley West Hospital and Northwestern Medicine Valley West Hospital. 

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.603= Severe

The hospital system has announced that attackers made a copy of datasets, which include patient names, dates of birth, Social Security numbers, health insurance information, and medical record numbers. The database also contained clinical information related to cancer treatment, including medical histories, physician names, dates of service, treatment plans, diagnoses, and/or prescription information. 

Customers Impacted: Unknown

Morgan Stanley

Exploit: Third-Party Data Breach

Morgan Stanley: Financial Services Firm 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.216 = Severe

Morgan Stanley has reported a third-party data breach after attackers reportedly stole customer data by hacking into the Accellion FTA server of a third-party vendor. That vendor, Guidehouse, is a third-party vendor that provides account maintenance services to Morgan Stanley’s StockPlan Connect business. Guidehouse notified the investment banking company in May 2021 that attackers had accessed its Accellion FTA server. The Clop ransomware gang claimed responsibility for the original Accellion hack. 

cybersecurity news represented by agauge showing severe risk

Risk to Individual: 2.462 = Severe

Morgan Stanley says that the information stolen in this incident does not include financial information but does include stock plan participants’ names, addresses (last known address), dates of birth, social security numbers and corporate/company names. The files stolen from Guidehouse’s FTA server did not contain password information or credentials that the threat actors could use to gain access to impacted Morgan Stanley customers’ financial accounts. 

Customers Impacted: Unknown

Republican National Committee (RNC) 

Exploit: Nation-State Cybercrime

Republican National Committee (RNC): Political Organization

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.223=Severe

Russian-aligned nation-state cybercriminals hacked into the Republican National Committee last week. Initially dismissive of the hack, RNC officials ultimately admitted that their security had been breached. However, those officials attributed the hack to a data security incident at a subcontractor, Synnex. The RNC announced that they are working with experts at Microsoft to investigate this incident.

Individual Impact: There has not yet been confirmation that consumer personal or financial information has been compromised in this incident but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Reviewing potential avenues of risk can help you and your customers make a strong defensive plan.

ID Agent to the Rescue:  Learn more about the factors that make it easy for employees to make mistakes and how you can mitigate them for a better staff. SEE THIS WEBINAR>>

GETTR

Exploit: Hacking

GETTR: Social Media Platform 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.575 = Severe

A hacker has reported that they have breached GETTR, a new right-wing social media platform popular with personalities who have been banned from mainstream social media. The data was purportedly collected in two batches, on July 1 and July 5. According to copies of the leaked file and the leaker’s claims, the first batch of the stolen data was collected through scraping on July 1 and the second batch was obtained through endpoint exploitation. The sum of the data collected in both leaks is estimated at more than 90,065 user profiles.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.502 = Severe

According to the hackers, the snatched data included information such as real names, profile descriptions, site usernames, along with other public information, but also non-public information such as a user’s email address, birth year, and location information.

Customers Impacted: 40,000

Switzerland – Comparis

Exploit: Hacking

Comparis: Shopping Platform 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.302 = Extreme

Swiss online consumer outlet Comparis has disclosed a ransomware attack by filing a criminal complaint. The attack purportedly blocked some of the information technology systems, causing scattered disruptions for several days. Sister company Credaris, a financial services provider that uses the same server environment, may also have experienced unconfirmed malicious access to unspecified information. According to the hackers, the snatched data included information such as real names, profile descriptions, site usernames, along with other public information, but also non-public information such as a user’s email address, birth year, and location information.

Individual Impact: There has not yet been confirmation that consumer personal or financial information has been compromised in this incident but the investigation is ongoing.

