InTegriLogic Blog
InTegriLogic has been serving the Tucson area since 1999, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.
Arthur J. Gallagher
Exploit: RansomwareArthur J. Gallagher (AJG): Insurance Broker
Risk to Business: 1.673= Severe
Arthur J. Gallagher (AJG), a US-based global insurance brokerage and risk management firm, is mailing breach notification letters to customers impacted in a previously unannounced ransomware attack that hit its systems in late September 2020. The company said that an unknown party accessed data contained within their network between June 3, 2020, and September 26, 2020. The company has apparently just completed its investigation.
Individual Risk: 1.522= Severe
While the company did not specify the types of data exposed, their SEC filing did and PII starred heavily on the list. Data exposed may include a client’s Social Security number or tax identification number, driver’s license, passport or other government identification number, date of birth, username and password, employee identification number, financial account or credit card information, electronic signature, medical treatment, claim, diagnosis, medication or other medical information, health insurance information, medical record or account number and biometric information.
How It Could Affect Your Business: Proprietary data like this is cybercriminal gold. It’s both useful for committing future cybercrime and quickly saleable in the busy dark web data markets.
Washington State Department of Labor and Industries
https://www.thenewstribune.com/news/state/washington/article252532918.html
Exploit: Third-Party Data BreachWashington State Department of Labor and Industries: Government Agency
Risk to Business: 1.816 = Severe
Washington State informed over 16,000 workers that their PII may have been exposed in a ransomware attack on Renton market research company Pacific Market Research (PMR). The contractor was hit with a ransomware attack in May 2021.
Risk to Business: 1.516 = Severe
The exposed information for workers includes claim numbers and dates of birth for 16,466 workers who had workers’ compensation claims in 2019, which PMR had used to conduct a customer service survey for the agency.
How it Could Affect Your Business: An unsecured database is easy pickings for cybercriminals and a rookie mistake that could cost the survey company a client.
Practicefirst
https://healthitsecurity.com/news/healthcare-ransomware-attack-targets-practice-management-vendor
Exploit: RansomwarePracticefirst: Healthcare Technology Services
Risk to Business: 2.223=Severe
Practicefirst announced that a 2020 healthcare ransomware attack may have exposed personally identifiable information (PII) of patients and employees. The service provider specializes in medical billing, coding, credentialing, bookkeeping, and practice management solutions. When they detected suspicious activity on December 30th, 2020, they shut down all systems, changed passwords and notified authorities but not before the bad guys scooped up data.
Risk to Business: 2.201=Severe
Practicefirst disclosed that patient and employee information has been impacted including birthdates, names, addresses, driver’s license numbers, Social Security numbers, email addresses and tax identification numbers employee usernames and passwords, bank account information. Other data that may have been stolen is primarily treatment-focused like diagnoses, lab and treatment information, medication information and health insurance identification.
How it Could Affect Your Business: Clients and employees won’t be happy about having this kind of personal information stolen – and neither will the Department of Health and Human Services.
UofL Health
https://www.infosecurity-magazine.com/news/kentucky-healthcare-system-exposes/Exploit: Insider Threat (Employee Error)
UofL Health: Healthcare System
Risk to Business: 1.575 = Severe
Kentucky-based UofL Health has notified more than 40,000 patients of an employee blunder that resulted in their personal health information being emailed to the wrong address. In this case, a UofL employee accidentally sent personal health information from UofL patients to an email address outside of the health system’s network. According to UofL, the accidental recipient of the data did not view or access any patient information.
Risk to Business: 1.502 = Severe
Patients whose data was impacted by the incident have been offered free identity protection services. No specifics about what exact data was accessed have been released beyond personal health information.
How it Could Affect Your Business: Employee errors that impact compliance in a heavily regulated industry pack a punch after regulators get to work.
