InTegriLogic Blog
InTegriLogic has been serving the Tucson area since 1999, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.
Sandhills Global
https://journalstar.com/news/local/ransomware-attack-affects-lincoln-based-sandhills-global-operations/article_aa844ea4-a3f1-5c63-8cae-c062e3283b8a.htmlExploit: Ransomware
Sandhills Global: IT & Digital Publishing
Risk to Business: 1.337 = Extreme
Digital publishing giant Sandhills Global was shut down this week by a ransomware attack. The company handles trade magazines and websites for major publications in the transportation, agricultural, aerospace, heavy machinery and technology industries. Publications that Sandhills produces include TractorHouse, Machinery Trader, Machinery Trader Auction Results, Truck Paper, RentalYard, and AuctionTime, as well as Controller, Executive Controller, and Charter Hub, are among its trade magazines. Sandhills Global’s website, as well as all of their hosted publications, went offline recently, and their phones stopped working after a successful ransomware attack purportedly by Conti. Investigation of the breach and restoration of the impacted sites is underway.
Customers Impacted: Unknown
How It Could Affect Your Business: Data is of immense value to cybercriminals in the booming dark web data markets, and by scooping it up at service providers like publishing companies they can ensure that they profit even if no ransom is paid.
Marketron
https://www.bleepingcomputer.com/news/security/marketron-marketing-services-hit-by-blackmatter-ransomware/Exploit: Ransomware
Marketron: Marketing Services Company
Risk to Business: 1.606=Severe
Marketron has been hit by the busy BlackMatter crew. The company provides cloud-based revenue and traffic management tools for broadcast and media organizations with an emphasis on revenue management and audience engagement. The company disclosed that it had been contacted by the Russian gang on Sunday with a ransom demand. The attack affected the Marketron Traffic, Visual Traffic Cloud, Exchange and Advertiser Portal services. RadioTraffic and RepPak services were not hit in the attack but were taken offline in the aftermath as a precaution and authorities including the FBI were informed. The BlackMatter organization is suspected to be the new guise of DarkSide.
Customers Impacted: 320,000
How It Could Affect Your Business: Today’s tricky ransomware landscape holds more traps than many organizations are expecting and the damage can be widespread if an attack strikes home.
Portpass
https://www.cbc.ca/news/canada/calgary/portpass-privacy-breach-1.6191749Exploit: Misconfiguration
Portpass: COVID-19 Vaccine Passport Platform
Risk to Business: 1.636 = Severe
Canadian proof-of-vaccination app Portpass is having misconfiguration problems. That unfortunately led to exposed personal information for more than 650,000 registered users. CBC News reported that the problem was discovered by an anonymous tipster on its website. An investigation revealed that the company had not encrypted any of the data that it was maintaining and some could be viewed in plain text. The company claimed that the data was only exposed for a few minutes, but investigative reporting disproved that claim. The Alberta privacy commissioner’s office said in an emailed statement that it has not yet received a report and the progress of a formal investigation is unclear.
Individual Risk: 1.636 = Severe
A swathe of personal data was exposed on the leaky site for an estimated 650,000 users including email addresses, names, blood types, phone numbers, birthdays, as well as photos of identification like driver’s licenses and passports.
How It Could Affect Your Business: Cybercrime threat risk is bad enough without shooting yourself in the foot through sloppy IT practices.
United Kingdom – Giant Group
https://www.theregister.com/2021/09/28/giantpay_confirms_cyberattack/Exploit: Ransomware
Giant Group: Payroll Services Firm
Risk to Business: 1.713 = Severe
Giant Group, also known as Giant Pay, was hit with a suspected ransomware attack that caused its operations to grind to a halt. The payroll services company was forced to shut down its whole network, including its phone and email systems, in order to begin recovery attempts. The company noted that it was still able to pay 8,000 workers whose contract pay it handled last week, but payees are reporting widespread delays and uncertain timelines for receiving that pay. The investigation is ongoing.
Customers Impacted: Unknown
How It Could Affect Your Business: Cybercriminals know that they can get organizations that need to operate on tight timelines to pay ransoms and they don’t hesitate to take advantage of that fact.
France – TiteLive
https://therecord.media/ransomware-attack-disrupts-hundreds-of-bookstores-across-france-belgium-and-the-netherlands/Exploit: Ransomware
TiteLive: Bookstore Support Platform Provider
Risk to Business: 1.661=Severe
Bookstores across France, Belgium, and the Netherlands have had a rough week after a suspected ransomware attack crippled the IT systems of TiteLive, a French company that operates a widely used SaaS platform for book sales and inventory management. The attack caused outages of MediaLog, the company’s primary product, used by more than 1,000 bookstores, according to TiteLive’s website. An investigation and recovery are ongoing. No gang has claimed responsibility.
Customers Impacted: Unknown
How it Could Affect Your Business: This is a good illustration of today’s third-party/supply perils. One ransomware attack on a company like this can ripple out to impact many businesses.
Israel – E.M.I.T Aviation Consulting
Exploit: RansomwareE.M.I.T Aviation Consulting: Defense Aviation Consulting
Risk to Business: 1.699 = Severe
A ransomware attack against the Israeli firm E.M.I.T Aviation Consulting is presumed to be the work of LockBit 2.0 after the group claimed responsibility for the incident. The ransomware gang has not yet published any files or sample data as proof of the successful attack, but they’ve scheduled the countdown to the reveal to end on 10/07/21. LockBit operators recently made a splash by setting up their dedicated leak site to also promote the latest variant of their ransomware and advertise the LockBit 2.0 affiliate program after hacking-related posts were banned on a number of Russian forums.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware gangs don’t just want consumer data. They’re more than happy to steal trade secrets and national security-related documents too.
New Zealand – Aquila Technology
https://securitybrief.co.nz/story/aquila-technology-customers-urged-to-change-passwords-after-data-breachExploit: Credential Compromise
Aquila Technology: Communications Equipment Retailer
Risk to Business: 1.699 = Severe
Technology retailer Aquila Technology, based in Lower Hutt, has disclosed that the company has been affected by a data breach. This breach is suspected to be the result of credential compromise. The company suggests that all customers reset their passwords immediately. Aquila Technology has formally notified the Privacy Commissioner and an investigation is underway.
Individual Risk: 1.699 = Severe
The company said in its statement that some customers may have had personal and credit card information compromised, but no further information was available at press time.
How it Could Affect Your Business: Credit card information is highly desitrable on the dark web, spurring a fresh round of attacks on retailers, es[pecially those that maintain large databases.
Japan – JVCKenwood
https://www.bleepingcomputer.com/news/security/jvckenwood-hit-by-conti-ransomware-claiming-theft-of-15tb-data/Exploit: Ransomware
JVCKenwood: Audio Equipment Manufacturer
Risk to Business: 1.699 = Severe
Conti ransomware came calling at JVCKenwood this week. The Japanese audio equipment powerhouse. The threat actors claim to have stolen 1.7 TB of data and are demanding a cool $7 million ransom in crypto. JVCKenwood disclosed that servers belonging to its sales companies in Europe were breached on September 22nd, and the threat actors may have accessed data during the attack. The extortionists published a sample of the stolen data as proof of their success, and it appears to be a scanned passport for a JVCKenwood employee.
Customers Impacted: Unknown
How it Could Affect Your Business: Big companies have big targets painted on their backs for ransomware gangs because they have deep pockets to exploit.
New Cooperative & Crystal Valley Cooperative
https://www.scmagazine.com/analysis/ransomware/food-and-agriculture-industry-needs-more-threat-intel-as-ransomware-attacks-crop-up/Exploit: Ransomware
New Cooperative & Crystal Valley Cooperative: Agricultural Services
Risk to Business: 1.337 = Extreme
Twin breaches in agriculture have the potential to cause significant disruptions in the US food supply chain. Iowa-based farm service provider New Cooperative was the first ag company hit with a ransomware attack early last week, causing the company to shut down its IT systems. As part of its announcement, the company stated that there would be “public disruption” to the grain, pork and chicken supply chain if its operations are not restored quickly. New ransomware group BlackMatter claimed responsibility, releasing proof on their dark web leak site, saying that they have 1,000GB of data. BlackMatter is demanding a $5.9 million ransom. Minnesota-based farm supply and grain marketing cooperative Crystal Valley was the next hit by a ransomware attack a few days later. The company announced that all of its corporate IT systems were shut down and they were unable to process credit card payments. It also noted that this is a very bad time for cyberattacks in the industry as it is harvest season. No group has yet claimed responsibility for this incident.
Customers Impacted: Unknown
How It Could Affect Your Business: As we learned throughout the pandemic, cybercriminals are aware of when it’s the worst possible time for them to strike and they’ll use that as leverage in their attacks.
Simon Eye & US Vision
https://www.govinfosecurity.com/hacking-incidents-lead-to-2-big-eye-care-provider-breaches-a-17587Exploit: Hacking
Simon Eye & US Vision: Optometry Clinic Operators
Risk to Business: 1.606=Severe
A pair of breaches in the optometry world by Simon Eye and US Vision has exposed the personal and health information of tens of thousands of US patients. Delaware-based Simon Eye Management, a chain of clinics that provide eye exams, eyeglasses and surgical evaluations, reported a hacking incident to the US Department of Health and Human Services (HHS) affecting more than 144,000 individuals. This incident also included an aborted business email compromise attempt. In their HIPAA filing, the breach involved an unauthorized third party accessing certain employee email accounts in May 2021 as cybercriminals attempted to pull off wire transfer and invoice manipulation attacks against the company. New Jersey-based USV Optical Inc., a division of US Vision, has also reported a breach to HHS caused by hacking. The company says the incident involved unauthorized access to certain servers and systems between April 20 and May 17, 2021.
Individual Risk: 1.667= Severe
A total of 320,000 US residents may be impacted by these breach incidents. Simon Eye’s disclosure detailed patient information that had potentially been compromised by the incident including patient names, medical histories, treatment or diagnosis information, health information, health insurance information and some Social Security numbers, date of birth and/or financial account information. US Vision disclosed that patient Information potentially compromised in the incident includes patient names, addresses, date of birth and eye care insurance information.
How It Could Affect Your Business: When companies fail to keep highly sensitive data like this safe, they take a direct hit to the wallet since it costs them a fortune in HIPAA fines once regulators get finished with them.
Marcus & Millichap
https://searchsecurity.techtarget.com/news/252507058/Marcus-Millichap-hit-with-possible-BlackMatter-ransomwareExploit: Ransomware
Marcus & Millichap: Real Estate Firm
Risk to Business: 1.636 = Severe
Real estate giant Marcus & Millichap has suffered a ransomware attack. Suspected to be the work of the BlackMatter ransomware gang, the firm disclosed in an SEC filing that it had seen no evidence of a data breach, although Black Matter did post some authentic-looking sample files with its ransomware demand on its dark web leak site. The incident is under investigation. (The second breach in this pair is in the South America section.)
Customers Impacted: Unknown
How It Could Affect Your Business: Booming dark web data markets mean that cybercriminals are hungry for all kinds of data, especially customer records and financial information.
Colombia – Coninsa Ramon H
https://thehackernews.com/2021/09/colombian-real-estate-agency-leak.htmlExploit: Misconfiguration
Coninsa Ramon H: Real Estate Firm
Risk to Business: 1.713 = Severe
A database owned by Colombian real estate firm Coninsa Ramon H has leaked data. More than one terabyte of data containing 5.5 million files was left exposed, leaking the personal information of over 100,000 customers of a Colombian real estate firm data exposure is the result of a misconfigured Amazon Web Services (AWS) Simple Storage Service (S3) bucket.
Individual Risk: 1.605 = Severe
The data in the exposed bucket includes internal documents like invoices, proof of income documents, quotes and account statements dating between 2014 and 2021. The customer PII leaked may include names, phone numbers, email addresses, residential addresses, amounts paid for estates and asset values. The bucket may also contain a database backup that includes additional information such as profile pictures, usernames and hashed passwords.
How It Could Affect Your Business: exposed databases are a cybersecurity incident that companies don’t need to face if everyone is on the same page about the importance of security.
Italy – Covisian
https://www.inforisktoday.com/ransomware-attack-reportedly-cripples-european-call-center-a-17619
Exploit: RansomwareCovisian: Call Center Operator
Risk to Business: 1.661=Severe
GSS, the Spanish language division of call center giant Covisian, has informed customers that it has been subjected to a ransomware attack. The attack locked down the company’s IT systems, crippling its Spanish-language call centers. Customer service for organizations including Vodafone Spain, the Masmovil ISP, Madrid’s water supply company, television stations and many private businesses was impacted. (The second in this pair of breaches is in the Middle East section)
How it Could Affect Your Business: This is a good illustration of today’s third-party/supply perils. One ransomware attack on a company like this can ripple out to impact many businesses.
Israel – Voicecenter
Exploit: RansomwareVoicecenter: Call Center Operator
Risk to Business: 1.699 = Severe
A ransomware attack against the Israeli call center service company Voicenter earlier this week is suspected to be the work of the Deus ransomware outfit who has claimed responsibility for the hack. The gang Deus claimed it would release 15 TB of data concerning 8,000 companies that work with Voicenter including Mobileye, Partner, Gett and My Heritage, among others. The data that the attackers have posted on their dark web leak site includes samples of security camera and webcam footage, ID card information, photos, WhatsApp messages, emails and recordings of phone calls. Interestingly, Deus also provided a photo of its ransom message with a demand for 15 bitcoin within 12 hours of the notification on September 19, with 10 bitcoin added every 12 hours after that deadline. After a brief disruption in services, most Voicenter functions have been restored.
How it Could Affect Your Business: service providers are goldmines for cybercriminals because they provide a wealth of data that can be used and sold for high profit.
New Cooperative & Crystal Valley Cooperative
https://www.scmagazine.com/analysis/ransomware/food-and-agriculture-industry-needs-more-threat-intel-as-ransomware-attacks-crop-up/Exploit: Ransomware
New Cooperative & Crystal Valley Cooperative: Agricultural Services
Risk to Business: 1.337 = Extreme
Twin breaches in agriculture have the potential to cause significant disruptions in the US food supply chain. Iowa-based farm service provider New Cooperative was the first ag company hit with a ransomware attack early last week, causing the company to shut down its IT systems. As part of its announcement, the company stated that there would be “public disruption” to the grain, pork and chicken supply chain if its operations are not restored quickly. New ransomware group BlackMatter claimed responsibility, releasing proof on their dark web leak site, saying that they have 1,000GB of data. BlackMatter is demanding a $5.9 million ransom. Minnesota-based farm supply and grain marketing cooperative Crystal Valley was the next hit by a ransomware attack a few days later. The company announced that all of its corporate IT systems were shut down and they were unable to process credit card payments. It also noted that this is a very bad time for cyberattacks in the industry as it is harvest season. No group has yet claimed responsibility for this incident.
Customers Impacted: Unknown
How It Could Affect Your Business: As we learned throughout the pandemic, cybercriminals are aware of when it’s the worst possible time for them to strike and they’ll use that as leverage in their attacks.
Simon Eye & US Vision
https://www.govinfosecurity.com/hacking-incidents-lead-to-2-big-eye-care-provider-breaches-a-17587Exploit: Hacking
Simon Eye & US Vision: Optometry Clinic Operators
Risk to Business: 1.606=Severe
A pair of breaches in the optometry world by Simon Eye and US Vision has exposed the personal and health information of tens of thousands of US patients. Delaware-based Simon Eye Management, a chain of clinics that provide eye exams, eyeglasses and surgical evaluations, reported a hacking incident to the US Department of Health and Human Services (HHS) affecting more than 144,000 individuals. This incident also included an aborted business email compromise attempt. In their HIPAA filing, the breach involved an unauthorized third party accessing certain employee email accounts in May 2021 as cybercriminals attempted to pull off wire transfer and invoice manipulation attacks against the company. New Jersey-based USV Optical Inc., a division of US Vision, has also reported a breach to HHS caused by hacking. The company says the incident involved unauthorized access to certain servers and systems between April 20 and May 17, 2021.
