InTegriLogic Blog
InTegriLogic has been serving the Tucson area since 1999, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.
Florida Department for Economic Opportunity (DEO)
https://stpetecatalyst.com/zaps/floridas-deo-warns-of-unemployment-data-breach-affecting-nearly-58000/Exploit: Hacking
Florida Department for Economic Opportunity (DEO): State Government Agency
Risk to Business: 2.550 = Severe
Records from more than 58,000 Florida unemployment accounts have been stolen in a data breach. The information was stolen in a suspected malicious insider incident, although details are sketchy. The stolen information was contained in the DEO’s online unemployment benefit system, called CONNECT, and the records stolen fall between April 27 and July 16, 2021. The incident is still under investigation.
Individual Risk: 1.663= Severe
Exposed information includes social security numbers, bank account information and other personal details that users may have stored in CONNECT. The DEO purchased a year’s subscription of LifeLock Identify protector services for all those affected.
How It Could Affect Your Business: Personal data is the cybercriminal’s bread and butter, especially when financial information is involved because it is quickly saleable in the busy dark web data markets.
Yale New Haven Health
Exploit: Third-Party Data BreachYale New Haven Health: Medical System
Risk to Business: 1.716 = Severe
Patients at Yale New Haven Health are being warned that their information has been stolen in an incident at a third-party vendor, Elekta. That company facilitates cancer treatments and was the victim of a ransomware attack just a few weeks ago that is rippling out to catch many medical institutions. Yale New Haven Health contends that hackers had no access to patient medical records, and a very small number of customers had financial information stolen.
Risk to Individual: 2.601 = Severe
Officials said that certain demographic information such as names, addresses, phone numbers, emails, Social Security numbers, treatment locations and preferred languages were included in the Elekta databases impacted by the breach. A small group of people may have had their financial information exposed. Anyone with information that could have been exposed will be notified by mail and people who may have had their financial information exposed will be offered complimentary credit monitoring service.
How it Could Affect Your Business: Medical data is some of the hottest data to sell in dark web markets, earning cybercriminals a substantial profit and this company a substantial HIPAA fine.
Mobile County, Alabama
https://www.wkrg.com/news/mobile-county-commission-notifies-employees-of-data-breach/
Exploit: HackingMobile County, Alabama: Local Government
Risk to Business: 2.223=Severe
The Mobile County Commission has officially notified county employees of a computer system breach where employee data and sensitive information were at risk the county has announced that certain computer systems were subject to unauthorized access on May 24, 2021, culminating in employee information at risk. This is a developing situation as the investigation winds down. The county had initially stated that no sensitive information was exposed.
Individual Risk: 2.223=Severe
Mobile County alerted all employees, more than 1,600 people, that their information may have been exposed including Social Security numbers, dates of birth and other sensitive information. Also at risk, health insurance contract numbers for employees subscribed to receive health coverage and routing numbers for employees enrolled in direct deposit with the county.
How it Could Affect Your Business: Even a small amount of data is attractive to data thieves who especially love vital information and financial data.
United Kingdom – Guntrader
https://www.theregister.com/2021/07/23/guntrader_hacked_111k_users_sql_database/Exploit: Hacking
Guntrader: Gun Ownership Management System
Risk to Business: 1.705 = Severe
Hackers hit a website used for buying and selling firearms in the UK making off with a 111,000-entry database containing partial information from a CRM product used by gun shops across the UK. The SQL database powered both the Guntrader.uk buy-and-sell website and its electronic gun shop register product, comprising about 111,000 users and dating between 2016 and 17 July this year. The Information Commissioner’s Office was informed and an investigation is underway.
Individual Risk: 1.622 = Severe
The database that the hackers scored provided a wealth of information about firearms enthusiasts in the UK including names, mobile phone numbers, email addresses, user geolocation data, and more including bcrypt-hashed passwords.
How it Could Affect Your Business: Hackers are always in the market for fresh data, and this kind of information will net them a hefty profit fast.
Campbell Conroy & O’Neil, P.C. (Campbell)
https://www.bleepingcomputer.com/news/security/ransomware-hits-law-firm-counseling-fortune-500-global-500-companies/Exploit: Ransomware
Campbell Conroy & O’Neil, P.C. (Campbell): Law Firm
Risk to Business: 1.201= Extreme
Campbell Conroy & O’Neil, P.C. (Campbell), a law firm that counts dozens of Fortune 500 and Global 500 companies among its clientele, has disclosed a data breach following a February 2021 ransomware attack. The firm’s client list includes high-profile companies from various industry sectors, including automotive, aviation, energy, insurance, pharmaceutical, retail, hospitality, and transportation. At the time, it was unclear if client data had been stolen, but the investigation has since determined that client data was stolen.
Individual Risk: 1.963= Severe
The crooks made off with data about clients including names, dates of birth, driver’s license numbers, state identification numbers, financial account information, Social Security numbers, passport numbers, payment card information, medical information, health insurance information, biometric data. Usernames and passwords were also snatched. and/or online account credentials (i.e. usernames and passwords).” The firm24 months of free access to credit monitoring, fraud consultation, and identity theft restoration services to all individuals whose Social Security numbers or equivalent information was exposed during the attack
How It Could Affect Your Business: This data abiut major companies and powerful business executives is cybercriminal gold and quickly saleable in the busy dark web data markets.
Forefront Dermatology S.C.
https://www.databreachtoday.com/dermatology-clinic-chain-breach-affects-24-million-a-17074Exploit: Ransomware
Forefront Dermatology S.C.: Medical Network
Risk to Business: 2.216 = Severe
Forefront Dermatology S.C, a Wisconsin-based dermatology practice with affiliated offices in 21 states plus Washington, D.C., is notifying 2.4 million patients, employees and clinicians of a ransomware incident it recently experienced. Cuba ransomware is believed to be the culprit. The incident is the third-largest healthcare breach of 2021 so far. Xperts who spotted the data dump on a darknet site said that it was approximately 47 MB, including more than 130 files with information on the entity’s system and network, with security and backup details, and all their logins for vendor sites.
Risk to Individual: 2.462 = Severe
The company has announced that potentially compromised patient, clinician and employee information includes name, address, date of birth, patient account number, health insurance plan member ID number, medical record number, dates of service, provider names, and/or medical and clinical treatment information.
How it Could Affect Your Business: Medical data is some of the hottest product to sell in dark web markets, earning cybercriminals a substantial profit and this company a substatial HIPAA fine.
Guess
https://www.zdnet.com/article/guess-announces-breach-of-employee-ssns-and-financial-data-after-darkside-attack/Exploit: Ransomware
Guess: Fashion Brand
Risk to Business: 2.223=Severe
Fashion brand Guess, known for their salacious 90’s advertising campaigns, was hit with a ransomware attack from an unexpected source: Darkside. Sources are mixed as to whether this is a new operation or an old one just coming to light. Guess would not confirm that the incident occurred, but dark web researchers uncovered 200 GB of data from the fashion brand on a leak site. No consumer financial information was reported as stolen.
Customers Impacted: Unknown
How it Could Affect Your Business: Proproetary data about businesses and their products is a hot seller on the dark web, especially if blueprints, formulas or similar information is included.
Mint Mobile
https://www.bleepingcomputer.com/news/security/mint-mobile-hit-by-a-data-breach-after-numbers-ported-data-accessed/Exploit: Hacking
Mint Mobile: Mobile Network Carrier
Risk to Business: 1.575 = Severe
California-based Mint Mobile has disclosed a data breach. The company says that an unauthorized person gained access to their data including subscribers’ account information. The miscreants also ported phone numbers to another carrier.
Individual Risk: 1.502 = Severe
Exposed client data may include name, address, telephone number, email address, password, bill amount, international call detail information, telephone number, account number and subscription features.
How it Could Affect Your Business: Hackers are always in the market for fresh data, and this kind of prorietary information is a goldmine for them.
United Kingdom – Northern Railway
Exploit: RansomwareNorthern Trains: Government-Run Transportation Authority
Risk to Business: 1.302 = Extreme
Railway passengers in Northern England got an unpleasant surprise when they discovered that ticket machines on Northern Trains’ network were knocked offline following a ransomware attack. Run by the British government, Northern Trains said no customer or payment data had been compromised, and that customers could still buy tickets online.
Customers Impacted: Unknown
How it Could Affect Your Business: Cyberattacks againts utilities and quasi-utility infrastructure have been steadily increasing, and businesses in those sectors need to step up their protection to stay safe.
Ecuador – Corporación Nacional de Telecomunicación (CNT)
https://www.bleepingcomputer.com/news/security/ecuadors-state-run-cnt-telco-hit-by-ransomexx-ransomware/Exploit: Hacking
Corporación Nacional de Telecomunicación (CNT): State Run Telecommunications Utility
Risk to Business: 1.919 = Severe
Ecuador’s state-run Corporación Nacional de Telecomunicación (CNT) has suffered a ransomware attack that has disrupted business operations, the payment portal and customer support. This company provides telecommunications services including fixed-line phone service, mobile, satellite TV, and internet connectivity. The attack has shut online payment systems down. RansomEXX is suspected to be the culprit. An investigation and systems restoration is ongoing.
Customers Impacted: Unknown
How it Could Affect Your Business: Customer satisfaction is bound to be severely impacted by the loss of online payment systems.
Campbell Conroy & O’Neil, P.C. (Campbell)
https://www.bleepingcomputer.com/news/security/ransomware-hits-law-firm-counseling-fortune-500-global-500-companies/Exploit: Ransomware
Campbell Conroy & O’Neil, P.C. (Campbell): Law Firm
Risk to Business: 1.201= Extreme
Campbell Conroy & O’Neil, P.C. (Campbell), a law firm that counts dozens of Fortune 500 and Global 500 companies among its clientele, has disclosed a data breach following a February 2021 ransomware attack. The firm’s client list includes high-profile companies from various industry sectors, including automotive, aviation, energy, insurance, pharmaceutical, retail, hospitality, and transportation. At the time, it was unclear if client data had been stolen, but the investigation has since determined that client data was stolen.
Individual Risk: 1.963= Severe
The crooks made off with data about clients including names, dates of birth, driver’s license numbers, state identification numbers, financial account information, Social Security numbers, passport numbers, payment card information, medical information, health insurance information, biometric data. Usernames and passwords were also snatched. and/or online account credentials (i.e. usernames and passwords).” The firm24 months of free access to credit monitoring, fraud consultation, and identity theft restoration services to all individuals whose Social Security numbers or equivalent information was exposed during the attack
How It Could Affect Your Business: This data abiut major companies and powerful business executives is cybercriminal gold and quickly saleable in the busy dark web data markets.
Forefront Dermatology S.C.
https://www.databreachtoday.com/dermatology-clinic-chain-breach-affects-24-million-a-17074Exploit: Ransomware
Forefront Dermatology S.C.: Medical Network
Risk to Business: 2.216 = Severe
Forefront Dermatology S.C, a Wisconsin-based dermatology practice with affiliated offices in 21 states plus Washington, D.C., is notifying 2.4 million patients, employees and clinicians of a ransomware incident it recently experienced. Cuba ransomware is believed to be the culprit. The incident is the third-largest healthcare breach of 2021 so far. Xperts who spotted the data dump on a darknet site said that it was approximately 47 MB, including more than 130 files with information on the entity’s system and network, with security and backup details, and all their logins for vendor sites.
Risk to Individual: 2.462 = Severe
The company has announced that potentially compromised patient, clinician and employee information includes name, address, date of birth, patient account number, health insurance plan member ID number, medical record number, dates of service, provider names, and/or medical and clinical treatment information.
How it Could Affect Your Business: Medical data is some of the hottest product to sell in dark web markets, earning cybercriminals a substantial profit and this company a substatial HIPAA fine.
Guess
https://www.zdnet.com/article/guess-announces-breach-of-employee-ssns-and-financial-data-after-darkside-attack/Exploit: Ransomware
Guess: Fashion Brand
Risk to Business: 2.223=Severe
Fashion brand Guess, known for their salacious 90’s advertising campaigns, was hit with a ransomware attack from an unexpected source: Darkside. Sources are mixed as to whether this is a new operation or an old one just coming to light. Guess would not confirm that the incident occurred, but dark web researchers uncovered 200 GB of data from the fashion brand on a leak site. No consumer financial information was reported as stolen.
Customers Impacted: Unknown
How it Could Affect Your Business: Proproetary data about businesses and their products is a hot seller on the dark web, especially if blueprints, formulas or similar information is included.
Mint Mobile
https://www.bleepingcomputer.com/news/security/mint-mobile-hit-by-a-data-breach-after-numbers-ported-data-accessed/Exploit: Hacking
Mint Mobile: Mobile Network Carrier
Risk to Business: 1.575 = Severe
California-based Mint Mobile has disclosed a data breach. The company says that an unauthorized person gained access to their data including subscribers’ account information. The miscreants also ported phone numbers to another carrier.
Individual Risk: 1.502 = Severe
Exposed client data may include name, address, telephone number, email address, password, bill amount, international call detail information, telephone number, account number and subscription features.
How it Could Affect Your Business: Hackers are always in the market for fresh data, and this kind of prorietary information is a goldmine for them.
United Kingdom – Northern Railway
Exploit: RansomwareNorthern Trains: Government-Run Transportation Authority
Risk to Business: 1.302 = Extreme
Railway passengers in Northern England got an unpleasant surprise when they discovered that ticket machines on Northern Trains’ network were knocked offline following a ransomware attack. Run by the British government, Northern Trains said no customer or payment data had been compromised, and that customers could still buy tickets online.
Customers Impacted: Unknown
How it Could Affect Your Business: Cyberattacks againts utilities and quasi-utility infrastructure have been steadily increasing, and businesses in those sectors need to step up their protection to stay safe.
Ecuador – Corporación Nacional de Telecomunicación (CNT)
https://www.bleepingcomputer.com/news/security/ecuadors-state-run-cnt-telco-hit-by-ransomexx-ransomware/Exploit: Hacking
Corporación Nacional de Telecomunicación (CNT): State Run Telecommunications Utility
Risk to Business: 1.919 = Severe
Ecuador’s state-run Corporación Nacional de Telecomunicación (CNT) has suffered a ransomware attack that has disrupted business operations, the payment portal and customer support. This company provides telecommunications services including fixed-line phone service, mobile, satellite TV, and internet connectivity. The attack has shut online payment systems down. RansomEXX is suspected to be the culprit. An investigation and systems restoration is ongoing.
Customers Impacted: Unknown
How it Could Affect Your Business: Customer satisfaction is bound to be severely impacted by the loss of online payment systems.
Northwestern Memorial HealthCare
https://portswigger.net/daily-swig/data-breach-at-third-party-provider-exposes-medical-information-of-us-healthcare-patientsExploit: Third-Party Data Breach
Northwestern Memorial HealthCare: Hospital System
Risk to Business: 1.771= Severe
A data breach at a third-party provider, Elekta, has potentially exposed the private medical information of patients at Northwestern Memorial HealthCare (NMHC) providers. Unknown cybercriminals were able to access a database owned by Elekta, a company that provides a cloud-based platform that handles legally required cancer reporting to the State of Illinois. Those potentially affected are patients of Northwestern Medicine Central DuPage Hospital, Northwestern Medicine Delnor Community Hospital, Northwestern Medicine Huntley Hospital, Northwestern Medicine Kishwaukee Hospital, Northwestern Medicine Lake Forest Hospital, Northwestern Medicine McHenry Hospital, Northwestern Memorial Hospital, Northwestern Medicine Valley West Hospital and Northwestern Medicine Valley West Hospital.