United Kingdom – Salvation Army
https://www.theregister.com/2021/06/30/salvation_army_ransomware_attack/Exploit: Hacking
Salvation Army – Non-Profit
Risk to Business: 2.424= Severe
The United Kingdom arm of the evangelical Christian nonprofit Salvation Army disclosed that it had been the victim of an unspecified cyberattack. The industry press are reporting that the attack was purportedly ransomware but no confirmation is available at this time. The fundamentalist charity says that no programs were impacted and has not released information about the type of data that was stolen.
Customers Impacted: Unknown
How it Could Affect Your Business: organizations that hold financial information for donors should put extra care into securing it to keep those people donating.
Spain – MasMovil
https://www.hackread.com/revil-ransomware-gang-hits-masmovil-telecom/Exploit: Ransomware
MasMovil: Telecommunications
Risk to Business: 1.801 = Severe
Cybercrime gang REvil struck Spain’s fourth-largest telecom over the 4th of July weekend. The group claims to have “downloaded databases and other important data” belonging to the telecom giant, sharing screenshots apparently of the stolen MasMovil data that shows folders named Backup, RESELLERS, PARLEM and OCU.
Customers Impacted: Unknown
How it Could Affect Your Business: If client data was impacted, GDPR carries stiff penalties for customer data loss and those continue to climb.
Arthur J. Gallagher
Exploit: RansomwareArthur J. Gallagher (AJG): Insurance Broker
Risk to Business: 1.673= Severe
Arthur J. Gallagher (AJG), a US-based global insurance brokerage and risk management firm, is mailing breach notification letters to customers impacted in a previously unannounced ransomware attack that hit its systems in late September 2020. The company said that an unknown party accessed data contained within their network between June 3, 2020, and September 26, 2020. The company has apparently just completed its investigation.
Individual Risk: 1.522= Severe
While the company did not specify the types of data exposed, their SEC filing did and PII starred heavily on the list. Data exposed may include a client’s Social Security number or tax identification number, driver’s license, passport or other government identification number, date of birth, username and password, employee identification number, financial account or credit card information, electronic signature, medical treatment, claim, diagnosis, medication or other medical information, health insurance information, medical record or account number and biometric information.
How It Could Affect Your Business: Proprietary data like this is cybercriminal gold. It’s both useful for committing future cybercrime and quickly saleable in the busy dark web data markets.
Washington State Department of Labor and Industries
https://www.thenewstribune.com/news/state/washington/article252532918.html
Exploit: Third-Party Data BreachWashington State Department of Labor and Industries: Government Agency
Risk to Business: 1.816 = Severe
Washington State informed over 16,000 workers that their PII may have been exposed in a ransomware attack on Renton market research company Pacific Market Research (PMR). The contractor was hit with a ransomware attack in May 2021.
Risk to Business: 1.516 = Severe
The exposed information for workers includes claim numbers and dates of birth for 16,466 workers who had workers’ compensation claims in 2019, which PMR had used to conduct a customer service survey for the agency.
How it Could Affect Your Business: An unsecured database is easy pickings for cybercriminals and a rookie mistake that could cost the survey company a client.
Practicefirst
https://healthitsecurity.com/news/healthcare-ransomware-attack-targets-practice-management-vendor
Exploit: RansomwarePracticefirst: Healthcare Technology Services
Risk to Business: 2.223=Severe
Practicefirst announced that a 2020 healthcare ransomware attack may have exposed personally identifiable information (PII) of patients and employees. The service provider specializes in medical billing, coding, credentialing, bookkeeping, and practice management solutions. When they detected suspicious activity on December 30th, 2020, they shut down all systems, changed passwords and notified authorities but not before the bad guys scooped up data.
Risk to Business: 2.201=Severe
Practicefirst disclosed that patient and employee information has been impacted including birthdates, names, addresses, driver’s license numbers, Social Security numbers, email addresses and tax identification numbers employee usernames and passwords, bank account information. Other data that may have been stolen is primarily treatment-focused like diagnoses, lab and treatment information, medication information and health insurance identification.
How it Could Affect Your Business: Clients and employees won’t be happy about having this kind of personal information stolen – and neither will the Department of Health and Human Services.
