InTegriLogic Blog
InTegriLogic has been serving the Tucson area since 1999, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.
The Week in Breach News: 08/10/22 – 08/16/22
Cisco
https://www.theregister.com/2022/08/11/cisco_corporate_network_compromised/
Exploit: Hacking
Cisco: Networking Technology Company
Risk to Business: 2.211 = Severe
Cisco Systems confirmed experiencing a cyberattack in May 2022 that was caused by the compromise of an employee’s Google account, The company’s investigation determined that the attackers obtained details of an employee’s private Google account, which contained passwords synced with Cisco’s web browser. The attackers parlayed that into initial access to Cisco’s VPN. The employee’s credentials were synced through the Chrome browser, where the targeted employee had also stored their Cisco credentials. The Yanluowang ransomware gang has claimed responsibility by publishing files stolen in the incident on its dark web leak site.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How It Could Affect Your Business: Insecure or compromised employee credentials can do big damage in a very short span of time.
PlatformQ
Exploit: Misconfiguration
PlatformQ: Digital Engagement Solutions
Risk to Business: 1.687 = Severe
PlatformQ, a provider of digital engagement solutions for healthcare (PlatformQ Health) and education (PlatformQ Education) sector entities, experienced a data breach after an employee accidentally published a database backup stored in a misconfigured AWS S3 bucket. The data appears to be about marketing the drug Zarex to doctor’s offices and similar places, and PII for healthcare professionals was involved.
Individual Risk: 1.733 = Severe
The leak exposed sensitive information including the full names, personal email addresses, job titles work email addresses, home, work and private phone numbers and National Provider Identifier (NPI) numbers of an estimated 99,000 healthcare professionals
How It Could Affect Your Business: Employee mistakes and negligence are responsible for more data breaches than any other cause, but training helps fix that.
Behavioral Health Group
Exploit: Hacking
Behavioral Health Group: Addiction Treatment Center Operator
Risk to Business: 1.716 = Severe
Behavioral Health Group recently began notifying 197,507 patients that their data was stolen in a December 2021 cyberattack. The opioid treatment provider’s 80 clinics suffered a week of IT outages that disrupted patient care after a cyberattack forced the team to shut down portions of the network. That in turn caused delays for health services like refilling patient medications, a critical part of the recovery process for many addiction treatment patients.
Individual Risk: 1.802 = Severe
The stolen data varied by patient and could include patient names, Social Security numbers, driver’s licenses, passports, biometrics, health insurance information, diagnoses, treatments, prescriptions, dates of service, and medical record numbers. Only patients whose SSNs were compromised will receive free credit monitoring.
How It Could Affect Your Business: Medical entities of all sorts have been high on cybercriminal hit lists because they know that it’s a rich and time-sensitive industry.
Acorn Financial Services
https://www.jdsupra.com/legalnews/acorn-financial-services-reports-data-5996771/
Exploit: Phishing
Acorn Financial Services: Financial Planners
Risk to Business: 1.837 = Severe
In April 2022, Acorn Financial Services discovered unusual activity within an employee email account that ultimately led to uncovering a data breach. Acorn says that the incident was kicked off by an employee falling for a phishing email. The company acted to secure the employee’s email account and confirmed that an unauthorized actor has potentially gained access to sensitive customer data. The company has filed data breach notifications and is informing the impacted customers via mail.
Individual Risk: 1.646 = Severe
While the breached information varies depending on the individual, it may include the client’s name, address, date of birth, driver’s license number, financial account number, Social Security number and other account-related information.
How it Could Affect Your Business: The financial services sector was the most heavily under seige by ransomware last year, a pattern that continues in 2022.
Klaviyo
Exploit: Phishing
Klaviyo: Email Marketing Firm
Risk to Business: 2.284 = Severe
In an interesting twist on the usual data breach incident, email marketing firm Klaviyo suffered a concentrated and specific data breach on August 3, 2022. After gaining access to an employee’s account thanks to a successful phishing attack, bad actors then downloaded marketing lists used by cryptocurrency-related clients for outreach efforts and for Klaviyo product and marketing updates. The threat actor used the internal customer support tools to search for primarily crypto-related accounts and viewed list and segment information for 44 Klaviyo accounts, downloading data from at least 38 accounts.
Risk to Business: 2.284 = Severe
Stolen data includes customers’ names, addresses, email addresses, account profile information and phone numbers. The hackers also downloaded two internal lists used by Klaviyo for product and marketing updates that contain names, addresses, email addresses, and phone numbers.
How it Could Affect Your Business: Phishing is the most likely way for any organization to open the door to a data breach.
Bombardier Recreational Products (BRP) Inc.
Exploit: Ransomware
Bombardier Recreational Products (BRP) Inc.: Recreational Equipment Manufacturer
Risk to Business: 1.529 = Severe
BRP, Inc, manufacturer of the Ski-Doo and other all-terrain vehicles, watercraft and snowmobiles, has been hit with a suspected ransomware attack that shut down operations briefly at its plants. This attack may have resulted from exposure by a third-party service provider. After an initial complete closure of manufacturing operations, the company expects its manufacturing sites in Valcourt, Canada, Rovaniemi, Finland, Gunskirchen, Austria and Sturtevant in to resume operations imminently.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How it Could Affect Your Business: Service disruptions from cyberattacks can cost manufacturers and the companies that they supply a fortune.
Union des producteurs agricoles (UPA)
https://www.farms.com/ag-industry-news/hackers-target-quebec-ag-organization-301.aspx
Exploit: Ransomware
Union des producteurs agricoles (UPA): Agricultural Trade Organization
Risk to Business: 2.017 = Severe
Hackers launched a ransomware attack on the Union des producteurs agricoles (UPA) on Sunday, a regional agriculture organization. Bad actors deployed ransomware that paralyzed the network, leaving an estimated 160 UPA employees and 23 UPA client organizations, like the union of grain producers, unable to connect. An investigation is ongoing, and services are expected to be quickly restored.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How it Could Affect Your Business: Groups like this offer a great opportunity for cybercriminals to snatch profitable and useful data.
Denmark – 7 –11 Stores
https://www.securityweek.com/7-eleven-closes-stores-denmark-after-hacker-attack
Exploit: Hacking
7-11 Stores: Convenience Store Chain
Risk to Business: 1.211 = Extreme
The chain of 7-11 stores in Denmark was forced to shut down after a cyberattack disrupted stores’ payment and checkout systems throughout the country. The attack occurred on August 8th, and all stores remain closed while the company investigates the incident. No word on when they’ll reopen or the nature of the attack, although ransomware is suspected.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How it Could Affect Your Business: No company can afford to be shut down entirely for days or weeks because of a cyberattack, especially not in retail.
About the author