Individual Risk: 1.667= Severe
A total of 320,000 US residents may be impacted by these breach incidents. Simon Eye’s disclosure detailed patient information that had potentially been compromised by the incident including patient names, medical histories, treatment or diagnosis information, health information, health insurance information and some Social Security numbers, date of birth and/or financial account information. US Vision disclosed that patient Information potentially compromised in the incident includes patient names, addresses, date of birth and eye care insurance information.
How It Could Affect Your Business: When companies fail to keep highly sensitive data like this safe, they take a direct hit to the wallet since it costs them a fortune in HIPAA fines once regulators get finished with them.
Marcus & Millichap
https://searchsecurity.techtarget.com/news/252507058/Marcus-Millichap-hit-with-possible-BlackMatter-ransomwareExploit: Ransomware
Marcus & Millichap: Real Estate Firm
Risk to Business: 1.636 = Severe
Real estate giant Marcus & Millichap has suffered a ransomware attack. Suspected to be the work of the BlackMatter ransomware gang, the firm disclosed in an SEC filing that it had seen no evidence of a data breach, although Black Matter did post some authentic-looking sample files with its ransomware demand on its dark web leak site. The incident is under investigation. (The second breach in this pair is in the South America section.)
Customers Impacted: Unknown
How It Could Affect Your Business: Booming dark web data markets mean that cybercriminals are hungry for all kinds of data, especially customer records and financial information.
Colombia – Coninsa Ramon H
https://thehackernews.com/2021/09/colombian-real-estate-agency-leak.htmlExploit: Misconfiguration
Coninsa Ramon H: Real Estate Firm
Risk to Business: 1.713 = Severe
A database owned by Colombian real estate firm Coninsa Ramon H has leaked data. More than one terabyte of data containing 5.5 million files was left exposed, leaking the personal information of over 100,000 customers of a Colombian real estate firm data exposure is the result of a misconfigured Amazon Web Services (AWS) Simple Storage Service (S3) bucket.
Individual Risk: 1.605 = Severe
The data in the exposed bucket includes internal documents like invoices, proof of income documents, quotes and account statements dating between 2014 and 2021. The customer PII leaked may include names, phone numbers, email addresses, residential addresses, amounts paid for estates and asset values. The bucket may also contain a database backup that includes additional information such as profile pictures, usernames and hashed passwords.
How It Could Affect Your Business: exposed databases are a cybersecurity incident that companies don’t need to face if everyone is on the same page about the importance of security.
Italy – Covisian
https://www.inforisktoday.com/ransomware-attack-reportedly-cripples-european-call-center-a-17619
Exploit: RansomwareCovisian: Call Center Operator
Risk to Business: 1.661=Severe
GSS, the Spanish language division of call center giant Covisian, has informed customers that it has been subjected to a ransomware attack. The attack locked down the company’s IT systems, crippling its Spanish-language call centers. Customer service for organizations including Vodafone Spain, the Masmovil ISP, Madrid’s water supply company, television stations and many private businesses was impacted. (The second in this pair of breaches is in the Middle East section)
How it Could Affect Your Business: This is a good illustration of today’s third-party/supply perils. One ransomware attack on a company like this can ripple out to impact many businesses.
Israel – Voicecenter
Exploit: RansomwareVoicecenter: Call Center Operator
Risk to Business: 1.699 = Severe
A ransomware attack against the Israeli call center service company Voicenter earlier this week is suspected to be the work of the Deus ransomware outfit who has claimed responsibility for the hack. The gang Deus claimed it would release 15 TB of data concerning 8,000 companies that work with Voicenter including Mobileye, Partner, Gett and My Heritage, among others. The data that the attackers have posted on their dark web leak site includes samples of security camera and webcam footage, ID card information, photos, WhatsApp messages, emails and recordings of phone calls. Interestingly, Deus also provided a photo of its ransom message with a demand for 15 bitcoin within 12 hours of the notification on September 19, with 10 bitcoin added every 12 hours after that deadline. After a brief disruption in services, most Voicenter functions have been restored.
How it Could Affect Your Business: service providers are goldmines for cybercriminals because they provide a wealth of data that can be used and sold for high profit.
Austin Cancer Centers
Exploit: RansomwareAustin Cancer Centers: Specialty Medical Clinic System
Risk to Business: 1.623 = Severe
Austin (Texas) Cancer Centers are notifying 36,503 patients of a data breach that forced it to shut down its IT networks. The cancer treatment network, which has eight locations, discovered that hackers had deployed ransomware onto its systems. Cybersecurity experts determined that hackers had made the intrusion and remained invisible since late July 2021.
Individual Risk: 1.702 = Severe
Exposed information may include Social Security numbers, names, addresses, birthdates, credit card numbers and health-related information. For patients affected, Austin Cancer Centers offers online credit monitoring services and fraud insurance with coverage up to $1,000,000.
How It Could Affect Your Business: Data from medical centers is always a valuable commodity for cybercriminals because it can provide PII, financial information and other profitable tidbits.
TTEC
https://krebsonsecurity.com/2021/09/customer-care-giant-ttec-hit-by-ransomware/Exploit: Ransomware
TTEC: Customer Support Provider
Risk to Business: 2.636 = Moderate
TTEC, a growing customer support provider, has been hit with a suspected Ragnar Locker ransomware attack. The company handles customer support calls on behalf of an array of major companies including Bank of America, Best Buy, Credit Karma, Dish Network, Kaiser Permanente, USAA and Verizon. Around September 12, company data was encrypted and business activities at several facilities were temporarily disrupted. The incident is under investigation.
How It Could Affect Your Business: Ransomware is always a disaster. Ragnar Locker operators recently threatened additional repercussions to companies that contact law enforcement officials after a successful attack.
Walgreen’s
https://www.vox.com/recode/22623871/walgreens-covid-test-site-data-vulnerabilityExploit: Misconfiguration
Walgreen’s: Drugstore Chain
Risk to Business: 1.336=Extreme
Vox reports that the personal data of patients that had a COVID-19 test at Walgreens was stored incorrectly and exposed to anyone who cared to view it. The data exposure potentially affects millions of people who used Walgreens’ COVID-19 testing services over the course of the pandemic. The exposure came to light after a security expert checked for test results for a family member and noticed the issue. discovered the issues in March after a family member got a COVID-19 test. The vulnerability has been around since at least March 2021 when the expert discovered it, but likely longer
Individual Risk: 1.217=Extreme
Patient personal data exposed include each patient’s name, date of birth, gender identity, phone number, address and email. In some cases, test results are also available.
How It Could Affect Your Business: When a company fails to keep highly sensitive data like this safe, it’s going to give customers and partners pause. It’s also going to cost them a fortune in penalties once regulators get finished with them.
Epik
https://arstechnica.com/information-technology/2021/09/anonymous-leaks-gigabytes-of-data-from-epik-web-host-of-gab-and-parler/Exploit: Hacking
Epik: Webhosting
Risk to Business: 1.227 = Extreme
Legendary hacktivist group Anonymous has struck again, this time claiming to have snatched gigabytes of data from Epik, a domain name, hosting, and DNS service provider for a variety of right-wing sites including Texas GOP, Gab, Parler and 8chan including extremist groups. The hacktivist collective announced in a press release that the data set, which is over 180GB in size, contains a “decade’s worth of data from the company.” It has been released as a torrent. Members of the whistleblower site, Distributed Denial of Secrets (DDoSecrets), have also made the data set available via alternate means. The Ars Technica story on the incident, linked above, is absolutely worth reading and includes the press release as well as other actions by Anonymous in the same vein. The group perpetrated this hack as part of its Operation Jane campaign.
Individual Risk: 1.305 = Extreme
It is unclear to what extent this hack exposed personal information for owners of sites hosted by Epik or other personal or financial data. However, reports from experts who have viewed the data say that it is highly likely that Epik customers and users should expect that their data has been stolen.
How It Could Affect Your Business: Experts who have seen the stolen data contend that Epik was negligent in its storage of PII and passwords, making the hack easier for Anonymous.
Microsoft
https://www.bleepingcomputer.com/news/security/eventbuilder-misconfiguration-exposes-microsoft-event-registrant-data/Exploit: Misconfiguration
Microsoft: Software Developer
Risk to Business: 2.801 = Moderate
The personal information of hundreds of thousands of users of Microsoft’s EventBuilder has been exposed in a misconfiguration snafu. Researchers who discovered the leak say that the data was exposed through an improperly configured Azure blob and was available for an unknown length of time. The mistake was quickly fixed.
Individual Risk: 2.727 = Moderate
Personal data for event registrants including names, email addresses and job titles was exposed in more than one million CSV and JSON files of EventBuilder driven events hosted through Microsoft Teams.
How it Could Affect Your Business: Human error is still the biggest cause of a data breach and this is one mistake goes to show that applies to every business – even the big dogs can fumble once in a while.
France – CMA CGM
https://splash247.com/cma-cgm-hit-by-another-cyber-attack/
Exploit: RansomwareCMA CGM: Maritime Freight Carrier
Risk to Business: 2.819 = Moderate
French container shipping giant CMA CGM has been hit by another cyber-attack. The company was breached about a year ago as well. A spate of attacks against maritime shipping companies has led to breaches at all four of the major players – Maersk, MSC, Cosco and CMA CGM – in the last 12 months. CMA CGM said its IT teams have immediately developed and installed security patches.
Individual Risk: 2.878 = Moderate
The company revealed that customer data had been stolen in this attack including regular customers’ first and last names, employer, position, email addresses and phone numbers.
How it Could Affect Your Business: By land, sea or air, shipping companies have been favored targets of cybercriminals since the start of the pandemic.
Japan – Olympus
https://portswigger.net/daily-swig/olympus-insists-medical-services-uninterrupted-by-malware-attack
Exploit: MalwareOlympus: Medical Technology Developer
Risk to Business: 1.802 = Severe
Japanese medical tech behemoth Olympus has disclosed a cyber-attack that prompted the shutdown of certain IT systems last week. The company announced that it had been hit with “an attempted malware attack affecting parts of our sales and manufacturing networks in EMEA (Europe, Middle East, and Africa).”
Customers Impacted: Unknown
How it Could Affect Your Business: Malware attacks like this are becoming increasingly more common as cybercriminals look at encryption over theft as a quick way to mount a successful attack and score a payday.
Austin Cancer Centers
Exploit: RansomwareAustin Cancer Centers: Specialty Medical Clinic System
Risk to Business: 1.623 = Severe
Austin (Texas) Cancer Centers are notifying 36,503 patients of a data breach that forced it to shut down its IT networks. The cancer treatment network, which has eight locations, discovered that hackers had deployed ransomware onto its systems. Cybersecurity experts determined that hackers had made the intrusion and remained invisible since late July 2021.
Individual Risk: 1.702 = Severe
Exposed information may include Social Security numbers, names, addresses, birthdates, credit card numbers and health-related information. For patients affected, Austin Cancer Centers offers online credit monitoring services and fraud insurance with coverage up to $1,000,000.
How It Could Affect Your Business: Data from medical centers is always a valuable commodity for cybercriminals because it can provide PII, financial information and other profitable tidbits.
TTEC
https://krebsonsecurity.com/2021/09/customer-care-giant-ttec-hit-by-ransomware/Exploit: Ransomware
TTEC: Customer Support Provider
Risk to Business: 2.636 = Moderate
TTEC, a growing customer support provider, has been hit with a suspected Ragnar Locker ransomware attack. The company handles customer support calls on behalf of an array of major companies including Bank of America, Best Buy, Credit Karma, Dish Network, Kaiser Permanente, USAA and Verizon. Around September 12, company data was encrypted and business activities at several facilities were temporarily disrupted. The incident is under investigation.
How It Could Affect Your Business: Ransomware is always a disaster. Ragnar Locker operators recently threatened additional repercussions to companies that contact law enforcement officials after a successful attack.
Walgreen’s
https://www.vox.com/recode/22623871/walgreens-covid-test-site-data-vulnerabilityExploit: Misconfiguration
Walgreen’s: Drugstore Chain
Risk to Business: 1.336=Extreme
Vox reports that the personal data of patients that had a COVID-19 test at Walgreens was stored incorrectly and exposed to anyone who cared to view it. The data exposure potentially affects millions of people who used Walgreens’ COVID-19 testing services over the course of the pandemic. The exposure came to light after a security expert checked for test results for a family member and noticed the issue. discovered the issues in March after a family member got a COVID-19 test. The vulnerability has been around since at least March 2021 when the expert discovered it, but likely longer
Individual Risk: 1.217=Extreme
Patient personal data exposed include each patient’s name, date of birth, gender identity, phone number, address and email. In some cases, test results are also available.
How It Could Affect Your Business: When a company fails to keep highly sensitive data like this safe, it’s going to give customers and partners pause. It’s also going to cost them a fortune in penalties once regulators get finished with them.
Epik
https://arstechnica.com/information-technology/2021/09/anonymous-leaks-gigabytes-of-data-from-epik-web-host-of-gab-and-parler/Exploit: Hacking
Epik: Webhosting
Risk to Business: 1.227 = Extreme
Legendary hacktivist group Anonymous has struck again, this time claiming to have snatched gigabytes of data from Epik, a domain name, hosting, and DNS service provider for a variety of right-wing sites including Texas GOP, Gab, Parler and 8chan including extremist groups. The hacktivist collective announced in a press release that the data set, which is over 180GB in size, contains a “decade’s worth of data from the company.” It has been released as a torrent. Members of the whistleblower site, Distributed Denial of Secrets (DDoSecrets), have also made the data set available via alternate means. The Ars Technica story on the incident, linked above, is absolutely worth reading and includes the press release as well as other actions by Anonymous in the same vein. The group perpetrated this hack as part of its Operation Jane campaign.
Individual Risk: 1.305 = Extreme
It is unclear to what extent this hack exposed personal information for owners of sites hosted by Epik or other personal or financial data. However, reports from experts who have viewed the data say that it is highly likely that Epik customers and users should expect that their data has been stolen.
How It Could Affect Your Business: Experts who have seen the stolen data contend that Epik was negligent in its storage of PII and passwords, making the hack easier for Anonymous.
Microsoft
https://www.bleepingcomputer.com/news/security/eventbuilder-misconfiguration-exposes-microsoft-event-registrant-data/Exploit: Misconfiguration
Microsoft: Software Developer
Risk to Business: 2.801 = Moderate
The personal information of hundreds of thousands of users of Microsoft’s EventBuilder has been exposed in a misconfiguration snafu. Researchers who discovered the leak say that the data was exposed through an improperly configured Azure blob and was available for an unknown length of time. The mistake was quickly fixed.
Individual Risk: 2.727 = Moderate
Personal data for event registrants including names, email addresses and job titles was exposed in more than one million CSV and JSON files of EventBuilder driven events hosted through Microsoft Teams.
How it Could Affect Your Business: Human error is still the biggest cause of a data breach and this is one mistake goes to show that applies to every business – even the big dogs can fumble once in a while.
