The Week in Breach News: 01/31/24 – 02/06/24

Risk to Business: 1.437 = Extreme

AnyDesk confirmed that it has experienced a cyberattack that resulted in hackers gaining access to the company’s production systems. Anydesk, makers of a popular remote desktop access solution, discovered the intrusion last Friday. The company ultimately determined their systems had been compromised. The threat actors stole source code and code signing certificates. AnyDesk says they have revoked security-related certificates and remediated or replaced systems as necessary. The company was quick to reassure customers that AnyDesk was safe to use and that there was no evidence of end-user devices being affected by the incident. Ransomware was not involved.

Risk to Business: 1.691 = Severe

Freehold Township School District informed staff, families and students that its schools and offices would be closed due to a cybersecurity incident on January 28. The incident impacted eight K-8 schools, leaving them closed for a day at the beginning of the new term as parents scrambled for daycare. Freehold High School, which is part of a separate school district, was not impacted. Officials did not say if any data had been stolen.

Risk to Business: 1.643 = Severe

California-based Keenan & Associates, an insurance brokerage that handles employee benefits, workers’ compensation and property liability, is notifying more than 1.5 million individuals that it fell victim to a ransomware attack in August 2023. In the incident bad actors gained access to some internal systems at for about a week, between Aug. 21 and Aug. 27. A wide assortment of data was snatched including an insured’s names, birthdates, numerical identifiers such as Social Security, passport number and driver’s license, health insurance information and general health information.  

Risk to Business: 1.462 = Extreme

Fulton County, Georgia experienced a cyberattack that has knocked out a number of the county government’s systems and services. County officials said in a statement that the county government’s communication, court and tax systems are all experiencing outages, including the Fulton County Board of Equalization and the Board of Assessors. The Fulton County Superior Court was unable to function briefly, including being unable to issue marriage licenses and certificates or process firearms registrations. Residents are being told that their tax payments will not be posted until the system is back online. County officials reassured voters that there was no evidence indicating the cyberattack is related to the state’s election process. However, Fulton County officials are still restricted from accessing the state’s voter registration system, aa a precautionary measure. No timeline has been given on the restoration of services, and no ransom was announced.

Risk to Business: 1.702 = Severe

Global Affairs Canada (GAC), the Canadian equivalent to the U.S. state department, said it is investigating a data breach. GAC said in a statement that its investigation has revealed that there has been unauthorized access to the personal information of users, including employees. The data breach affected two internal drives as well as the emails, calendars and contacts of several staff members. The breach occurred between December 20, 2023, and January 24, 2024. The suspected cause of the data breach is a compromised Virtual Private Network (VPN) that is managed by the Federal Government’s Shared Services Canada (SSC). 

Risk to Business: 2.736 = Moderate

The Cactus ransomware group has claimed responsibility for a ransomware attack that hit French energy management and digital transformation company Schneider Electric. The group claims that it stole terabytes of data. The attack impacted the services of Schneider Electric’s Resource Advisor cloud platform causing outages. No other departments or services were impacted. The incident kicked off with an attack on the Sustainability Business division of the company on January 17th.  

Risk to Business: 1.736 = Serious

Passenger Rail Agency of South Africa (PRASA) has admitted that it lost an estimated one million dollars to a phishing scam, suspected to be a business email compromise (BEC) attack. The organization said that it was ultimately able to claw back half of the money it lost. The incident was revealed in the agency’s annual report.

Risk to Business: 1.602 = Severe

Football Australia (FA) has experienced a data breach as a result of a blunder. A developer inadvertently left a crucial server reference in code accessible to the public, leaving a huge treasure trove of information open for the taking. The information exposed may include players’ contracts containing data like personally identifiable information and passport scans. Fan data associated with ticket purchases and information about the FA’s digital infrastructure was also exposed. Researchers discovered the 27 AWS buckets of exposed data, which have been available since early January 2024. FA said that it has informed the Office of the Australian Information Commissioner (OAIC) about the breach.