UofL Health
https://www.infosecurity-magazine.com/news/kentucky-healthcare-system-exposes/Exploit: Insider Threat (Employee Error)
UofL Health: Healthcare System
Risk to Business: 1.575 = Severe
Kentucky-based UofL Health has notified more than 40,000 patients of an employee blunder that resulted in their personal health information being emailed to the wrong address. In this case, a UofL employee accidentally sent personal health information from UofL patients to an email address outside of the health system’s network. According to UofL, the accidental recipient of the data did not view or access any patient information.
Risk to Business: 1.502 = Severe
Patients whose data was impacted by the incident have been offered free identity protection services. No specifics about what exact data was accessed have been released beyond personal health information.
How it Could Affect Your Business: Employee errors that impact compliance in a heavily regulated industry pack a punch after regulators get to work.
United Kingdom – Salvation Army
https://www.theregister.com/2021/06/30/salvation_army_ransomware_attack/Exploit: Hacking
Salvation Army – Non-Profit
Risk to Business: 2.424= Severe
The United Kingdom arm of the evangelical Christian nonprofit Salvation Army disclosed that it had been the victim of an unspecified cyberattack. The industry press are reporting that the attack was purportedly ransomware but no confirmation is available at this time. The fundamentalist charity says that no programs were impacted and has not released information about the type of data that was stolen.
Customers Impacted: Unknown
How it Could Affect Your Business: organizations that hold financial information for donors should put extra care into securing it to keep those people donating.
Spain – MasMovil
https://www.hackread.com/revil-ransomware-gang-hits-masmovil-telecom/Exploit: Ransomware
MasMovil: Telecommunications
Risk to Business: 1.801 = Severe
Cybercrime gang REvil struck Spain’s fourth-largest telecom over the 4th of July weekend. The group claims to have “downloaded databases and other important data” belonging to the telecom giant, sharing screenshots apparently of the stolen MasMovil data that shows folders named Backup, RESELLERS, PARLEM and OCU.
Customers Impacted: Unknown
How it Could Affect Your Business: If client data was impacted, GDPR carries stiff penalties for customer data loss and those continue to climb.
Mercedes Benz USA
https://www.bleepingcomputer.com/news/security/mercedes-benz-data-breach-exposes-ssns-credit-card-numbers/Exploit: Third Party Risk
Mercedes Benz USA: Carmaker
Risk to Business: 1.611= Severe
Mercedes-Benz USA has disclosed a data breach impacting some of its US customers. The data breach exposed PII of under 1,000 Mercedes-Benz customers and potential buyers. This breach was announced after a Mercedes-Benz vendor informed the company that the personal information of select customers was exposed due to an insufficiently secured cloud storage instance.
Individual Risk: 1.802= Severe
According to the company, the breach affects some customers and potential vehicle buyers who had entered sensitive information on Mercedez-Benz company and dealer websites between 2014 and 2017. The vendor who notified Mercedez-Benz of the data breach states that the exposed information included: self-reported customer credit scores, driver license numbers, Social Security numbers (SSNs), credit card numbers and dates of birth.
Customers Impacted: 1,000
How It Could Affect Your Business: Proprietary data like this is cybercriminal gold. It’s both useful for committing future cybercrime and quickly saleable in the busy dark web data markets.
Washington Suburban Sanitary Commission (WSSC)
https://baltimore.cbslocal.com/2021/06/27/wssc-water-investigating-ransomware-attack/
Exploit: RansomwareWashington Suburban Sanitary Commission (WSSC): Utility
Risk to Business: 2.116 = Severe
Washington Suburban Sanitary Commission (WSSC) has disclosed a ransomware attack that impacted some of its systems. The utility noted that the incident impacted a portion of their network that operates non-essential business systems. The company has admitted that cybercriminals were able to gain access to internal files but no more information has been provided. The incident is still under investigation. WSSC is the utility that provides water and sewer services to the Washington, DC metropolitan area.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware attacks against strategic targets like utilities and infrastructure targets as ransomware gangs try to score a big payday fast from targets that can’t afford downtime.