Individual Risk: 1.603= Severe
The hospital system has announced that attackers made a copy of datasets, which include patient names, dates of birth, Social Security numbers, health insurance information, and medical record numbers. The database also contained clinical information related to cancer treatment, including medical histories, physician names, dates of service, treatment plans, diagnoses, and/or prescription information.
How It Could Affect Your Business: Proprietary data like this is cybercriminal gold. It’s both useful for committing future cybercrime and quickly saleable in the busy dark web data markets.
Morgan Stanley
https://www.bleepingcomputer.com/news/security/morgan-stanley-reports-data-breach-after-vendor-accellion-hack/Exploit: Third-Party Data Breach
Morgan Stanley: Financial Services Firm
Risk to Business: 2.216 = Severe
Morgan Stanley has reported a third-party data breach after attackers reportedly stole customer data by hacking into the Accellion FTA server of a third-party vendor. That vendor, Guidehouse, is a third-party vendor that provides account maintenance services to Morgan Stanley’s StockPlan Connect business. Guidehouse notified the investment banking company in May 2021 that attackers had accessed its Accellion FTA server. The Clop ransomware gang claimed responsibility for the original Accellion hack.
Risk to Individual: 2.462 = Severe
Morgan Stanley says that the information stolen in this incident does not include financial information but does include stock plan participants’ names, addresses (last known address), dates of birth, social security numbers and corporate/company names. The files stolen from Guidehouse’s FTA server did not contain password information or credentials that the threat actors could use to gain access to impacted Morgan Stanley customers’ financial accounts.
How it Could Affect Your Business: Ransomware can have ripple consequences that complicate response for everyone involved, creating unexpected risk.
Republican National Committee (RNC)
https://www.bloomberg.com/news/articles/2021-07-06/russian-state-hackers-breached-republican-national-committeeExploit: Nation-State Cybercrime
Republican National Committee (RNC): Political Organization
Risk to Business: 2.223=Severe
Russian-aligned nation-state cybercriminals hacked into the Republican National Committee last week. Initially dismissive of the hack, RNC officials ultimately admitted that their security had been breached. However, those officials attributed the hack to a data security incident at a subcontractor, Synnex. The RNC announced that they are working with experts at Microsoft to investigate this incident.
Customers Impacted: Unknown
How it Could Affect Your Business: Reviewing potential avenues of risk can help you and your customers make a strong defensive plan.
GETTR
https://therecord.media/gettr-leaks-email-addresses-and-user-details-in-api-security-snafu/Exploit: Hacking
GETTR: Social Media Platform
Risk to Business: 1.575 = Severe
A hacker has reported that they have breached GETTR, a new right-wing social media platform popular with personalities who have been banned from mainstream social media. The data was purportedly collected in two batches, on July 1 and July 5. According to copies of the leaked file and the leaker’s claims, the first batch of the stolen data was collected through scraping on July 1 and the second batch was obtained through endpoint exploitation. The sum of the data collected in both leaks is estimated at more than 90,065 user profiles.
Individual Risk: 1.502 = Severe
According to the hackers, the snatched data included information such as real names, profile descriptions, site usernames, along with other public information, but also non-public information such as a user’s email address, birth year, and location information.
How it Could Affect Your Business: Strong endpoint security and security awareness training are vital for the success of security plans
Switzerland – Comparis
https://www.reuters.com/technology/ransomware-attack-hits-swiss-consumer-outlet-comparis-2021-07-09/Exploit: Hacking
Comparis: Shopping Platform
Risk to Business: 1.302 = Extreme
Swiss online consumer outlet Comparis has disclosed a ransomware attack by filing a criminal complaint. The attack purportedly blocked some of the information technology systems, causing scattered disruptions for several days. Sister company Credaris, a financial services provider that uses the same server environment, may also have experienced unconfirmed malicious access to unspecified information. According to the hackers, the snatched data included information such as real names, profile descriptions, site usernames, along with other public information, but also non-public information such as a user’s email address, birth year, and location information.
Customers Impacted: Unknown
How it Could Affect Your Business: Personal data is gold in dark web markets, and cybercriminals are hungry to find new stores of it to sell.
Germany – Spreadshop
https://www.privacysharks.com/spreadshop-hit-by-cyber-attack-payment-details-emails-and-passwords-breached/Exploit: Hacking
Spreadshop: Shopping Platform
Risk to Business: 1.919 = Severe
German merchandise platform Spreadshop has disclosed that on July 8th, 2021, it was the victim of a malicious cyberattack. The company confirmed that personal user data, including bank account details, were compromised. The platform is the commerce arm of a web of businesses that also includes Spreadshirt and TeamShirts.
Individual Risk: 2.271 = Severe
According to a statement from Spreadshop, the compromised data includes address and contractual data belonging to customers, partners, employees and external suppliers. Also affected are the payment details of a small number of customers who made payments to Spreadshirt, Spreadshop, or TeamShirts via bank transfer or who have received a refund via bank transfer.
How it Could Affect Your Business: If client data was impacted, GDPR carries stiff penalties for customer data loss and those continue to climb.
India – Technisanct
https://ciso.economictimes.indiatimes.com/news/data-breach-in-trading-platform/83829525Exploit: Hacking
Technisanct: Trading Platform
Risk to Business: 2.801 = Moderate
Big data startup Technisanct has disclosed a data breach in a trading platform that it operates in India. Information from over 3.4 million customers was compromised. The security breach was identified by Technisanct’s digital risk monitoring tool. Researchers have reported that the pilfered data was for sale in an online platform dedicated to these kinds of transactions, and some of the information was published on June 15.
Idividual Risk: 2.766 = Moderate
The company has disclosed that Personal Identifiable Information (PII) was exposed including name, customer ID, contact number, email ID, trade login ID, branch ID, city and country.
How it Could Affect Your Business: PII was the second most popular category of data in dark web markets last year according to the Verizon/Ponemon DBIR 2021 report.
Taiwan – Adata
https://www.bleepingcomputer.com/news/security/adata-suffers-700-gb-data-leak-in-ragnar-locker-ransomware-attack/Exploit: Ransomware
Adata: Computer Chip Maker
Risk to Business: 1.801 = Severe
The Ragnar Locker ransomware gang has announced that they’ve acquired more than 700GB of archived data stolen from Taiwanese memory and storage chip maker ADATA. A set of 13 archives, allegedly containing sensitive ADATA files, have been publicly available at a cloud-based storage service, at least for some time. According to reports, the largest archive is close to 300GB, and the second largest is 117GB and the archives likely contain corporate financial information, non-disclosure agreements and sales data.
Customers Impacted: Unknown
How it Could Affect Your Business: That’s a huge trove of data that will be very popular in hacker marketplaces.
Northwestern Memorial HealthCare
https://portswigger.net/daily-swig/data-breach-at-third-party-provider-exposes-medical-information-of-us-healthcare-patientsExploit: Third-Party Data Breach
Northwestern Memorial HealthCare: Hospital System
Risk to Business: 1.771= Severe
A data breach at a third-party provider, Elekta, has potentially exposed the private medical information of patients at Northwestern Memorial HealthCare (NMHC) providers. Unknown cybercriminals were able to access a database owned by Elekta, a company that provides a cloud-based platform that handles legally required cancer reporting to the State of Illinois. Those potentially affected are patients of Northwestern Medicine Central DuPage Hospital, Northwestern Medicine Delnor Community Hospital, Northwestern Medicine Huntley Hospital, Northwestern Medicine Kishwaukee Hospital, Northwestern Medicine Lake Forest Hospital, Northwestern Medicine McHenry Hospital, Northwestern Memorial Hospital, Northwestern Medicine Valley West Hospital and Northwestern Medicine Valley West Hospital.
Individual Risk: 1.603= Severe
The hospital system has announced that attackers made a copy of datasets, which include patient names, dates of birth, Social Security numbers, health insurance information, and medical record numbers. The database also contained clinical information related to cancer treatment, including medical histories, physician names, dates of service, treatment plans, diagnoses, and/or prescription information.
How It Could Affect Your Business: Proprietary data like this is cybercriminal gold. It’s both useful for committing future cybercrime and quickly saleable in the busy dark web data markets.
Morgan Stanley
https://www.bleepingcomputer.com/news/security/morgan-stanley-reports-data-breach-after-vendor-accellion-hack/Exploit: Third-Party Data Breach
Morgan Stanley: Financial Services Firm
Risk to Business: 2.216 = Severe
Morgan Stanley has reported a third-party data breach after attackers reportedly stole customer data by hacking into the Accellion FTA server of a third-party vendor. That vendor, Guidehouse, is a third-party vendor that provides account maintenance services to Morgan Stanley’s StockPlan Connect business. Guidehouse notified the investment banking company in May 2021 that attackers had accessed its Accellion FTA server. The Clop ransomware gang claimed responsibility for the original Accellion hack.
Risk to Individual: 2.462 = Severe
Morgan Stanley says that the information stolen in this incident does not include financial information but does include stock plan participants’ names, addresses (last known address), dates of birth, social security numbers and corporate/company names. The files stolen from Guidehouse’s FTA server did not contain password information or credentials that the threat actors could use to gain access to impacted Morgan Stanley customers’ financial accounts.
How it Could Affect Your Business: Ransomware can have ripple consequences that complicate response for everyone involved, creating unexpected risk.
Republican National Committee (RNC)
https://www.bloomberg.com/news/articles/2021-07-06/russian-state-hackers-breached-republican-national-committeeExploit: Nation-State Cybercrime
Republican National Committee (RNC): Political Organization
Risk to Business: 2.223=Severe
Russian-aligned nation-state cybercriminals hacked into the Republican National Committee last week. Initially dismissive of the hack, RNC officials ultimately admitted that their security had been breached. However, those officials attributed the hack to a data security incident at a subcontractor, Synnex. The RNC announced that they are working with experts at Microsoft to investigate this incident.
Customers Impacted: Unknown
How it Could Affect Your Business: Reviewing potential avenues of risk can help you and your customers make a strong defensive plan.
GETTR
https://therecord.media/gettr-leaks-email-addresses-and-user-details-in-api-security-snafu/Exploit: Hacking
GETTR: Social Media Platform
Risk to Business: 1.575 = Severe
A hacker has reported that they have breached GETTR, a new right-wing social media platform popular with personalities who have been banned from mainstream social media. The data was purportedly collected in two batches, on July 1 and July 5. According to copies of the leaked file and the leaker’s claims, the first batch of the stolen data was collected through scraping on July 1 and the second batch was obtained through endpoint exploitation. The sum of the data collected in both leaks is estimated at more than 90,065 user profiles.
Individual Risk: 1.502 = Severe
According to the hackers, the snatched data included information such as real names, profile descriptions, site usernames, along with other public information, but also non-public information such as a user’s email address, birth year, and location information.
How it Could Affect Your Business: Strong endpoint security and security awareness training are vital for the success of security plans
Switzerland – Comparis
https://www.reuters.com/technology/ransomware-attack-hits-swiss-consumer-outlet-comparis-2021-07-09/Exploit: Hacking
Comparis: Shopping Platform
Risk to Business: 1.302 = Extreme
Swiss online consumer outlet Comparis has disclosed a ransomware attack by filing a criminal complaint. The attack purportedly blocked some of the information technology systems, causing scattered disruptions for several days. Sister company Credaris, a financial services provider that uses the same server environment, may also have experienced unconfirmed malicious access to unspecified information. According to the hackers, the snatched data included information such as real names, profile descriptions, site usernames, along with other public information, but also non-public information such as a user’s email address, birth year, and location information.
Customers Impacted: Unknown
How it Could Affect Your Business: Personal data is gold in dark web markets, and cybercriminals are hungry to find new stores of it to sell.
Germany – Spreadshop
https://www.privacysharks.com/spreadshop-hit-by-cyber-attack-payment-details-emails-and-passwords-breached/Exploit: Hacking
Spreadshop: Shopping Platform
Risk to Business: 1.919 = Severe
German merchandise platform Spreadshop has disclosed that on July 8th, 2021, it was the victim of a malicious cyberattack. The company confirmed that personal user data, including bank account details, were compromised. The platform is the commerce arm of a web of businesses that also includes Spreadshirt and TeamShirts.
Individual Risk: 2.271 = Severe
According to a statement from Spreadshop, the compromised data includes address and contractual data belonging to customers, partners, employees and external suppliers. Also affected are the payment details of a small number of customers who made payments to Spreadshirt, Spreadshop, or TeamShirts via bank transfer or who have received a refund via bank transfer.
How it Could Affect Your Business: If client data was impacted, GDPR carries stiff penalties for customer data loss and those continue to climb.
India – Technisanct
https://ciso.economictimes.indiatimes.com/news/data-breach-in-trading-platform/83829525Exploit: Hacking
Technisanct: Trading Platform
Risk to Business: 2.801 = Moderate
Big data startup Technisanct has disclosed a data breach in a trading platform that it operates in India. Information from over 3.4 million customers was compromised. The security breach was identified by Technisanct’s digital risk monitoring tool. Researchers have reported that the pilfered data was for sale in an online platform dedicated to these kinds of transactions, and some of the information was published on June 15.
Idividual Risk: 2.766 = Moderate
The company has disclosed that Personal Identifiable Information (PII) was exposed including name, customer ID, contact number, email ID, trade login ID, branch ID, city and country.
How it Could Affect Your Business: PII was the second most popular category of data in dark web markets last year according to the Verizon/Ponemon DBIR 2021 report.
Taiwan – Adata
https://www.bleepingcomputer.com/news/security/adata-suffers-700-gb-data-leak-in-ragnar-locker-ransomware-attack/Exploit: Ransomware
Adata: Computer Chip Maker
Risk to Business: 1.801 = Severe
The Ragnar Locker ransomware gang has announced that they’ve acquired more than 700GB of archived data stolen from Taiwanese memory and storage chip maker ADATA. A set of 13 archives, allegedly containing sensitive ADATA files, have been publicly available at a cloud-based storage service, at least for some time. According to reports, the largest archive is close to 300GB, and the second largest is 117GB and the archives likely contain corporate financial information, non-disclosure agreements and sales data.
Customers Impacted: Unknown
How it Could Affect Your Business: That’s a huge trove of data that will be very popular in hacker marketplaces.
Arthur J. Gallagher
Exploit: RansomwareArthur J. Gallagher (AJG): Insurance Broker
Risk to Business: 1.673= Severe
Arthur J. Gallagher (AJG), a US-based global insurance brokerage and risk management firm, is mailing breach notification letters to customers impacted in a previously unannounced ransomware attack that hit its systems in late September 2020. The company said that an unknown party accessed data contained within their network between June 3, 2020, and September 26, 2020. The company has apparently just completed its investigation.
Individual Risk: 1.522= Severe
While the company did not specify the types of data exposed, their SEC filing did and PII starred heavily on the list. Data exposed may include a client’s Social Security number or tax identification number, driver’s license, passport or other government identification number, date of birth, username and password, employee identification number, financial account or credit card information, electronic signature, medical treatment, claim, diagnosis, medication or other medical information, health insurance information, medical record or account number and biometric information.
How It Could Affect Your Business: Proprietary data like this is cybercriminal gold. It’s both useful for committing future cybercrime and quickly saleable in the busy dark web data markets.
Washington State Department of Labor and Industries
https://www.thenewstribune.com/news/state/washington/article252532918.html
Exploit: Third-Party Data BreachWashington State Department of Labor and Industries: Government Agency
Risk to Business: 1.816 = Severe
Washington State informed over 16,000 workers that their PII may have been exposed in a ransomware attack on Renton market research company Pacific Market Research (PMR). The contractor was hit with a ransomware attack in May 2021.