France – CMA CGM
https://splash247.com/cma-cgm-hit-by-another-cyber-attack/
Exploit: RansomwareCMA CGM: Maritime Freight Carrier
Risk to Business: 2.819 = Moderate
French container shipping giant CMA CGM has been hit by another cyber-attack. The company was breached about a year ago as well. A spate of attacks against maritime shipping companies has led to breaches at all four of the major players – Maersk, MSC, Cosco and CMA CGM – in the last 12 months. CMA CGM said its IT teams have immediately developed and installed security patches.
Individual Risk: 2.878 = Moderate
The company revealed that customer data had been stolen in this attack including regular customers’ first and last names, employer, position, email addresses and phone numbers.
How it Could Affect Your Business: By land, sea or air, shipping companies have been favored targets of cybercriminals since the start of the pandemic.
Japan – Olympus
https://portswigger.net/daily-swig/olympus-insists-medical-services-uninterrupted-by-malware-attack
Exploit: MalwareOlympus: Medical Technology Developer
Risk to Business: 1.802 = Severe
Japanese medical tech behemoth Olympus has disclosed a cyber-attack that prompted the shutdown of certain IT systems last week. The company announced that it had been hit with “an attempted malware attack affecting parts of our sales and manufacturing networks in EMEA (Europe, Middle East, and Africa).”
Customers Impacted: Unknown
How it Could Affect Your Business: Malware attacks like this are becoming increasingly more common as cybercriminals look at encryption over theft as a quick way to mount a successful attack and score a payday.
United Nations
https://www.infosecurity-magazine.com/news/hackers-steal-data-from-united/
Exploit: Credential CompromiseUnited Nations: Global Intergovernmental Organization
Risk to Business: 1.623 = Severe
Hackers have broken into the computer network of the United Nations and made off with data. The unidentified cybercriminals responsible for the hit appear to have gained access using employee login credentials stolen from a UN employee. Reports say that the bad actors logged into the employee’s Umoja account, the enterprise resource planning system implemented by the UN in 2015. This intrusion took place over an extended period of time. Investigators determined that the UN’s systems were first accessed by hackers on April 5, 2021, and that network intrusions continued to take place until August 7.
Customers Impacted: Unknown
How It Could Affect Your Business: This is a big target that regularly handles and sensitive data. The fact that it took several months to detect an intrusion is worrying.
Texas Right to Life
https://techcrunch.com/2021/09/07/texas-right-to-life-website-exposed-job-applicants-resumes/
Exploit: MisconfigurationDuPage Medical Group: Healthcare Practice
Risk to Business: 2.636 = Moderate
Anti-choice political action group Texas Right to Life is in hot water after it exposed the personal information of hundreds of job applicants on its website. Investigators have blamed a configuration error that allowed anyone to access all applicants’ resumes, which were stored in an unprotected directory. No additional information appears to have been exposed.
Individual Risk: 2.712 = Moderate
Job applicants had names, phone numbers, addresses and details of their employment history exposed, as the data included complete resumes for approximately 300 people..
How It Could Affect Your Business: Sloppy setups are responsible for too any data breaches. Establishing a strong cybersecurity culture combats this problem.
Dotty’s
https://portswigger.net/daily-swig/data-breach-at-us-restaurant-and-gambling-chain-dottys-may-have-leaked-sensitive-customer-informationExploit: Ransomware
Dotty’s: Fast Food Restaurant and Gambling Parlor Chain
Risk to Business: 1.673=Severe
Dotty’s, a fast food chain that offers gambling services across 175 locations, has experienced a cyberattack that severely impacted operations. The chain, owned and operated by Nevada Restaurant Services, announced that malware was discovered on some computer systems that allowed cybercriminals to access and copy customer data including some highly sensitive material.
Individual Risk: 1.673=Severe
The data snatched includes customer names, dates of birth, Social Security numbers, driver’s license or state ID numbers, passport numbers, financial account and/or routing numbers, health insurance information, treatment information, biometric data, medical records, taxpayer identification numbers, and credit card numbers and/or expiration dates. Impacted customers are being informed by mail.
How It Could Affect Your Business: Whe a company fails to keep highly sensitive data like this safe, it’s going to give customers and partners pause.
United Kingdom – McDonald’s
https://www.bleepingcomputer.com/news/security/mcdonalds-leaks-password-for-monopoly-vip-database-to-winners/Exploit: Misconfiguration
McDonald’s: Fast Food Chain
Risk to Business: 1.917 = Severe
The popular “Monopoly” game is back at McDonald’s in the UK, and winners received a surprise when the login names and passwords for the game’s database were made available to all winners. A Misconfiguration caused automated emails that went out to prize winners to contain the relevant usernames and passwords for both the production and staging database servers, allowing anyone to access the information. The missent information also included sensitive back-end info like hostnames for Azure SQL databases.
Customers Impacted: Unknown
How It Could Affect Your Business: Human error will always be the biggest enemy of cybersecurity. Ensure that mistakes like this don’t happen by making sure everone knows that they’re responsible for security and not just the IT team.
Israel – City4U
https://www.jpost.com/israel-news/hacker-claims-to-have-stolen-information-of-7-million-israelis-678905Exploit: Hacking
City4U: Municipal Services Platform
Risk to Business: 1.721 = Severe
Cybercriminals are claiming to have committed an audacious hack that scored them the personal information of around seven million Israelis, approximately 80% of Israel’s population, by hacking into City4U. The website is used by municipalities to allow residents to conduct business like paying utility bills, taxes and fines. The hackers made the claim through a telegram posting, providing samples of the stolen data as proof that included photos of identity cards and financial data.
How it Could Affect Your Business: Human error is still the biggest cause of a data breach and this is one mistake that’s going to cost a fortune by the time GDPR penalties are calculated.
France – France-Visas
https://www.connexionfrance.com/French-news/Personal-details-of-8-700-French-visa-applicants-exposed-by-hackersExploit: Hacking
France-Visas: Government Services Platform
Risk to Business: 1.919 = Severe
A cyber-attack has compromised the data of around 8,700 people applying for visas to visit or move to France via the official government-run France-Visas website. No details of the nationalities affected or other information about the applicants that had information exposed was released, but French officials say that they have been contacted by mail.
Individual Risk: 1.778 = Severe
Applicant PII including names, passport and identity card numbers, nationalities and birth dates was snatched by the hackers. No financial information was exposed. Officials noted a low potential for misuse because of strict GDPR compliance procedures.
Customers Impacted: 8,700
How it Could Affect Your Business: Huge data hauls like this are goldmines for cybercriminals, who can make plenty of cash by selling 2020’s number one desirable resource on the dark web: personal data.
Singapore – MyRepublic
https://www.zdnet.com/article/myrepublic-customers-compromised-in-third-party-data-breach/Exploit: Third Party Breach
MyRepublic: Mobile Carrier
Risk to Business: 1.802 = Severe
Mobile Carrier MyRepublic has announced that 80,000 of its mobile subscribers in Singapore have had their personal data compromised, following a security breach on a third-party data storage platform. The company disclosed that the incident was uncovered on August 29 and the relevant authorities had been informed of the breach, including industry regulator Infocomm Media Development Authority (IMDA) and the country’s Personal Data Protection Commission, which oversees Singapore’s Personal Data Protection Act (PDPA).
Individual Risk: 1.802 = Severe
Cybercriminals were able to access customer records containing PII like the identity verification documents that customers had provided for mobile services registration, including scanned copies of national identity cards and residential addresses of foreign residents.
How it Could Affect Your Business: Third party risk is escalating as business operations become less centralized and more businesses rely on specialty services providers for day-to-day chores.
South Africa – Department of Justice and Constitutional Development
Exploit: RansomwareDepartment of Justice and Constitutional Development: Government Agency
Risk to Business: 1.802 = Severe
A ransomware attack struck the Department of Justice and Constitutional Development of South Africa. According to a department statement, many departments have been impacted, including the issuing of letters of authority, bail services, departmental email and the departmental website. Some services are available through old-fashioned pen and paper and child support payments won’t be delayed. The department announced that its team is working to restore operations. The incident is under investigation, and no word was available at press time on who was responsible for the attack.
How it Could Affect Your Business: Ransomware doesn’t always go after data. Sometimes cybercriminals want to hold the whole business to ransom, impeding operations and notching up embarrassment.
United Nations
https://www.infosecurity-magazine.com/news/hackers-steal-data-from-united/
Exploit: Credential CompromiseUnited Nations: Global Intergovernmental Organization
Risk to Business: 1.623 = Severe
Hackers have broken into the computer network of the United Nations and made off with data. The unidentified cybercriminals responsible for the hit appear to have gained access using employee login credentials stolen from a UN employee. Reports say that the bad actors logged into the employee’s Umoja account, the enterprise resource planning system implemented by the UN in 2015. This intrusion took place over an extended period of time. Investigators determined that the UN’s systems were first accessed by hackers on April 5, 2021, and that network intrusions continued to take place until August 7.
Customers Impacted: Unknown
How It Could Affect Your Business: This is a big target that regularly handles and sensitive data. The fact that it took several months to detect an intrusion is worrying.
Texas Right to Life
https://techcrunch.com/2021/09/07/texas-right-to-life-website-exposed-job-applicants-resumes/
Exploit: MisconfigurationDuPage Medical Group: Healthcare Practice
Risk to Business: 2.636 = Moderate
Anti-choice political action group Texas Right to Life is in hot water after it exposed the personal information of hundreds of job applicants on its website. Investigators have blamed a configuration error that allowed anyone to access all applicants’ resumes, which were stored in an unprotected directory. No additional information appears to have been exposed.
Individual Risk: 2.712 = Moderate
Job applicants had names, phone numbers, addresses and details of their employment history exposed, as the data included complete resumes for approximately 300 people..
How It Could Affect Your Business: Sloppy setups are responsible for too any data breaches. Establishing a strong cybersecurity culture combats this problem.
Dotty’s
https://portswigger.net/daily-swig/data-breach-at-us-restaurant-and-gambling-chain-dottys-may-have-leaked-sensitive-customer-informationExploit: Ransomware
Dotty’s: Fast Food Restaurant and Gambling Parlor Chain
Risk to Business: 1.673=Severe
Dotty’s, a fast food chain that offers gambling services across 175 locations, has experienced a cyberattack that severely impacted operations. The chain, owned and operated by Nevada Restaurant Services, announced that malware was discovered on some computer systems that allowed cybercriminals to access and copy customer data including some highly sensitive material.
Individual Risk: 1.673=Severe
The data snatched includes customer names, dates of birth, Social Security numbers, driver’s license or state ID numbers, passport numbers, financial account and/or routing numbers, health insurance information, treatment information, biometric data, medical records, taxpayer identification numbers, and credit card numbers and/or expiration dates. Impacted customers are being informed by mail.
How It Could Affect Your Business: Whe a company fails to keep highly sensitive data like this safe, it’s going to give customers and partners pause.
United Kingdom – McDonald’s
https://www.bleepingcomputer.com/news/security/mcdonalds-leaks-password-for-monopoly-vip-database-to-winners/Exploit: Misconfiguration
McDonald’s: Fast Food Chain
Risk to Business: 1.917 = Severe
The popular “Monopoly” game is back at McDonald’s in the UK, and winners received a surprise when the login names and passwords for the game’s database were made available to all winners. A Misconfiguration caused automated emails that went out to prize winners to contain the relevant usernames and passwords for both the production and staging database servers, allowing anyone to access the information. The missent information also included sensitive back-end info like hostnames for Azure SQL databases.
Customers Impacted: Unknown
How It Could Affect Your Business: Human error will always be the biggest enemy of cybersecurity. Ensure that mistakes like this don’t happen by making sure everone knows that they’re responsible for security and not just the IT team.
Israel – City4U
https://www.jpost.com/israel-news/hacker-claims-to-have-stolen-information-of-7-million-israelis-678905Exploit: Hacking
City4U: Municipal Services Platform
Risk to Business: 1.721 = Severe
Cybercriminals are claiming to have committed an audacious hack that scored them the personal information of around seven million Israelis, approximately 80% of Israel’s population, by hacking into City4U. The website is used by municipalities to allow residents to conduct business like paying utility bills, taxes and fines. The hackers made the claim through a telegram posting, providing samples of the stolen data as proof that included photos of identity cards and financial data.
How it Could Affect Your Business: Human error is still the biggest cause of a data breach and this is one mistake that’s going to cost a fortune by the time GDPR penalties are calculated.
France – France-Visas
https://www.connexionfrance.com/French-news/Personal-details-of-8-700-French-visa-applicants-exposed-by-hackersExploit: Hacking
France-Visas: Government Services Platform
Risk to Business: 1.919 = Severe
A cyber-attack has compromised the data of around 8,700 people applying for visas to visit or move to France via the official government-run France-Visas website. No details of the nationalities affected or other information about the applicants that had information exposed was released, but French officials say that they have been contacted by mail.
Individual Risk: 1.778 = Severe
Applicant PII including names, passport and identity card numbers, nationalities and birth dates was snatched by the hackers. No financial information was exposed. Officials noted a low potential for misuse because of strict GDPR compliance procedures.
Customers Impacted: 8,700
How it Could Affect Your Business: Huge data hauls like this are goldmines for cybercriminals, who can make plenty of cash by selling 2020’s number one desirable resource on the dark web: personal data.
Singapore – MyRepublic
https://www.zdnet.com/article/myrepublic-customers-compromised-in-third-party-data-breach/Exploit: Third Party Breach
MyRepublic: Mobile Carrier
Risk to Business: 1.802 = Severe
Mobile Carrier MyRepublic has announced that 80,000 of its mobile subscribers in Singapore have had their personal data compromised, following a security breach on a third-party data storage platform. The company disclosed that the incident was uncovered on August 29 and the relevant authorities had been informed of the breach, including industry regulator Infocomm Media Development Authority (IMDA) and the country’s Personal Data Protection Commission, which oversees Singapore’s Personal Data Protection Act (PDPA).
Individual Risk: 1.802 = Severe
Cybercriminals were able to access customer records containing PII like the identity verification documents that customers had provided for mobile services registration, including scanned copies of national identity cards and residential addresses of foreign residents.
How it Could Affect Your Business: Third party risk is escalating as business operations become less centralized and more businesses rely on specialty services providers for day-to-day chores.
South Africa – Department of Justice and Constitutional Development
Exploit: RansomwareDepartment of Justice and Constitutional Development: Government Agency
Risk to Business: 1.802 = Severe
A ransomware attack struck the Department of Justice and Constitutional Development of South Africa. According to a department statement, many departments have been impacted, including the issuing of letters of authority, bail services, departmental email and the departmental website. Some services are available through old-fashioned pen and paper and child support payments won’t be delayed. The department announced that its team is working to restore operations. The incident is under investigation, and no word was available at press time on who was responsible for the attack.
How it Could Affect Your Business: Ransomware doesn’t always go after data. Sometimes cybercriminals want to hold the whole business to ransom, impeding operations and notching up embarrassment.
Pacific City Bank
Exploit: Ransomware
Pacific City Bank: Financial Institution
Risk to Business: 1.623 = Severe
Pacific City Bank, a California-based bank that focuses on the Korean-American community, was rocked by ransomware. The bank was hit by the AVOS Locker ransomware gang last week. On Saturday, September 4, 2021, the ransomware gang added the bank to its leak site and published some screenshots as proof of the hack including a ZIP archive that contains a series of documents allegedly stolen from the bank. The incident is under investigation.
Individual Impact: No information was available at press time to say if employee, customer or consumer financial details or PII was compromised in this incident but since it is a bank that’s highly likely.
Customers Impacted: Unknown
How It Could Affect Your Business: Ransomware gangs have been hungry for financial industry data and they’ve been stepping up attacks against targets that have it, especially small-time players that tend to have weak security.