Customers Impacted: Unknown

Germany – Spreadshop 

Exploit: Hacking 

Spreadshop: Shopping Platform 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.919 = Severe

German merchandise platform Spreadshop has disclosed that on July 8th, 2021, it was the victim of a malicious cyberattack. The company confirmed that personal user data, including bank account details, were compromised. The platform is the commerce arm of a web of businesses that also includes Spreadshirt and TeamShirts. 

cybersecurity news represented by agauge showing severe risk

Individual Risk: 2.271 = Severe

According to a statement from Spreadshop, the compromised data includes address and contractual data belonging to customers, partners, employees and external suppliers. Also affected are the payment details of a small number of customers who made payments to Spreadshirt, Spreadshop, or TeamShirts via bank transfer or who have received a refund via bank transfer.

Customers Impacted: Unknown


India – Technisanct 

Exploit: Hacking 

Technisanct: Trading Platform

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.801 = Moderate

Big data startup Technisanct has disclosed a data breach in a trading platform that it operates in India. Information from over 3.4 million customers was compromised. The security breach was identified by Technisanct’s digital risk monitoring tool. Researchers have reported that the pilfered data was for sale in an online platform dedicated to these kinds of transactions, and some of the information was published on June 15. 

cybersecurity news represented by a gauge indicating moderate risk

Idividual Risk: 2.766 = Moderate

The company has disclosed that Personal Identifiable Information (PII) was exposed including name, customer ID, contact number, email ID, trade login ID, branch ID, city and country.

Customers Impacted: 3.4 million


Taiwan – Adata

Exploit: Ransomware

Adata: Computer Chip Maker 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.801 = Severe

The Ragnar Locker ransomware gang has announced that they’ve acquired more than 700GB of archived data stolen from Taiwanese memory and storage chip maker ADATA. A set of 13 archives, allegedly containing sensitive ADATA files, have been publicly available at a cloud-based storage service, at least for some time. According to reports, the largest archive is close to 300GB, and the second largest is 117GB and the archives likely contain corporate financial information, non-disclosure agreements and sales data.

Individual Impact: There has not yet been confirmation that consumer personal or financial information has been compromised in this incident but the investigation is ongoing.

Customers Impacted: Unknown

Categories
The Week in Breach

The Week in Breach: 30/06/21 – 06/07/21

Healthcare cyberattacks are popping up fast this week


United Kingdom – Salvation Army

Exploit: Hacking

Salvation Army – Non-Profit 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.424= Severe

The United Kingdom arm of the evangelical Christian nonprofit Salvation Army disclosed that it had been the victim of an unspecified cyberattack. The industry press are reporting that the attack was purportedly ransomware but no confirmation is available at this time. The fundamentalist charity says that no programs were impacted and has not released information about the type of data that was stolen.

Individual Impact: There has not yet been confirmation that consumer personal or financial information has been compromised in this incident but the investigation is ongoing.

Customers Impacted: Unknown

Spain – MasMovil

Exploit: Ransomware

MasMovil: Telecommunications

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.801 = Severe

Cybercrime gang REvil struck Spain’s fourth-largest telecom over the 4th of July weekend. The group claims to have “downloaded databases and other important data” belonging to the telecom giant, sharing screenshots apparently of the stolen MasMovil data that shows folders named Backup, RESELLERS, PARLEM and OCU.

Individual Impact: There has not yet been confirmation that consumer personal or financial information has been compromised in this incident but the investigation is ongoing.

Customers Impacted: Unknown

Arthur J. Gallagher

Exploit: Ransomware

Arthur J. Gallagher (AJG): Insurance Broker 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.673= Severe

Arthur J. Gallagher (AJG), a US-based global insurance brokerage and risk management firm, is mailing breach notification letters to customers impacted in a previously unannounced ransomware attack that hit its systems in late September 2020. The company said that an unknown party accessed data contained within their network between June 3, 2020, and September 26, 2020. The company has apparently just completed its investigation.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.522= Severe

While the company did not specify the types of data exposed, their SEC filing did and PII starred heavily on the list. Data exposed may include a client’s Social Security number or tax identification number, driver’s license, passport or other government identification number, date of birth, username and password, employee identification number, financial account or credit card information, electronic signature, medical treatment, claim, diagnosis, medication or other medical information, health insurance information, medical record or account number and biometric information.