Risk to Business: 1.516 = Severe
The exposed information for workers includes claim numbers and dates of birth for 16,466 workers who had workers’ compensation claims in 2019, which PMR had used to conduct a customer service survey for the agency.
How it Could Affect Your Business: An unsecured database is easy pickings for cybercriminals and a rookie mistake that could cost the survey company a client.
Practicefirst
https://healthitsecurity.com/news/healthcare-ransomware-attack-targets-practice-management-vendor
Exploit: RansomwarePracticefirst: Healthcare Technology Services
Risk to Business: 2.223=Severe
Practicefirst announced that a 2020 healthcare ransomware attack may have exposed personally identifiable information (PII) of patients and employees. The service provider specializes in medical billing, coding, credentialing, bookkeeping, and practice management solutions. When they detected suspicious activity on December 30th, 2020, they shut down all systems, changed passwords and notified authorities but not before the bad guys scooped up data.
Risk to Business: 2.201=Severe
Practicefirst disclosed that patient and employee information has been impacted including birthdates, names, addresses, driver’s license numbers, Social Security numbers, email addresses and tax identification numbers employee usernames and passwords, bank account information. Other data that may have been stolen is primarily treatment-focused like diagnoses, lab and treatment information, medication information and health insurance identification.
How it Could Affect Your Business: Clients and employees won’t be happy about having this kind of personal information stolen – and neither will the Department of Health and Human Services.
UofL Health
https://www.infosecurity-magazine.com/news/kentucky-healthcare-system-exposes/Exploit: Insider Threat (Employee Error)
UofL Health: Healthcare System
Risk to Business: 1.575 = Severe
Kentucky-based UofL Health has notified more than 40,000 patients of an employee blunder that resulted in their personal health information being emailed to the wrong address. In this case, a UofL employee accidentally sent personal health information from UofL patients to an email address outside of the health system’s network. According to UofL, the accidental recipient of the data did not view or access any patient information.
Risk to Business: 1.502 = Severe
Patients whose data was impacted by the incident have been offered free identity protection services. No specifics about what exact data was accessed have been released beyond personal health information.
How it Could Affect Your Business: Employee errors that impact compliance in a heavily regulated industry pack a punch after regulators get to work.
United Kingdom – Salvation Army
https://www.theregister.com/2021/06/30/salvation_army_ransomware_attack/Exploit: Hacking
Salvation Army – Non-Profit
Risk to Business: 2.424= Severe
The United Kingdom arm of the evangelical Christian nonprofit Salvation Army disclosed that it had been the victim of an unspecified cyberattack. The industry press are reporting that the attack was purportedly ransomware but no confirmation is available at this time. The fundamentalist charity says that no programs were impacted and has not released information about the type of data that was stolen.
Customers Impacted: Unknown
How it Could Affect Your Business: organizations that hold financial information for donors should put extra care into securing it to keep those people donating.
Spain – MasMovil
https://www.hackread.com/revil-ransomware-gang-hits-masmovil-telecom/Exploit: Ransomware
MasMovil: Telecommunications
Risk to Business: 1.801 = Severe
Cybercrime gang REvil struck Spain’s fourth-largest telecom over the 4th of July weekend. The group claims to have “downloaded databases and other important data” belonging to the telecom giant, sharing screenshots apparently of the stolen MasMovil data that shows folders named Backup, RESELLERS, PARLEM and OCU.
Customers Impacted: Unknown
How it Could Affect Your Business: If client data was impacted, GDPR carries stiff penalties for customer data loss and those continue to climb.
Arthur J. Gallagher
Exploit: RansomwareArthur J. Gallagher (AJG): Insurance Broker
Risk to Business: 1.673= Severe
Arthur J. Gallagher (AJG), a US-based global insurance brokerage and risk management firm, is mailing breach notification letters to customers impacted in a previously unannounced ransomware attack that hit its systems in late September 2020. The company said that an unknown party accessed data contained within their network between June 3, 2020, and September 26, 2020. The company has apparently just completed its investigation.
Individual Risk: 1.522= Severe
While the company did not specify the types of data exposed, their SEC filing did and PII starred heavily on the list. Data exposed may include a client’s Social Security number or tax identification number, driver’s license, passport or other government identification number, date of birth, username and password, employee identification number, financial account or credit card information, electronic signature, medical treatment, claim, diagnosis, medication or other medical information, health insurance information, medical record or account number and biometric information.
How It Could Affect Your Business: Proprietary data like this is cybercriminal gold. It’s both useful for committing future cybercrime and quickly saleable in the busy dark web data markets.
Washington State Department of Labor and Industries
https://www.thenewstribune.com/news/state/washington/article252532918.html
Exploit: Third-Party Data BreachWashington State Department of Labor and Industries: Government Agency
Risk to Business: 1.816 = Severe
Washington State informed over 16,000 workers that their PII may have been exposed in a ransomware attack on Renton market research company Pacific Market Research (PMR). The contractor was hit with a ransomware attack in May 2021.
Risk to Business: 1.516 = Severe
The exposed information for workers includes claim numbers and dates of birth for 16,466 workers who had workers’ compensation claims in 2019, which PMR had used to conduct a customer service survey for the agency.
How it Could Affect Your Business: An unsecured database is easy pickings for cybercriminals and a rookie mistake that could cost the survey company a client.
Practicefirst
https://healthitsecurity.com/news/healthcare-ransomware-attack-targets-practice-management-vendor
Exploit: RansomwarePracticefirst: Healthcare Technology Services
Risk to Business: 2.223=Severe
Practicefirst announced that a 2020 healthcare ransomware attack may have exposed personally identifiable information (PII) of patients and employees. The service provider specializes in medical billing, coding, credentialing, bookkeeping, and practice management solutions. When they detected suspicious activity on December 30th, 2020, they shut down all systems, changed passwords and notified authorities but not before the bad guys scooped up data.
Risk to Business: 2.201=Severe
Practicefirst disclosed that patient and employee information has been impacted including birthdates, names, addresses, driver’s license numbers, Social Security numbers, email addresses and tax identification numbers employee usernames and passwords, bank account information. Other data that may have been stolen is primarily treatment-focused like diagnoses, lab and treatment information, medication information and health insurance identification.
How it Could Affect Your Business: Clients and employees won’t be happy about having this kind of personal information stolen – and neither will the Department of Health and Human Services.
UofL Health
https://www.infosecurity-magazine.com/news/kentucky-healthcare-system-exposes/Exploit: Insider Threat (Employee Error)
UofL Health: Healthcare System
Risk to Business: 1.575 = Severe
Kentucky-based UofL Health has notified more than 40,000 patients of an employee blunder that resulted in their personal health information being emailed to the wrong address. In this case, a UofL employee accidentally sent personal health information from UofL patients to an email address outside of the health system’s network. According to UofL, the accidental recipient of the data did not view or access any patient information.
Risk to Business: 1.502 = Severe
Patients whose data was impacted by the incident have been offered free identity protection services. No specifics about what exact data was accessed have been released beyond personal health information.
How it Could Affect Your Business: Employee errors that impact compliance in a heavily regulated industry pack a punch after regulators get to work.
United Kingdom – Salvation Army
https://www.theregister.com/2021/06/30/salvation_army_ransomware_attack/Exploit: Hacking
Salvation Army – Non-Profit
Risk to Business: 2.424= Severe
The United Kingdom arm of the evangelical Christian nonprofit Salvation Army disclosed that it had been the victim of an unspecified cyberattack. The industry press are reporting that the attack was purportedly ransomware but no confirmation is available at this time. The fundamentalist charity says that no programs were impacted and has not released information about the type of data that was stolen.
Customers Impacted: Unknown
How it Could Affect Your Business: organizations that hold financial information for donors should put extra care into securing it to keep those people donating.
Spain – MasMovil
https://www.hackread.com/revil-ransomware-gang-hits-masmovil-telecom/Exploit: Ransomware
MasMovil: Telecommunications
Risk to Business: 1.801 = Severe
Cybercrime gang REvil struck Spain’s fourth-largest telecom over the 4th of July weekend. The group claims to have “downloaded databases and other important data” belonging to the telecom giant, sharing screenshots apparently of the stolen MasMovil data that shows folders named Backup, RESELLERS, PARLEM and OCU.
Customers Impacted: Unknown
How it Could Affect Your Business: If client data was impacted, GDPR carries stiff penalties for customer data loss and those continue to climb.
Mercedes Benz USA
https://www.bleepingcomputer.com/news/security/mercedes-benz-data-breach-exposes-ssns-credit-card-numbers/Exploit: Third Party Risk
Mercedes Benz USA: Carmaker
Risk to Business: 1.611= Severe
Mercedes-Benz USA has disclosed a data breach impacting some of its US customers. The data breach exposed PII of under 1,000 Mercedes-Benz customers and potential buyers. This breach was announced after a Mercedes-Benz vendor informed the company that the personal information of select customers was exposed due to an insufficiently secured cloud storage instance.
Individual Risk: 1.802= Severe
According to the company, the breach affects some customers and potential vehicle buyers who had entered sensitive information on Mercedez-Benz company and dealer websites between 2014 and 2017. The vendor who notified Mercedez-Benz of the data breach states that the exposed information included: self-reported customer credit scores, driver license numbers, Social Security numbers (SSNs), credit card numbers and dates of birth.
Customers Impacted: 1,000
How It Could Affect Your Business: Proprietary data like this is cybercriminal gold. It’s both useful for committing future cybercrime and quickly saleable in the busy dark web data markets.
Washington Suburban Sanitary Commission (WSSC)
https://baltimore.cbslocal.com/2021/06/27/wssc-water-investigating-ransomware-attack/
Exploit: RansomwareWashington Suburban Sanitary Commission (WSSC): Utility
Risk to Business: 2.116 = Severe
Washington Suburban Sanitary Commission (WSSC) has disclosed a ransomware attack that impacted some of its systems. The utility noted that the incident impacted a portion of their network that operates non-essential business systems. The company has admitted that cybercriminals were able to gain access to internal files but no more information has been provided. The incident is still under investigation. WSSC is the utility that provides water and sewer services to the Washington, DC metropolitan area.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware attacks against strategic targets like utilities and infrastructure targets as ransomware gangs try to score a big payday fast from targets that can’t afford downtime.
DreamHost
https://www.infosecurity-magazine.com/news/cloud-database-exposes-800m/Exploit: Unsecured Database
DreamHost: WordPress Hosting Service
Risk to Business: 1.823=Severe
A misconfigured cloud database exposed over 800 million records linked to WordPress users through hosting provider DreamHost. The 814 million records came from the firm’s managed WordPress hosting business DreamPress and appeared to date back to 2018. In this 86GB database, researchers noted admin and user information, including WordPress login location URLs, first and last names, email addresses, usernames, roles, host IP addresses, timestamps and configuration and security information, some linked to users with .gov and .edu email addresses. The database was purportedly secured within hours but the damage had already been done.
Customers Impacted: Unknown
How it Could Affect Your Business: There’s no excuse for making basic security blunders, and clients may be less likely to want to work with those who do. A strong security culture prevents these blunders from happening.
Altus Group
Exploit: RansomwareAltus Group: Real Estate Software
Risk to Business: 1.775 = Severe
Altus Group, a commercial real estate software solutions company, has announced that its data was breached. The company initially said that no data was stolen, a new ransomware group begs to differ. New cybercrime gang Hive has published samples of data allegedly stolen from Altus Group on its new dark website. The provided sample of exfiltrated files includes business data and documents, as well as Argus certificates and development files. No ransom amount has been confirmed and the incident is under investigation.
Customers Impacted: Unknown
How it Could Affect Your Business: In this economy, ransomware groups are only going to keep cropping up and that means your clients are facing new danger every day.
United Kingdom – French Connection UK (FCUK)
https://www.techtimes.com/articles/262039/20210626/revil-ransomware-gang-strikes-again-attacking-fcuk-fashion-label.htmExploit: Ransomware
French Connection UK (FCUK): Clothing Brand
Risk to Business: 2.351= Severe
United Kingdom-based clothing company French Connection UK has been hit by a major cybercrime gang: REvil. The ransomware gang was able to get away with a plethora of internal company data after taking control of the company’s back-end servers. The type of data has not been specified, but both business and employee data is at risk.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware is everywhere these days and every business is at risk. Companies in every industry of every size are in cybercriminals’ sights as they hunt for big paydays.
Sweden – InfoSolutions
https://cybernews.com/news/swedish-covid-19-lab-with-millions-of-test-results-breached/Exploit: Hacking
InfoSolutions: Medical IT Solutions
Risk to Business: 1.661 = Severe
InfoSolutions, a company that provides IT services to Swedish Public Health Agency including maintaining journals and COVID-19 databases in Sweden, published a statement claiming that it detected an intrusion to a database employed by 15 of 21 Sweden’s regions. The company says that there is no indication that any information has been passed on and that the databases were locked quickly. The internal investigation is ongoing.
Customers Impacted: Unknown
How it Could Affect Your Business: Medical data is catnip for hackers because it’s worth its weight in gold in dark web data markets, and healthcare targets worldwide have been under siege throughout the pandemic.
Brazil – Grupo Fleury
https://www.bleepingcomputer.com/news/security/healthcare-giant-grupo-fleury-hit-by-revil-ransomware-attack/Exploit: Ransomware
Grupo Fleury: Medical Diagnostics Laboratory
Risk to Business: 1.702 = Severe
REvil had a busy week. They also struck medical services company Grupo Fleury, Brazil’s largest laboratory operator. The REvil gang is demanding $5 million to receive a decryptor and not leak allegedly stolen files, and it has published a sample according to its usual protocol. Grupo Fleury’s data could potentially contain enormous amounts of personal and medical data of patients, but no specifics of what was stolen have been made available.
Customers Impacted: Unknown
How it Could Affect Your Business: Phishing and ransomware are today’s cybercriminal’s favorite tools to get the job done, and no matter how big or small, no organization is safe.
Mercedes Benz USA
https://www.bleepingcomputer.com/news/security/mercedes-benz-data-breach-exposes-ssns-credit-card-numbers/Exploit: Third Party Risk
Mercedes Benz USA: Carmaker
Risk to Business: 1.611= Severe
Mercedes-Benz USA has disclosed a data breach impacting some of its US customers. The data breach exposed PII of under 1,000 Mercedes-Benz customers and potential buyers. This breach was announced after a Mercedes-Benz vendor informed the company that the personal information of select customers was exposed due to an insufficiently secured cloud storage instance.
Individual Risk: 1.802= Severe
According to the company, the breach affects some customers and potential vehicle buyers who had entered sensitive information on Mercedez-Benz company and dealer websites between 2014 and 2017. The vendor who notified Mercedez-Benz of the data breach states that the exposed information included: self-reported customer credit scores, driver license numbers, Social Security numbers (SSNs), credit card numbers and dates of birth.
Customers Impacted: 1,000
How It Could Affect Your Business: Proprietary data like this is cybercriminal gold. It’s both useful for committing future cybercrime and quickly saleable in the busy dark web data markets.