DuPage Medical Group
Exploit: Hacking
DuPage Medical Group: Healthcare Practice
Risk to Business: 1.636 = Severe
DuPage Medical Group is notifying 600,000 patients that their personal information may have been compromised during a July cyberattack. The largest independent physician group in Illinois experienced a computer and phone outage that lasted nearly a week in mid-July. Investigators determined that the incident was caused by unauthorized actors who accessed its network between July 12 and July 13.
Individual Risk: 1.866 = Severe
The investigators determined that files containing patient information including names, addresses, dates of birth, diagnosis codes, codes identifying medical procedures and treatment dates may have been exposed. For a small number of people, Social Security numbers may have been compromised.
Customers Impacted: 600,000 patients
How It Could Affect Your Business: Exposed medical data isn’t just a disaster upfront. Big penalties from state and federal regulators can cause damage that’s hard to recover from.
Career Group, Inc.
https://www.securityweek.com/recruiting-firm-apparently-pays-ransom-after-being-targeted-hackers
Exploit: Ransomware
Career Group, Inc.: Staffing Company
Risk to Business: 1.673=Severe
California-based staffing service Career Group, Inc. Experienced a data breach, between June 28 and July 7. In the company’s letter to regulators, it stated that it had received assurances from the cybercriminals involved that its data would be deleted, indicating a probable ransomware incident.
Individual Risk: 1.673=Severe
The company noted in a letter to the Maine Attorney General’s Office the fact that the stolen data included PII from applicants and placements including Social Security numbers, but no further details were available at press time.
Customers Impacted: 49,476
How It Could Affect Your Customers’ Business Staffing services are a goldmine for cybercriminals because they offer the opportunity to quickly score a large amount of desirable financial data and PII.
Howard University
https://wjla.com/news/local/howard-university-investigates-alleged-ransomware-attack
Exploit: Ransomware
Howard University: Institution of Higher Learning
Risk to Business: 1.917 = Severe
Howard University announced that they are investigating a ransomware attack. The incident disrupted online classes for several days. In person instruction was unaffected. The school’s Enterprise Technology Services (ETS) intentionally shut down the university’s network to investigate. So far, investigators have not found that any personal data on staff or students has been stolen.
Individual Impact: No information was available at press time about the types of data that was stolen if any.
Customers Impacted: Unknown
How It Could Affect Your Business: Schools of every size have been prime targets for cybercriminals since the beginning of the pandemic, and that pressure is not relenting.
France – Francetest
Exploit: Misconfiguration
Francetest: COVID-19 Test & Trace Platform
Risk to Business: 1.721 = Severe
A misconfiguration in an online platform used to transfer data from antigen tests carried out at pharmacies to the government platform SI-DEP has made hundreds of thousands of COVID-19 test results public, along with the PII of the patients who took them. In a particularly interesting detail of this story, the misconfiguration was discovered when a patient with IT expertise discovered that the open-source content management system WordPress was being used to manage sensitive data. She could access files containing other patients’ information via the URL tree and even create an account without being a pharmacist.
Individual Risk: 1.761 = Severe
Exposed data included patients’ full names, genders, dates of birth, social security numbers, contact details (including email address, telephone number and postal address) and test results including COVID-19 status.
Customers Impacted: 700,000
How it Could Affect Your Business: Human error is still the biggest cause of a data breach and this is one mistake that’s going to cost a fortune by the time GDPR penalties are calculated.
France – France-Visas
Exploit: Hacking
France-Visas: Government Services Platform
Risk to Business: 1.919 = Severe
A cyber-attack has compromised the data of around 8,700 people applying for visas to visit or move to France via the official government-run France-Visas website. No details of the nationalities affected or other information about the applicants that had information exposed was released, but French officials say that they have been contacted by mail.
Individual Risk: 1.778 = Severe
Applicant PII including names, passport and identity card numbers, nationalities and birth dates was snatched by the hackers. No financial information was exposed. Officials noted a low potential for misuse because of strict GDPR compliance procedures.
Customers Impacted: 8,700
How it Could Affect Your Business: Their compliance may be stringent, but their security is lacking, and that’s going to cost a pretty penny when penalties are handed down from GDPR regulators.
Japan – Fujitsu
https://www.zdnet.com/article/fujitsu-says-stolen-data-being-sold-on-dark-web-related-to-customers/
Exploit: Hacking
Fujitsu: Information Technology
Risk to Business: 1.802 = Severe
Data from Japanese tech giant Fujitsu is being sold on the dark web. The type of data available is unclear, but the cybercriminals responsible for the hack claim to have 4GB of company data to offload. In their announcement, the cybercriminals provided samples of the data and claimed they had confidential customer information, company data, budget data, reports and other company documents, including project information.
Individual Impact: No information was available at press time to say if employee, customer or consumer financial details or PII was compromised in this incident
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware is the weapon of choice for both run-of-the-mill cybercriminals and nation-state threat actors. Every business needs to be ready for it.
Indonesia – electronic Health Alert Card
Exploit: Misconfiguration
electronic Health Alert Card (eHAC): COVID-19 Test & Trace Platform
Risk to Business: 1.802 = Severe
A storage snafu has exposed a big pool of personal data from Indonesia’s test and trace tool electronic Health Alert Card (eHAC). Researchers discovered that an unsecured Elasticsearch database was being used to store over 1.4 million records from approximately 1.3 million eHAC users. Both foreigners and Indonesian citizens must download the app, even those traveling domestically within the country and it contains data personal data for travelers including a person’s health status, personal information, contact information, COVID-19 test results and other information.
Individual Risk: 1.5882 = Severe
The data involved in the leak includes user IDs including passports and national Indonesian ID numbers, COVID-19 test results and data, hospital IDs, addresses, phone numbers, URN ID numbers and URN hospital ID numbers. For Indonesians, their full names, numbers, dates of birth, citizenship, jobs and photos were included in the leaked data. Private information about Indonesian hospitals and government officials who used the app was also exposed.
How it Could Affect Your Business: A misconfiguration of this scale is embarrassing and demonstrates a slapdash security system that won’t fill users with confidence.
Pacific City Bank
Exploit: Ransomware
Pacific City Bank: Financial Institution
Risk to Business: 1.623 = Severe
Pacific City Bank, a California-based bank that focuses on the Korean-American community, was rocked by ransomware. The bank was hit by the AVOS Locker ransomware gang last week. On Saturday, September 4, 2021, the ransomware gang added the bank to its leak site and published some screenshots as proof of the hack including a ZIP archive that contains a series of documents allegedly stolen from the bank. The incident is under investigation.
Individual Impact: No information was available at press time to say if employee, customer or consumer financial details or PII was compromised in this incident but since it is a bank that’s highly likely.
Customers Impacted: Unknown
How It Could Affect Your Business: Ransomware gangs have been hungry for financial industry data and they’ve been stepping up attacks against targets that have it, especially small-time players that tend to have weak security.
DuPage Medical Group
Exploit: Hacking
DuPage Medical Group: Healthcare Practice
Risk to Business: 1.636 = Severe
DuPage Medical Group is notifying 600,000 patients that their personal information may have been compromised during a July cyberattack. The largest independent physician group in Illinois experienced a computer and phone outage that lasted nearly a week in mid-July. Investigators determined that the incident was caused by unauthorized actors who accessed its network between July 12 and July 13.
Individual Risk: 1.866 = Severe
The investigators determined that files containing patient information including names, addresses, dates of birth, diagnosis codes, codes identifying medical procedures and treatment dates may have been exposed. For a small number of people, Social Security numbers may have been compromised.
Customers Impacted: 600,000 patients
How It Could Affect Your Business: Exposed medical data isn’t just a disaster upfront. Big penalties from state and federal regulators can cause damage that’s hard to recover from.
Career Group, Inc.
https://www.securityweek.com/recruiting-firm-apparently-pays-ransom-after-being-targeted-hackers
Exploit: Ransomware
Career Group, Inc.: Staffing Company
Risk to Business: 1.673=Severe
California-based staffing service Career Group, Inc. Experienced a data breach, between June 28 and July 7. In the company’s letter to regulators, it stated that it had received assurances from the cybercriminals involved that its data would be deleted, indicating a probable ransomware incident.
Individual Risk: 1.673=Severe
The company noted in a letter to the Maine Attorney General’s Office the fact that the stolen data included PII from applicants and placements including Social Security numbers, but no further details were available at press time.
Customers Impacted: 49,476
How It Could Affect Your Customers’ Business Staffing services are a goldmine for cybercriminals because they offer the opportunity to quickly score a large amount of desirable financial data and PII.
Howard University
https://wjla.com/news/local/howard-university-investigates-alleged-ransomware-attack
Exploit: Ransomware
Howard University: Institution of Higher Learning
Risk to Business: 1.917 = Severe
Howard University announced that they are investigating a ransomware attack. The incident disrupted online classes for several days. In person instruction was unaffected. The school’s Enterprise Technology Services (ETS) intentionally shut down the university’s network to investigate. So far, investigators have not found that any personal data on staff or students has been stolen.
Individual Impact: No information was available at press time about the types of data that was stolen if any.
Customers Impacted: Unknown
How It Could Affect Your Business: Schools of every size have been prime targets for cybercriminals since the beginning of the pandemic, and that pressure is not relenting.
France – Francetest
Exploit: Misconfiguration
Francetest: COVID-19 Test & Trace Platform
Risk to Business: 1.721 = Severe
A misconfiguration in an online platform used to transfer data from antigen tests carried out at pharmacies to the government platform SI-DEP has made hundreds of thousands of COVID-19 test results public, along with the PII of the patients who took them. In a particularly interesting detail of this story, the misconfiguration was discovered when a patient with IT expertise discovered that the open-source content management system WordPress was being used to manage sensitive data. She could access files containing other patients’ information via the URL tree and even create an account without being a pharmacist.
Individual Risk: 1.761 = Severe
Exposed data included patients’ full names, genders, dates of birth, social security numbers, contact details (including email address, telephone number and postal address) and test results including COVID-19 status.
Customers Impacted: 700,000
How it Could Affect Your Business: Human error is still the biggest cause of a data breach and this is one mistake that’s going to cost a fortune by the time GDPR penalties are calculated.
France – France-Visas
Exploit: Hacking
France-Visas: Government Services Platform
Risk to Business: 1.919 = Severe
A cyber-attack has compromised the data of around 8,700 people applying for visas to visit or move to France via the official government-run France-Visas website. No details of the nationalities affected or other information about the applicants that had information exposed was released, but French officials say that they have been contacted by mail.
Individual Risk: 1.778 = Severe
Applicant PII including names, passport and identity card numbers, nationalities and birth dates was snatched by the hackers. No financial information was exposed. Officials noted a low potential for misuse because of strict GDPR compliance procedures.
Customers Impacted: 8,700
How it Could Affect Your Business: Their compliance may be stringent, but their security is lacking, and that’s going to cost a pretty penny when penalties are handed down from GDPR regulators.
Japan – Fujitsu
https://www.zdnet.com/article/fujitsu-says-stolen-data-being-sold-on-dark-web-related-to-customers/
Exploit: Hacking
Fujitsu: Information Technology
Risk to Business: 1.802 = Severe
Data from Japanese tech giant Fujitsu is being sold on the dark web. The type of data available is unclear, but the cybercriminals responsible for the hack claim to have 4GB of company data to offload. In their announcement, the cybercriminals provided samples of the data and claimed they had confidential customer information, company data, budget data, reports and other company documents, including project information.
Individual Impact: No information was available at press time to say if employee, customer or consumer financial details or PII was compromised in this incident
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware is the weapon of choice for both run-of-the-mill cybercriminals and nation-state threat actors. Every business needs to be ready for it.
Indonesia – electronic Health Alert Card
Exploit: Misconfiguration
electronic Health Alert Card (eHAC): COVID-19 Test & Trace Platform
Risk to Business: 1.802 = Severe
A storage snafu has exposed a big pool of personal data from Indonesia’s test and trace tool electronic Health Alert Card (eHAC). Researchers discovered that an unsecured Elasticsearch database was being used to store over 1.4 million records from approximately 1.3 million eHAC users. Both foreigners and Indonesian citizens must download the app, even those traveling domestically within the country and it contains data personal data for travelers including a person’s health status, personal information, contact information, COVID-19 test results and other information.
Individual Risk: 1.5882 = Severe
The data involved in the leak includes user IDs including passports and national Indonesian ID numbers, COVID-19 test results and data, hospital IDs, addresses, phone numbers, URN ID numbers and URN hospital ID numbers. For Indonesians, their full names, numbers, dates of birth, citizenship, jobs and photos were included in the leaked data. Private information about Indonesian hospitals and government officials who used the app was also exposed.
How it Could Affect Your Business: A misconfiguration of this scale is embarrassing and demonstrates a slapdash security system that won’t fill users with confidence.
SAC Wireless
https://www.bleepingcomputer.com/news/security/nokia-subsidiary-discloses-data-breach-after-conti-ransomware-attack/Exploit: Ransomware
SAC Wireless: Mobile Network Services
Risk to Business: 1.486 = Extreme
AC Wireless, a US-based Nokia subsidiary, has disclosed a data breach following a ransomware attack attributed to the Conti ransomware gang. The company disclosed that personal information belonging to current and former employees (and their health plans’ dependents
or beneficiaries) was also stolen during the ransomware attack. Conti ransomware gang revealed on their leak site that they stole over 250 GB of data. The investigation and remediation is ongoing.
Individual Risk : 1.311 = Extreme
SAC Wireless has announced that they believe that the stolen files contain the following categories of personal info about current and former employees: name, date of birth, contact information (such as home address, email, and phone), government ID numbers (such as driver’s license, passport, or military ID), social security number, citizenship status, work information (such as title, salary, and evaluations), medical history, health insurance policy information, license plate numbers, digital signatures, certificates of marriage or birth, tax return information, and dependent/beneficiary names.
How It Could Affect Your Business: Ransomware gangs are increasingly targeting the partners of major companies to find security flaws that enable them to gain valuable access or information that can then be translated into action against the major target.
Boston Public Library (BPL)
https://www.bleepingcomputer.com/news/security/boston-public-library-discloses-cyberattack-system-wide-technical-outage/Exploit: Ransomware
Boston Public Library (BPL): Library System
Risk to Business: 2.336 = Severe
The Boston Public Library (BPL) has disclosed that its network was hit by a cyberattack leading to a system-wide technical outage. BPL serves almost 4 million visitors per year through its central library and twenty-five neighborhood branches, as well as millions more online. The library experienced a significant system outage and as well as disruption of its online library services. Branch It has been restored and online services are slowly being recovered.
Customers Impacted: 4 million
How It Could Affect Your Business: Government and government-adjacent municipal targets have been especially under the gun recently as cybercriminals seek easy routes to gaining big scores of personal data from targets with historically poor security.
Envision Credit Union
https://www.tallahassee.com/story/money/2021/08/26/envision-credit-union-taking-steps-after-possible-cyber-attack-lockbit/8254377002/Exploit: Ransomware
Envision Credit Union: Bank
Risk to Business: 1.673=Severe
The LockBit 2.0 ransomware group has threatened to publish stolen data of its newest target, Envision Credit Union in Florida, on August 30. Envision Credit Union disclosed to the media that recently began “experiencing technical difficulties on certain systems” after the LockBit announcement went up on the gang’s leak site. An investifation is ongoing and the bank has not yet disclosed exactly what (if any) data was stolen.