DreamHost
https://www.infosecurity-magazine.com/news/cloud-database-exposes-800m/Exploit: Unsecured Database
DreamHost: WordPress Hosting Service
Risk to Business: 1.823=Severe
A misconfigured cloud database exposed over 800 million records linked to WordPress users through hosting provider DreamHost. The 814 million records came from the firm’s managed WordPress hosting business DreamPress and appeared to date back to 2018. In this 86GB database, researchers noted admin and user information, including WordPress login location URLs, first and last names, email addresses, usernames, roles, host IP addresses, timestamps and configuration and security information, some linked to users with .gov and .edu email addresses. The database was purportedly secured within hours but the damage had already been done.
Customers Impacted: Unknown
How it Could Affect Your Business: There’s no excuse for making basic security blunders, and clients may be less likely to want to work with those who do. A strong security culture prevents these blunders from happening.
Altus Group
Exploit: RansomwareAltus Group: Real Estate Software
Risk to Business: 1.775 = Severe
Altus Group, a commercial real estate software solutions company, has announced that its data was breached. The company initially said that no data was stolen, a new ransomware group begs to differ. New cybercrime gang Hive has published samples of data allegedly stolen from Altus Group on its new dark website. The provided sample of exfiltrated files includes business data and documents, as well as Argus certificates and development files. No ransom amount has been confirmed and the incident is under investigation.
Customers Impacted: Unknown
How it Could Affect Your Business: In this economy, ransomware groups are only going to keep cropping up and that means your clients are facing new danger every day.
United Kingdom – French Connection UK (FCUK)
https://www.techtimes.com/articles/262039/20210626/revil-ransomware-gang-strikes-again-attacking-fcuk-fashion-label.htmExploit: Ransomware
French Connection UK (FCUK): Clothing Brand
Risk to Business: 2.351= Severe
United Kingdom-based clothing company French Connection UK has been hit by a major cybercrime gang: REvil. The ransomware gang was able to get away with a plethora of internal company data after taking control of the company’s back-end servers. The type of data has not been specified, but both business and employee data is at risk.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware is everywhere these days and every business is at risk. Companies in every industry of every size are in cybercriminals’ sights as they hunt for big paydays.
Sweden – InfoSolutions
https://cybernews.com/news/swedish-covid-19-lab-with-millions-of-test-results-breached/Exploit: Hacking
InfoSolutions: Medical IT Solutions
Risk to Business: 1.661 = Severe
InfoSolutions, a company that provides IT services to Swedish Public Health Agency including maintaining journals and COVID-19 databases in Sweden, published a statement claiming that it detected an intrusion to a database employed by 15 of 21 Sweden’s regions. The company says that there is no indication that any information has been passed on and that the databases were locked quickly. The internal investigation is ongoing.
Customers Impacted: Unknown
How it Could Affect Your Business: Medical data is catnip for hackers because it’s worth its weight in gold in dark web data markets, and healthcare targets worldwide have been under siege throughout the pandemic.
Brazil – Grupo Fleury
https://www.bleepingcomputer.com/news/security/healthcare-giant-grupo-fleury-hit-by-revil-ransomware-attack/Exploit: Ransomware
Grupo Fleury: Medical Diagnostics Laboratory
Risk to Business: 1.702 = Severe
REvil had a busy week. They also struck medical services company Grupo Fleury, Brazil’s largest laboratory operator. The REvil gang is demanding $5 million to receive a decryptor and not leak allegedly stolen files, and it has published a sample according to its usual protocol. Grupo Fleury’s data could potentially contain enormous amounts of personal and medical data of patients, but no specifics of what was stolen have been made available.
Customers Impacted: Unknown
How it Could Affect Your Business: Phishing and ransomware are today’s cybercriminal’s favorite tools to get the job done, and no matter how big or small, no organization is safe.