Washington Suburban Sanitary Commission (WSSC)
https://baltimore.cbslocal.com/2021/06/27/wssc-water-investigating-ransomware-attack/
Exploit: RansomwareWashington Suburban Sanitary Commission (WSSC): Utility
Risk to Business: 2.116 = Severe
Washington Suburban Sanitary Commission (WSSC) has disclosed a ransomware attack that impacted some of its systems. The utility noted that the incident impacted a portion of their network that operates non-essential business systems. The company has admitted that cybercriminals were able to gain access to internal files but no more information has been provided. The incident is still under investigation. WSSC is the utility that provides water and sewer services to the Washington, DC metropolitan area.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware attacks against strategic targets like utilities and infrastructure targets as ransomware gangs try to score a big payday fast from targets that can’t afford downtime.
DreamHost
https://www.infosecurity-magazine.com/news/cloud-database-exposes-800m/Exploit: Unsecured Database
DreamHost: WordPress Hosting Service
Risk to Business: 1.823=Severe
A misconfigured cloud database exposed over 800 million records linked to WordPress users through hosting provider DreamHost. The 814 million records came from the firm’s managed WordPress hosting business DreamPress and appeared to date back to 2018. In this 86GB database, researchers noted admin and user information, including WordPress login location URLs, first and last names, email addresses, usernames, roles, host IP addresses, timestamps and configuration and security information, some linked to users with .gov and .edu email addresses. The database was purportedly secured within hours but the damage had already been done.
Customers Impacted: Unknown
How it Could Affect Your Business: There’s no excuse for making basic security blunders, and clients may be less likely to want to work with those who do. A strong security culture prevents these blunders from happening.
Altus Group
Exploit: RansomwareAltus Group: Real Estate Software
Risk to Business: 1.775 = Severe
Altus Group, a commercial real estate software solutions company, has announced that its data was breached. The company initially said that no data was stolen, a new ransomware group begs to differ. New cybercrime gang Hive has published samples of data allegedly stolen from Altus Group on its new dark website. The provided sample of exfiltrated files includes business data and documents, as well as Argus certificates and development files. No ransom amount has been confirmed and the incident is under investigation.
Customers Impacted: Unknown
How it Could Affect Your Business: In this economy, ransomware groups are only going to keep cropping up and that means your clients are facing new danger every day.
United Kingdom – French Connection UK (FCUK)
https://www.techtimes.com/articles/262039/20210626/revil-ransomware-gang-strikes-again-attacking-fcuk-fashion-label.htmExploit: Ransomware
French Connection UK (FCUK): Clothing Brand
Risk to Business: 2.351= Severe
United Kingdom-based clothing company French Connection UK has been hit by a major cybercrime gang: REvil. The ransomware gang was able to get away with a plethora of internal company data after taking control of the company’s back-end servers. The type of data has not been specified, but both business and employee data is at risk.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware is everywhere these days and every business is at risk. Companies in every industry of every size are in cybercriminals’ sights as they hunt for big paydays.
Sweden – InfoSolutions
https://cybernews.com/news/swedish-covid-19-lab-with-millions-of-test-results-breached/Exploit: Hacking
InfoSolutions: Medical IT Solutions
Risk to Business: 1.661 = Severe
InfoSolutions, a company that provides IT services to Swedish Public Health Agency including maintaining journals and COVID-19 databases in Sweden, published a statement claiming that it detected an intrusion to a database employed by 15 of 21 Sweden’s regions. The company says that there is no indication that any information has been passed on and that the databases were locked quickly. The internal investigation is ongoing.
Customers Impacted: Unknown
How it Could Affect Your Business: Medical data is catnip for hackers because it’s worth its weight in gold in dark web data markets, and healthcare targets worldwide have been under siege throughout the pandemic.
Brazil – Grupo Fleury
https://www.bleepingcomputer.com/news/security/healthcare-giant-grupo-fleury-hit-by-revil-ransomware-attack/Exploit: Ransomware
Grupo Fleury: Medical Diagnostics Laboratory
Risk to Business: 1.702 = Severe
REvil had a busy week. They also struck medical services company Grupo Fleury, Brazil’s largest laboratory operator. The REvil gang is demanding $5 million to receive a decryptor and not leak allegedly stolen files, and it has published a sample according to its usual protocol. Grupo Fleury’s data could potentially contain enormous amounts of personal and medical data of patients, but no specifics of what was stolen have been made available.
Customers Impacted: Unknown
How it Could Affect Your Business: Phishing and ransomware are today’s cybercriminal’s favorite tools to get the job done, and no matter how big or small, no organization is safe.
Cognyte
https://beta.darkreading.com/attacks-breaches/cyber-analytics-database-exposed-5-billion-records-onlineExploit: Unsecured Database
Cognyte: Data Analytics Firm
Risk to Business: 1.802= Severe
Data analytics company Cognyte warns folks about data exposure from third-party sources, and it had to send one out for itself this week. Researchers discovered an unsecured database operated by Cognyte that left some 5 billion records collected from a range of data incidents exposed online. The stored data is part of Cognyte’s cyber intelligence service, which is used to alert customers to third-party data exposures. The incident is under investigation.
Customers Impacted: Unknown
How It Could Affect Your Business: Proprietary like this is catnip for hackers. It’s both useful for committing future cybercrime and quickly saleable in the busy dark web data markets.
Invenergy LLC
https://www.infosecurity-magazine.com/news/revil-claims-responsibility-for/Exploit: Ransomware
Invenergy LLC: Energy Company
Risk to Business: 1.916 = Severe
REvil has claimed responsibility for a recent cyberattack on renewable energy company Invenergy. The gang claims to have compromised the company’s computer systems and exfiltrated four terabytes of data. Among the information allegedly taken by REvil are contracts and project data. In a bizarre twist, REvil also claims to have obtained “very personal and spicy” information regarding Invenergy’s chief executive officer, Michael Polsky.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware attacks against strategic targets are hot right now as ransomware gangs try to score a big payday fast from targets that can’t afford downtime.
CVS
https://www.zdnet.com/article/billions-of-records-belonging-to-cvs-health-exposed-online/#ftag=RSSbaffb68Exploit: Thitd-Party Threat (Misconfiguration)
CVS: Drug Store Chain
Risk to Business: 1.416= Extreme
CVS is in hot water after researchers discovered a trove of over one billion records online that were connected to the US healthcare and pharmaceutical giant. The unsecured databasewas extimated to be 204GB in size. According to reports, the databases contained an astonishing assortment of sensitive data like event and configuration data, visitor IDs, session IDs, device access information and details on how the logging system operated from the backend. Search records exposed also included queries for medications, COVID-19 vaccines and a variety of CVS products, referencing both CVS Health and CVS.com.
Customers Impacted: Unknown
How it Could Affect Your Business: Every company needs to make it a priority to be certain that their contractors and partners are handling and storing sensitive data correctly. Poor cyber hygiene at a service provider can become an expensive disaster fast.
Wegman’s
https://www.bleepingcomputer.com/news/security/us-supermarket-chain-wegmans-notifies-customers-of-data-breach/Exploit: Third-Party Threat (Misconfiguration)
Wegman’s: Grocery Store Chain
Risk to Business: 2.227= Severe
East Coast gourmet grocer Wegmans issued a release announcing that a service provider had failed to correctly configure two of its databases, exposing a large quantity of customer data. According to Wegmans, the databases that the contractor maintained contained customer identity and shopping habit information as well as an assortment of client PII. The company says the issue is resolved.
Risk to Business: 2.776 = Moderate
The release says that customer information exposed in the data breach included names, addresses, phone numbers, birth dates, Shoppers Club numbers, Wegmans.com account e-mail addresses and passwords. No Social Security, financial or medical information was stolen and only salted password hashes were stored in the databases maintained by the negligent contractor.
How it Could Affect Your Business: Clients expect a high level of information security from companies that they trust with their personal information and excuses about errors by contractors aren’t going to get businesses off the hook if there’s trouble.
Carnival Cruise Line
https://www.scmagazine.com/home/email-security/carnival-discloses-new-data-breach-on-email-accounts/
Exploit: HackingCarnival Cruise Lines: Cruise Ship Operator
Risk to Business: 1.651= Severe
Perennially cybersecurity challenged cruise line Carnival issued a breach disclosure on Thursday confirming hackers attacked email accounts and gained access to data about its customers and employees. The company said that the data snatched was collected during the travel booking process, through the course of employment or from providing services to the company, including COVID or other safety testing.
Risk to Business: 1.802= Severe
The poassenger data accessed included names, addresses, phone numbers, passport numbers, dates of birth, health information, and, in some limited instances, additional personal information like social security or national identification numbers. No clear information was provided about the employee information that was exposed.
How it Could Affect Your Business: This is the third major cybersecurity blunder for Carnival in just one year, and that is likely to create a great deal of mistrust with consumers just as the travel industry is getting back on it’s feet.
United Kingdom – Cake Box
https://www.bleepingcomputer.com/news/security/eggfree-cake-box-suffer-data-breach-exposing-credit-card-numbers/Exploit: Hacking
Cake Box: Bakery Chain
Risk to Business: 1.661 = Severe
UK celebration cake chain Cake Box isn’t celebrating this week. The company has disclosed a data breach after threat actors hacked their website and obtained credit card numbers. According to the release, the breach occurred way back in April 2020 and they’re just informing consumers. Payment skimming malware is to blame. Experts suspect that this breach is the result of a Magecart attack.
Individual Risk 2.802 = Severe
When customers made purchases on the site while it was infected malicious scripts sent the first name and surname, email address, postal address, and payment card information including the three-digit CVV code to a remote server controlled by the attackers. This is an ancient breach in terms of the time it took for consumers to be informed, and the damage has definitely already been done.
How it Could Affect Your Business: There is no excuse for waiting more than a year to inform customers that their data has been stolen, especially financial data like credit card numbers. This incident will shake consumer confidence in the brand.
South Korea – Korea Atomic Energy Research Institute (KAERI)
https://www.theregister.com/2021/06/21/south_koreas_nuclear_think_tank/Exploit: Nation-State Cybercrime
Korea Atomic Energy Research Institute (KAERI): Government Agency
Risk to Business: 1.633 = Severe
South Korean officials have admitted that the government nuclear think tank Korea Atomic Energy Research Institute (KAERI) was hacked by nation-state threat actors in May 2021 after the incident was brought to light by reporters. The Korean media is accusing the agency of perpetrating a cover-up. According to experts, the North Korean Kimusky cybercrime gang is to blame. This group often uses phishing to mimic websites like Gmail, Outlook, Telegram and more. The group then installs Android and Windows backdoor “AppleSeed” to collect information and frequently makes use of ransomware. The extent of the data theft is unknown.
Customers Impacted: Unknown
How it Could Affect Your Business: Nation-state threat actors frequently use phishing and ransomware to get the job done, and no matter how big or small, no organization is safe.
Cognyte
https://beta.darkreading.com/attacks-breaches/cyber-analytics-database-exposed-5-billion-records-onlineExploit: Unsecured Database
Cognyte: Data Analytics Firm
Risk to Business: 1.802= Severe
Data analytics company Cognyte warns folks about data exposure from third-party sources, and it had to send one out for itself this week. Researchers discovered an unsecured database operated by Cognyte that left some 5 billion records collected from a range of data incidents exposed online. The stored data is part of Cognyte’s cyber intelligence service, which is used to alert customers to third-party data exposures. The incident is under investigation.
Customers Impacted: Unknown
How It Could Affect Your Business: Proprietary like this is catnip for hackers. It’s both useful for committing future cybercrime and quickly saleable in the busy dark web data markets.
Invenergy LLC
https://www.infosecurity-magazine.com/news/revil-claims-responsibility-for/Exploit: Ransomware
Invenergy LLC: Energy Company
Risk to Business: 1.916 = Severe
REvil has claimed responsibility for a recent cyberattack on renewable energy company Invenergy. The gang claims to have compromised the company’s computer systems and exfiltrated four terabytes of data. Among the information allegedly taken by REvil are contracts and project data. In a bizarre twist, REvil also claims to have obtained “very personal and spicy” information regarding Invenergy’s chief executive officer, Michael Polsky.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware attacks against strategic targets are hot right now as ransomware gangs try to score a big payday fast from targets that can’t afford downtime.
CVS
https://www.zdnet.com/article/billions-of-records-belonging-to-cvs-health-exposed-online/#ftag=RSSbaffb68Exploit: Thitd-Party Threat (Misconfiguration)
CVS: Drug Store Chain
Risk to Business: 1.416= Extreme
CVS is in hot water after researchers discovered a trove of over one billion records online that were connected to the US healthcare and pharmaceutical giant. The unsecured databasewas extimated to be 204GB in size. According to reports, the databases contained an astonishing assortment of sensitive data like event and configuration data, visitor IDs, session IDs, device access information and details on how the logging system operated from the backend. Search records exposed also included queries for medications, COVID-19 vaccines and a variety of CVS products, referencing both CVS Health and CVS.com.
Customers Impacted: Unknown
How it Could Affect Your Business: Every company needs to make it a priority to be certain that their contractors and partners are handling and storing sensitive data correctly. Poor cyber hygiene at a service provider can become an expensive disaster fast.
Wegman’s
https://www.bleepingcomputer.com/news/security/us-supermarket-chain-wegmans-notifies-customers-of-data-breach/Exploit: Third-Party Threat (Misconfiguration)
Wegman’s: Grocery Store Chain
Risk to Business: 2.227= Severe
East Coast gourmet grocer Wegmans issued a release announcing that a service provider had failed to correctly configure two of its databases, exposing a large quantity of customer data. According to Wegmans, the databases that the contractor maintained contained customer identity and shopping habit information as well as an assortment of client PII. The company says the issue is resolved.
Risk to Business: 2.776 = Moderate
The release says that customer information exposed in the data breach included names, addresses, phone numbers, birth dates, Shoppers Club numbers, Wegmans.com account e-mail addresses and passwords. No Social Security, financial or medical information was stolen and only salted password hashes were stored in the databases maintained by the negligent contractor.
How it Could Affect Your Business: Clients expect a high level of information security from companies that they trust with their personal information and excuses about errors by contractors aren’t going to get businesses off the hook if there’s trouble.
Carnival Cruise Line
https://www.scmagazine.com/home/email-security/carnival-discloses-new-data-breach-on-email-accounts/
Exploit: HackingCarnival Cruise Lines: Cruise Ship Operator
Risk to Business: 1.651= Severe
Perennially cybersecurity challenged cruise line Carnival issued a breach disclosure on Thursday confirming hackers attacked email accounts and gained access to data about its customers and employees. The company said that the data snatched was collected during the travel booking process, through the course of employment or from providing services to the company, including COVID or other safety testing.
Risk to Business: 1.802= Severe
The poassenger data accessed included names, addresses, phone numbers, passport numbers, dates of birth, health information, and, in some limited instances, additional personal information like social security or national identification numbers. No clear information was provided about the employee information that was exposed.
How it Could Affect Your Business: This is the third major cybersecurity blunder for Carnival in just one year, and that is likely to create a great deal of mistrust with consumers just as the travel industry is getting back on it’s feet.
United Kingdom – Cake Box
https://www.bleepingcomputer.com/news/security/eggfree-cake-box-suffer-data-breach-exposing-credit-card-numbers/Exploit: Hacking
Cake Box: Bakery Chain
Risk to Business: 1.661 = Severe
UK celebration cake chain Cake Box isn’t celebrating this week. The company has disclosed a data breach after threat actors hacked their website and obtained credit card numbers. According to the release, the breach occurred way back in April 2020 and they’re just informing consumers. Payment skimming malware is to blame. Experts suspect that this breach is the result of a Magecart attack.
