The Week in Breach News: 01/17/24 – 01/23/24

Risk to Business: 2.302 = Moderate

Microsoft has disclosed that several of its corporate email accounts were breached by a Russian state-sponsored hacking group Midnight Blizzard. The company detected the attack on January 12, 2024. Microsoft’s internal investigation concluded that the attack was conducted by a group of Russian threat actors associated with Nobelium/APT29 (sometimes known as Midnight Blizzard or Cozy Bear). The software titan said that the threat actors breached their systems in November 2023 by conducting a password spray attack to access a legacy non-production test tenant account. Microsoft says the hackers accessed a “small percentage” of Microsoft’s corporate email accounts for over a month including accounts tied to the company’s leadership team and employees in the cybersecurity and legal departments. The company speculates that the threat actors were looking for information about their own gang.

Risk to Business: 1.691 = Severe

Kansas State University (K-State) has announced that it is dealing with a cybersecurity incident that has disrupted some of its network systems. The impacted systems include its VPN, K-State Today emails and video services on Canvas and Mediasite. Printing, shared drives and mailing list management services (Listservs) were also knocked out. Services are slowly being restored, sometimes in a limited capacity. The college says that it has engaged a third-party cybersecurity firm to aid in its investigation.

Risk to Business: 1.643 = Severe

Cooper Aerobics, comprised of Cooper Clinic, P.A., Cooper Medical Imaging, LLP and Cooper Aerobics Enterprises, Inc., has disclosed that it has experienced a data security incident. The company began notifying clients on January 5, 2024, that an unauthorized party gained access to its data. The compromised data includes names, addresses, phone numbers, email addresses, financial details (credit/debit card numbers, expiration dates, account/routing numbers), tax identification numbers, driver’s license or government identification details, passport numbers, usernames and passwords, Social Security numbers and other sensitive health-related data (medical records, patient account numbers, prescription information, medical providers, procedures, health insurance details). 

Risk to Business: 1.462 = Extreme

Canadian energy producer Clearview Resources Ltd. has disclosed that it suffered an account takeover attack in December 2023 that cost the company $1.5 million. In the incident, bad actors were able to compromise a corporate email account, enabling them to execute an account takeover (ATO) and redirect company funds to a third-party account. The company said that the attack did not have a material impact on its operations, and it is working with a third-party cybersecurity firm to investigate the incident as well as law enforcement in the hope of recovering the stolen funds.

Risk to Business: 1.702 = Severe

Tilbury District Family Health Team (TDFHT) has announced that patient data may have been compromised in a recent cyberattack on one of its service providers, Transform. The stolen data may include the patient’s first and last name, date of birth, address, and health card number, as well as medical status, patient medication summaries, immunization records and therapy status summaries. Officials reassured the public that no patient social insurance numbers or any credit card, financial or banking information was stolen. Other healthcare providers including Chatham-Kent Health Alliance, Erie Shores HealthCare, Bluewater Health, Windsor Regional Hospital and Hôtel-Dieu Grace Healthcare were also clients of the same service provider and have experienced data security problems as a result of the attack as well.

Risk to Business: 2.736 = Moderate

Amsterdam-based fashion house DENHAM the Jeanmaker has disclosed that it has been the victim of a ransomware attack. The Akira ransomware group is suspected of being the culprit. The fashion brand said that the cyberattack was first discovered on December 27, 2023. The cyberattack on DENHAM did not impact the brand’s in-store or online retail operations. However, the bad actors did manage to steal some corporate and proprietary data. The brand was quick to reassure clients that no consumer data or credit card information was stolen. 

Risk to Business: 2.736 = Moderate

In a rare Defi story that doesn’t involve a crypto company being hacked for millions, crypto wallet company Trezor is informing users that it has experienced a data breach as the result of an attack on one of its service providers. The company said that the contact details of 66,000 users who accessed Trezor Support since 2021 may have been compromised. The exposed data could include names, nicknames and email addresses. The service provider has not been identified.  

Risk to Business: 1.602 = Severe

Major semiconductor manufacturer Foxsemicon has fallen victim to a ransomware attack by the LockBit ransomware group. The gang posted a notification on Foxsemicon’s website stating they had taken it over and stolen 5TB of the company’s client data. Foxsemicon did not disclose any information about the ransom demanded by the hackers. It also has not confirmed whether any personal information about its customers or employees was leaked. Foxsemicon is a subsidiary of electronics giant Foxconn.