Mercedes Benz USA
https://www.bleepingcomputer.com/news/security/mercedes-benz-data-breach-exposes-ssns-credit-card-numbers/Exploit: Third Party Risk
Mercedes Benz USA: Carmaker
Risk to Business: 1.611= Severe
Mercedes-Benz USA has disclosed a data breach impacting some of its US customers. The data breach exposed PII of under 1,000 Mercedes-Benz customers and potential buyers. This breach was announced after a Mercedes-Benz vendor informed the company that the personal information of select customers was exposed due to an insufficiently secured cloud storage instance.
Individual Risk: 1.802= Severe
According to the company, the breach affects some customers and potential vehicle buyers who had entered sensitive information on Mercedez-Benz company and dealer websites between 2014 and 2017. The vendor who notified Mercedez-Benz of the data breach states that the exposed information included: self-reported customer credit scores, driver license numbers, Social Security numbers (SSNs), credit card numbers and dates of birth.
Customers Impacted: 1,000
How It Could Affect Your Business: Proprietary data like this is cybercriminal gold. It’s both useful for committing future cybercrime and quickly saleable in the busy dark web data markets.
Washington Suburban Sanitary Commission (WSSC)
https://baltimore.cbslocal.com/2021/06/27/wssc-water-investigating-ransomware-attack/
Exploit: RansomwareWashington Suburban Sanitary Commission (WSSC): Utility
Risk to Business: 2.116 = Severe
Washington Suburban Sanitary Commission (WSSC) has disclosed a ransomware attack that impacted some of its systems. The utility noted that the incident impacted a portion of their network that operates non-essential business systems. The company has admitted that cybercriminals were able to gain access to internal files but no more information has been provided. The incident is still under investigation. WSSC is the utility that provides water and sewer services to the Washington, DC metropolitan area.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware attacks against strategic targets like utilities and infrastructure targets as ransomware gangs try to score a big payday fast from targets that can’t afford downtime.
DreamHost
https://www.infosecurity-magazine.com/news/cloud-database-exposes-800m/Exploit: Unsecured Database
DreamHost: WordPress Hosting Service
Risk to Business: 1.823=Severe
A misconfigured cloud database exposed over 800 million records linked to WordPress users through hosting provider DreamHost. The 814 million records came from the firm’s managed WordPress hosting business DreamPress and appeared to date back to 2018. In this 86GB database, researchers noted admin and user information, including WordPress login location URLs, first and last names, email addresses, usernames, roles, host IP addresses, timestamps and configuration and security information, some linked to users with .gov and .edu email addresses. The database was purportedly secured within hours but the damage had already been done.
Customers Impacted: Unknown
How it Could Affect Your Business: There’s no excuse for making basic security blunders, and clients may be less likely to want to work with those who do. A strong security culture prevents these blunders from happening.
Altus Group
Exploit: RansomwareAltus Group: Real Estate Software
Risk to Business: 1.775 = Severe
Altus Group, a commercial real estate software solutions company, has announced that its data was breached. The company initially said that no data was stolen, a new ransomware group begs to differ. New cybercrime gang Hive has published samples of data allegedly stolen from Altus Group on its new dark website. The provided sample of exfiltrated files includes business data and documents, as well as Argus certificates and development files. No ransom amount has been confirmed and the incident is under investigation.
Customers Impacted: Unknown
How it Could Affect Your Business: In this economy, ransomware groups are only going to keep cropping up and that means your clients are facing new danger every day.
United Kingdom – French Connection UK (FCUK)
https://www.techtimes.com/articles/262039/20210626/revil-ransomware-gang-strikes-again-attacking-fcuk-fashion-label.htmExploit: Ransomware
French Connection UK (FCUK): Clothing Brand
Risk to Business: 2.351= Severe
United Kingdom-based clothing company French Connection UK has been hit by a major cybercrime gang: REvil. The ransomware gang was able to get away with a plethora of internal company data after taking control of the company’s back-end servers. The type of data has not been specified, but both business and employee data is at risk.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware is everywhere these days and every business is at risk. Companies in every industry of every size are in cybercriminals’ sights as they hunt for big paydays.