Customers Impacted: Unknown


Washington State Department of Labor and Industries

Exploit: Third-Party Data Breach

Washington State Department of Labor and Industries: Government Agency

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.816 = Severe

Washington State informed over 16,000 workers that their PII may have been exposed in a ransomware attack on Renton market research company Pacific Market Research (PMR). The contractor was hit with a ransomware attack in May 2021.

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.516 = Severe

The exposed information for workers includes claim numbers and dates of birth for 16,466 workers who had workers’ compensation claims in 2019, which PMR had used to conduct a customer service survey for the agency.

Customers Impacted: Unknown


Practicefirst

Exploit: Ransomware

Practicefirst: Healthcare Technology Services

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.223=Severe

Practicefirst announced that a 2020 healthcare ransomware attack may have exposed personally identifiable information (PII) of patients and employees. The service provider specializes in medical billing, coding, credentialing, bookkeeping, and practice management solutions. When they detected suspicious activity on December 30th, 2020, they shut down all systems, changed passwords and notified authorities but not before the bad guys scooped up data.

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.201=Severe

Practicefirst disclosed that patient and employee information has been impacted including birthdates, names, addresses, driver’s license numbers, Social Security numbers, email addresses and tax identification numbers employee usernames and passwords, bank account information. Other data that may have been stolen is primarily treatment-focused like diagnoses, lab and treatment information, medication information and health insurance identification.

Customers Impacted: Unknown


UofL Health

Exploit: Insider Threat (Employee Error)

UofL Health: Healthcare System

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.575 = Severe

Kentucky-based UofL Health has notified more than 40,000 patients of an employee blunder that resulted in their personal health information being emailed to the wrong address. In this case, a UofL employee accidentally sent personal health information from UofL patients to an email address outside of the health system’s network. According to UofL, the accidental recipient of the data did not view or access any patient information.

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.502 = Severe

Patients whose data was impacted by the incident have been offered free identity protection services. No specifics about what exact data was accessed have been released beyond personal health information.

Customers Impacted: 40,000

Categories
The Week in Breach

The Week in Breach: 23/06/21 – 29/06/21

This week the cybercrime gangs were busy! Nobelium, the gang behind the SolarWinds hack, is giving Microsoft and others a world of trouble with unexpected attacks. REvil scores medical data, a new ransomware gang debuts with a hit on Altus Group

United Kingdom – French Connection UK (FCUK) 

Exploit: Ransomware

French Connection UK (FCUK): Clothing Brand

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.351= Severe

United Kingdom-based clothing company French Connection UK has been hit by a major cybercrime gang: REvil. The ransomware gang was able to get away with a plethora of internal company data after taking control of the company’s back-end servers. The type of data has not been specified, but both business and employee data is at risk.

Individual Impact: There has not yet been confirmation that consumer personal or financial information has been compromised in this incident but the investigation is ongoing.

Customers Impacted: Unknown

Mercedes Benz USA 

Exploit: Third Party Risk 

Mercedes Benz USA: Carmaker 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.611= Severe

Mercedes-Benz USA has disclosed a data breach impacting some of its US customers. The data breach exposed PII of under 1,000 Mercedes-Benz customers and potential buyers. This breach was announced after a Mercedes-Benz vendor informed the company that the personal information of select customers was exposed due to an insufficiently secured cloud storage instance.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.802= Severe

According to the company, the breach affects some customers and potential vehicle buyers who had entered sensitive information on Mercedez-Benz company and dealer websites between 2014 and 2017. The vendor who notified Mercedez-Benz of the data breach states that the exposed information included: self-reported customer credit scores, driver license numbers, Social Security numbers (SSNs), credit card numbers and dates of birth.

Individual Impact: No sensitive personal or financial information for clients has been declared compromised in this incident and the investigation is ongoing.