Customers Impacted: Unknown
How It Could Affect Your Business: Financial services and fintec organizations have been a prime target for hackers recently, and regulators have not been shy about raising the alarm.
Atlanta Allergy & Asthma
https://www.newsweek.com/hacker-steals-74-million-cryptocurrencies-including-bitcoin-ethereum-1620892Exploit: Hacking
Liquid: Cryptocurrency Exchange
Risk to Business: 1.917 = Severe
Atlanta Allergy & Asthma (AAA), the largest allergy treatment healthcare business in the region, is notifying 9,800 patients that they experienced a data breach that involved protected health information. Bloggers spotted the data on the dark web, where it had been posted by the Nefilim ransomware group, also known as Nempty. The gang nabbed 2.5 GB of data consisting of 597 files with PHI.
Individual Risk: 1.835 = Severe
The data seen by researchers includes what appears to be thousands of records for patients. The files are not just current or recent billing-related files but also included spreadsheets organized by type of health insurance, records on outstanding claims from 2017 and 2018 and more than 100 audits including a multi-page detailed review of a patient’s case.
How It Could Affect Your Business: Medical data is a big revenue driver for cybercriminals but it is an even bigger revenue disaster for the medical practices that lose it to cybercrime.
Germany – Puma
https://securityaffairs.co/wordpress/121617/cyber-crime/puma-available-marketo.html
Exploit: HackingPuma: Sportswear Brand
Risk to Business: 1.721 = Severe
Threat actors claim to have stolen data from German sportswear giant Puma. The cybercriminals announced the score in a post on a message board at the rising dark web marketplace Marketo claims to have about 1GB of data stolen from the company. Published samples contain the source code of internal management applications potentially linked to the company’s Product Management Portal.
Customers Impacted: Unknown
How it Could Affect Your Business: Hackers are hungry for data to turn for a quick profit in the booming dark web data markets. Reports note there are more than 150 bids on this little cache already.
Thailand – Bangkok Airways
https://www.zdnet.com/article/bangkok-airways-apologizes-for-passport-info-breach-as-lockbit-ransomware-group-threatens-release-of-more-data/Exploit: Ransomware
Bangkok Airways: Airline
Risk to Business: 1.802 = Severe
Bangkok Airways has announced that it has experienced a “cybersecurity attack which resulted in unauthorized and unlawful access to its information system”. There’s no word from the company about how many customers were involved in the breach or what timeframe the data came from, but they were quick to assure customers that no operations or aeronautics systems or data was impacted.
Individual Risk: 1.761 = Severe
The company said in a statement that their initial an investigation revealed that the names, nationalities, genders, phone numbers, emails, addresses, contact information, passport information, historical travel information, partial credit card information and special meal information for passengers of the airline were accessed by the hackers.
How it Could Affect Your Business: Ransomware is the weapon of choice for both run-of-the-mill cybercriminals and nation-state threat actors. Every business needs to be ready for it.
SAC Wireless
https://www.bleepingcomputer.com/news/security/nokia-subsidiary-discloses-data-breach-after-conti-ransomware-attack/Exploit: Ransomware
SAC Wireless: Mobile Network Services
Risk to Business: 1.486 = Extreme
AC Wireless, a US-based Nokia subsidiary, has disclosed a data breach following a ransomware attack attributed to the Conti ransomware gang. The company disclosed that personal information belonging to current and former employees (and their health plans’ dependents
or beneficiaries) was also stolen during the ransomware attack. Conti ransomware gang revealed on their leak site that they stole over 250 GB of data. The investigation and remediation is ongoing.
Individual Risk : 1.311 = Extreme
SAC Wireless has announced that they believe that the stolen files contain the following categories of personal info about current and former employees: name, date of birth, contact information (such as home address, email, and phone), government ID numbers (such as driver’s license, passport, or military ID), social security number, citizenship status, work information (such as title, salary, and evaluations), medical history, health insurance policy information, license plate numbers, digital signatures, certificates of marriage or birth, tax return information, and dependent/beneficiary names.
How It Could Affect Your Business: Ransomware gangs are increasingly targeting the partners of major companies to find security flaws that enable them to gain valuable access or information that can then be translated into action against the major target.
Boston Public Library (BPL)
https://www.bleepingcomputer.com/news/security/boston-public-library-discloses-cyberattack-system-wide-technical-outage/Exploit: Ransomware
Boston Public Library (BPL): Library System
Risk to Business: 2.336 = Severe
The Boston Public Library (BPL) has disclosed that its network was hit by a cyberattack leading to a system-wide technical outage. BPL serves almost 4 million visitors per year through its central library and twenty-five neighborhood branches, as well as millions more online. The library experienced a significant system outage and as well as disruption of its online library services. Branch It has been restored and online services are slowly being recovered.
Customers Impacted: 4 million
How It Could Affect Your Business: Government and government-adjacent municipal targets have been especially under the gun recently as cybercriminals seek easy routes to gaining big scores of personal data from targets with historically poor security.
Envision Credit Union
https://www.tallahassee.com/story/money/2021/08/26/envision-credit-union-taking-steps-after-possible-cyber-attack-lockbit/8254377002/Exploit: Ransomware
Envision Credit Union: Bank
Risk to Business: 1.673=Severe
The LockBit 2.0 ransomware group has threatened to publish stolen data of its newest target, Envision Credit Union in Florida, on August 30. Envision Credit Union disclosed to the media that recently began “experiencing technical difficulties on certain systems” after the LockBit announcement went up on the gang’s leak site. An investifation is ongoing and the bank has not yet disclosed exactly what (if any) data was stolen.
Customers Impacted: Unknown
How It Could Affect Your Business: Financial services and fintec organizations have been a prime target for hackers recently, and regulators have not been shy about raising the alarm.
Atlanta Allergy & Asthma
https://www.newsweek.com/hacker-steals-74-million-cryptocurrencies-including-bitcoin-ethereum-1620892Exploit: Hacking
Liquid: Cryptocurrency Exchange
Risk to Business: 1.917 = Severe
Atlanta Allergy & Asthma (AAA), the largest allergy treatment healthcare business in the region, is notifying 9,800 patients that they experienced a data breach that involved protected health information. Bloggers spotted the data on the dark web, where it had been posted by the Nefilim ransomware group, also known as Nempty. The gang nabbed 2.5 GB of data consisting of 597 files with PHI.
Individual Risk: 1.835 = Severe
The data seen by researchers includes what appears to be thousands of records for patients. The files are not just current or recent billing-related files but also included spreadsheets organized by type of health insurance, records on outstanding claims from 2017 and 2018 and more than 100 audits including a multi-page detailed review of a patient’s case.
How It Could Affect Your Business: Medical data is a big revenue driver for cybercriminals but it is an even bigger revenue disaster for the medical practices that lose it to cybercrime.
Germany – Puma
https://securityaffairs.co/wordpress/121617/cyber-crime/puma-available-marketo.html
Exploit: HackingPuma: Sportswear Brand
Risk to Business: 1.721 = Severe
Threat actors claim to have stolen data from German sportswear giant Puma. The cybercriminals announced the score in a post on a message board at the rising dark web marketplace Marketo claims to have about 1GB of data stolen from the company. Published samples contain the source code of internal management applications potentially linked to the company’s Product Management Portal.
Customers Impacted: Unknown
How it Could Affect Your Business: Hackers are hungry for data to turn for a quick profit in the booming dark web data markets. Reports note there are more than 150 bids on this little cache already.
Thailand – Bangkok Airways
https://www.zdnet.com/article/bangkok-airways-apologizes-for-passport-info-breach-as-lockbit-ransomware-group-threatens-release-of-more-data/Exploit: Ransomware
Bangkok Airways: Airline
Risk to Business: 1.802 = Severe
Bangkok Airways has announced that it has experienced a “cybersecurity attack which resulted in unauthorized and unlawful access to its information system”. There’s no word from the company about how many customers were involved in the breach or what timeframe the data came from, but they were quick to assure customers that no operations or aeronautics systems or data was impacted.
Individual Risk: 1.761 = Severe
The company said in a statement that their initial an investigation revealed that the names, nationalities, genders, phone numbers, emails, addresses, contact information, passport information, historical travel information, partial credit card information and special meal information for passengers of the airline were accessed by the hackers.
How it Could Affect Your Business: Ransomware is the weapon of choice for both run-of-the-mill cybercriminals and nation-state threat actors. Every business needs to be ready for it.
AT&T
https://cybernews.com/news/att-database-of-70-million-users-sold-on-hacker-forum/Exploit: Hacking
AT&T: Communications Conglomerate
Risk to Business: 1.422 = Extreme
A bit of drama has arisen around what appears to be a data breach at telecom giant AT&T. What’s not in dispute is that 70 million records that allegedly belong to AT&T made their debut on the dark web market this week courtesy of ShinyHunters. The hackers contend that this treasure trove is fresh data obtained from AT&T through their ingenuity. AT&T contends that no breach happened and that this data was obtained from an unnamed third-party source. ShinyHunters’ reputation precedes them; they are the cybercriminals responsible for well-known data thefts at Microsoft, Tokopedia, Mashable, Pluto TV and a host of other targets, lending credence to their claims. The controversy was not resolved at press time.
Customers Impacted: Unknown
How It Could Affect Your Business: Maintaining strong security in every nook and cranny of your client’s business is vital to protecting them from increasingly sophisticated hacking threats.
Indiana Department of Health
https://www.wowo.com/personal-data-of-nearly-750000-hoosiers-accessed-improperly/
Exploit: MisconfigurationIndiana Department of Health: State Agency
Risk to Business: 1.723 = Severe
The Indiana Department of Health has disclosed that data from the state’s COVID-19 online contact tracing survey was improperly accessed in a database misconfiguration incident after a company looking to form a security-based business relationship with the agency accessed it and informed the Department of the mistake. The agency and the company involved signed an agreement noting that the data had not been copied or downloaded. The misconfiguration issue has been corrected according to the agency.
Risk to Individual: 1.571 = Severe
The data included the name, address, email, gender, ethnicity and race, and birthday of nearly 750,000 Hoosiers, according to IDOH. The agency will send letters notifying those affected by the breach and extend an offer for one year of free credit monitoring with Experian.
How It Could Affect Your Business: Government targets have been especially under the gun recently as cybercriminals seek easy routes to gaining big scores of personal data from targets with historically poor security.
St. Joseph’s/Candler Health System
https://portswigger.net/daily-swig/us-healthcare-org-sends-data-breach-warning-to-1-4m-patients-following-ransomware-attackExploit: Ransomware
St. Joseph’s/Candler(SJ/C): Health System
Risk to Business: 1.673=Severe
St. Joseph’s/Candler, a major Georgia healthcare network, has admitted that it has suffered a data breach as part of a ransomware incident that it just uncovered. The system’s IT staff first detected the breach on June 17, but the intrusion occurred as early as December 20, 2020. The cybercriminals launched ransomware from this break-in. The hospital system also disclosed that it had been forced to use pencil and per recordkeeping briefly after it became unable to access its systems or data. That has since been resolved and IT systems restored. The incident is still under investigation.
Individual Risk: 1.811=Severe
The stolen data includes extensive patient records including each patient’s name, address, date of birth, Social Security number, driver’s license number, patient account number, billing account number and assorted other financial information. It also includes their health insurance plan member ID, medical record number, dates of service, provider names and information about the medical and clinical treatment they’ve received from SJ/C. Impacted patients will be notified by mail and offered free credit monitoring and identity protection services.
How It Could Affect Your Business: It shouldn’t take that long to detect an intrusion, especially since healthcare targets have been increasingly endangered for the last year. That speaks to poor cybersecurity hygiene.
Japan – Liquid
https://www.newsweek.com/hacker-steals-74-million-cryptocurrencies-including-bitcoin-ethereum-1620892Exploit: Hacking
Liquid: Cryptocurrency Exchange
Risk to Business: 1.505 = Extreme
Japanese crypto exchange Liquid was sacked by hackers this week resulting in the theft of a reported $74 million worth of cryptocurrency. The stolen assets include chunks of Bitcoin, Ethereum and others being stolen. The firm said the attack targeted its multiparty computation (MPC) system of custody. Liquid also noted that it is moving assets that were not affected into more secure “cold wallet” storage while suspending deposits and withdrawals.
How It Could Affect Your Business: Infrastructure targets are increasingly under fire by cybercriminals because of the historically poor security and rich payouts.
Japan – Tokio Marine Holdings
https://www.cyberscoop.com/tokio-marine-ryan-specialty-group-ransomware-cyber-insurance/
Exploit: RansomwareTokio Marine Holdings: Insurer
Risk to Business: 1.721 = Severe
Japan’s largest property and casualty company, Tokio Marine Holdings, was struck by ransomware at its Singapore branch. The insurer, which has a U.S. division and offers a cyber insurance product, said it did not have any immediate indication that any customer information was accessed. Tokio Marine was able to isolate the affected network and notified local law enforcement. Investigators from an outside vendor are working to determine the scope of the damage.
Customers Impacted: Unknown
How it Could Affect Your Business: Insurers have recently been choice targets for cybercriminals, especially after the announcement by insurers like AXA that they will no longer pay out claims for ransoms
Brazil – Lojas Renner
https://therecord.media/ransomware-hits-lojas-renner-brazils-largest-clothing-store-chain/Exploit: Ransomware
Lojas Renner: Fashion Retailer
Risk to Business: 1.663 = Severe
Lojas Renner, Brazilian biggest fashion retail chain, has been struck by a ransomware attack that impacted its IT infrastructure and resulted in the unavailability of some of its systems, including online shopping. Reports claim that the deed was done by RansomExx and it may be related to an incident at a Brazilian IT services provider and that Renner paid the hackers $20 million in ransom.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware is the weapon of choice for both run-of-the-mill cybercriminals and nation-state threat actors. Every business needs to be ready for it.
Brazil – National Treasury (Tesouro Nacional Brasil)
https://www.teiss.co.uk/brazil-national-treasury-ransomware-attack/
Exploit: HackingNational Treasury (Tesouro Nacional Brasil): National Government Agency
Risk to Business: 1.671 = Severe
The Brazilian government has confirmed that the National Treasury (Tesouro Nacional Brasil) fell victim to a ransomware attack on August 13. The extent of the damage is unclear and operations in the department were quickly restored. Government officials were quick to assure investors that the cyberattack did not affect the operations of Tesouro Direto, which enables the purchase of Brazilian government bonds. The incident is not suspected to be the work of nation-state threat actors.
How it Could Affect Your Business: Ransomware is a popular tool to use against government targets because it’s an easy way for cybercriminals to create disruptions that may produce ransoms more easily.
AT&T
https://cybernews.com/news/att-database-of-70-million-users-sold-on-hacker-forum/Exploit: Hacking
AT&T: Communications Conglomerate
Risk to Business: 1.422 = Extreme
A bit of drama has arisen around what appears to be a data breach at telecom giant AT&T. What’s not in dispute is that 70 million records that allegedly belong to AT&T made their debut on the dark web market this week courtesy of ShinyHunters. The hackers contend that this treasure trove is fresh data obtained from AT&T through their ingenuity. AT&T contends that no breach happened and that this data was obtained from an unnamed third-party source. ShinyHunters’ reputation precedes them; they are the cybercriminals responsible for well-known data thefts at Microsoft, Tokopedia, Mashable, Pluto TV and a host of other targets, lending credence to their claims. The controversy was not resolved at press time.
Customers Impacted: Unknown
How It Could Affect Your Business: Maintaining strong security in every nook and cranny of your client’s business is vital to protecting them from increasingly sophisticated hacking threats.
