The Week in Breach News: 01/24/24 – 01/30/24

Risk to Business: 1.437 = Extreme

In a rare happy outcome for a business email compromise (BEC) story, The GALA Hispanic Theatre in Washington, DC is breathing a sigh of relief. The theater experienced a business email compromise attack that cost them more than $250,000. The January 11 attack kicked off a nightmare after the certified accountant for the theater initiated a standard wire transfer of $965 to a set designer for an upcoming show. When the transaction completed, a screen popped up telling them that they’d been locked out of their account. Bad actors then drained the theater’s CitiBank account. The transfer went to a Bank of America account belonging to a fake company called Infinity Source LLC. After filing complaints with Citi and Bank of America, the theater began working with law enforcement. The theater also launched a whirlwind fundraising effort to ensure that it was still able to stage its upcoming show, raising $70k. Fortunately, the theatre received a much more pleasant surprise – CitiBank informed them that the $255,000 stolen from their account would be returned to them by the bank.

Risk to Business: 1.691 = Severe

A Russian state-sponsored group known as APT29 (AKA BlueBravo, Cloaked Ursa, Cozy Bear, Midnight Blizzard/ Nobelium) is thought to be behind an intrusion into Hewlett Packard Enterprise (HPE). This is the same group that recently hit Microsoft. The threat actors gained access to HPE’s cloud email environment to exfiltrate mailbox data. HPE said the threat actor exfiltrated data from some mailboxes belonging to employees in their cybersecurity, go-to-market and business segments. HPE said it was notified of the incident on December 12, 2023. HPE also said the incident has not had any material impact on its operations. HPE has not commented on the specifics of the email information that was accessed. 

Risk to Business: 1.643 = Severe

Water technology provider Veolia North America has disclosed that it fell victim to a ransomware attack. The company said that the attack impacted systems in its Municipal Water division and disrupted its bill payment systems. Veolia said that it had immediately implemented defensive measures, temporarily taking some systems offline to contain the breach. The company said that its back-end systems and servers are now back online and customers’ payments will not be affected. Water and wastewater treatment operations weren’t interrupted. Veolia said that a limited number of individuals may have had their personal information exposed in the breach.

Risk to Business: 1.462 = Extreme

The Government of Bucks County, Pennsylvania is grappling with a cybersecurity incident that has knocked out services and communication systems including the Emergency Communications Department’s computer-aided dispatch (CAD) system. Operators were reduced to using pen and paper to take calls but were still able to respond to emergencies effectively. The system holds a myriad of sensitive data. The Pennsylvania National Guard has been called in to assist. Court proceedings were also snarled because of the incident.  

Risk to Business: 1.702 = Severe

Texas-based chain Jason’s Deli has begun informing customers that they have had data exposed in a credential stuffing attack. The restaurant chain says that hackers obtained credentials of member accounts from other sources and used them to conduct a credential stuffing attack on December 21, 2023. A variety of customer data was snatched including a customer’s full name, address (including all saved delivery addresses), phone number, birthday, preferred Jason’s deli location, house account number, deli dollar points, redeemable amounts and rewards, truncated credit card numbers (only the last four digits are visible) and truncated gift card numbers. 

Risk to Business: 2.736 = Moderate

Members of the UK’s Caravan and Motorhome Club (CAMC) aren’t happy campers after a mysterious outage of the group’s website and mobile app.  The site and app originally said that they were down for maintenance, but later changed to acknowledge that there was a problem and that external teams were involved in bringing its systems back to working order. The outage has left members unable to book future holidays and disgruntled with CAMC’s customer service. CAMC has more than 1 million members.  

Risk to Business: 1.736 = Serious

The Black Basta ransomware group has claimed responsibility for an attack on UK utility Southern Water. The private utility company collects and treats wastewater in Hampshire, the Isle of Wight, West Sussex, East Sussex and Kent as well as providing water to many homes in the region. The group claims to have nabbed 750 gigabytes of sensitive data, including users’ personal documents and corporate documents. Black Basta ransomware group added Southern Water to the list of victims on its Tor data leak site, threatening to leak the company’s stolen data on February 29, 2024. It provided scans of passports, ID cards and personal information of some employees as proof of the hack.   

Risk to Business: 1.602 = Severe

The unsecured database of a medical lab owned by Microbe & Lab of Amsterdam has resulted in the exposure of patient records, including personal data and COVID test results. The database, which lacked password protection, contained approximately 1.3 million exposed records including 118,441 certificates, 506,663 appointments, 660,173 testing samples and an assortment of proprietary data. The leaked records contain patient names, nationality, passport number and test results, as well as the price, location and type of test conducted.