Customers Impacted: 1,000

Washington Suburban Sanitary Commission (WSSC) 

Exploit: Ransomware

Washington Suburban Sanitary Commission (WSSC): Utility 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.116 = Severe

Washington Suburban Sanitary Commission (WSSC) has disclosed a ransomware attack that impacted some of its systems. The utility noted that the incident impacted a portion of their network that operates non-essential business systems. The company has admitted that cybercriminals were able to gain access to internal files but no more information has been provided. The incident is still under investigation. WSSC is the utility that provides water and sewer services to the Washington, DC metropolitan area.

Individual Impact: No sensitive personal or financial information for clients has been declared compromised in this incident and the investigation is ongoing.

Customers Impacted: Unknown

DreamHost 

Exploit: Unsecured Database

DreamHost: WordPress Hosting Service 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.823=Severe

A misconfigured cloud database exposed over 800 million records linked to WordPress users through hosting provider DreamHost. The 814 million records came from the firm’s managed WordPress hosting business DreamPress and appeared to date back to 2018. In this 86GB database, researchers noted admin and user information, including WordPress login location URLs, first and last names, email addresses, usernames, roles, host IP addresses, timestamps and configuration and security information, some linked to users with .gov and .edu email addresses. The database was purportedly secured within hours but the damage had already been done.

Individual Impact: There has not yet been confirmation that consumer personal or financial information has been compromised in this incident but the investigation is ongoing.

Customers Impacted: Unknown

Altus Group 

Exploit: Ransomware

Altus Group: Real Estate Software 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.775 = Severe

Altus Group, a commercial real estate software solutions company, has announced that its data was breached. The company initially said that no data was stolen, a new ransomware group begs to differ. New cybercrime gang Hive has published samples of data allegedly stolen from Altus Group on its new dark website. The provided sample of exfiltrated files includes business data and documents, as well as Argus certificates and development files. No ransom amount has been confirmed and the incident is under investigation.

Individual Impact: There has not yet been confirmation that consumer personal or financial information has been compromised in this incident but the investigation is ongoing.

Customers Impacted: Unknown

Sweden – InfoSolutions 

Exploit: Hacking

InfoSolutions: Medical IT Solutions 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.661 = Severe

InfoSolutions, a company that provides IT services to Swedish Public Health Agency including maintaining journals and COVID-19 databases in Sweden, published a statement claiming that it detected an intrusion to a database employed by 15 of 21 Sweden’s regions. The company says that there is no indication that any information has been passed on and that the databases were locked quickly. The internal investigation is ongoing.

Individual Impact: There has not yet been confirmation that consumer personal or financial information has been compromised in this incident but the investigation is ongoing.

Customers Impacted: Unknown

Brazil – Grupo Fleury 

Exploit: Ransomware

Grupo Fleury: Medical Diagnostics Laboratory 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.702 = Severe

REvil had a busy week. They also struck medical services company Grupo Fleury, Brazil’s largest laboratory operator. The REvil gang is demanding $5 million to receive a decryptor and not leak allegedly stolen files, and it has published a sample according to its usual protocol. Grupo Fleury’s data could potentially contain enormous amounts of personal and medical data of patients, but no specifics of what was stolen have been made available.

Individual Impact: No sensitive personal or financial information has been confirmed as stolen in this incident but it is highly likely that will be the case as the incident progresses..

Customers Impacted: Unknown

Categories
The Week in Breach

The Week in Breach: 16/06/21 – 22/06/21

Misconfiguration is the name of the game this week, as errors abound Carnival leaked data again (and Wegman’s joined them), nation-state cybercrime hits South Korea

United Kingdom – Cake Box

Exploit: Hacking

Cake Box: Bakery Chain

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.661 = Severe

UK celebration cake chain Cake Box isn’t celebrating this week. The company has disclosed a data breach after threat actors hacked their website and obtained credit card numbers. According to the release, the breach occurred way back in April 2020 and they’re just informing consumers. Payment skimming malware is to blame. Experts suspect that this breach is the result of a Magecart attack.

cybersecurity news represented by agauge showing severe risk

Individual Risk 2.802 = Severe

When customers made purchases on the site while it was infected malicious scripts sent the first name and surname, email address, postal address, and payment card information including the three-digit CVV code to a remote server controlled by the attackers. This is an ancient breach in terms of the time it took for consumers to be informed, and the damage has definitely already been done.