Indiana Department of Health
https://www.wowo.com/personal-data-of-nearly-750000-hoosiers-accessed-improperly/
Exploit: MisconfigurationIndiana Department of Health: State Agency
Risk to Business: 1.723 = Severe
The Indiana Department of Health has disclosed that data from the state’s COVID-19 online contact tracing survey was improperly accessed in a database misconfiguration incident after a company looking to form a security-based business relationship with the agency accessed it and informed the Department of the mistake. The agency and the company involved signed an agreement noting that the data had not been copied or downloaded. The misconfiguration issue has been corrected according to the agency.
Risk to Individual: 1.571 = Severe
The data included the name, address, email, gender, ethnicity and race, and birthday of nearly 750,000 Hoosiers, according to IDOH. The agency will send letters notifying those affected by the breach and extend an offer for one year of free credit monitoring with Experian.
How It Could Affect Your Business: Government targets have been especially under the gun recently as cybercriminals seek easy routes to gaining big scores of personal data from targets with historically poor security.
St. Joseph’s/Candler Health System
https://portswigger.net/daily-swig/us-healthcare-org-sends-data-breach-warning-to-1-4m-patients-following-ransomware-attackExploit: Ransomware
St. Joseph’s/Candler(SJ/C): Health System
Risk to Business: 1.673=Severe
St. Joseph’s/Candler, a major Georgia healthcare network, has admitted that it has suffered a data breach as part of a ransomware incident that it just uncovered. The system’s IT staff first detected the breach on June 17, but the intrusion occurred as early as December 20, 2020. The cybercriminals launched ransomware from this break-in. The hospital system also disclosed that it had been forced to use pencil and per recordkeeping briefly after it became unable to access its systems or data. That has since been resolved and IT systems restored. The incident is still under investigation.
Individual Risk: 1.811=Severe
The stolen data includes extensive patient records including each patient’s name, address, date of birth, Social Security number, driver’s license number, patient account number, billing account number and assorted other financial information. It also includes their health insurance plan member ID, medical record number, dates of service, provider names and information about the medical and clinical treatment they’ve received from SJ/C. Impacted patients will be notified by mail and offered free credit monitoring and identity protection services.
How It Could Affect Your Business: It shouldn’t take that long to detect an intrusion, especially since healthcare targets have been increasingly endangered for the last year. That speaks to poor cybersecurity hygiene.
Japan – Liquid
https://www.newsweek.com/hacker-steals-74-million-cryptocurrencies-including-bitcoin-ethereum-1620892Exploit: Hacking
Liquid: Cryptocurrency Exchange
Risk to Business: 1.505 = Extreme
Japanese crypto exchange Liquid was sacked by hackers this week resulting in the theft of a reported $74 million worth of cryptocurrency. The stolen assets include chunks of Bitcoin, Ethereum and others being stolen. The firm said the attack targeted its multiparty computation (MPC) system of custody. Liquid also noted that it is moving assets that were not affected into more secure “cold wallet” storage while suspending deposits and withdrawals.
How It Could Affect Your Business: Infrastructure targets are increasingly under fire by cybercriminals because of the historically poor security and rich payouts.
Japan – Tokio Marine Holdings
https://www.cyberscoop.com/tokio-marine-ryan-specialty-group-ransomware-cyber-insurance/
Exploit: RansomwareTokio Marine Holdings: Insurer
Risk to Business: 1.721 = Severe
Japan’s largest property and casualty company, Tokio Marine Holdings, was struck by ransomware at its Singapore branch. The insurer, which has a U.S. division and offers a cyber insurance product, said it did not have any immediate indication that any customer information was accessed. Tokio Marine was able to isolate the affected network and notified local law enforcement. Investigators from an outside vendor are working to determine the scope of the damage.
Customers Impacted: Unknown
How it Could Affect Your Business: Insurers have recently been choice targets for cybercriminals, especially after the announcement by insurers like AXA that they will no longer pay out claims for ransoms
Brazil – Lojas Renner
https://therecord.media/ransomware-hits-lojas-renner-brazils-largest-clothing-store-chain/Exploit: Ransomware
Lojas Renner: Fashion Retailer
Risk to Business: 1.663 = Severe
Lojas Renner, Brazilian biggest fashion retail chain, has been struck by a ransomware attack that impacted its IT infrastructure and resulted in the unavailability of some of its systems, including online shopping. Reports claim that the deed was done by RansomExx and it may be related to an incident at a Brazilian IT services provider and that Renner paid the hackers $20 million in ransom.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware is the weapon of choice for both run-of-the-mill cybercriminals and nation-state threat actors. Every business needs to be ready for it.
Brazil – National Treasury (Tesouro Nacional Brasil)
https://www.teiss.co.uk/brazil-national-treasury-ransomware-attack/
Exploit: HackingNational Treasury (Tesouro Nacional Brasil): National Government Agency
Risk to Business: 1.671 = Severe
The Brazilian government has confirmed that the National Treasury (Tesouro Nacional Brasil) fell victim to a ransomware attack on August 13. The extent of the damage is unclear and operations in the department were quickly restored. Government officials were quick to assure investors that the cyberattack did not affect the operations of Tesouro Direto, which enables the purchase of Brazilian government bonds. The incident is not suspected to be the work of nation-state threat actors.
How it Could Affect Your Business: Ransomware is a popular tool to use against government targets because it’s an easy way for cybercriminals to create disruptions that may produce ransoms more easily.
Accenture
https://threatpost.com/accenture-lockbit-ransomware-attack/168594/
Exploit: RansomwareAccenture: Consulting Firm
Risk to Business: 1.437 = Extreme
The LockBit ransomware gang has hit consulting giant Accenture. In a post on its dark web announcement site, the gang is offering multiple Accenture databases for sale. The LockBit gang also chose to poke fun at Accenture’s security. The leak site shows a folder named W1 that contains a collection of PDF documents allegedly stolen from the company. The LockBit ransomware gang reports theft of 6 terabytes worth of Accenture’s data. LockBit requested a $50 million ransomware payment. News outlets are reporting that the hack was the result of an insider job.
Customers Impacted: Unknown
How It Could Affect Your Business: Ransomware hits against big service providers are attractive for cybercriminals because they often open up fresh avenues of attack, creating third-party risk.
Ford Motor Company
https://www.infosecurity-magazine.com/news/senior-citizens-personal-data/Exploit: Misconfiguration
Ford Motor Company: Automobile Manufacturer
Risk to Business: 2.033 = Severe
A misconfigured instance of the Pega Infinity customer engagement system running on Ford’s servers is the culprit for a data breach this week that exposed client and employee information at Ford. That blunder opened up an opportunity for anyone to access sensitive systems and obtain proprietary data, such as customer databases, employee records, internal tickets, etc. Researchers say that Ford was notified of this massive problem as long as six months ago but failed to take action.
Risk to Individual: 2.371 = Severe
The investigation is ongoing, but right now we know that some of the exposed assets contained sensitive Personal Identifiable Information (PII), and included customer and employee records, finance account numbers, Database names and tables, OAuth access tokens, Internal support tickets, User profiles within the organization, pulse actions, internal interfaces, search bar history and other details.
How It Could Affect Your Business: Companies are under the gun for cybersecurity risk often enough without rookie mistakes like failing to secure a database contributing to the danger.
T- Mobile
https://gizmodo.com/hacker-claims-to-have-data-on-more-than-100-million-t-m-1847491056Exploit: Hacking
T-Mobile: Mobile Phone Company
Risk to Business: 1.673=Severe
Hackers are claiming that they’ve obtained data related to more than 100 million US T-Mobile customers in a post on a popular dark web forum. They’re selling access to part of the information for 6 Bitcoin which translates into roughly $277,000. T-Mobile has confirmed the incident after some back-and-forth.
Risk to Business: 1.737=Severe
The data purportedly stolen is records and information for consumers including social security numbers, phone numbers, names, physical addresses, unique IMEI numbers, and driver licenses information.
How It Could Affect Your Business: Cybercriminals love personal data, the number one type of data stolen in 2020. Protecting customer data is critical to maintaining good customer relationships.
Maine Department of Environmental Protection
Exploit: RansomwareMaine Department of Environmental Protection: State Government Agency
Risk to Business: 1.825 = Severe
Ransomware attacks endangered operations at two Maine wastewater treatment facilities this week. The attacks occurred in the Aroostook County town of Limestone and the town of Mount Desert on Mount Desert Island. Officials were quick to note that the attacks presented no threat to public health and safety, characterizing them as minor. Operations have been restored.
How It Could Affect Your Business: Infrastructure targets are increasingly under fire by cybercriminals because of the historically poor security and rich payouts.
France – Chanel
https://www.infosecurity-magazine.com/news/chanel-apologizes-for-data-breach/Exploit: Ransomware
Chanel: Fashion House
Risk to Business: 2.721 = Moderate
French luxury brand Chanel has issued an apology after personal data belonging to its customers was exposed in an incident that impacted customers in Korea. A database belonging to the famed perfume and fashion brand is believed to have been compromised by hackers in a cyberattack at an unnamed cloud-based data storage firm.
Risk to Business: 2.326 = Moderate
The stolen data includes birth dates, customer names, gender details, passwords, phone numbers and shopping or payment history. The incident is still under investigation and complete details have not been released.
How it Could Affect Your Business: Cyberattacks against service providers have been steadily increasing as cybercriminals strike at lynchpins to gain access to even more valuable data.
Germany – Crytek Studios
https://www.bleepingcomputer.com/news/security/crytek-confirms-egregor-ransomware-attack-customer-data-theft/Exploit: Ransomware
Crytek Games: Game Studio
Risk to Business: 1.612 = Severe
German game developer Crytek has just disclosed that the Egregor ransomware gang breached its network in late 2020 obtaining client information, stealing proprietary data and encrypting systems. Files related to online FPS hit WarFace, development data on Crytek’s canceled Arena of Fate MOBA game, and documents with information on their network operations. The company downplayed the impact in a letter to potentially impacted individuals.
Risk to Business: 1.669 = Severe
The customer information exposed included players’ first and last name, job title, company name, email, business address, phone number and country. Impacted players have been sent a notification by mail.
How it Could Affect Your Business: Ransomware is the weapon of choice for both run-of-the-mill cybercriminals and nation-state threat actors. Every business needs to be ready for it.
Israel – Bar Ilan University
https://www.bleepingcomputer.com/news/security/computer-hardware-giant-gigabyte-hit-by-ransomexx-ransomware/Exploit: Nation-State Hacking
Bar Ilan University: Institution of Higher Learning
Risk to Business: 1.111 = Severe
A cyberattack that targeted Israel’s Bar Ilan University over the weekend was likely launched by Chinese threat actors as part of a massive attack against Israeli targets in varied sectors. In a report released by FireEye, the incident is categorized as part of a large-scale Chinese attack on Israel, in itself part of a broader campaign that targeted Iran, Saudi Arabia, Ukraine, Uzbekistan and Thailand.
Customers Impacted: Unknown
How it Could Affect Your Business: Nation-state threat actors frequently use ransomware to strike at their targets because it is cheap and effective.
Accenture
https://threatpost.com/accenture-lockbit-ransomware-attack/168594/
Exploit: RansomwareAccenture: Consulting Firm
Risk to Business: 1.437 = Extreme
The LockBit ransomware gang has hit consulting giant Accenture. In a post on its dark web announcement site, the gang is offering multiple Accenture databases for sale. The LockBit gang also chose to poke fun at Accenture’s security. The leak site shows a folder named W1 that contains a collection of PDF documents allegedly stolen from the company. The LockBit ransomware gang reports theft of 6 terabytes worth of Accenture’s data. LockBit requested a $50 million ransomware payment. News outlets are reporting that the hack was the result of an insider job.
Customers Impacted: Unknown
How It Could Affect Your Business: Ransomware hits against big service providers are attractive for cybercriminals because they often open up fresh avenues of attack, creating third-party risk.
Ford Motor Company
https://www.infosecurity-magazine.com/news/senior-citizens-personal-data/Exploit: Misconfiguration
Ford Motor Company: Automobile Manufacturer
Risk to Business: 2.033 = Severe
A misconfigured instance of the Pega Infinity customer engagement system running on Ford’s servers is the culprit for a data breach this week that exposed client and employee information at Ford. That blunder opened up an opportunity for anyone to access sensitive systems and obtain proprietary data, such as customer databases, employee records, internal tickets, etc. Researchers say that Ford was notified of this massive problem as long as six months ago but failed to take action.
Risk to Individual: 2.371 = Severe
The investigation is ongoing, but right now we know that some of the exposed assets contained sensitive Personal Identifiable Information (PII), and included customer and employee records, finance account numbers, Database names and tables, OAuth access tokens, Internal support tickets, User profiles within the organization, pulse actions, internal interfaces, search bar history and other details.
How It Could Affect Your Business: Companies are under the gun for cybersecurity risk often enough without rookie mistakes like failing to secure a database contributing to the danger.
T- Mobile
https://gizmodo.com/hacker-claims-to-have-data-on-more-than-100-million-t-m-1847491056Exploit: Hacking
T-Mobile: Mobile Phone Company
Risk to Business: 1.673=Severe
Hackers are claiming that they’ve obtained data related to more than 100 million US T-Mobile customers in a post on a popular dark web forum. They’re selling access to part of the information for 6 Bitcoin which translates into roughly $277,000. T-Mobile has confirmed the incident after some back-and-forth.
Risk to Business: 1.737=Severe
The data purportedly stolen is records and information for consumers including social security numbers, phone numbers, names, physical addresses, unique IMEI numbers, and driver licenses information.
How It Could Affect Your Business: Cybercriminals love personal data, the number one type of data stolen in 2020. Protecting customer data is critical to maintaining good customer relationships.
Maine Department of Environmental Protection
Exploit: RansomwareMaine Department of Environmental Protection: State Government Agency
Risk to Business: 1.825 = Severe
Ransomware attacks endangered operations at two Maine wastewater treatment facilities this week. The attacks occurred in the Aroostook County town of Limestone and the town of Mount Desert on Mount Desert Island. Officials were quick to note that the attacks presented no threat to public health and safety, characterizing them as minor. Operations have been restored.
How It Could Affect Your Business: Infrastructure targets are increasingly under fire by cybercriminals because of the historically poor security and rich payouts.
France – Chanel
https://www.infosecurity-magazine.com/news/chanel-apologizes-for-data-breach/Exploit: Ransomware
Chanel: Fashion House
Risk to Business: 2.721 = Moderate
French luxury brand Chanel has issued an apology after personal data belonging to its customers was exposed in an incident that impacted customers in Korea. A database belonging to the famed perfume and fashion brand is believed to have been compromised by hackers in a cyberattack at an unnamed cloud-based data storage firm.
Risk to Business: 2.326 = Moderate
The stolen data includes birth dates, customer names, gender details, passwords, phone numbers and shopping or payment history. The incident is still under investigation and complete details have not been released.
How it Could Affect Your Business: Cyberattacks against service providers have been steadily increasing as cybercriminals strike at lynchpins to gain access to even more valuable data.
Germany – Crytek Studios
https://www.bleepingcomputer.com/news/security/crytek-confirms-egregor-ransomware-attack-customer-data-theft/Exploit: Ransomware
Crytek Games: Game Studio
Risk to Business: 1.612 = Severe
German game developer Crytek has just disclosed that the Egregor ransomware gang breached its network in late 2020 obtaining client information, stealing proprietary data and encrypting systems. Files related to online FPS hit WarFace, development data on Crytek’s canceled Arena of Fate MOBA game, and documents with information on their network operations. The company downplayed the impact in a letter to potentially impacted individuals.
