InTegriLogic Blog
InTegriLogic has been serving the Tucson area since 1999, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.
The Week in Breach News: 03/02/22 – 03/08/22
Washington State Department of Licensing
Exploit: Hacking
Washington State Department of Licensing: Government Agency
Risk to Business: 2.337= Severe
Washington State Department of Licensing (DOL) experienced a data breach that has impacted approximately 650,000 former and current licensees. After discovering unexpected activity, the agency’s website was taken offline in January. At the time, no data loss was expected but that has since changed.
Individual Risk: 2.416= Severe
The exposed data includes former and current licensing information as well as licensees’ social security numbers, driver’s license or ID numbers and dates of birth.
How It Could Affect Your Business: This trove of data combines business and personal information, making it especially useful and potentially profitable for the bad guys
AON
https://www.bleepingcomputer.com/news/security/insurance-giant-aon-hit-by-a-cyberattack-over-the-weekend/
Exploit: Ransomware
AON: Insurer
Risk to Business: 2.176=Moderate
Insurance giant AON disclosed that it had suffered a cyberattack last week in a filing with the U.S. Securities and Exchange Commission (SEC). The company said that it had discovered an incident that impacted some systems. AON does not suspect that there will be a material impact on clients or operations. The incident is suspected to involve ransomware. It is under investigation and the company has brought in outside experts.
How It Could Affect Your Business: Companies like this that hold or store large amounts of valuable data are high on cybercriminal shopping lists.
Monongalia Health System
https://www.securityweek.com/healthcare-company-mon-health-discloses-second-data-breach
Exploit: Hacking
Monongalia Health System: Healthcare Provider
Risk to Business: 1.367 = Extreme
West Virginia healthcare organization Monongalia Health System (Mon Health) has announced another data breach. The company operators of Monongalia County General Hospital, Preston Memorial Hospital, Stonewall Jackson Memorial Hospital and other healthcare centers, is informing patients and staffers that they had data stolen in December 2021. This is the second breach announcement in 3 months for Mon Health. Attackers did not gain access to the organization’s health electronic records systems.
Individual Risk: 1.377 = Extreme
Exposed data may include patient, employee, provider and contractor data including names, addresses, birth dates, Social Security numbers, health insurance claim numbers, medical record numbers, patient account numbers, medical treatment information, and various other data.
How It Could Affect Your Business: Every medical sector organization needs to take extra precautions against data-hungry cybercriminals to avoid a major HIPAA fine. Or two in this case.
Adafruit
Exploit: Insider Risk
Adafruit: Open-Source Hardware
Risk to Business: 2.847 = Moderate
An employee’s publicly accessible GitHub repository is to blame for a data security breach at New York hardware developer Adafruit, resulting in exposure of information about some users on or before 2019. The company was quick to provide assurances that the data set did not contain any user passwords or financial information such as credit cards, but not so quick to send emails to impacted users, waiting until after publishing a notification on its blog that was picked up by media outlets.
Individual Risk: 2.802 = Moderate
Exposed data for users may include names, email addresses, shipping/billing addresses, order details and order placement status via payment processor or PayPal.
How it Could Affect Your Business: Whether they’re malicious or not, insider actions can have a major effect on companies even if the insider no longer works there.
Viasat
https://www.zdnet.com/article/viasat-confirms-cyberattack-causing-outages-across-europe/
Exploit: Nation-State Cyberattack
Viasat: Internet Service Provider
Risk to Business: 1.661=Severe
An estimated 10 thousand people found themselves without internet access after a cyberattack took down service to fixed broadband customers in Ukraine and elsewhere on its European KA-SAT network. The attack, starting about the same time as the Russian invasion of Ukraine, is suspected to be the work of Russia-aligned nation-state threat actors. No data was accessed or stolen in the incident, which is still under investigation.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How it Could Affect Your Business: Nation-state cybercriminals are highly likely to strategically attack Utilities and Infrastructure targets during times of trouble.
PressReader
https://www.infosecurity-magazine.com/news/pressreader-suffers-cyber-attack/
Exploit: Nation-State CyberattackPressReader: Media App
Risk to Business: 1.719 = Severe
A cyberattack impacting PressReader, the world’s largest digital newspaper and magazine distribution platform, left readers in the US, UK, Australia and Canada unable to access more than 7000 publications. Some of the unavailable publications include The Guardian, Vogue, Forbes and the New York Times. PressReader said it has resolved the issue and is working to make missed content available to users after experiencing an unspecified cybersecurity event. This may be a nation-state attack; the incident happened shortly after PressReader announced that it was removing dozens of Russian titles from its catalog and publicly stated that it would help the Ukrainian citizens access the news following Russia’s invasion of their country.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How it Could Affect Your Business: Unsurprisingly, Russia-aligned threat actors are trying to control the flow of information about the invasion of Ukraine, leaving news outlets especially vulnerable right now.
Japan – Acro
Exploit: Third-Party Risk
Acro: Beauty Retailer
Risk to Business: 1.826 = Severe
Japanese e-commerce beauty company Acro has disclosed a data breach that has exposed the details of more than 100,000 payment cards. The incident included two of the company’s four retail websites. Acro is pointing to a security incident at a third-party service provider as the cause. The company specified that the compromised data related to 89,295 payment cards used to pay for goods on the Three Cosmetics domain and 103,935 cards used on its Amplitude site. Victims potentially include anyone who made purchases on either of the two sites between May 21, 2020, and August 18, 2021.
Individual Risk: 1.713 = Severe
The stolen data potentially contains credit card information including cardholder names, payment card numbers, expiration dates and security codes.
How it Could Affect Your Business: Cybercriminals love credit card data because it’s a reliable commodity in dark web markets for quick profits.
Korea – Samsung
Exploit: Ransomware
Samsung: Electronics Maker
Risk to Business: 1.664 = Severe
The Lapsus$ hacking group just published a 190-gigabyte trove of confidential data including source code that it claims to have seized from Samsung Electronics in a ransomware attack. Reports say that the stolen code contains the source for every Trusted Applet in Samsung’s TrustZone environment, which handles sensitive tasks such as hardware cryptography and access control. It may also include biometric unlock operation algorithms, the bootloader source for recent devices, activation server source code and the full source code used to authenticate and authorize Samsung accounts. Samsung says that they’re investigating the incident.
No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How it Could Affect Your Business: Proprietary data is just as much of a win for cybercriminals as credit card or personal data, and worth a chunk of change for the right buyer.
About the author