Customers Impacted: Unknown

Cognyte

Exploit: Unsecured Database

Cognyte: Data Analytics Firm

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.802= Severe

Data analytics company Cognyte warns folks about data exposure from third-party sources, and it had to send one out for itself this week. Researchers discovered an unsecured database operated by Cognyte that left some 5 billion records collected from a range of data incidents exposed online. The stored data is part of Cognyte’s cyber intelligence service, which is used to alert customers to third-party data exposures. The incident is under investigation.

Individual Impact: No sensitive personal or financial information for clients has been declared compromised in this incident and the investigation is ongoing.

Customers Impacted: Unknown

Invenergy LLC

Exploit: Ransomware

Invenergy LLC: Energy Company

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.916 = Severe

REvil has claimed responsibility for a recent cyberattack on renewable energy company Invenergy. The gang claims to have compromised the company’s computer systems and exfiltrated four terabytes of data. Among the information allegedly taken by REvil are contracts and project data. In a bizarre twist, REvil also claims to have obtained “very personal and spicy” information regarding Invenergy’s chief executive officer, Michael Polsky.

Individual Impact: No sensitive personal or financial information for clients has been declared compromised in this incident and the investigation is ongoing.

Customers Impacted: Unknown

CVS

Exploit: Thitd-Party Threat (Misconfiguration)

CVS: Drug Store Chain

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.416= Extreme

CVS is in hot water after researchers discovered a trove of over one billion records online that were connected to the US healthcare and pharmaceutical giant. The unsecured databasewas extimated to be 204GB in size. According to reports, the databases contained an astonishing assortment of sensitive data like event and configuration data, visitor IDs, session IDs, device access information and details on how the logging system operated from the backend. Search records exposed also included queries for medications, COVID-19 vaccines and a variety of CVS products, referencing both CVS Health and CVS.com.

Individual Impact: There has not yet been confirmation that consumer personal or financial information has been compromised in this incident but the investigation is ongoing.

Customers Impacted: Unknown

egman’s

Exploit: Third-Party Threat (Misconfiguration)

Wegman’s: Grocery Store Chain 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.227= Severe

East Coast gourmet grocer Wegmans issued a release announcing that a service provider had failed to correctly configure two of its databases, exposing a large quantity of customer data. According to Wegmans, the databases that the contractor maintained contained customer identity and shopping habit information as well as an assortment of client PII. The company says the issue is resolved.

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.776 = Moderate

The release says that customer information exposed in the data breach included names, addresses, phone numbers, birth dates, Shoppers Club numbers, Wegmans.com account e-mail addresses and passwords. No Social Security, financial or medical information was stolen and only salted password hashes were stored in the databases maintained by the negligent contractor.

Customers Impacted: Unknown

Carnival Cruise Line

Exploit: Hacking

Carnival Cruise Lines: Cruise Ship Operator 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.651= Severe

Perennially cybersecurity challenged cruise line Carnival issued a breach disclosure on Thursday confirming hackers attacked email accounts and gained access to data about its customers and employees. The company said that the data snatched was collected during the travel booking process, through the course of employment or from providing services to the company, including COVID or other safety testing.

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.802= Severe

The poassenger data accessed included names, addresses, phone numbers, passport numbers, dates of birth, health information, and, in some limited instances, additional personal information like social security or national identification numbers. No clear information was provided about the employee information that was exposed.