Risk to Business: 1.669 = Severe
The customer information exposed included players’ first and last name, job title, company name, email, business address, phone number and country. Impacted players have been sent a notification by mail.
How it Could Affect Your Business: Ransomware is the weapon of choice for both run-of-the-mill cybercriminals and nation-state threat actors. Every business needs to be ready for it.
Israel – Bar Ilan University
https://www.bleepingcomputer.com/news/security/computer-hardware-giant-gigabyte-hit-by-ransomexx-ransomware/Exploit: Nation-State Hacking
Bar Ilan University: Institution of Higher Learning
Risk to Business: 1.111 = Severe
A cyberattack that targeted Israel’s Bar Ilan University over the weekend was likely launched by Chinese threat actors as part of a massive attack against Israeli targets in varied sectors. In a report released by FireEye, the incident is categorized as part of a large-scale Chinese attack on Israel, in itself part of a broader campaign that targeted Iran, Saudi Arabia, Ukraine, Uzbekistan and Thailand.
Customers Impacted: Unknown
How it Could Affect Your Business: Nation-state threat actors frequently use ransomware to strike at their targets because it is cheap and effective.
Advanced Technology Ventures
https://techcrunch.com/2021/08/03/atv-venture-capital-ransomware/
Exploit: RansomwareElectronic Arts (EA): Video Game Maker
Risk to Business: 1.207 = Extreme
Advanced Technology Ventures, a Silicon Valley venture capital firm with more than $1.8 billion in assets under its management, has disclosed that it was hit by a ransomware attack. The cybercriminals were able to steal personal information about the company’s private investors. ATV said it became aware of the attack on July 9 after its servers storing financial information were encrypted by ransomware. By July 26, the company learned that its investor data had been stolen from the servers before the files were encrypted, a hallmark of the “double extortion” tactic used by ransomware groups.
Individual Risk: 1.326 = Extreme
Investor data was accessed by cybercriminals. ATV believes the names, email addresses, phone numbers and Social Security numbers of the individual investors in ATV’s funds were stolen in the attack. Some 300 individuals were affected by the incident
How It Could Affect Your Business: Ransomware tactics like double and triple extortion allow cybercriminals to score even bigger paydays, making them very popular techniques.
SeniorAdvisor
https://www.infosecurity-magazine.com/news/senior-citizens-personal-data/Exploit: Misconfiguration
SeniorAdvisor: Senior Care Review Site
Risk to Business: 1.663 = Severe
Researchers have discovered a misconfigured Amazon S3 bucket owned by SeniorAdvisor, a site that provides ratings and information for senior care facilities. The bucket in question contained the personal data of more than three million people categorized as “leads”. The team found around 2000 “scrubbed” reviews in the misconfigured bucket, in which the user’s sensitive information was wiped or redacted. In total, it contained more than one million files and 182GB of data, none of which was encrypted and did not require a password or login credentials to access.
Risk to Individual: 1.271 = Severe
This exposed bucket was full of data including names, emails, phone numbers and dates contacted for every person designated as a lead, comprising an estimated 3 million consumers.
How it Could Affect Your Business: Companies are under the gun for cybersecurity risk often enough without rookie mistakes like failing to secure a database contributing to the danger.
University of Kentucky
https://therecord.media/university-of-kentucky-discovers-data-breach-during-scheduled-pen-test/Exploit: Hacking
University of Kentucky: Institution of Higher Learning
Risk to Business: 2.223=Severe
In a head-shaking turn of irony, officials at the University of Kentucky discovered that they’d already been breached while conducting a penetration test. The breach affected the university’s Digital Driver’s License platform, a web-based portal the university developed as a component of its Open-Source Tools for Instructional Support (OTIS) framework. That program provides free online teaching and test-taking capabilities to K-12 schools and colleges in Kentucky and other US states. University officials said that their investigation discovered that an unknown threat actor accessed the system between January 8, 2021, and February 6, 2021, to gain access to the DDL platform and acquire a copy of its internal database.
Risk to Business: 2.223=Severe
The database contained the names and email addresses of students and teachers in Kentucky and in all 50 states and 22 foreign countries, in all more than 355,000 individuals. The university was careful to note that the stolen information included only emails and passwords and no SSNs or financial details were included.
How it Could Affect Your Business: Cybercriminals have been increasingly setting their sights on education targets since the onset of the global pandemic, and that trend is not stopping in 2021.
Reindeer
https://www.enterprisesecuritytech.com/post/defunct-marketing-company-leaked-the-sensitive-data-of-over-300-000-peopleExploit: Misconfiguration
Reindeer: Digital Marketing Firm
Risk to Business: 1.705 = Severe
New York-based digital media advertising and marketing company Reindeer left an unpleasant surprise behind when it closed its doors: an Amazon S3 bucket exposed to public access resulting in the irreversible leak of 50,000 files for a total of 32 GB of exposed data. The information exposed included about 1,400 profile photos and the details of approximately 306,000 customers in total. Users in 35 countries were represented with the US, Canada, and Great Britain accounting for almost 280,000 of those users. Nothing can be done to secure this data now.
Individual Risk: 1.622 = Severe
PII exposed includes customer names, surnames, email addresses, dates of birth, physical addresses, hashed passwords, and Facebook IDs for an estimated 306,000 customers.
How it Could Affect Your Business: Unexpected risks from sources like zombie accounts are around every corner, so taking that possibility seriously and mitigating risk from nasty surprises is critical.
School District No. 73 (SD73, Kamloops-Thompson)
Exploit: Nation-State HackingSchool District No. 73 (SD73, Kamloops-Thompson): Education Provider
Risk to Business: 2.911 = Moderate
School District No. 73 (SD73, Kamloops-Thompson) said it was notified that third-party service provider that it uses for travel and medical insurance provider for its international student program, guard.me, experienced a data breach that potentially exposed student information. Guard.me released a statement about the data security incident that spawned this data exposure, noting that the incident occurred during June 2021.
Risk to Business: 2.936 = Moderate
Student personal information that may be impacted by this incident includes identity information, contact information and other information provided to support submitted claims. impacted individuals are encouraged to visit the Canadian Anti-Fraud Centre for further information about how to protect themselves.
How it Could Affect Your Business: Cyberattacks against service providers have been steadily increasing as cybercriminals strike at lynchpins to gain access to even more valuable data.
Italy – ERG
https://www.bleepingcomputer.com/news/security/energy-group-erg-reports-minor-disruptions-after-ransomware-attack/Exploit: Ransomware
D-BOX: Gaming Specialty Electronics
Risk to Business: 1.919 = Severe
Italian energy company ERG reported minimal impact on infrastructure or consumer-facing services following a LockBit 2.0 ransomware incident. ERG is the leading Italian wind power operator and among the top ten onshore operators on the European market, with a growing presence in France, Germany, Poland, Romania, Bulgaria, and the United Kingdom. ERG was purchased by European power giant Enel earlier this week.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware is the weapon of choice for both run-of-the-mill cybercriminals and nation-state threat actors. Every business needs to be ready for it.
Taiwan – Gigabyte
https://www.bleepingcomputer.com/news/security/computer-hardware-giant-gigabyte-hit-by-ransomexx-ransomware/Exploit: Misconfiguration
Gigabyte: Motherboard Manufacturer
Risk to Business: 1.602 = Severe
Motherboard manufacturer Gigabyte has been hit by the RansomEXX ransomware gang. The Taiwanese company was forced to shut down systems in Taiwan as well as multiple customer and consumer-facing websites of the company, including its support site and portions of the Taiwanese website. RansomEXX threat actors claimed to have stolen 112GB of data during the attack in an announcement on their leak site.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware operators are savvy to taking advantage of industries that are under stress as has been frequently exemplified in the last year.
Advanced Technology Ventures
https://techcrunch.com/2021/08/03/atv-venture-capital-ransomware/
Exploit: RansomwareElectronic Arts (EA): Video Game Maker
Risk to Business: 1.207 = Extreme
Advanced Technology Ventures, a Silicon Valley venture capital firm with more than $1.8 billion in assets under its management, has disclosed that it was hit by a ransomware attack. The cybercriminals were able to steal personal information about the company’s private investors. ATV said it became aware of the attack on July 9 after its servers storing financial information were encrypted by ransomware. By July 26, the company learned that its investor data had been stolen from the servers before the files were encrypted, a hallmark of the “double extortion” tactic used by ransomware groups.
Individual Risk: 1.326 = Extreme
Investor data was accessed by cybercriminals. ATV believes the names, email addresses, phone numbers and Social Security numbers of the individual investors in ATV’s funds were stolen in the attack. Some 300 individuals were affected by the incident
How It Could Affect Your Business: Ransomware tactics like double and triple extortion allow cybercriminals to score even bigger paydays, making them very popular techniques.
SeniorAdvisor
https://www.infosecurity-magazine.com/news/senior-citizens-personal-data/Exploit: Misconfiguration
SeniorAdvisor: Senior Care Review Site
Risk to Business: 1.663 = Severe
Researchers have discovered a misconfigured Amazon S3 bucket owned by SeniorAdvisor, a site that provides ratings and information for senior care facilities. The bucket in question contained the personal data of more than three million people categorized as “leads”. The team found around 2000 “scrubbed” reviews in the misconfigured bucket, in which the user’s sensitive information was wiped or redacted. In total, it contained more than one million files and 182GB of data, none of which was encrypted and did not require a password or login credentials to access.
Risk to Individual: 1.271 = Severe
This exposed bucket was full of data including names, emails, phone numbers and dates contacted for every person designated as a lead, comprising an estimated 3 million consumers.
How it Could Affect Your Business: Companies are under the gun for cybersecurity risk often enough without rookie mistakes like failing to secure a database contributing to the danger.
University of Kentucky
https://therecord.media/university-of-kentucky-discovers-data-breach-during-scheduled-pen-test/Exploit: Hacking
University of Kentucky: Institution of Higher Learning
Risk to Business: 2.223=Severe
In a head-shaking turn of irony, officials at the University of Kentucky discovered that they’d already been breached while conducting a penetration test. The breach affected the university’s Digital Driver’s License platform, a web-based portal the university developed as a component of its Open-Source Tools for Instructional Support (OTIS) framework. That program provides free online teaching and test-taking capabilities to K-12 schools and colleges in Kentucky and other US states. University officials said that their investigation discovered that an unknown threat actor accessed the system between January 8, 2021, and February 6, 2021, to gain access to the DDL platform and acquire a copy of its internal database.
Risk to Business: 2.223=Severe
The database contained the names and email addresses of students and teachers in Kentucky and in all 50 states and 22 foreign countries, in all more than 355,000 individuals. The university was careful to note that the stolen information included only emails and passwords and no SSNs or financial details were included.
How it Could Affect Your Business: Cybercriminals have been increasingly setting their sights on education targets since the onset of the global pandemic, and that trend is not stopping in 2021.
Reindeer
https://www.enterprisesecuritytech.com/post/defunct-marketing-company-leaked-the-sensitive-data-of-over-300-000-peopleExploit: Misconfiguration
Reindeer: Digital Marketing Firm
Risk to Business: 1.705 = Severe
New York-based digital media advertising and marketing company Reindeer left an unpleasant surprise behind when it closed its doors: an Amazon S3 bucket exposed to public access resulting in the irreversible leak of 50,000 files for a total of 32 GB of exposed data. The information exposed included about 1,400 profile photos and the details of approximately 306,000 customers in total. Users in 35 countries were represented with the US, Canada, and Great Britain accounting for almost 280,000 of those users. Nothing can be done to secure this data now.
Individual Risk: 1.622 = Severe
PII exposed includes customer names, surnames, email addresses, dates of birth, physical addresses, hashed passwords, and Facebook IDs for an estimated 306,000 customers.
How it Could Affect Your Business: Unexpected risks from sources like zombie accounts are around every corner, so taking that possibility seriously and mitigating risk from nasty surprises is critical.
School District No. 73 (SD73, Kamloops-Thompson)
Exploit: Nation-State HackingSchool District No. 73 (SD73, Kamloops-Thompson): Education Provider
Risk to Business: 2.911 = Moderate
School District No. 73 (SD73, Kamloops-Thompson) said it was notified that third-party service provider that it uses for travel and medical insurance provider for its international student program, guard.me, experienced a data breach that potentially exposed student information. Guard.me released a statement about the data security incident that spawned this data exposure, noting that the incident occurred during June 2021.
Risk to Business: 2.936 = Moderate
Student personal information that may be impacted by this incident includes identity information, contact information and other information provided to support submitted claims. impacted individuals are encouraged to visit the Canadian Anti-Fraud Centre for further information about how to protect themselves.
How it Could Affect Your Business: Cyberattacks against service providers have been steadily increasing as cybercriminals strike at lynchpins to gain access to even more valuable data.
Italy – ERG
https://www.bleepingcomputer.com/news/security/energy-group-erg-reports-minor-disruptions-after-ransomware-attack/Exploit: Ransomware
D-BOX: Gaming Specialty Electronics
Risk to Business: 1.919 = Severe
Italian energy company ERG reported minimal impact on infrastructure or consumer-facing services following a LockBit 2.0 ransomware incident. ERG is the leading Italian wind power operator and among the top ten onshore operators on the European market, with a growing presence in France, Germany, Poland, Romania, Bulgaria, and the United Kingdom. ERG was purchased by European power giant Enel earlier this week.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware is the weapon of choice for both run-of-the-mill cybercriminals and nation-state threat actors. Every business needs to be ready for it.
Taiwan – Gigabyte
https://www.bleepingcomputer.com/news/security/computer-hardware-giant-gigabyte-hit-by-ransomexx-ransomware/Exploit: Misconfiguration
Gigabyte: Motherboard Manufacturer
Risk to Business: 1.602 = Severe
Motherboard manufacturer Gigabyte has been hit by the RansomEXX ransomware gang. The Taiwanese company was forced to shut down systems in Taiwan as well as multiple customer and consumer-facing websites of the company, including its support site and portions of the Taiwanese website. RansomEXX threat actors claimed to have stolen 112GB of data during the attack in an announcement on their leak site.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware operators are savvy to taking advantage of industries that are under stress as has been frequently exemplified in the last year.
Electronic Arts (EA)
https://therecord.media/hackers-leak-full-ea-data-after-failed-extortion-attempt/Exploit: Hacking
Electronic Arts (EA): Video Game Maker
Risk to Business: 1.311 = Extreme
Hackers have leaked an estimated 751GB of compressed EA data containing FIFA 21 source code on a dark web forum. Initially, they released a cache of 1.3GB of FIFA source code on July 14 as part of a demand for payment to stop them from releasing the rest, but after EA refused to play ball, the rest was added. According to reports, the hackers used the authentication cookies to mimic an already-logged-in EA employee’s account and access EA’s Slack channel and then tricked an EA IT support staffer into granting them access to the company’s internal network, ultimately allowing them to download more than 780GB of source code from the company’s internal code repositories. EA says that no player information was ever at risk and they’ve fixed the problem internally.
How It Could Affect Your Business: Part of this hacking incident was powered by impersonation, which is a form of phishing, and is reminiscent of the 2020 Twitter hack that enabled cybercriminals to gain access to celebrity accounts by impersonating Twitter workers.
University of San Diego Health
https://www.bleepingcomputer.com/news/security/uc-san-diego-health-discloses-data-breach-after-phishing-attack/Exploit: Phishing
University of San Diego Health: Hospital System
Risk to Business: 1.663 = Severe
UC San Diego Health has disclosed a data breach after the compromise of some employees’ email accounts. UC San Diego Health discovered that cybercriminals had gained access to some of its employees’ email accounts through a phishing attack. The attackers may have accessed the personal information of patients, employees and students between December 2, 2020, and April 8, 2021.
