InTegriLogic Blog
The Week in Breach News: 02/08/23 – 02/14/23
Pepsi Bottling Ventures LLC
Exploit: Malware
Pepsi Bottling Ventures LLC: Soft Drink Distributor
Risk to Business: 1.763 = Severe
Pepsi Bottling Ventures LLC, the U.S.’s largest Pepsi bottler, has fallen victim to a data-stealing malware attack. The bottler operates 18 bottling facilities across North and South Carolina, Virginia, Maryland, and Delaware. The company said in a breach disclosure that the attack took place on December 23, 2022, but went undiscovered until 18 days later on January 10, 2023. Information about the soft drink bottler’s employees appears to have been snatched by the crooks including an employee’s full name, address, financial account information (including passwords, PINs, and access numbers), state and Federal government-issued ID numbers and driver’s license numbers, ID cards, Social Security Numbers (SSNs), passport information, digital signatures, information related to benefits and employment (health insurance claims and medical history).
How It Could Affect Your Business: A business that is time sensitive in nature is very attractive to the bad guys.
Sharp HealthCare
Exploit: Hacking
Sharp HealthCare: Healthcare Provider
Risk to Business: 1.808 = Severe
San Diego, California healthcare provider Sharp HealthCare has begun notifying 62,777 of its patients that some of their personal information was compromised in a cyberattack. Specifically, patients who paid a bill using the provider’s online bill payment service between Aug. 12, 2021, and Jan 12, 2022, had data exposed. Sharp was quick to reassure patients that the breach did not include bank account or credit card information, Social Security numbers, health insurance information, dates of birth or health records. The breach was limited to patient names, internal Sharp identification numbers, invoice numbers, payment amounts and the names of the Sharp entities receiving payment.
How It Could Affect Your Business: Healthcare targets have been getting hammered by ransomware groups and hackers thanks to the wide array of valuable data they hold.
Weee!
Exploit: Hacking
Weee!: Specialty Grocer
Risk to Business: 1.657 = Severe
The largest Asian and Hispanic grocery store in North America Weee! announced that it has experienced a data breach. The personal information of 1.1 million customers was affected. The incident came to light after a threat actor began leaking the stolen data on a dark web forum. The cybercriminal claims that the data was stolen in February 2023. The stolen data includes Weee! customers’ first and last names, email addresses, phone numbers, device type (iOS/PC/Android), order notes and other data the delivery platform uses. The company has confirmed the authenticity of the data.
How It Could Affect Your Business: Online retailers handle and retain data that sells fast in dark web markets.
MKS Instruments
https://www.csoonline.com/article/3687098/mks-instruments-falls-victim-to-ransomware-attack.html
Exploit: Ransomware
MKS Instruments: Semiconductor Manufacturing
Risk to Business: 1.379 = Extreme
Massachusetts-based semiconductor and circuit board maker MKS Instruments has experienced a ransomware attack that may cause manufacturing delays. In a filing, the company said that the event happened on February 3 and impacted its production-related systems. A company executive disclosed that the incident has affected certain business systems, including production-related systems, and as part of the containment effort, the company has elected to temporarily suspend operations at certain of its facilities. No word on what if any ransom was demanded.
How It Could Affect Your Business: the semiconductor shortage has made manufacturers of those critically needed items prime targets for cyberattacks.
City of Oakland, California
https://securityaffairs.com/142110/cyber-crime/city-of-oakland-ransomware-attack.html
Exploit: Ransomware
City of Oakland: Municipal Government
Risk to Business: 1.709 = Severe
The City of Oakland, California announced that some city services and systems were knocked offline as a result of a ransomware attack. Officials assured citizens that the city’s emergency services were not impacted and none of the city’s financial data was accessed. However, delays are expected for things like inquiries to city staff and officials. The City’s Information Technology Department is investigating the incident in cooperation with law enforcement.
How it Could Affect Your Business: Cybercriminals have been going after governments at every level hard for the past few years.
Indigo Books & Music
Exploit: Hacking
Indigo Books & Music: Bookstore Chain
Risk to Business: 1.892 = Severe
Indigo Books & Music, Canada’s largest bookstore chain, has announced that it has experienced a cyberattack, suspected to be ransomware, that may have exposed customer data last week. The incident caused the company to make the website unavailable to customers and to only accept cash payments in stores. Gift cards were also unusable. Indigo cautions that there may be delays in shipped orders. The bookseller has not offered specifics as to the type of cyberattack that caused the problem or if any data was encrypted or stolen. An investigation and restoration of systems is ongoing.
How it Could Affect Your Business: Shutting down retail businesses is a favored tactic of ransomware practitioners looking for a quick score
Ireland – Munster Technological University (MTU)
https://therecord.media/all-classes-canceled-at-irish-university-as-it-announces-significant-it-breach/
Exploit: Hacking
Munster Technological University (MTU): Institution of Higher Learning
Risk to Business: 1.711 = Severe
Indigo Books & Music, Canada’s largest bookstore chain, has announced that it has experienced a cyberattack, suspected to be ransomware, that may have exposed customer data last week. The incident caused the company to make the website unavailable to customers and to only accept cash payments in stores. Gift cards were also unusable. Indigo cautions that there may be delays in shipped orders. The bookseller has not offered specifics as to the type of cyberattack that caused the problem or if any data was encrypted or stolen. An investigation and restoration of systems is ongoing.
How it Could Affect Your Business: Online learning has been a boon for cybercriminals too, making it easy for them to hold schools hostage with ransomware.
UK – Vesuvius Plc
https://therecord.media/vesuvius-plc-cyber-incident-steel-industry-supplier/
Exploit: Hacking
Vesuvius Plc: Ceramics Manufacturer
Risk to Business: 1.823 = Severe
Vesuvius Plc, a UK company that produces ceramics used by steelmakers, has announced that it was the victim of a cyberattack. The company said that it was forced to shut down affected systems and initiated steps to assess the scale of the attack, including the impact that this attack will have on production and shipping. The company did not say if any data was stolen, simply saying that it was working with the relevant authorities.
How it Could Affect Your Business: Small manufacturers of key specialty parts that move other industries are attractive to bad guys because of the chance that they have low security.