Customers Impacted: Unknown

South Korea – Korea Atomic Energy Research Institute (KAERI) 

Exploit: Nation-State Cybercrime

 Korea Atomic Energy Research Institute (KAERI): Government Agency

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.633 = Severe

South Korean officials have admitted that the government nuclear think tank Korea Atomic Energy Research Institute (KAERI) was hacked by nation-state threat actors in May 2021 after the incident was brought to light by reporters. The Korean media is accusing the agency of perpetrating a cover-up. According to experts, the North Korean Kimusky cybercrime gang is to blame. This group often uses phishing to mimic websites like Gmail, Outlook, Telegram and more. The group then installs Android and Windows backdoor “AppleSeed” to collect information and frequently makes use of ransomware. The extent of the data theft is unknown.

Individual Impact: No sensitive personal or financial information has been confirmed as compromised in this incident.

Customers Impacted: Unknown

Categories
The Week in Breach

The Week in Breach: 09/06/21 – 15/06/21

We’re celebrating Flag Day with an All-American Edition of the Week in Breach. This week, REvil takes aim at a US nuclear defense contractor, hackers take a bite out of McDonald’s

Electronic Arts Inc (EA)

Exploit: Hacking

Electronic Arts Inc: Game Developer 

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.355= Extreme

Electronic Arts (EA) has announced that it is investigating a data breach. Cybercriminals stole valuable corporate data from the company including game source code and related tools. Early reports noted that hackers had stolen source codes for the popular title “FIFA 21” and source code and tools for the Frostbite engine. Researchers estimate that 780 gigabytes of data was snatched then advertised for sale on underground hacking forums.

Customers Impacted: Unknown

Edward Don

Exploit: Ransomware

Edward Don: Foodservice Distributor 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.816 = Severe

Foodservice equipment distributor Edward Don has been hit by a ransomware attack. The incident has disrupted their business operations, including their phone systems, network and email. As a result, employees have been driven to using personal Gmail accounts to communicate with customers regarding urgent orders or fulfillment issues. The incident is under investigation and full functionality was quickly restored,

Individual Impact: No sensitive personal or financial information has been declared compromised in this incident and the investigation is ongoing.

Customers Impacted: Unknown

McDonald’s Corp

Exploit: Ransomware

McDonald’s Corp: Fast Food Chain

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.606= Moderate

McDonald’s Corp. said hackers exposed US business information and some customer data in South Korea and Taiwan. The attackers accessed e-mails, phone numbers and delivery addresses. The company reported that it had hired external consultants to investigate unauthorized activity on an internal security system, prompted by a specific incident in which the unauthorized access was cut off a week after it was identified. The announcement noted that the burger chain does not believe any customer payment data was stolen but cautioned that there may be employee data exposed.

Individual Impact: There has not yet been confirmation that sensitive personal or financial information has been compromised in this incident but the investigation is ongoing.

Customers Impacted: Unknown

Intuit

Exploit: Account Takeover (ATO)

Intuit: Financial Software Developer 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.612= Severe

Accounting software giant Intuit has notified customers that they have suffered a breach. The company warned users of TurboTax that their personal and financial information was accessed by attackers following what looks like a series of account takeover attacks. Intuit announced that the threat actors used credentials (usernames and passwords) obtained from “a non-Intuit source” to gain access to the accounts.

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.832= Severe

Intuit notified potentially impacted clients by mail that information contained in a prior year’s tax return or current tax returns in progress including their name, Social Security number, address(es), date of birth, driver’s license number and financial information (e.g., salary and deductions) and information of other individuals contained in the tax return may have been exposed.

Customers Impacted: Unknown

Sol Oriens

Exploit: Ransomware

Sol Oriens: Defense Contractor 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.337= Severe

REvil has struck again, this time against a tiny but important target in the defense sector. Sol Oriens, which consults for the US Department of Energy’s National Nuclear Safety Administration, is a 50-person firm based in Albuquerque, New Mexico. Researchers noted finding Sol Oriens documents posted on the dark web, told CNBC that they include invoices for NNSA contracts, descriptions of research and development projects managed by defense and energy contractors dated as recently as 2021

Individual Impact: No sensitive personal or financial information has been confirmed as compromised in this incident although some sources are reporting that human resources data is in the mix.