Individual Risk 2.802 = Severe
When customers made purchases on the site while it was infected malicious scripts sent the first name and surname, email address, postal address, and payment card information including the three-digit CVV code to a remote server controlled by the attackers. This is an ancient breach in terms of the time it took for consumers to be informed, and the damage has definitely already been done.
How it Could Affect Your Business: There is no excuse for waiting more than a year to inform customers that their data has been stolen, especially financial data like credit card numbers. This incident will shake consumer confidence in the brand.
South Korea – Korea Atomic Energy Research Institute (KAERI)
https://www.theregister.com/2021/06/21/south_koreas_nuclear_think_tank/Exploit: Nation-State Cybercrime
Korea Atomic Energy Research Institute (KAERI): Government Agency
Risk to Business: 1.633 = Severe
South Korean officials have admitted that the government nuclear think tank Korea Atomic Energy Research Institute (KAERI) was hacked by nation-state threat actors in May 2021 after the incident was brought to light by reporters. The Korean media is accusing the agency of perpetrating a cover-up. According to experts, the North Korean Kimusky cybercrime gang is to blame. This group often uses phishing to mimic websites like Gmail, Outlook, Telegram and more. The group then installs Android and Windows backdoor “AppleSeed” to collect information and frequently makes use of ransomware. The extent of the data theft is unknown.
Customers Impacted: Unknown
How it Could Affect Your Business: Nation-state threat actors frequently use phishing and ransomware to get the job done, and no matter how big or small, no organization is safe.
Electronic Arts Inc (EA)
https://www.reuters.com/business/hackers-steal-wealth-data-ea-vice-2021-06-10/Exploit: Hacking
Electronic Arts Inc: Game Developer
Risk to Business: 1.355= Extreme
Electronic Arts (EA) has announced that it is investigating a data breach. Cybercriminals stole valuable corporate data from the company including game source code and related tools. Early reports noted that hackers had stolen source codes for the popular title “FIFA 21” and source code and tools for the Frostbite engine. Researchers estimate that 780 gigabytes of data was snatched then advertised for sale on underground hacking forums.
How It Could Affect Your Business: Hackers are always interested in proprietary data and corporate secrets, the 3rd most popular category for theft. They’re easy money in the busy dark web data markets.
Edward Don
Exploit: RansomwareEdward Don: Foodservice Distributor
Risk to Business: 1.816 = Severe
Foodservice equipment distributor Edward Don has been hit by a ransomware attack. The incident has disrupted their business operations, including their phone systems, network and email. As a result, employees have been driven to using personal Gmail accounts to communicate with customers regarding urgent orders or fulfillment issues. The incident is under investigation and full functionality was quickly restored,
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware attacks against strategic targets like this are becoming all too common as ransomware gangs seek to cause maximum buzz for maximum profit.
McDonald’s Corp
https://www.reuters.com/technology/mcdonalds-hit-by-data-breach-south-korea-taiwan-wsj-2021-06-11/Exploit: Ransomware
McDonald’s Corp: Fast Food Chain
Risk to Business: 2.606= Moderate
McDonald’s Corp. said hackers exposed US business information and some customer data in South Korea and Taiwan. The attackers accessed e-mails, phone numbers and delivery addresses. The company reported that it had hired external consultants to investigate unauthorized activity on an internal security system, prompted by a specific incident in which the unauthorized access was cut off a week after it was identified. The announcement noted that the burger chain does not believe any customer payment data was stolen but cautioned that there may be employee data exposed.
Customers Impacted: Unknown
How it Could Affect Your Business: Cyberattacks that focus on obtaining corporate or business data are increasingly troubling because each one adds more sensitive data to the dark web that can be used against
Intuit
https://www.bleepingcomputer.com/news/security/intuit-notifies-customers-of-compromised-turbotax-accounts/Exploit: Account Takeover (ATO)
Intuit: Financial Software Developer
Risk to Business: 1.612= Severe
Accounting software giant Intuit has notified customers that they have suffered a breach. The company warned users of TurboTax that their personal and financial information was accessed by attackers following what looks like a series of account takeover attacks. Intuit announced that the threat actors used credentials (usernames and passwords) obtained from “a non-Intuit source” to gain access to the accounts.
Risk to Business: 1.832= Severe
Intuit notified potentially impacted clients by mail that information contained in a prior year’s tax return or current tax returns in progress including their name, Social Security number, address(es), date of birth, driver’s license number and financial information (e.g., salary and deductions) and information of other individuals contained in the tax return may have been exposed.
How it Could Affect Your Business: Clients expect a high level of information security from companies that they trust with their personal and financial information, and may stop doing business with companies that fail to protect it.
Sol Oriens
https://www.techtimes.com/amp/articles/261472/20210615/revil-hacking-group-s-ransomware-attack-nuclear-weapons-contractor-sol.htmExploit: Ransomware
Sol Oriens: Defense Contractor
Risk to Business: 2.337= Severe
REvil has struck again, this time against a tiny but important target in the defense sector. Sol Oriens, which consults for the US Department of Energy’s National Nuclear Safety Administration, is a 50-person firm based in Albuquerque, New Mexico. Researchers noted finding Sol Oriens documents posted on the dark web, told CNBC that they include invoices for NNSA contracts, descriptions of research and development projects managed by defense and energy contractors dated as recently as 2021
Customers Impacted: Unknown
How it Could Affect Your Business: This seemingly small attack could pack big consequences. Ransomware gangs have been increasingly focused on hitting strategic targets that service major clients.
Volkswagen Group of America
https://www.reuters.com/business/autos-transportation/vw-says-data-breach-vendor-impacted-33-million-people-north-america-2021-06-11/Exploit: Third- Party Data Breach
Volkswagen Group of America: Automotive Manufacturer
Risk to Business: 1.825 = Severe
Volkswagen US has announced that it has suffered a data breach impacting millions of US customers and prospective customers. the car company released information saying that a data breach at a vendor has exposed data on more than 3.3 million buyers and prospective buyers in North America. An unauthorized third party obtained limited personal information about customers and interested buyers from a vendor that its Audi Volkswagen brands and some U.S. and Canadian dealers used for digital sales and marketing.
Risk to Business: 2.213 = Severe
The information was gathered for sales and marketing between 2014 and 2019 and was in an electronic file the vendor left unsecured. According to Volkswagen, the majority of people impacted had phone numbers and email addresses exposed, but some clients had their driver’s license information stolen as well. In some cases, information about a vehicle purchased, leased, or inquired about was also obtained. VW said 90,000 Audi customers and prospective buyers also had sensitive data impacted relating to purchase or lease eligibility. VW said it will offer free credit protection services to those individuals.
How it Could Affect Your Business: Attacks on data processors and other essential service providers have escalated as cybercriminals look for big data scores and information that facilitates more cybercrimes.
New York City Law Department
https://www.nytimes.com/2021/06/07/nyregion/cyberattack-law-department-nyc.html
Exploit: RansomwareNew York City Law Department: Municipal Government Agency
Risk to Business: 1.633 = Severe
The New York City Law Department experienced a cyberattack that impacted its computer systems, forcing it to shut down its technology. The network also had to be disconnected from other city systems for safety. Systems are being restored slowly and the FBI is investigating along with New York police.
Customers Impacted: Unknown
How it Could Affect Your Business: Attacks that strike at government and infrastructure targets frequently use ransomware to get the job done, and no matter how big or small, no organization is safe.
Carter’s
https://threatpost.com/baby-clothes-carters-leaks-customer-records/166866/Carter’s: Children’s Clothier
Exploit: Third Party Data Breach
Risk to Business: 2.331 = Severe
In a new disclosure, baby clothing giant Carter’s admitted that it had suffered a data breach through a third-party data processor. This exposed the personal data of hundreds of thousands of its customers over a multiyear period. The service provider, Linc, handled automation for online purposes. The Linc system was used to send customers shortened URLs containing everything from purchase details to tracking information without basic security protections.
Customers Impacted: Unknown
How it Could Affect Your Business: Every business has relationships with other businesses, and every relationship they have creates risk. Protecting companies from supply chain risk is imperative.
Electronic Arts Inc (EA)
https://www.reuters.com/business/hackers-steal-wealth-data-ea-vice-2021-06-10/Exploit: Hacking
Electronic Arts Inc: Game Developer
Risk to Business: 1.355= Extreme
Electronic Arts (EA) has announced that it is investigating a data breach. Cybercriminals stole valuable corporate data from the company including game source code and related tools. Early reports noted that hackers had stolen source codes for the popular title “FIFA 21” and source code and tools for the Frostbite engine. Researchers estimate that 780 gigabytes of data was snatched then advertised for sale on underground hacking forums.
How It Could Affect Your Business: Hackers are always interested in proprietary data and corporate secrets, the 3rd most popular category for theft. They’re easy money in the busy dark web data markets.
Edward Don
Exploit: RansomwareEdward Don: Foodservice Distributor
Risk to Business: 1.816 = Severe
Foodservice equipment distributor Edward Don has been hit by a ransomware attack. The incident has disrupted their business operations, including their phone systems, network and email. As a result, employees have been driven to using personal Gmail accounts to communicate with customers regarding urgent orders or fulfillment issues. The incident is under investigation and full functionality was quickly restored,
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware attacks against strategic targets like this are becoming all too common as ransomware gangs seek to cause maximum buzz for maximum profit.
McDonald’s Corp
https://www.reuters.com/technology/mcdonalds-hit-by-data-breach-south-korea-taiwan-wsj-2021-06-11/Exploit: Ransomware
McDonald’s Corp: Fast Food Chain
Risk to Business: 2.606= Moderate
McDonald’s Corp. said hackers exposed US business information and some customer data in South Korea and Taiwan. The attackers accessed e-mails, phone numbers and delivery addresses. The company reported that it had hired external consultants to investigate unauthorized activity on an internal security system, prompted by a specific incident in which the unauthorized access was cut off a week after it was identified. The announcement noted that the burger chain does not believe any customer payment data was stolen but cautioned that there may be employee data exposed.
Customers Impacted: Unknown
How it Could Affect Your Business: Cyberattacks that focus on obtaining corporate or business data are increasingly troubling because each one adds more sensitive data to the dark web that can be used against
Intuit
https://www.bleepingcomputer.com/news/security/intuit-notifies-customers-of-compromised-turbotax-accounts/Exploit: Account Takeover (ATO)
Intuit: Financial Software Developer
Risk to Business: 1.612= Severe
Accounting software giant Intuit has notified customers that they have suffered a breach. The company warned users of TurboTax that their personal and financial information was accessed by attackers following what looks like a series of account takeover attacks. Intuit announced that the threat actors used credentials (usernames and passwords) obtained from “a non-Intuit source” to gain access to the accounts.
Risk to Business: 1.832= Severe
Intuit notified potentially impacted clients by mail that information contained in a prior year’s tax return or current tax returns in progress including their name, Social Security number, address(es), date of birth, driver’s license number and financial information (e.g., salary and deductions) and information of other individuals contained in the tax return may have been exposed.
How it Could Affect Your Business: Clients expect a high level of information security from companies that they trust with their personal and financial information, and may stop doing business with companies that fail to protect it.
Sol Oriens
https://www.techtimes.com/amp/articles/261472/20210615/revil-hacking-group-s-ransomware-attack-nuclear-weapons-contractor-sol.htmExploit: Ransomware
Sol Oriens: Defense Contractor
Risk to Business: 2.337= Severe
REvil has struck again, this time against a tiny but important target in the defense sector. Sol Oriens, which consults for the US Department of Energy’s National Nuclear Safety Administration, is a 50-person firm based in Albuquerque, New Mexico. Researchers noted finding Sol Oriens documents posted on the dark web, told CNBC that they include invoices for NNSA contracts, descriptions of research and development projects managed by defense and energy contractors dated as recently as 2021
Customers Impacted: Unknown
How it Could Affect Your Business: This seemingly small attack could pack big consequences. Ransomware gangs have been increasingly focused on hitting strategic targets that service major clients.
Volkswagen Group of America
https://www.reuters.com/business/autos-transportation/vw-says-data-breach-vendor-impacted-33-million-people-north-america-2021-06-11/Exploit: Third- Party Data Breach
Volkswagen Group of America: Automotive Manufacturer
Risk to Business: 1.825 = Severe
Volkswagen US has announced that it has suffered a data breach impacting millions of US customers and prospective customers. the car company released information saying that a data breach at a vendor has exposed data on more than 3.3 million buyers and prospective buyers in North America. An unauthorized third party obtained limited personal information about customers and interested buyers from a vendor that its Audi Volkswagen brands and some U.S. and Canadian dealers used for digital sales and marketing.
Risk to Business: 2.213 = Severe
The information was gathered for sales and marketing between 2014 and 2019 and was in an electronic file the vendor left unsecured. According to Volkswagen, the majority of people impacted had phone numbers and email addresses exposed, but some clients had their driver’s license information stolen as well. In some cases, information about a vehicle purchased, leased, or inquired about was also obtained. VW said 90,000 Audi customers and prospective buyers also had sensitive data impacted relating to purchase or lease eligibility. VW said it will offer free credit protection services to those individuals.
How it Could Affect Your Business: Attacks on data processors and other essential service providers have escalated as cybercriminals look for big data scores and information that facilitates more cybercrimes.
New York City Law Department
https://www.nytimes.com/2021/06/07/nyregion/cyberattack-law-department-nyc.html
Exploit: RansomwareNew York City Law Department: Municipal Government Agency
Risk to Business: 1.633 = Severe
The New York City Law Department experienced a cyberattack that impacted its computer systems, forcing it to shut down its technology. The network also had to be disconnected from other city systems for safety. Systems are being restored slowly and the FBI is investigating along with New York police.
Customers Impacted: Unknown
How it Could Affect Your Business: Attacks that strike at government and infrastructure targets frequently use ransomware to get the job done, and no matter how big or small, no organization is safe.
Carter’s
https://threatpost.com/baby-clothes-carters-leaks-customer-records/166866/Carter’s: Children’s Clothier
Exploit: Third Party Data Breach
Risk to Business: 2.331 = Severe
In a new disclosure, baby clothing giant Carter’s admitted that it had suffered a data breach through a third-party data processor. This exposed the personal data of hundreds of thousands of its customers over a multiyear period. The service provider, Linc, handled automation for online purposes. The Linc system was used to send customers shortened URLs containing everything from purchase details to tracking information without basic security protections.
Customers Impacted: Unknown
How it Could Affect Your Business: Every business has relationships with other businesses, and every relationship they have creates risk. Protecting companies from supply chain risk is imperative.
United States iConstituent
https://www.nbcnews.com/politics/congress/house-communications-vendor-compromised-ransomware-attack-n1269934Exploit: Ransomware
IConstituent: Communications Services
Risk to Business: 1.655= Severe
A major service provider to members of the US House of Representatives is recovering from a ransomware incident that has left Members scrambling. iConstituent provides constituent communications services for House offices including facilitating Member emails and newsletters. The House Chief Administrative Officer (CAO) is coordinating a response with iConstituent, and the CAO has announced that no other House data or systems have been compromised.
How It Could Affect Your Business: Ransomware against service providers has been a hot profit center for cybercriminals and they’re not letting up on potentially vulnerable targets.
United States – Cox Media Group
https://therecord.media/live-streams-go-down-across-cox-radio-tv-stations-in-apparent-ransomware-attack/Exploit: Ransomware
Cox Media Group: TV & Radio Station Operator
Risk to Business: 1.227= Extreme
A number of TV and radio stations around the US went dark briefly after a suspected ransomware attack on parent company Cox Media Group. Stations impacted included News9, WSOC, WSB, WPXI, KOKI, and almost all Cox radio stations. The Cox Media Group owns 57 radio and TV stations across 20 US markets. Internal networks and live streaming capabilities for other Cox media properties, such as web streams and mobile apps, were also impacted in the June 35r event. Service was quickly restored and the event is under investigation.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware attacks against strategic targets like this are becoming all too common as ransomware gangs seek to cause maximum buzz for maximum profit.
