The Week in Breach News: 01/25/23 – 01/31/23

One Brooklyn Health

https://www.scmagazine.com/analysis/breach/breach-notice-confirms-one-brooklyn-health-cyberattack-outage-in-november

Exploit: Hacking
One Brooklyn Health: Healthcare Provider

Risk to Business: 1.776 = Moderate
Hospital operator One Brooklyn Health has confirmed that its hospitals were forced offline in November 2022 because of a security incident. The incident affected three OBH hospitals and affiliated care sites: Brookdale Hospital Medical Center, Interfaith Medical Center and Kingsbrook Jewish Medical Center. At those hospitals, workers were forced to resort to manual recordkeeping, creating treatment delays that were widely reported in the local press. Bad actors gained access to patient data in the incident including patient names, dates of birth, billing and claims data, treatment details, medical record numbers, prescriptions and health insurance information.

How It Could Affect Your Business: Hospitals and medical facilities have been popular targets for bad actors and need extra security.

Zacks Investment Research

https://securityaffairs.com/141343/data-breach/zacks-investment-research-data-breach.html

Exploit: Hacking

Zacks Investment Research: Financial Analysts

Risk to Business: 2.021 = Severe
Investment analysis company Zacks Investment Research has informed more than 280,000 customers that bad actors gained access to some of its client data. The company said that the intrusion occurred at the end of 2022. In the incident, the intruders had their hands on a database of customers who had signed up for the Zacks Elite product between November 1999 and February 2005. Exposed data may include a customer’s name, address, phone number, email address and password used for Zacks.com.  Zacks was quick to assure customers that threat actors did not gain access to any customer credit card information, customer financial information or any other customer personal information.

How It Could Affect Your Business: The financial services industry was among the three most cyberattacked industries in 2022.

Circleville Municipal Court

https://therecord.media/ohio-town-working-to-restore-municipal-court-systems-after-cyberattack/

Exploit: Ransomware

Circleville Municipal Court: Municipal Government

Risk to Business: 1.837 = Severe
The municipal court system in Circleville, Ohio is the latest municipal government entity to have ransomware trouble. Circleville Municipal Court was added to the dark web leak site of the LockBit ransomware group last week. The group claims to have snatched 500 GB of data including sensitive court records. Officials have confirmed that the court system has had its operations disrupted and said that they are working with experts to get up and running again. No information was available about any ransom demands.

How It Could Affect Your Business: Ransomware has been a menace for government agencies and municipalities of all sizes.

GoTo

https://thehackernews.com/2023/01/lastpass-parent-company-goto-suffers.html

Exploit: Hacking

GoTo: Software Company

Risk to Business: 1.981 = Extreme
GoTo disclosed that it has experienced a data security incident that impacts customers’ backups. The company said that in November 2022, unidentified threat actors snatched some customers’ encrypted backups along with an encryption key for some of those backups. Users of GoTo’s Central, Pro, join.me, Hamachi and RemotelyAnywhere products may have been hit in this incident. The exposed data may include customers’ account usernames, salted and hashed passwords, a portion of multi-factor authentication (MFA) settings, and well as some product settings and licensing information. In addition, MFA settings pertaining to a subset of its Rescue and GoToMyPC customers were impacted.

How It Could Affect Your Business: An incident like this could cost a company a fortune and not just in incident response – reputation damage is a consequence of a successful cyberattack.
 

Charter Communications

https://therecord.media/telecom-giant-charter-communications-says-third-party-vendor-had-security-breach/

Exploit: Supply Chain Attack
Charter Communications: Telecommunications Company

Risk to Business: 1.973 = Severe
Telecom giant Charter Communications disclosed that 550,000 of its customers have had information exposed as the result of a data breach at one of its vendors after bad actors claimed on a dark web site to have obtained Charter’s customer data. A post on a dark web data broker’s site claimed that the broker had obtained a tranche of data that belonged to Charter Communications that included 550K user records listing information like customers’ account numbers and some identity information. Charter says that the incident is still under investigation. The company serves 32 million customers in 41 states.

How it Could Affect Your Business: Cybersecurity flubs by service providers can cause a cascade of supply chain problems that impact other businesses too.

Running Room

https://www.insurancebusinessmag.com/ca/news/cyber/running-room-canada-targeted-by-unauthorized-group-customer-data-stolen-434399.aspx

Exploit: Hacking

Running Room: Sporting Goods Retailer

Risk to Business: 1.802 = Severe
Running Room has informed customers that it has experienced a data breach due to hackers setting up a skimming operation on its website. The sporting goods retailer said that the incident took place between November 19, 2022, and January 18, 2023. The company says that the hackers were able to access and steal customers’ emails, names, addresses, phone numbers and credit card information during website transactions. Running Room did not specify how many transactions or customers had been impacted.

How it Could Affect Your Business: Payment skimmers are a cybercriminal favorite, and they can be hard to spot before it’s too late.

Denmark – Zendesk

https://www.securityweek.com/zendesk-hacked-after-employees-fall-for-phishing-attack/
Exploit: Phishing

Zendesk: Software Company

Risk to Business: 1.672 = Severe
Zendesk has begun informing customers that the company has experienced a security incident as a result of a successful phishing attack. A message from Zendesk informed customers that the company found out about the issue in October 2022. At that time, several employees were targeted in a “sophisticated SMS phishing campaign” and some of them took the bait. Those employees then handed over their account credentials, giving hackers access to data from a logging platform between late September and late October 2022. Zendesk warned impacted customers that service data belonging to those company’s accounts may have been in the logging platform data, although there is no evidence that bad actors gained access to anyone’s instance.

How it Could Affect Your Business: phishing is the bane of every IT team and the biggest security danger most businesses face.
 

UK – Arnold Clark

https://therecord.media/play-ransomware-group-claims-attack-on-arnold-clark-one-of-britains-largest-car-dealerships/

Exploit: Ransomware

Arnold Clark: Car Dealer

Risk to Business: 2.103 = Severe
One of the UK’s largest car retailers Arnold Clark has been added to the Play ransomware group’s dark web leak site. Play claims that they’ve stolen 15 GB of data that includes National Insurance numbers, passport data, addresses and phone numbers. The group also published a selection of bank statements and car finance documents for customers of the Glasgow-based firm The December 2022 attack led to an information systems shutdown at the retailer that caused workers to have to resort to pencil and paper to handle business.

How it Could Affect Your Business: Ransomware is a quick path to loss of revenue and customer service nightmares because of delays and system shutdowns.