Sweden – InfoSolutions
https://cybernews.com/news/swedish-covid-19-lab-with-millions-of-test-results-breached/Exploit: Hacking
InfoSolutions: Medical IT Solutions
Risk to Business: 1.661 = Severe
InfoSolutions, a company that provides IT services to Swedish Public Health Agency including maintaining journals and COVID-19 databases in Sweden, published a statement claiming that it detected an intrusion to a database employed by 15 of 21 Sweden’s regions. The company says that there is no indication that any information has been passed on and that the databases were locked quickly. The internal investigation is ongoing.
Customers Impacted: Unknown
How it Could Affect Your Business: Medical data is catnip for hackers because it’s worth its weight in gold in dark web data markets, and healthcare targets worldwide have been under siege throughout the pandemic.
Brazil – Grupo Fleury
https://www.bleepingcomputer.com/news/security/healthcare-giant-grupo-fleury-hit-by-revil-ransomware-attack/Exploit: Ransomware
Grupo Fleury: Medical Diagnostics Laboratory
Risk to Business: 1.702 = Severe
REvil had a busy week. They also struck medical services company Grupo Fleury, Brazil’s largest laboratory operator. The REvil gang is demanding $5 million to receive a decryptor and not leak allegedly stolen files, and it has published a sample according to its usual protocol. Grupo Fleury’s data could potentially contain enormous amounts of personal and medical data of patients, but no specifics of what was stolen have been made available.
Customers Impacted: Unknown
How it Could Affect Your Business: Phishing and ransomware are today’s cybercriminal’s favorite tools to get the job done, and no matter how big or small, no organization is safe.
Cognyte
https://beta.darkreading.com/attacks-breaches/cyber-analytics-database-exposed-5-billion-records-onlineExploit: Unsecured Database
Cognyte: Data Analytics Firm
Risk to Business: 1.802= Severe
Data analytics company Cognyte warns folks about data exposure from third-party sources, and it had to send one out for itself this week. Researchers discovered an unsecured database operated by Cognyte that left some 5 billion records collected from a range of data incidents exposed online. The stored data is part of Cognyte’s cyber intelligence service, which is used to alert customers to third-party data exposures. The incident is under investigation.
Customers Impacted: Unknown
How It Could Affect Your Business: Proprietary like this is catnip for hackers. It’s both useful for committing future cybercrime and quickly saleable in the busy dark web data markets.
Invenergy LLC
https://www.infosecurity-magazine.com/news/revil-claims-responsibility-for/Exploit: Ransomware
Invenergy LLC: Energy Company
Risk to Business: 1.916 = Severe
REvil has claimed responsibility for a recent cyberattack on renewable energy company Invenergy. The gang claims to have compromised the company’s computer systems and exfiltrated four terabytes of data. Among the information allegedly taken by REvil are contracts and project data. In a bizarre twist, REvil also claims to have obtained “very personal and spicy” information regarding Invenergy’s chief executive officer, Michael Polsky.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware attacks against strategic targets are hot right now as ransomware gangs try to score a big payday fast from targets that can’t afford downtime.
CVS
https://www.zdnet.com/article/billions-of-records-belonging-to-cvs-health-exposed-online/#ftag=RSSbaffb68Exploit: Thitd-Party Threat (Misconfiguration)
CVS: Drug Store Chain
Risk to Business: 1.416= Extreme
CVS is in hot water after researchers discovered a trove of over one billion records online that were connected to the US healthcare and pharmaceutical giant. The unsecured databasewas extimated to be 204GB in size. According to reports, the databases contained an astonishing assortment of sensitive data like event and configuration data, visitor IDs, session IDs, device access information and details on how the logging system operated from the backend. Search records exposed also included queries for medications, COVID-19 vaccines and a variety of CVS products, referencing both CVS Health and CVS.com.
Customers Impacted: Unknown
How it Could Affect Your Business: Every company needs to make it a priority to be certain that their contractors and partners are handling and storing sensitive data correctly. Poor cyber hygiene at a service provider can become an expensive disaster fast.