United States – Navistar International Corporation
https://www.reuters.com/technology/us-truck-maker-navistar-says-aware-it-breach-2021-06-07/Exploit: Ransomware
Navistar International Corporation: Specialty Vehicle Manufacturer
Risk to Business: 2.812= Moderate
Truck manufacturer Navistar International has notified the Securities and Exchange Commission (SEC) that they’ve fallen prey to a ransomware attack. Navistar makes trucks, buses and diesel engines, while its Navistar Defense subsidiary produces several US military vehicles. The company confirmed that there was data exfiltration in the suspected ransomware attack, but no details have been made available regarding the nature of that data.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware is evolving, meaning every incident stands a chance of containing an even harder to stop new variant that could do lasting damage.
United States – New York Metropolitan Transit Authority (M.T.A.)
https://www.nytimes.com/2021/06/02/nyregion/mta-cyber-attack.html
Exploit: Nation-State hackingNew York Metropolitan Transit Authority (M.T.A.): Regional Transport Operator
Risk to Business: 2.812= Moderate
Officials at NY M.T.A released information that their system had been the target of a cyberattack by a hacking group believed to have links to the Chinese government. According to the report, nation-state actors penetrated the Metropolitan Transportation Authority’s computer systems in April. The investigation has concluded and NY M.T.A. was able to confirm that no sensitive data or rider data was impacted.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware is evolving, meaning every incident stands a chance of containing an even harder to stop new variant that could do lasting damage.
United States – LineStar Integrity Services
https://www.wired.com/story/linestar-pipeline-ransomware-leak/Exploit: Ransomware
LineStar Integrity Services: Pipeline Technology Services
Risk to Business: 2.522= Severe
Cybersecurity researchers discovered that pipeline technology provider LineStar Integrity was hit in a ransomware incident at approximately the same time as Colonial Pipeline resulting in 70+GB of company data finding a new home on the dark web. LineStar Integrity Services sells auditing, compliance, maintenance, and technology services to pipeline customers and is based in Houston, TX.
Customers Impacted: Unknown
How it Could Affect Your Business: Increasing frequency off cyberattacks on service providers show that cybercriminals are taking every chance to strike against linchpins of business services.
United Kingdom – Furniture Village
https://www.theregister.com/2021/06/04/furniture_village_confirms_cyberattack/Exploit: Hacking
Furniture Village: Home Goods Retailer
Risk to Business: 1.115 = Extreme
UK home goods giant Furniture Village has confirmed that it has been suffering the impact of an unnamed cyberattack. For the past week, the company’s internal systems, as well as some customer-facing systems, have been experiencing outages. The company stated that no data appears to have been stolen. Impacted systems include included delivery systems, phone systems, and payment mechanisms.
Customers Impacted: Unknown
How it Could Affect Your Business: Attacks on older systems are often easy money for cybercriminals looking for data to sell with a low overhead and fast turnaround time.
Australia – New South Wales Health (NSW Health)
https://www.zdnet.com/article/nsw-health-confirms-data-breached-due-to-accellion-vulnerability/Exploit: Third-Party Data Breach
New South Wales Health (NSW Health): Regional Healthcare Agency
Risk to Business: 1.616 = Severe
New South Wales Health has confirmed that it is the latest organization impacted by the major cyberattack on the file transfer system owned by medical data services provider Accellion last month. The state entity said that no medical records maintained in public hospitals were affected. The agency has begun notifying people whose data may have been accessed. NSW Health has upgraded its technology to avoid future problems.
Individual Risk: 1.616 = Severe
New South Wales Health disclosed that identity information and health-related personal information were exposed for some patients. The agency is in the process of contacting people who have been impacted.
How it Could Affect Your Business: Attacks on major data processors like this puts many businesses at risk. Cybercriminals are hungry for saleable information and these places are treasure troves.
Japan – Fulifilm
https://www.bleepingcomputer.com/news/security/fujifilm-confirms-ransomware-attack-disrupted-business-operations/Exploit: Ransomware
Fujifilm: Film & Photo Technology Developer
Risk to Business: 1.922 = Severe
Legendary Japanese film technology company Fujifilm announced that it has been the victim of a ransomware attack that has impacted its operations. The purported ransomware attack led to a network outage that impacted access to email for employees, billings system and a problem reporting system. Experts believe that this attack was carried out with REvil technology. Investigation and recovery have begun and many systems have been fully restored.
Customers Impacted: Unknown
How it Could Affect Your Business: Business disruptions from ransomware attacks can be costly even if no business or customer data is stolen, and extra costs for recovery can add up.
United States iConstituent
https://www.nbcnews.com/politics/congress/house-communications-vendor-compromised-ransomware-attack-n1269934Exploit: Ransomware
IConstituent: Communications Services
Risk to Business: 1.655= Severe
A major service provider to members of the US House of Representatives is recovering from a ransomware incident that has left Members scrambling. iConstituent provides constituent communications services for House offices including facilitating Member emails and newsletters. The House Chief Administrative Officer (CAO) is coordinating a response with iConstituent, and the CAO has announced that no other House data or systems have been compromised.
How It Could Affect Your Business: Ransomware against service providers has been a hot profit center for cybercriminals and they’re not letting up on potentially vulnerable targets.
United States – Cox Media Group
https://therecord.media/live-streams-go-down-across-cox-radio-tv-stations-in-apparent-ransomware-attack/Exploit: Ransomware
Cox Media Group: TV & Radio Station Operator
Risk to Business: 1.227= Extreme
A number of TV and radio stations around the US went dark briefly after a suspected ransomware attack on parent company Cox Media Group. Stations impacted included News9, WSOC, WSB, WPXI, KOKI, and almost all Cox radio stations. The Cox Media Group owns 57 radio and TV stations across 20 US markets. Internal networks and live streaming capabilities for other Cox media properties, such as web streams and mobile apps, were also impacted in the June 35r event. Service was quickly restored and the event is under investigation.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware attacks against strategic targets like this are becoming all too common as ransomware gangs seek to cause maximum buzz for maximum profit.
United States – Navistar International Corporation
https://www.reuters.com/technology/us-truck-maker-navistar-says-aware-it-breach-2021-06-07/Exploit: Ransomware
Navistar International Corporation: Specialty Vehicle Manufacturer
Risk to Business: 2.812= Moderate
Truck manufacturer Navistar International has notified the Securities and Exchange Commission (SEC) that they’ve fallen prey to a ransomware attack. Navistar makes trucks, buses and diesel engines, while its Navistar Defense subsidiary produces several US military vehicles. The company confirmed that there was data exfiltration in the suspected ransomware attack, but no details have been made available regarding the nature of that data.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware is evolving, meaning every incident stands a chance of containing an even harder to stop new variant that could do lasting damage.
United States – New York Metropolitan Transit Authority (M.T.A.)
https://www.nytimes.com/2021/06/02/nyregion/mta-cyber-attack.html
Exploit: Nation-State hackingNew York Metropolitan Transit Authority (M.T.A.): Regional Transport Operator
Risk to Business: 2.812= Moderate
Officials at NY M.T.A released information that their system had been the target of a cyberattack by a hacking group believed to have links to the Chinese government. According to the report, nation-state actors penetrated the Metropolitan Transportation Authority’s computer systems in April. The investigation has concluded and NY M.T.A. was able to confirm that no sensitive data or rider data was impacted.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware is evolving, meaning every incident stands a chance of containing an even harder to stop new variant that could do lasting damage.
United States – LineStar Integrity Services
https://www.wired.com/story/linestar-pipeline-ransomware-leak/Exploit: Ransomware
LineStar Integrity Services: Pipeline Technology Services
Risk to Business: 2.522= Severe
Cybersecurity researchers discovered that pipeline technology provider LineStar Integrity was hit in a ransomware incident at approximately the same time as Colonial Pipeline resulting in 70+GB of company data finding a new home on the dark web. LineStar Integrity Services sells auditing, compliance, maintenance, and technology services to pipeline customers and is based in Houston, TX.
Customers Impacted: Unknown
How it Could Affect Your Business: Increasing frequency off cyberattacks on service providers show that cybercriminals are taking every chance to strike against linchpins of business services.
United Kingdom – Furniture Village
https://www.theregister.com/2021/06/04/furniture_village_confirms_cyberattack/Exploit: Hacking
Furniture Village: Home Goods Retailer
Risk to Business: 1.115 = Extreme
UK home goods giant Furniture Village has confirmed that it has been suffering the impact of an unnamed cyberattack. For the past week, the company’s internal systems, as well as some customer-facing systems, have been experiencing outages. The company stated that no data appears to have been stolen. Impacted systems include included delivery systems, phone systems, and payment mechanisms.
Customers Impacted: Unknown
How it Could Affect Your Business: Attacks on older systems are often easy money for cybercriminals looking for data to sell with a low overhead and fast turnaround time.
Australia – New South Wales Health (NSW Health)
https://www.zdnet.com/article/nsw-health-confirms-data-breached-due-to-accellion-vulnerability/Exploit: Third-Party Data Breach
New South Wales Health (NSW Health): Regional Healthcare Agency
Risk to Business: 1.616 = Severe
New South Wales Health has confirmed that it is the latest organization impacted by the major cyberattack on the file transfer system owned by medical data services provider Accellion last month. The state entity said that no medical records maintained in public hospitals were affected. The agency has begun notifying people whose data may have been accessed. NSW Health has upgraded its technology to avoid future problems.
Individual Risk: 1.616 = Severe
New South Wales Health disclosed that identity information and health-related personal information were exposed for some patients. The agency is in the process of contacting people who have been impacted.
How it Could Affect Your Business: Attacks on major data processors like this puts many businesses at risk. Cybercriminals are hungry for saleable information and these places are treasure troves.
Japan – Fulifilm
https://www.bleepingcomputer.com/news/security/fujifilm-confirms-ransomware-attack-disrupted-business-operations/Exploit: Ransomware
Fujifilm: Film & Photo Technology Developer
Risk to Business: 1.922 = Severe
Legendary Japanese film technology company Fujifilm announced that it has been the victim of a ransomware attack that has impacted its operations. The purported ransomware attack led to a network outage that impacted access to email for employees, billings system and a problem reporting system. Experts believe that this attack was carried out with REvil technology. Investigation and recovery have begun and many systems have been fully restored.
Customers Impacted: Unknown
How it Could Affect Your Business: Business disruptions from ransomware attacks can be costly even if no business or customer data is stolen, and extra costs for recovery can add up.
United States – DailyQuiz
https://therecord.media/8-3-million-plaintext-passwords-exposed-in-dailyquiz-data-breach/Exploit: Hacking
DailyQuiz: Entertainment App
Risk to Business: 1.655= Severe
The personal details of 13 million DailyQuiz users have been leaked online after a hacker breached the app developer’s database. Millions of user passwords were stored in that database unsafely in a plain text format and were subsequently stolen. Researchers recently discovered that the DailyQuiz database was up for sale in dark web data markets.
Individual Risk: 2.711= Moderate
Users should be aware that their passwords have been compromised and change any accounts that share that password as well as updating their DailyQuiz accounts.
How It Could Affect Your Business: Weak password storage is symptomatic of low cybersecurity safety standards and shows clients that you don’t take their data privacy seriously.
United States – Rehoboth McKinley Christian Health Care Services (RMCHCS)
https://portswigger.net/daily-swig/us-healthcare-non-profit-reports-data-breach-impacting-200-000-patients-employeesExploit: Hacking
Rehoboth McKinley Christian Health Care Services (RMCHCS): Health Non-Profit
Risk to Business: 1.833= Severe
Rehoboth McKinley Christian Health Care Services (RMCHCS) has reported a data breach reported caused by improper access to data impacting around 200,000 patients and employees. RMCHCS operates a 60-bed acute care hospital and four clinics providing emergency care, cancer care, and hospice and pediatric services in Arizona and New Mexico. The company did not say how the data was improperly accessed.
Risk to Business: 1.833= Severe
RMCHCS states that the breached material includes names, dates of birth, postal addresses, telephone numbers, and email addresses, as well as Social Security, driver’s license, passport and (for Native Americans) tribal ID numbers. Healthcare-specific details of patient care were also involved, but it’s not consistent across accounts. Healthcare data potentially impacted may include medical record numbers, dates of service and healthcare provider names; prescription, treatment, and diagnosis information; and billing and claims information, including financial account information.
How it Could Affect Your Business: Data theft is always a problem, but theft of medical data is a disaster for healthcare orgs that will have to pay major fines for security failures.
United States – Bose
https://www.hackread.com/logistics-giant-leaks-data-lolz-when-alerted/Exploit: Ransomware
Bose: Audio Equipment Maker
Risk to Business: 2.812= Moderate
Audio manufacturing titan Bose disclosed a data breach following a ransomware attack that hit the company’s systems in early March. In a regulatory filing, the company explained that a small amount of employee data had been potentially exposed as had several unnamed spreadsheets. No customer or other proprietary data was reported as compromised but the investigation is still ongoing.
Risk to Business: 2.812= Moderate
According to the company, a very small amount of employee personally identifying data and payroll data was compromised. Current and former employees should be alert to spear phishing and identity theft.
How it Could Affect Your Business: Ransomware is evolving, meaning every incident stands a chance of containing an even harder to stop new variant that could do lasting damage.
United States – JBS SA
https://www.cnn.com/2021/06/01/tech/jbs-usa-cyberattack-meat-producer/index.htmlExploit: Ransomware
JBS SA: Meat Processor
Risk to Business: 1.221 = Extreme
International meat supplier JBS SA has been hit by a ransomware attack. The world’s largest meat producer, Brazil-based JBS has operations in 15 countries and serves customers worldwide including the US, Australia and Canada. The company is in contact with federal officials and has brought in a “top firm” to investigate and remediate the incident which is potentially tied to nation-state cybercrime. JBS stated that the attack only impacts some supplier transactions and no data was stolen.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware is the preferred weapon of cybercriminals, especially of the nation-state variety, for its potential for business disruption without even stealing data.
Canada – Canada Post
https://globalnews.ca/news/7894760/canada-post-data-breach/Exploit: Third Party Data Breach
Canada Post: Postal Service
Risk to Business: 1.882 = Severe
A supplier’s malware attack is responsible for a nasty data breach at Canada Post affecting 44 of the company’s large business clients and their 950,000 receiving customers. The exposure comes from Commport Communications, an electronic data interchange (EDI) solution supplier that manages shipping data for business customers, informed Canada Post that address data associated with some of their customers had been compromised in May 2021. Canada Post has announced that only shipping information pertaining to less than 50 corporate customers was involved.
Customers Impacted: 44 companies and an estimated 950,000 individual addresses
How it Could Affect Your Business: Third-party and supply chain data breaches like this one are becoming all too common as clever cybercriminals go for data-rich targets – and the problem will only get worse thanks to booming dark web data markets.
Australia – TPG Telecom
https://www.zdnet.com/article/a-pair-of-tpg-trustedcloud-customers-were-breached/Exploit: Hacking
TPG Telecom: Communications Technology
Risk to Business: 1.115 = Extreme
TPG Telecom has announced that it had the data of two unnamed large customers improperly accessed on its legacy TrustedCloud hosting service. It added it did not believe any other customers were impacted by the breach. The service was part of a 2011 acquisition by the telecom and is set to be decommissioned in August 2021. An investigation is underway and authorities have been informed.