Risk to Individual: 1.271 = Severe
Potentially impacted information includes: patients’ full name, address, date of birth, email, fax number, claims information (date and cost of health care services and claims identifiers), laboratory results, medical diagnosis and conditions, Medical Record Number and other medical identifiers, prescription information, treatment information, medical information, Social Security number, government identification number, payment card number or financial account number and security code, student ID number and username and password. The hospital will offer free credit monitoring and identity theft protection services through Experian IdentityWorks for one year and is contacting impacted individuals via mail.
How it Could Affect Your Business: Medical data is some of the hottest data to sell in dark web markets, earning cybercriminals a substantial profit and this hospital substantial fines under HIPAA and California Privacy regulations.
City of Grass Valley, CA
https://sacramento.cbslocal.com/2021/07/29/grass-valley-cyberattack-ransom/
Exploit: RansomwareCity of Grass Valley, CA: Municipality
Risk to Business: 2.223=Severe
Municipalities have been ripe targets for cybercriminals, and they’ve scored another payday in Grass Valley, California. City services except emergency services experienced outages and the city ultimately chose to pay the ransom, citing data privacy concerns for its citizens. Grass Valley officials said the Federal Bureau of Investigation (FBI) was contacted. Several state agencies are still investigating. Services were restored after the ransom payment. Federal agencies including CISA and the FBI strongly discourage paying ransoms which is illegal in many circumstances.
How it Could Affect Your Business: Cybercriminals have been striking municipalities and similar authorities frequently. Historically poor cybersecurity combined with a tendency to simply pay ransoms makes this a growth industry for cybercrime.
Calgary Parking Authority
https://calgaryherald.com/news/local-news/calgarians-personal-data-exposed-in-parking-authority-security-breachExploit: Misconfiguration
Calgary Parking Authority: Municipal Entity
Risk to Business: 1.705 = Severe
Calgary Parking Authority recently experienced a breach that exposed the personal information of vehicle owners. A misconfigured server containing computer-readable technical logs, payments, parking tickets, driver personal data and more was discovered in the wild by researchers. Reports say that the server, used to monitor the authority’s parking system for bugs and errors, was left on the internet without a password in a security blunder.
Individual Risk: 1.622 = Severe
Data exposed includes drivers’ full names, dates of birth, phone numbers, email addresses and postal addresses, as well as details of parking tickets and parking offenses, including license plates and vehicle descriptions, and in some cases the location data of where the alleged parking offense took place. The logs also contained some partial card payment numbers and expiry dates.
How it Could Affect Your Business: It’s hard enough to stay ahead of hackers without giving them an easy payday by making sloppy mistakes. Building a strong security culture is vital for keeping systems and data safe.
Homewood Health
https://bc.ctvnews.ca/unknown-number-of-british-columbians-personal-information-for-sale-online-after-health-company-extorted-1.5525715Exploit: Nation-State Hacking
Homewood Health: Healthcare Provider
Risk to Business: 1.926 = Severe
Ontario-based Homewood Health has disclosed that it fell victim to hacking earlier this year. The organization has begun contacting companies and agencies whose information may be compromised, including BC Housing, TransLink and the Provincial Health Services Authority. The organization is blaming the breach on the state-sponsored Chinese hackers Hafnium.
Customers Impacted: Unknown
How it Could Affect Your Business: Cyberattacks against service providers have been steadily increasing as cybercriminals strike at lynchpins to gain access to even more valuable data.
D-BOX
https://cyberintelmag.com/attacks-data-breaches/entertainment-company-d-box-recovers-from-ransomware-cyberattack/Exploit: Ransomware
D-BOX: Gaming Specialty Electronics
Risk to Business: 1.919 = Severe
Canadian immersive entertainment technology provider D-BOX said it was gradually resuming its activities following a ransomware attack. The company said it had worked with incident response experts to determine that the impact was limited to internal systems and that its services to studios and theatre operators were not affected. All services have now been restored. The company has stated that it believes that its policy of segmentation between internal and customer-focused systems helped protect its clients.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware is the weapon of choice for both run-of-the-mill cybercriminals and nation state threat actors. Every business needs to be ready for it.
The Netherlands – Raven Hengelsport
https://www.theregister.com/2021/07/27/azure_blob_raven_hengelsport/Exploit: Misconfiguration
Raven Hengelsport: Specialty Fishing Supply
Risk to Business: 1.602 = Severe
Dutch fishing supply specialist Raven Hengelsport left details of around 246,000 customers visible to anyone on a misconfigured Microsoft Azure cloud server for months. That server, hosting 18GB of company data covering at least 246,000 customers across 450,000 records, was discovered by security researchers and had purportedly been wide open for months. Even after researchers attempted to contact the company it took a long time for them to do anything about it.
Individual Risk: 2.416 = Moderate
The bonanza of information contained customer IDs, delivery dates, discounts, shipping fees, payments and shipment tracking numbers as well as PII like names, surnames, addresses, genders, phone numbers, email addresses and business names.
How it Could Affect Your Business: Mistakes like this are only compounded by blunders in the response. It shows clients that you aren’t concerned about their security if you aren’t concerned about yours.
Electronic Arts (EA)
https://therecord.media/hackers-leak-full-ea-data-after-failed-extortion-attempt/Exploit: Hacking
Electronic Arts (EA): Video Game Maker
Risk to Business: 1.311 = Extreme
Hackers have leaked an estimated 751GB of compressed EA data containing FIFA 21 source code on a dark web forum. Initially, they released a cache of 1.3GB of FIFA source code on July 14 as part of a demand for payment to stop them from releasing the rest, but after EA refused to play ball, the rest was added. According to reports, the hackers used the authentication cookies to mimic an already-logged-in EA employee’s account and access EA’s Slack channel and then tricked an EA IT support staffer into granting them access to the company’s internal network, ultimately allowing them to download more than 780GB of source code from the company’s internal code repositories. EA says that no player information was ever at risk and they’ve fixed the problem internally.
How It Could Affect Your Business: Part of this hacking incident was powered by impersonation, which is a form of phishing, and is reminiscent of the 2020 Twitter hack that enabled cybercriminals to gain access to celebrity accounts by impersonating Twitter workers.
University of San Diego Health
https://www.bleepingcomputer.com/news/security/uc-san-diego-health-discloses-data-breach-after-phishing-attack/Exploit: Phishing
University of San Diego Health: Hospital System
Risk to Business: 1.663 = Severe
UC San Diego Health has disclosed a data breach after the compromise of some employees’ email accounts. UC San Diego Health discovered that cybercriminals had gained access to some of its employees’ email accounts through a phishing attack. The attackers may have accessed the personal information of patients, employees and students between December 2, 2020, and April 8, 2021.
Risk to Individual: 1.271 = Severe
Potentially impacted information includes: patients’ full name, address, date of birth, email, fax number, claims information (date and cost of health care services and claims identifiers), laboratory results, medical diagnosis and conditions, Medical Record Number and other medical identifiers, prescription information, treatment information, medical information, Social Security number, government identification number, payment card number or financial account number and security code, student ID number and username and password. The hospital will offer free credit monitoring and identity theft protection services through Experian IdentityWorks for one year and is contacting impacted individuals via mail.
How it Could Affect Your Business: Medical data is some of the hottest data to sell in dark web markets, earning cybercriminals a substantial profit and this hospital substantial fines under HIPAA and California Privacy regulations.
City of Grass Valley, CA
https://sacramento.cbslocal.com/2021/07/29/grass-valley-cyberattack-ransom/
Exploit: RansomwareCity of Grass Valley, CA: Municipality
Risk to Business: 2.223=Severe
Municipalities have been ripe targets for cybercriminals, and they’ve scored another payday in Grass Valley, California. City services except emergency services experienced outages and the city ultimately chose to pay the ransom, citing data privacy concerns for its citizens. Grass Valley officials said the Federal Bureau of Investigation (FBI) was contacted. Several state agencies are still investigating. Services were restored after the ransom payment. Federal agencies including CISA and the FBI strongly discourage paying ransoms which is illegal in many circumstances.
How it Could Affect Your Business: Cybercriminals have been striking municipalities and similar authorities frequently. Historically poor cybersecurity combined with a tendency to simply pay ransoms makes this a growth industry for cybercrime.
Calgary Parking Authority
https://calgaryherald.com/news/local-news/calgarians-personal-data-exposed-in-parking-authority-security-breachExploit: Misconfiguration
Calgary Parking Authority: Municipal Entity
Risk to Business: 1.705 = Severe
Calgary Parking Authority recently experienced a breach that exposed the personal information of vehicle owners. A misconfigured server containing computer-readable technical logs, payments, parking tickets, driver personal data and more was discovered in the wild by researchers. Reports say that the server, used to monitor the authority’s parking system for bugs and errors, was left on the internet without a password in a security blunder.
Individual Risk: 1.622 = Severe
Data exposed includes drivers’ full names, dates of birth, phone numbers, email addresses and postal addresses, as well as details of parking tickets and parking offenses, including license plates and vehicle descriptions, and in some cases the location data of where the alleged parking offense took place. The logs also contained some partial card payment numbers and expiry dates.
How it Could Affect Your Business: It’s hard enough to stay ahead of hackers without giving them an easy payday by making sloppy mistakes. Building a strong security culture is vital for keeping systems and data safe.
Homewood Health
https://bc.ctvnews.ca/unknown-number-of-british-columbians-personal-information-for-sale-online-after-health-company-extorted-1.5525715Exploit: Nation-State Hacking
Homewood Health: Healthcare Provider
Risk to Business: 1.926 = Severe
Ontario-based Homewood Health has disclosed that it fell victim to hacking earlier this year. The organization has begun contacting companies and agencies whose information may be compromised, including BC Housing, TransLink and the Provincial Health Services Authority. The organization is blaming the breach on the state-sponsored Chinese hackers Hafnium.
Customers Impacted: Unknown
How it Could Affect Your Business: Cyberattacks against service providers have been steadily increasing as cybercriminals strike at lynchpins to gain access to even more valuable data.
D-BOX
https://cyberintelmag.com/attacks-data-breaches/entertainment-company-d-box-recovers-from-ransomware-cyberattack/Exploit: Ransomware
D-BOX: Gaming Specialty Electronics
Risk to Business: 1.919 = Severe
Canadian immersive entertainment technology provider D-BOX said it was gradually resuming its activities following a ransomware attack. The company said it had worked with incident response experts to determine that the impact was limited to internal systems and that its services to studios and theatre operators were not affected. All services have now been restored. The company has stated that it believes that its policy of segmentation between internal and customer-focused systems helped protect its clients.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware is the weapon of choice for both run-of-the-mill cybercriminals and nation state threat actors. Every business needs to be ready for it.
The Netherlands – Raven Hengelsport
https://www.theregister.com/2021/07/27/azure_blob_raven_hengelsport/Exploit: Misconfiguration
Raven Hengelsport: Specialty Fishing Supply
Risk to Business: 1.602 = Severe
Dutch fishing supply specialist Raven Hengelsport left details of around 246,000 customers visible to anyone on a misconfigured Microsoft Azure cloud server for months. That server, hosting 18GB of company data covering at least 246,000 customers across 450,000 records, was discovered by security researchers and had purportedly been wide open for months. Even after researchers attempted to contact the company it took a long time for them to do anything about it.
Individual Risk: 2.416 = Moderate
The bonanza of information contained customer IDs, delivery dates, discounts, shipping fees, payments and shipment tracking numbers as well as PII like names, surnames, addresses, genders, phone numbers, email addresses and business names.
How it Could Affect Your Business: Mistakes like this are only compounded by blunders in the response. It shows clients that you aren’t concerned about their security if you aren’t concerned about yours.
Florida Department for Economic Opportunity (DEO)
https://stpetecatalyst.com/zaps/floridas-deo-warns-of-unemployment-data-breach-affecting-nearly-58000/Exploit: Hacking
Florida Department for Economic Opportunity (DEO): State Government Agency
Risk to Business: 2.550 = Severe
Records from more than 58,000 Florida unemployment accounts have been stolen in a data breach. The information was stolen in a suspected malicious insider incident, although details are sketchy. The stolen information was contained in the DEO’s online unemployment benefit system, called CONNECT, and the records stolen fall between April 27 and July 16, 2021. The incident is still under investigation.
Individual Risk: 1.663= Severe
Exposed information includes social security numbers, bank account information and other personal details that users may have stored in CONNECT. The DEO purchased a year’s subscription of LifeLock Identify protector services for all those affected.
How It Could Affect Your Business: Personal data is the cybercriminal’s bread and butter, especially when financial information is involved because it is quickly saleable in the busy dark web data markets.
Yale New Haven Health
Exploit: Third-Party Data BreachYale New Haven Health: Medical System
Risk to Business: 1.716 = Severe
Patients at Yale New Haven Health are being warned that their information has been stolen in an incident at a third-party vendor, Elekta. That company facilitates cancer treatments and was the victim of a ransomware attack just a few weeks ago that is rippling out to catch many medical institutions. Yale New Haven Health contends that hackers had no access to patient medical records, and a very small number of customers had financial information stolen.
Risk to Individual: 2.601 = Severe
Officials said that certain demographic information such as names, addresses, phone numbers, emails, Social Security numbers, treatment locations and preferred languages were included in the Elekta databases impacted by the breach. A small group of people may have had their financial information exposed. Anyone with information that could have been exposed will be notified by mail and people who may have had their financial information exposed will be offered complimentary credit monitoring service.
How it Could Affect Your Business: Medical data is some of the hottest data to sell in dark web markets, earning cybercriminals a substantial profit and this company a substantial HIPAA fine.
Mobile County, Alabama
https://www.wkrg.com/news/mobile-county-commission-notifies-employees-of-data-breach/
Exploit: HackingMobile County, Alabama: Local Government
Risk to Business: 2.223=Severe
The Mobile County Commission has officially notified county employees of a computer system breach where employee data and sensitive information were at risk the county has announced that certain computer systems were subject to unauthorized access on May 24, 2021, culminating in employee information at risk. This is a developing situation as the investigation winds down. The county had initially stated that no sensitive information was exposed.
Individual Risk: 2.223=Severe
Mobile County alerted all employees, more than 1,600 people, that their information may have been exposed including Social Security numbers, dates of birth and other sensitive information. Also at risk, health insurance contract numbers for employees subscribed to receive health coverage and routing numbers for employees enrolled in direct deposit with the county.
How it Could Affect Your Business: Even a small amount of data is attractive to data thieves who especially love vital information and financial data.
United Kingdom – Guntrader
https://www.theregister.com/2021/07/23/guntrader_hacked_111k_users_sql_database/Exploit: Hacking
Guntrader: Gun Ownership Management System
Risk to Business: 1.705 = Severe
Hackers hit a website used for buying and selling firearms in the UK making off with a 111,000-entry database containing partial information from a CRM product used by gun shops across the UK. The SQL database powered both the Guntrader.uk buy-and-sell website and its electronic gun shop register product, comprising about 111,000 users and dating between 2016 and 17 July this year. The Information Commissioner’s Office was informed and an investigation is underway.
Individual Risk: 1.622 = Severe
The database that the hackers scored provided a wealth of information about firearms enthusiasts in the UK including names, mobile phone numbers, email addresses, user geolocation data, and more including bcrypt-hashed passwords.
How it Could Affect Your Business: Hackers are always in the market for fresh data, and this kind of information will net them a hefty profit fast.