Customers Impacted: Unknown

Volkswagen Group of America

Exploit: Third- Party Data Breach

Volkswagen Group of America: Automotive Manufacturer 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.825 = Severe

Volkswagen US has announced that it has suffered a data breach impacting millions of US customers and prospective customers. the car company released information saying that a data breach at a vendor has exposed data on more than 3.3 million buyers and prospective buyers in North America. An unauthorized third party obtained limited personal information about customers and interested buyers from a vendor that its Audi Volkswagen brands and some U.S. and Canadian dealers used for digital sales and marketing.

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.213 = Severe

The information was gathered for sales and marketing between 2014 and 2019 and was in an electronic file the vendor left unsecured. According to Volkswagen, the majority of people impacted had phone numbers and email addresses exposed, but some clients had their driver’s license information stolen as well. In some cases, information about a vehicle purchased, leased, or inquired about was also obtained. VW said 90,000 Audi customers and prospective buyers also had sensitive data impacted relating to purchase or lease eligibility. VW said it will offer free credit protection services to those individuals.

Customers Impacted: 3.3 million

Categories
The Week in Breach

The Week in Breach: 02/06/21 – 08/06/21

This week we’re exploring why Cox TV & radio stations went dark because of cybercrime, how third-party danger ensnared New South Wales Health, what happened when nation-state cybercriminals visited New York .
  United Kingdom – Furniture Village  Exploit: Hacking
Furniture Village: Home Goods Retailer  >> Read full details on our blog  
  United States – iConstituent Exploit: Ransomware
iConstituent: Communications Services >> Read full details on our blog  
  United States – Cox Media Group  Exploit: Ransomware
Cox Media Group: TV & Radio Station Operator   >> Read full details on our blog  
  United States – Navistar International Corporation Exploit: Hacking
Navistar International Corporation: Specialty Vehicle Manufacturer   >> Read full details on our blog  
  United States – New York Metropolitan Transit Authority (M.T.A.)  Exploit: Nation-State Hacking
New York Metropolitan Transit Authority (M.T.A.): Regional Transport Operator  >> Read full details on our blog  
  United States – LineStar Integrity Services Exploit: Ransomware
LineStar Integrity Services: Pipeline Technology Services >> Read full details on our blog  
  Australia – New South Wales Health (NSW Health)  Exploit: Third-Party Data Breach
New South Wales Health (NSW Health): Regional Healthcare Agency  >> Read full details on our blog  
  Japan – Fujifilm  Exploit: Ransomware
Fujifilm: Film & Photo Technology Developer  >> Read full details on our blog  
Categories
The Week in Breach

The Week in Breach: 26/05/21 – 01/06/21

  United States – DailyQuiz  Exploit: Hacking
DailyQuiz: Entertainment App  >> Read full details on our blog  
  United States – Rehoboth McKinley Christian Health Care Services (RMCHCS)  Exploit: Hacking
Rehoboth McKinley Christian Health Care Services (RMCHCS): Health Non-Profit  >> Read full details on our blog  
  United States – Bose Exploit: Ransomware
Bose: Audio Equipment Maker   >> Read full details on our blog  
  Canada – Canada Post Exploit: Third-Party Data Breach
Canada Post: Postal Service  >> Read full details on our blog  
  Brazil – JBS SA Exploit: Ransomware
JBS SA: Meat Processor  >> Read full details on our blog  
  Australia – TPG Telecom  Exploit: Hacking
TPG Telecom: Communications Technology  >> Read full details on our blog  
  Japan – Net Marketing Co. Exploit: Hacking
Net Marketing Co.: App Creator  >> Read full details on our blog  
Categories
The Week in Breach