Customers Impacted: Unknown
How it Could Affect Your Business: Attacks on older systems are often easy money for cybercriminals looking for data to sell with a low overhead and fast turnaround time.
Japan – Net Marketing Co.
https://www.japantimes.co.jp/news/2021/05/22/business/tech/omiai-dating-app-hack-japan/Exploit: Hacking
Net Marketing Co.: App Creator
Risk to Business: 1.922 = Severe
Japanese app company Net Marketing Co. said Friday that the personal data of 1.71 million users of one of its apps has been compromised in a hacking incident. The company is the operator of the popular dating app Omiai. Net Marketing said that Omiai customer information provided to the company between January 2018 and last month has been accessed on more than one occasion by unauthorized parties and PII on users may have been stolen.
Individual Risk: 1.942 = Severe
The company notes that assorted user data, including names, identity cards, addresses, email addresses and face photos, was likely leaked due to unauthorized access to its server. Customers that use the Omiai app should be cautious for spear phishing and identity theft risk.
How it Could Affect Your Business: Personal data like this is a hot commodity in booming dark web data markets. Failing to protect it adequately makes it catnip for cybercriminals.
United States – DailyQuiz
https://therecord.media/8-3-million-plaintext-passwords-exposed-in-dailyquiz-data-breach/Exploit: Hacking
DailyQuiz: Entertainment App
Risk to Business: 1.655= Severe
The personal details of 13 million DailyQuiz users have been leaked online after a hacker breached the app developer’s database. Millions of user passwords were stored in that database unsafely in a plain text format and were subsequently stolen. Researchers recently discovered that the DailyQuiz database was up for sale in dark web data markets.
Individual Risk: 2.711= Moderate
Users should be aware that their passwords have been compromised and change any accounts that share that password as well as updating their DailyQuiz accounts.
How It Could Affect Your Business: Weak password storage is symptomatic of low cybersecurity safety standards and shows clients that you don’t take their data privacy seriously.
United States – Rehoboth McKinley Christian Health Care Services (RMCHCS)
https://portswigger.net/daily-swig/us-healthcare-non-profit-reports-data-breach-impacting-200-000-patients-employeesExploit: Hacking
Rehoboth McKinley Christian Health Care Services (RMCHCS): Health Non-Profit
Risk to Business: 1.833= Severe
Rehoboth McKinley Christian Health Care Services (RMCHCS) has reported a data breach reported caused by improper access to data impacting around 200,000 patients and employees. RMCHCS operates a 60-bed acute care hospital and four clinics providing emergency care, cancer care, and hospice and pediatric services in Arizona and New Mexico. The company did not say how the data was improperly accessed.
Risk to Business: 1.833= Severe
RMCHCS states that the breached material includes names, dates of birth, postal addresses, telephone numbers, and email addresses, as well as Social Security, driver’s license, passport and (for Native Americans) tribal ID numbers. Healthcare-specific details of patient care were also involved, but it’s not consistent across accounts. Healthcare data potentially impacted may include medical record numbers, dates of service and healthcare provider names; prescription, treatment, and diagnosis information; and billing and claims information, including financial account information.
How it Could Affect Your Business: Data theft is always a problem, but theft of medical data is a disaster for healthcare orgs that will have to pay major fines for security failures.
United States – Bose
https://www.hackread.com/logistics-giant-leaks-data-lolz-when-alerted/Exploit: Ransomware
Bose: Audio Equipment Maker
Risk to Business: 2.812= Moderate
Audio manufacturing titan Bose disclosed a data breach following a ransomware attack that hit the company’s systems in early March. In a regulatory filing, the company explained that a small amount of employee data had been potentially exposed as had several unnamed spreadsheets. No customer or other proprietary data was reported as compromised but the investigation is still ongoing.
Risk to Business: 2.812= Moderate
According to the company, a very small amount of employee personally identifying data and payroll data was compromised. Current and former employees should be alert to spear phishing and identity theft.
How it Could Affect Your Business: Ransomware is evolving, meaning every incident stands a chance of containing an even harder to stop new variant that could do lasting damage.
United States – JBS SA
https://www.cnn.com/2021/06/01/tech/jbs-usa-cyberattack-meat-producer/index.htmlExploit: Ransomware
JBS SA: Meat Processor
Risk to Business: 1.221 = Extreme
International meat supplier JBS SA has been hit by a ransomware attack. The world’s largest meat producer, Brazil-based JBS has operations in 15 countries and serves customers worldwide including the US, Australia and Canada. The company is in contact with federal officials and has brought in a “top firm” to investigate and remediate the incident which is potentially tied to nation-state cybercrime. JBS stated that the attack only impacts some supplier transactions and no data was stolen.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware is the preferred weapon of cybercriminals, especially of the nation-state variety, for its potential for business disruption without even stealing data.
Canada – Canada Post
https://globalnews.ca/news/7894760/canada-post-data-breach/Exploit: Third Party Data Breach
Canada Post: Postal Service
Risk to Business: 1.882 = Severe
A supplier’s malware attack is responsible for a nasty data breach at Canada Post affecting 44 of the company’s large business clients and their 950,000 receiving customers. The exposure comes from Commport Communications, an electronic data interchange (EDI) solution supplier that manages shipping data for business customers, informed Canada Post that address data associated with some of their customers had been compromised in May 2021. Canada Post has announced that only shipping information pertaining to less than 50 corporate customers was involved.
Customers Impacted: 44 companies and an estimated 950,000 individual addresses
How it Could Affect Your Business: Third-party and supply chain data breaches like this one are becoming all too common as clever cybercriminals go for data-rich targets – and the problem will only get worse thanks to booming dark web data markets.
Australia – TPG Telecom
https://www.zdnet.com/article/a-pair-of-tpg-trustedcloud-customers-were-breached/Exploit: Hacking
TPG Telecom: Communications Technology
Risk to Business: 1.115 = Extreme
TPG Telecom has announced that it had the data of two unnamed large customers improperly accessed on its legacy TrustedCloud hosting service. It added it did not believe any other customers were impacted by the breach. The service was part of a 2011 acquisition by the telecom and is set to be decommissioned in August 2021. An investigation is underway and authorities have been informed.
Customers Impacted: Unknown
How it Could Affect Your Business: Attacks on older systems are often easy money for cybercriminals looking for data to sell with a low overhead and fast turnaround time.
Japan – Net Marketing Co.
https://www.japantimes.co.jp/news/2021/05/22/business/tech/omiai-dating-app-hack-japan/Exploit: Hacking
Net Marketing Co.: App Creator
Risk to Business: 1.922 = Severe
Japanese app company Net Marketing Co. said Friday that the personal data of 1.71 million users of one of its apps has been compromised in a hacking incident. The company is the operator of the popular dating app Omiai. Net Marketing said that Omiai customer information provided to the company between January 2018 and last month has been accessed on more than one occasion by unauthorized parties and PII on users may have been stolen.
Individual Risk: 1.942 = Severe
The company notes that assorted user data, including names, identity cards, addresses, email addresses and face photos, was likely leaked due to unauthorized access to its server. Customers that use the Omiai app should be cautious for spear phishing and identity theft risk.
How it Could Affect Your Business: Personal data like this is a hot commodity in booming dark web data markets. Failing to protect it adequately makes it catnip for cybercriminals.
United States – Utility Trailer Manufacturing
https://www.freightwaves.com/news/trailer-maker-utility-targeted-in-ransomware-attackExploit: Ransomware
Utility Trailer Manufacturing: Trailer Fabrication
Risk to Business: 1.655= Severe
California-based Utility Trailer Manufacturing was hit by the Clop ransomware gang. As proof of the hit, the gang released 5 gigabytes of data to the dark web this week. The company has not been clear on the impact of the breach beyond saying that client data including payment records were not accessed and manufacturing remains normal.
Individual Risk: 1.507= Severe
While the company is staying mum about the content of the breach, researchers have determined that an extensive amount of sensitive personal data about employees, including payrolls and human resources information was included in the incident after finding it on the dark web. Past and present employees should be alert for identity theft and spear phishing attempts.
How It Could Affect Your Business: A new ransomware attack is launched every 40 seconds, and every business is in the line of fire. Making sure that you have all the bases covered and taking smart precautions like increased security awareness training can help reduce risk.
United States – Alaska Department of Health and Social Services
https://www.govinfosecurity.com/alaska-health-department-services-affected-by-malware-attack-a-16708Exploit: Malware
Alaska Department of Health and Social Services: Regional Human Services Agency
Risk to Business: 1.833= Severe
The Alaska health department’s website was taken offline Monday evening and will be unavailable to the public for an indeterminate amount of time as IT teams work to investigate and recover from a malware attack. COVID-19 immunization and most data dashboards are maintained by an outside contractor and are still operational. The department’s main website, background check system, the state of Alaska’s vital records system, Alaska’s behavioral health and substance abuse management system and the state’s system for schools to report vaccine data to public health have all been impacted.
Customers Impacted: Unknown
How it Could Affect Your Business: Malware that takes important systems offline can seriously impact an organization’s operations, costing a fortune in remediation, investigation and recovery. Government targets have been especially appealing to cybercriminals due to their notoriously weak security.
United States – Bergen Logistics
https://www.hackread.com/logistics-giant-leaks-data-lolz-when-alerted/Exploit: Unsecured Database
Bergen Logistics: Shipping & Fulfillment
Risk to Business: 2.812= Moderate
Security researchers recently discovered an exposed database belonging to Bergen Logistics. The Elasticsearch server contains a trove of 467,979 login credentials and shipment records relevant to the company’s customers. Bergen Logistics handles import/export, picking and packing for clients in the fashion industry. the company also direct ships to customers of online marketplaces and e-commerce stores.
Individual Risk: 2.772= Moderate
The exposed data for customers includes names, addresses, order numbers and details, email and contact information and plaintext passwords to customer accounts. This data could be used for spear phishing attempts.
How it Could Affect Your Business: There are enough ways to suffer a cybersecurity incident without causing them through negligence, even though employee error is still the number one cause of a data breach. Making sure to cover the bases with basics goes a long way toward improving security.
United Kingdom – One Call
https://www.doncasterfreepress.co.uk/news/one-call-cyber-attack-all-you-need-to-know-about-hackers-darkside-and-insurance-boss-john-radford-3244076Exploit: Ransomware
One Call: Insurer
Risk to Business: 1.606 = Severe
Insurer OneCall admitted last week that a ransomware attack disrupted its core IT system and forced it to shut down its servers. The attack was perpetrated by the notorious DarkSide gang, which purportedly went dark after the Colonial Pipeline fiasco. the hackers are demanding a ransom of more than $20k. The company has released no clear information on what data was stolen or how long the investigation and recovery will take, although news outlets are reporting customer and financial data as potentially stolen by the gang.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware is the preferred weapon of cybercriminals, especially those in major gangs. Increased security awareness training is a must for every client because it makes organizations up to 70% less likely to experience damaging cybersecurity incidents like this one.
United Kingdom – FastTrack Reflex Recruitment
https://www.hackread.com/uk-recruitment-firm-exposed-applicants-data/Exploit: Misconfiguration
FastTrack Reflex Recruitment: Staffing Firm
Risk to Business: 1.882 = Severe
FastTrack Reflex Recruitment is the latest company to join the ranks of businesses that have had data leaks due to misconfigured AWS S3 buckets. The leaky bucket contained CVs for applicants and also included PII. Experts counted 21,000 client files (including duplicates), equating to 5GB of data,
Individual Risk: 1.780 = Severe
In the bucket, applicant CVs were exposed including attached identity documents like passports, work permits, identity card numbers and similar documents. In many cases, names, addresses, social media profile URLs, contact information DOBs and photos were also exposed
How it Could Affect Your Business: Simple failures in setup like this are a symptom of low standards and a sloppy cybersecurity culture. They’re also a quick way into disaster as this will not only cost money to fix, it will also incur penalties under GDPR and similar legislation.
Ireland – Ardagh Group
https://portswigger.net/daily-swig/packaging-vendor-ardagh-admits-cyber-attack-disrupted-operationsExploit: Ransomware
Ardagh Group: Packaging Manufacturer
Risk to Business: 1.699 = Severe
Glass and metal packaging giant Ardagh Group was snarled in a suspected ransomware attack. The company said that metal and glass packaging facilities remained operational, but the attack has caused shipping delays and interruptions. Investigation and remediation are underway, and the company expects to have everything back online by the end of the month.
Customers Impacted: Unknown
How it Could Affect Your Business: Make sure your clients are taking every possible precaution against ransomware because 61% of organizations worldwide experienced a damaging ransomware incident in 2020.
New Zealand – Waikato District Health Board
https://www.theregister.com/2021/05/19/new_zealand_hospitals_taken_down/Exploit: Ransomware
Waikato District Health Board: Regional Healthcare Agency
Risk to Business: 1.115 = Extreme
Waikato District Health Board (DHB) had most of its IT services go offline Tuesday morning as the result of a suspect Conti ransomware attack, severely impacting services at six of its affiliate hospitals. Only email service has escaped the shutdown. With patient notes inaccessible, clinical services were disrupted and surgeries postponed. Phone lines went down and hospitals were forced to accept urgent patients only, using pencil and paper records. Service disruptions are expected to continue for several days.
Customers Impacted: Unknown
How it Could Affect Your Business: Attacks on healthcare targets have been at the top of the cybercriminals playbook since the beginning of the global pandemic, and they represent a threat to public health, not to mention overstressing already burned-out hospital staffers.
India – Air India
https://www.bleepingcomputer.com/news/security/air-india-data-breach-impacts-45-million-customers/Exploit: Third Party Data Breach
Risk to Business: 2.001 = Severe
Air India disclosed a data breach impacting 4.5 million of its customers following the hack of airline passenger service system provider SITA in February 2021. Dozens of airlines around the world had data exposed in that ransomware incident and the fallout is still shaking out. The airline confirmed that the breach involved personal data and credit card information registered between August 2011 and February 2021 by Air India or its subsidiaries.
Risk to Business: 2.113 = Severe
The exposed data is reported to include passenger details like name, date of birth, contact information, passport information, ticket information, Star Alliance, and Air India frequent flyer data as well as credit card numbers.
How it Could Affect Your Business: Third-party and supply chain data breaches like this one are becoming all too common as clever cybercriminals go for data-rich targets – and the problem will only get worse thanks to booming dark web data markets.
India – Domino’s Pizza India
https://ciso.economictimes.indiatimes.com/news/user-info-linked-to-18cr-dominos-orders-leaked/82899181Exploit: Hacking
Domino’s Pizza India: Restaurant Chain
Risk to Business: 1.774 = Severe
Customer and employee information has been exposed in a hacking incident at Domino’s Pizza India. Security researchers discovered 13TB of employee files and customer details exposed on the dark web. The data leak may be connected to another breach of the pizza chain earlier in April. Jubilant FoodWorks, operator of the chain, said that customers’ financial information remains safe.
Risk to Business: 1.671 = Severe
It is unclear what if any payment data was snatched, but personal information for customers including order dates, addresses, names, order invoices and similar data is available. The hackers claim to also have employee data, but that is unconfirmed.
How it Could Affect Your Business: Personal data is the most desirable information for cybercriminals right now, and every company needs to take precautions to keep them out of databases.