Wegman’s
https://www.bleepingcomputer.com/news/security/us-supermarket-chain-wegmans-notifies-customers-of-data-breach/Exploit: Third-Party Threat (Misconfiguration)
Wegman’s: Grocery Store Chain
Risk to Business: 2.227= Severe
East Coast gourmet grocer Wegmans issued a release announcing that a service provider had failed to correctly configure two of its databases, exposing a large quantity of customer data. According to Wegmans, the databases that the contractor maintained contained customer identity and shopping habit information as well as an assortment of client PII. The company says the issue is resolved.
Risk to Business: 2.776 = Moderate
The release says that customer information exposed in the data breach included names, addresses, phone numbers, birth dates, Shoppers Club numbers, Wegmans.com account e-mail addresses and passwords. No Social Security, financial or medical information was stolen and only salted password hashes were stored in the databases maintained by the negligent contractor.
How it Could Affect Your Business: Clients expect a high level of information security from companies that they trust with their personal information and excuses about errors by contractors aren’t going to get businesses off the hook if there’s trouble.
Carnival Cruise Line
https://www.scmagazine.com/home/email-security/carnival-discloses-new-data-breach-on-email-accounts/
Exploit: HackingCarnival Cruise Lines: Cruise Ship Operator
Risk to Business: 1.651= Severe
Perennially cybersecurity challenged cruise line Carnival issued a breach disclosure on Thursday confirming hackers attacked email accounts and gained access to data about its customers and employees. The company said that the data snatched was collected during the travel booking process, through the course of employment or from providing services to the company, including COVID or other safety testing.
Risk to Business: 1.802= Severe
The poassenger data accessed included names, addresses, phone numbers, passport numbers, dates of birth, health information, and, in some limited instances, additional personal information like social security or national identification numbers. No clear information was provided about the employee information that was exposed.
How it Could Affect Your Business: This is the third major cybersecurity blunder for Carnival in just one year, and that is likely to create a great deal of mistrust with consumers just as the travel industry is getting back on it’s feet.
United Kingdom – Cake Box
https://www.bleepingcomputer.com/news/security/eggfree-cake-box-suffer-data-breach-exposing-credit-card-numbers/Exploit: Hacking
Cake Box: Bakery Chain
Risk to Business: 1.661 = Severe
UK celebration cake chain Cake Box isn’t celebrating this week. The company has disclosed a data breach after threat actors hacked their website and obtained credit card numbers. According to the release, the breach occurred way back in April 2020 and they’re just informing consumers. Payment skimming malware is to blame. Experts suspect that this breach is the result of a Magecart attack.
Individual Risk 2.802 = Severe
When customers made purchases on the site while it was infected malicious scripts sent the first name and surname, email address, postal address, and payment card information including the three-digit CVV code to a remote server controlled by the attackers. This is an ancient breach in terms of the time it took for consumers to be informed, and the damage has definitely already been done.
How it Could Affect Your Business: There is no excuse for waiting more than a year to inform customers that their data has been stolen, especially financial data like credit card numbers. This incident will shake consumer confidence in the brand.
South Korea – Korea Atomic Energy Research Institute (KAERI)
https://www.theregister.com/2021/06/21/south_koreas_nuclear_think_tank/Exploit: Nation-State Cybercrime
Korea Atomic Energy Research Institute (KAERI): Government Agency
Risk to Business: 1.633 = Severe
South Korean officials have admitted that the government nuclear think tank Korea Atomic Energy Research Institute (KAERI) was hacked by nation-state threat actors in May 2021 after the incident was brought to light by reporters. The Korean media is accusing the agency of perpetrating a cover-up. According to experts, the North Korean Kimusky cybercrime gang is to blame. This group often uses phishing to mimic websites like Gmail, Outlook, Telegram and more. The group then installs Android and Windows backdoor “AppleSeed” to collect information and frequently makes use of ransomware. The extent of the data theft is unknown.
Customers Impacted: Unknown
How it Could Affect Your Business: Nation-state threat actors frequently use phishing and ransomware to get the job done, and no matter how big or small, no organization is safe.