The Week in Breach News: 02/14/24 – 02/20/24

Risk to Business: 1.771 = Severe

The U.S. Department of Defense (DoD) is in the process of notifying 20,600 people that their personal information was exposed in an email data security mishap last winter. According to the breach notification letter sent out to affected individuals on February 1, DoD is saying that a large number of emails were inadvertently exposed after they were left unprotected by a service provider between February 3 and February 20, 2023. The misconfigured cloud email server was hosted on Microsoft’s cloud for government customers, and the problem was solved in 2023, but not before the damage had been done. 

Risk to Business: 2.691 = Moderate

Fortune 500 company Prudential Financial has disclosed that its network was breached last week, and the attackers made off with employee and contractor data. The ALPHV/Blackcat has claimed responsibility for this incident. The second-largest life insurance company in the U.S. said in an 8-K filing that it detected the breach on February 5, one day after the attackers gained access to some of its systems. The company’s investigation determined that impacted individuals had their name, address, date of birth, phone number and Social Security number stolen in the attack. ALPHV/Blackcat has also claimed responsibility for a strike on loanDepot at the same time as this attack.

Risk to Business: 1.643 = Severe

The county council of Washington County, PA has voted to pay cybercriminals up to $400,000 to recover their data after a late January cyberattack. The ransomware incident shut down all county government services except 911 for about two weeks. The unnamed threat actors behind the attack have demanded a $350,000 ransom payment. The city council voted to pay the ransom and pay a company about $20,000 to handle the payment. The reason that the county council cited for giving in to the cybercriminals’ demands was that the cybercriminals had obtained sensitive information about children in need in the county.

Risk to Business: 1.862 = Severe

Dark web threat actors using the aliases IntelBroker and Sanggiero are claiming responsibility for a data breach at Robert Half International. In a dark web post, the cybercriminals claim to have gained access to confidential records, employee documents, customer information and configuration settings related to services such as OpenAI and Twilio. The hackers offered screenshots as proof that they had gained access to Robert Half’s data. The stolen data is being offered for sale for $20,000 in Monero (XMR).

Risk to Business: 1.702 = Severe

Oklahoma-based Integris Health is informing an estimated 2.4 million people that their data may have been exposed in a data breach it suffered last November. The attack landed on December 26, 2023. The healthcare provider confirmed the hit after the bad actors began contacting patients whose data they stole. The victims received emails linked to a website in the Tor network. Visitors could pay $50 and trust the attacker’s word on removing the details, or pay $3 to view information belonging to any other impacted individual. Integris Health said that it did not experience any disruption in services. A patient’s exposed data may include their full name, date of birth, contact information, demographic information and Social Security Number (SSN). 

Risk to Business: 1.336 = Extreme

Virginia Farm Bureau (VFB), a non-profit with the mission of agriculture advocacy that also sells insurance, has experienced a data breach as the result of a ransomware attack. Ina filing, VFB said that it has determined that an unauthorized party was able to access its network to steal data and deploy ransomware between October 6, 2022, and October 16, 2022. VFB admitted that an unauthorized party was able to access sensitive information about its members and insureds, including their names, driver’s license numbers, state identification numbers, Social Security numbers and financial account information.

Risk to Business: 1.442 = Extreme

ALPHV/Blackcat says that they’re responsible for a cyberattack that hit Canada’s Trans-Northern Pipeline. The company confirmed a cybersecurity incident in December 2023 that impacted some of its internal systems. The pipeline operator said its internal systems, including communication with external parties and access to data, was hindered after the attack, delaying its response to Canada Energy Regulator after the watchdog inquired about unauthorized on-the-ground activity on one of its pipelines. They were quick to reassure the public that the pipelines kept running normally. The cybercriminals claim to have stolen 183 GB of proprietary data.

Risk to Business: 1.602 = Severe

Varta AG announced that it was hit by cyberattack that forced it to shut down IT systems and stop production at its plants. Varta AGsaid that its administration and five of its production units were taken down by hackers. The company did not provide a timeline for the restoration of its operations. The resultant production stoppage has caused a slide in Varta AG’s stock price. Varta AG is a major battery supplier to automotive companies and countries throughout the EU.