Japan – Mercari
https://www.bleepingcomputer.com/news/security/e-commerce-giant-suffers-major-data-breach-in-codecov-incident/Exploit: Supply Chain Data Breach
Mercari: E-commerce Platform
Risk to Business: 1.922 = Severe
In another big supply chain hit this week, Japanese marketplace Mercari has been compromised as a result of the recent Codecov breach. earlier this year, code coverage tool Codecov disclosed that it had been a victim of a supply-chain attack that lasted for two months and allowed cybercriminals to meddle with its popular Bash Uploader, opening hundreds of companies up to risk. Mercari announced that tens of thousands of customer records, including financial information, were exposed to external actors due to the Codecov breach.
Individual Risk: 1.942 = Severe
In the final tally, 17,085 records related to the transfer of sales proceeds to customer accounts were exposed including bank code, branch code, account number, account holder (kana) and transfer amount; 7,966 records on business partners of “Mercari” and “Merpay,” including names, date of birth, affiliation, e-mail address, and other data were exposed. 2,615 records on employees were also impacted including those working for a Mercari subsidiary. The data is comprised of names of some employees as of April 2021, company email address, employee ID, telephone number, date of birth and other PII plus details of past employees, some contractors and employees of external companies who interacted with Mercari.
How it Could Affect Your Business: Third-party data breaches like this one are the future of business. Reliance on outsourced service providers gives cybercriminals an easy way to scoop up data or snatch access credentials for multiple targets in one fell swoop.
United States – Utility Trailer Manufacturing
https://www.freightwaves.com/news/trailer-maker-utility-targeted-in-ransomware-attackExploit: Ransomware
Utility Trailer Manufacturing: Trailer Fabrication
Risk to Business: 1.655= Severe
California-based Utility Trailer Manufacturing was hit by the Clop ransomware gang. As proof of the hit, the gang released 5 gigabytes of data to the dark web this week. The company has not been clear on the impact of the breach beyond saying that client data including payment records were not accessed and manufacturing remains normal.
Individual Risk: 1.507= Severe
While the company is staying mum about the content of the breach, researchers have determined that an extensive amount of sensitive personal data about employees, including payrolls and human resources information was included in the incident after finding it on the dark web. Past and present employees should be alert for identity theft and spear phishing attempts.
How It Could Affect Your Business: A new ransomware attack is launched every 40 seconds, and every business is in the line of fire. Making sure that you have all the bases covered and taking smart precautions like increased security awareness training can help reduce risk.
United States – Alaska Department of Health and Social Services
https://www.govinfosecurity.com/alaska-health-department-services-affected-by-malware-attack-a-16708Exploit: Malware
Alaska Department of Health and Social Services: Regional Human Services Agency
Risk to Business: 1.833= Severe
The Alaska health department’s website was taken offline Monday evening and will be unavailable to the public for an indeterminate amount of time as IT teams work to investigate and recover from a malware attack. COVID-19 immunization and most data dashboards are maintained by an outside contractor and are still operational. The department’s main website, background check system, the state of Alaska’s vital records system, Alaska’s behavioral health and substance abuse management system and the state’s system for schools to report vaccine data to public health have all been impacted.
Customers Impacted: Unknown
How it Could Affect Your Business: Malware that takes important systems offline can seriously impact an organization’s operations, costing a fortune in remediation, investigation and recovery. Government targets have been especially appealing to cybercriminals due to their notoriously weak security.
United States – Bergen Logistics
https://www.hackread.com/logistics-giant-leaks-data-lolz-when-alerted/Exploit: Unsecured Database
Bergen Logistics: Shipping & Fulfillment
Risk to Business: 2.812= Moderate
Security researchers recently discovered an exposed database belonging to Bergen Logistics. The Elasticsearch server contains a trove of 467,979 login credentials and shipment records relevant to the company’s customers. Bergen Logistics handles import/export, picking and packing for clients in the fashion industry. the company also direct ships to customers of online marketplaces and e-commerce stores.
Individual Risk: 2.772= Moderate
The exposed data for customers includes names, addresses, order numbers and details, email and contact information and plaintext passwords to customer accounts. This data could be used for spear phishing attempts.
How it Could Affect Your Business: There are enough ways to suffer a cybersecurity incident without causing them through negligence, even though employee error is still the number one cause of a data breach. Making sure to cover the bases with basics goes a long way toward improving security.
United Kingdom – One Call
https://www.doncasterfreepress.co.uk/news/one-call-cyber-attack-all-you-need-to-know-about-hackers-darkside-and-insurance-boss-john-radford-3244076Exploit: Ransomware
One Call: Insurer
Risk to Business: 1.606 = Severe
Insurer OneCall admitted last week that a ransomware attack disrupted its core IT system and forced it to shut down its servers. The attack was perpetrated by the notorious DarkSide gang, which purportedly went dark after the Colonial Pipeline fiasco. the hackers are demanding a ransom of more than $20k. The company has released no clear information on what data was stolen or how long the investigation and recovery will take, although news outlets are reporting customer and financial data as potentially stolen by the gang.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware is the preferred weapon of cybercriminals, especially those in major gangs. Increased security awareness training is a must for every client because it makes organizations up to 70% less likely to experience damaging cybersecurity incidents like this one.
United Kingdom – FastTrack Reflex Recruitment
https://www.hackread.com/uk-recruitment-firm-exposed-applicants-data/Exploit: Misconfiguration
FastTrack Reflex Recruitment: Staffing Firm
Risk to Business: 1.882 = Severe
FastTrack Reflex Recruitment is the latest company to join the ranks of businesses that have had data leaks due to misconfigured AWS S3 buckets. The leaky bucket contained CVs for applicants and also included PII. Experts counted 21,000 client files (including duplicates), equating to 5GB of data,
Individual Risk: 1.780 = Severe
In the bucket, applicant CVs were exposed including attached identity documents like passports, work permits, identity card numbers and similar documents. In many cases, names, addresses, social media profile URLs, contact information DOBs and photos were also exposed
How it Could Affect Your Business: Simple failures in setup like this are a symptom of low standards and a sloppy cybersecurity culture. They’re also a quick way into disaster as this will not only cost money to fix, it will also incur penalties under GDPR and similar legislation.
Ireland – Ardagh Group
https://portswigger.net/daily-swig/packaging-vendor-ardagh-admits-cyber-attack-disrupted-operationsExploit: Ransomware
Ardagh Group: Packaging Manufacturer
Risk to Business: 1.699 = Severe
Glass and metal packaging giant Ardagh Group was snarled in a suspected ransomware attack. The company said that metal and glass packaging facilities remained operational, but the attack has caused shipping delays and interruptions. Investigation and remediation are underway, and the company expects to have everything back online by the end of the month.
Customers Impacted: Unknown
How it Could Affect Your Business: Make sure your clients are taking every possible precaution against ransomware because 61% of organizations worldwide experienced a damaging ransomware incident in 2020.
New Zealand – Waikato District Health Board
https://www.theregister.com/2021/05/19/new_zealand_hospitals_taken_down/Exploit: Ransomware
Waikato District Health Board: Regional Healthcare Agency
Risk to Business: 1.115 = Extreme
Waikato District Health Board (DHB) had most of its IT services go offline Tuesday morning as the result of a suspect Conti ransomware attack, severely impacting services at six of its affiliate hospitals. Only email service has escaped the shutdown. With patient notes inaccessible, clinical services were disrupted and surgeries postponed. Phone lines went down and hospitals were forced to accept urgent patients only, using pencil and paper records. Service disruptions are expected to continue for several days.
Customers Impacted: Unknown
How it Could Affect Your Business: Attacks on healthcare targets have been at the top of the cybercriminals playbook since the beginning of the global pandemic, and they represent a threat to public health, not to mention overstressing already burned-out hospital staffers.
India – Air India
https://www.bleepingcomputer.com/news/security/air-india-data-breach-impacts-45-million-customers/Exploit: Third Party Data Breach
Risk to Business: 2.001 = Severe
Air India disclosed a data breach impacting 4.5 million of its customers following the hack of airline passenger service system provider SITA in February 2021. Dozens of airlines around the world had data exposed in that ransomware incident and the fallout is still shaking out. The airline confirmed that the breach involved personal data and credit card information registered between August 2011 and February 2021 by Air India or its subsidiaries.
Risk to Business: 2.113 = Severe
The exposed data is reported to include passenger details like name, date of birth, contact information, passport information, ticket information, Star Alliance, and Air India frequent flyer data as well as credit card numbers.
How it Could Affect Your Business: Third-party and supply chain data breaches like this one are becoming all too common as clever cybercriminals go for data-rich targets – and the problem will only get worse thanks to booming dark web data markets.
India – Domino’s Pizza India
https://ciso.economictimes.indiatimes.com/news/user-info-linked-to-18cr-dominos-orders-leaked/82899181Exploit: Hacking
Domino’s Pizza India: Restaurant Chain
Risk to Business: 1.774 = Severe
Customer and employee information has been exposed in a hacking incident at Domino’s Pizza India. Security researchers discovered 13TB of employee files and customer details exposed on the dark web. The data leak may be connected to another breach of the pizza chain earlier in April. Jubilant FoodWorks, operator of the chain, said that customers’ financial information remains safe.
Risk to Business: 1.671 = Severe
It is unclear what if any payment data was snatched, but personal information for customers including order dates, addresses, names, order invoices and similar data is available. The hackers claim to also have employee data, but that is unconfirmed.
How it Could Affect Your Business: Personal data is the most desirable information for cybercriminals right now, and every company needs to take precautions to keep them out of databases.
Japan – Mercari
https://www.bleepingcomputer.com/news/security/e-commerce-giant-suffers-major-data-breach-in-codecov-incident/Exploit: Supply Chain Data Breach
Mercari: E-commerce Platform
Risk to Business: 1.922 = Severe
In another big supply chain hit this week, Japanese marketplace Mercari has been compromised as a result of the recent Codecov breach. earlier this year, code coverage tool Codecov disclosed that it had been a victim of a supply-chain attack that lasted for two months and allowed cybercriminals to meddle with its popular Bash Uploader, opening hundreds of companies up to risk. Mercari announced that tens of thousands of customer records, including financial information, were exposed to external actors due to the Codecov breach.
Individual Risk: 1.942 = Severe
In the final tally, 17,085 records related to the transfer of sales proceeds to customer accounts were exposed including bank code, branch code, account number, account holder (kana) and transfer amount; 7,966 records on business partners of “Mercari” and “Merpay,” including names, date of birth, affiliation, e-mail address, and other data were exposed. 2,615 records on employees were also impacted including those working for a Mercari subsidiary. The data is comprised of names of some employees as of April 2021, company email address, employee ID, telephone number, date of birth and other PII plus details of past employees, some contractors and employees of external companies who interacted with Mercari.
How it Could Affect Your Business: Third-party data breaches like this one are the future of business. Reliance on outsourced service providers gives cybercriminals an easy way to scoop up data or snatch access credentials for multiple targets in one fell swoop.
United States – Three Affiliated Tribes
https://nativenewsonline.net/currents/three-affiliated-tribes-hit-by-ransomware-attack-holding-tribal-information-hostagExploit: Ransomware
Three Affiliated Tribes: Tribal Government Organization
Risk to Business: 1.607= Severe
The Three Affiliated Tribes (the Mandan, Hidatsa & Arikara Nations) announced to its staff and employees that its server was infected with ransomware. Since the server was hacked, the tribe has been unable to access files, email and critical information. Employees were also asked to refrain from using their work computers, Investigation and recovery is ongoing
Customers Impacted: Unknown
How It Could Affect Your Business: Protection from ransomware needs to be a top priority for every organization. These days a new attack is launched every 40 seconds putting every business in the line of fire.
United States – US Veterans Administration (VA)
https://threatpost.com/veterans-medical-records-ransomware/166025/Exploit: Ransomware
Veterans Administration: Federal Agency
Risk to Business: 1.722= Severe
The VA has found itself in the cybersecurity hot seat again after a data breach at a records contractor exposed more than 200,000 records for veterans. The contractor, United Valor Solutions, appears to have been the victim of a ransomware attack. Researchers found a trove of their data online, including this sensitive VA data. The VA has announced that its Veterans Benefits Administration (VBA) Privacy Office is currently working with Medical Disability Examination Officer (MDEO) and contractors to further handle the incident, with the VA Data Breach Response Service investigating independently.
Individual Risk: 1.722= Severe
The exposed records contain included patient names, birth dates, medical information, contact information and even doctor information and appointment times, unencrypted passwords and billing details for veterans and their families, all of which could be used in socially engineered spear phishing or fraud scams.
How it Could Affect Your Business: Ransomware is the gift that keeps on giving for medical sector targets. Not only are those victims facing expensive investigation and recovery costs, but they can also expect a substantial HIPAA fine and possibly more regulatory scrutiny.
Ireland – Health Service Executive (HSE)
https://www.bbc.com/news/world-europe-57134916Exploit: Ransomware
Health Service Executive (HSE): National Healthcare Provider
Risk to Business: 1.668 = Severe
Ransomware rocked Ireland after the Conti gang perpetrated attacks on both the Department of Health and Ireland’s national healthcare provider Health Service Executive (HSE). HSE was forced to take action including shutting down the majority of its systems including all national and local systems involved in all core services and all major hospitals. The ransom demand is reported to be $20 million.
The National Cyber Security Centre (NCSC) has said the HSE became aware of a significant ransomware attack on some of its systems in the early hours of Friday morning and the NCSC was informed of the issue and immediately activated its crisis response plan. On Monday, May 18, officials announced that diagnostic services were still impacted as well as other patient care necessities. Officials alos said that it may take the Irish health service weeks to repair systems and restore all services, at a price that will reach into the tens of millions of euros.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware is the preferred weapon of cybercriminals at every activity level. Increased security awareness training makes organizations up to 70% less likely to experience damaging cybersecurity incidents like this one.
France – Acer Finance
https://securityaffairs.co/wordpress/117991/cyber-crime/avaddon-ransomware-acer-finance-axa.htmlExploit: Ransomware
Acer Finance: Financial Advisors
Risk to Business: 2.307 = Severe
Avaddon ransomware came calling at Acer Finance. The Company offers risk management, mutual funds, analysis, financial planning, and advisory services. Acer Finance serves individuals, entrepreneurs, and institutional investors in France. The ransomware gang claims to have stolen confidential company information about clients and employees, and they’re giving Acer Finance 240 hours to communicate and cooperate with them before start leaking the stolen valuable company documents. As proof of the hack, the group published several ID cards, personal documents, contracts, and a screenshot of the folders containing stolen data.
Customers Impacted: Unknown
How it Could Affect Your Business: No organization is safe from phishing. Every company should make stepping up phishing resistance training a priority.
Japan – Toshiba
https://www.cyberscoop.com/darkside-ransomware-toshiba-hack/Exploit: Ransomware
Toshiba: Electronics Manufacturer
Risk to Business: 1.817 = Severe
European units of Japanese tech giant Toshiba are investigating a security incident in which scammers may have used a similar hacking tool to the malware used against IT systems at Colonial Pipeline. The company announced that it had been forced to disconnect network connections between Japan and Europe to stop the spread of ransomware. The attack is believed to have been perpetrated by the DarkSide ransomware gang. Toshiba Tec Group, a unit of the multinational conglomerate which makes printers and other technologies, said the firm had not yet confirmed that customer related information was leaked externally. The incident is under investigation and the company says that it has not paid any ransom.
How it Could Affect Your Business: By disrupting internal operations, ransomware can cause tremendous problems for multinational companies even if no data is stolen or systems encrypted.