The Week in Breach: 19/05/21 – 25/05/21

The spotlight is on supply chain risk and security blunders this week as we see the ripple effect of the Codecov and SITA supply-chain attacks continue. 
  United Kingdom – One Call Exploit: Ransomware
One Call: Insurer >> Read full details on our blog  
  United Kingdom – FastTrack Reflex Recruitment Exploit: Misconfiguration
FastTrack Reflex Recruitment: Staffing Firm  >> Read full details on our blog  
  Ireland – Ardagh Group Exploit: Ransomware
Ardagh Group: Packaging Manufacturer >> Read full details on our blog  
  United States – Bergen Logistics Exploit: Unsecured Database
Bergen Logistics: Shipping & Fulfillment >> Read full details on our blog  
  United States – Alaska Department of Health and Social Services Exploit: Malware
Alaska Department of Health and Social Services: Regional Human Services Agency >> Read full details on our blog  
  United States – Utility Trailer Manufacturing  Exploit: Ransomware
Utility Trailer Manufacturing: Trailer Fabrication >> Read full details on our blog  
  New Zealand – Waikato District Health Board Exploit: Ransomware
Waikato District Health Board: Regional Healthcare Agency >> Read full details on our blog  
  India – Air India Exploit: Third Party Data Breach
Air India: Airline  >> Read full details on our blog  
  India – Domino’s Pizza India Exploit: Hacking
Domino’s Pizza India: Restaurant Chain  >> Read full details on our blog  
  Japan – Mercari Exploit: Supply Chain Data Breach
Mercari: E-commerce Platform  >> Read full details on our blog  
Categories
The Week in Breach

The Week in Breach: 12/05/21 – 18/05/21

In a Week in Breach first, it’s the All Ransomware Edition. Cybercrime gangs have been busy at Toshiba, Ireland’s health service, the US Veterans Administration and other organizations around the globe.
  Ireland – Health Service Executive (HSE)  Exploit: Ransomware
Health Service Executive (HSE): National Healthcare Provider  >> Read full details on our blog  
  United States – Three Affiliated Tribes  Exploit: Ransomware
Three Affiliated Tribes: Tribal Government Organization >> Read full details on our blog  
  United States – US Veterans Administration (VA)  Exploit: Third-Party Exposure (Ransomware)
Veterans Administration: Federal Agency >> Read full details on our blog  
  Germany – Brenntag Exploit: Ransomware
Brenntag: Chemical Distributor  >> Read full details on our blog  
  Norway – Volue  Exploit: Ransomware
Volue: Green Energy Solutions Provider >> Read full details on our blog  
  France – Acer Finance Exploit: Ransomware
Acer Finance: Financial Advisors  >> Read full details on our blog  
  Hong Kong – AXA Exploit: Ransomware
AXA: Insurance Company >> Read full details on our blog  
  Japan – Toshiba Exploit: Ransomware
Toshiba: Electronics Manufacturer >> Read full details on our blog  
Categories
The Week in Breach

The Week in Breach: 05/05/21 – 11/05/21

 Major breaches at two medical service providers are sending shockwaves throughout the industry.
  United States – MedNetwoRX  Exploit: Ransomware
MedNetwoRX: Medical Information Processing >> Read full details on our blog  
  United States – City of Tulsa Exploit: Ransomware
City of Tulsa: Municipality  >> Read full details on our blog  
  United States – Fermilab Exploit: Credential Compromise
Fermilab: Research Laboratory  >> Read full details on our blog  
  United States – BlueForce Inc. Exploit: Ransomware
BlueForce Inc.: Defense Contractor  >> Read full details on our blog  
  United States – CaptureRX  Exploit: Ransomware
CaptureRX: Medical Software Company >> Read full details on our blog  
  United States – Alaska Court System Exploit: Ransomware
Alaska Court System: Judicial Body  >> Read full details on our blog  
  Australia – NSW Labor Party Exploit: Ransomware
NSW Labor Party: Political Organization  >> Read full details on our blog  
  Australia – Schepisi Communications  Exploit: Ransomware
Schepisi Communications: Cloud Storage  >> Read full details on our blog  
  India – WedMeGood Exploit: Hacking
WedMeGood: Wedding Planning  >> Read full details on our blog