The Week in Breach News: 02/15/23 – 02/21/23

U.S Federal Bureau of Investigation (FBI)

https://www.reuters.com/world/us/fbi-says-it-has-contained-cyber-incident-bureaus-computer-network-cnn-2023-02-17/

Exploit: Hacking
U.S. Federal Bureau of Investigation: Federal Government Agency

Risk to Business: 1.657 = Severe
The U.S. Federal Bureau of Investigation (FBI), an agency that is often tapped to investigate cyberattacks, is investigating a cyberattack of its own. The agency has not released any specifics about the incident, but news outlets report the hacking involved systems based in the Bureau’s New York field office used by investigate child sexual exploitation. No clear timeline on this hack has been made available and the FBI has offered no comment beyond confirming that the Bureau is investigating a cyber incident.

How It Could Affect Your Business: Government agencies and entities at every level are prime targets for the bad guys.

Burton Snowboards

https://www.bleepingcomputer.com/news/security/burton-snowboards-cancels-online-orders-after-cyber-incident/

Exploit: Hacking

Burton Snowboards: Athletic Equipment Company

Risk to Business: 1.402 = Extreme
Legendary snowboard maker Burton has canceled all of its online orders because of an unspecified cyber incident. The company said in a statement that it was experiencing an online outage because of a cyberattack. Customers were advised to buy in person at Burton retailer or use the company’s rental program. Burton said that it’s currently investigating the incident with the help of outside experts to establish its impact. No word on what if any data was affected or a timeline for Burton to resume processing online orders.

How It Could Affect Your Business: Retailers have been seeing increasing cybersecurity problems around their online operations.
 

Lehigh Valley Health Network (LVHN)

https://www.wfmz.com/news/area/lehighvalley/lvhn-reports-cyberattack-by-russian-ransomware-gang/article_6ceb11e0-b133-11ed-9bdc-7b7c0a2adf99.html

Exploit: Ransomware

Lehigh Valley Health Network: Healthcare Provider

Risk to Business: 1.808 = Severe
Lehigh Valley Health Network, based in Pennsylvania, has disclosed that it has been the victim of a ransomware attack by the Black Cat/ALPHV ransomware group. The hospital system was quick to assure the public that it was not experiencing any operational disruption. LVHN did not specify the demanded ransom amount but did state that they have no intention of paying the extortionists. The hospital says that on February 6, 2023, the group gained access to the network in a radiology office connected to the hospital and used that access to launch a ransomware attack against LVHN. BlackCat allegedly stole patient data in this attack, including patient images regarding radiation oncology treatment.

How It Could Affect Your Business: Healthcare targets have been getting hammered by ransomware groups and hackers thanks to the wide array of valuable data they hold.

United Kingdom – National Health Service (NHS)

https://www.infosecurity-magazine.com/news/data-leak-hits-thousands-of-nhs/

Exploit: Human Error

National Health Service (NHS): Government Agency

Risk to Business: 2.779 = Moderate
Britain’s National Health Service (NHS) has experienced a data leak caused by an employee error. Around 14,000 employees at The Liverpool University Hospital Foundation Trust (LUHFT) have been informed that their personal data may have been exposed because of any employee blunder. In the incident, an employee mistakenly sent an Excel file sent to hundreds of NHS managers and 24 external accounts containing personal and sensitive payroll information. Impacted workers have been informed in a letter of apology and the incident has been reported to the Information Commissioner’s Office.

How It Could Affect Your Business: Employee mistakes can cause expensive data security incidents that are as bad or worse than a cyberattack.

Ireland – Tusla

https://www.thejournal.ie/tusla-contact-20000-people-data-compromised-during-hse-cyber-attack-5999841-Feb2023/

Exploit: Supply Chain Breach

Tusla: Government Agency

Risk to Business: 2.879 = Moderate
Ireland’s children and family services agency Tusla will begin informing an estimated 20,000 people that their data was compromised during a 2021 cyber-attack on the HSE. That agency provides IT services for Tusla. The impacted data belonged to both individuals and to staff members. Officials offered HR data as an example of the internal use data types that could be involved and referral letters, reports, email correspondence as examples of the user data that was compromised. Victims will have the option to go to an online portal to find out the specifics about their compromised data or call a hotline.

How it Could Affect Your Business: Security problems at service providers quickly end up becoming security problems for their clients.

Portugal – Aguas do Porto

https://securityaffairs.com/142477/cyber-crime/lockbit-water-utility-aguas-do-porto.html

Exploit: Ransomware

Aguas do Porto: Utility

Risk to Business: 1.709 = Severe
The Lockbit ransomware gang is supposedly behind a ransomware attack on Portuguese water utility Aguas do Porto. The group claims to have stolen data and added the utility to its dark web leak site last week with a “pay by” demand date of March 7, 2023, to avoid the release of that data. The company confirmed that it did experience a security breach on January 30. Aguas do Porto said that the attack impacted some of its services, but not the water supply and sanitation operations. The National Cybersecurity Center and the Judiciary Police are investigating the security breach.

How it Could Affect Your Business: Infrastructure targets are favorites of ransomware groups, with 14 of 16 infrastructure sectors experiencing attacks last year.

Bulgaria – MyQRcode

https://therecord.media/all-classes-canceled-at-irish-university-as-it-announces-significant-it-breach/
Exploit: Misconfiguration

MyQRcode: Code Generator Website

Risk to Business: 1.711 = Severe
Popular Bulgaria-based QR code generator website MyQRcode has been leaking data due to a misconfiguration. The site has leaked an estimated 128 GB of data that includes the personal information of about 66,000 users. The Elasticsearch server involved was accidentally left publicly accessible without any security authentication or password. That problem was compounded by the fact that the company was seemingly unaware of the problem and continues to update the server with new user records daily until recently. The leaked data includes personal and login credentials of My QR Code customers, including full names, job titles, email addresses, password hashes, URLs to QR codes, phone numbers, mailing addresses, links to users’ social media profiles and links to users’ personal, business, or company websites.

How it Could Affect Your Business: Misconfigurations can create tremendous problems that can take a long time to discover.

India – RailYatri

https://www.hackread.com/indian-ticketing-platform-railyatri-hacked/
Exploit: Hacking

RailYatri: Transportation Booking Platform

Risk to Business: 1.823 = Severe
Major Indian rail booking platform RailYatri has suffered a data breach that has resulted in personal information becoming exposed for over 31 million travelers. The initial breach occurred in December 2022, but the customer data was just made available in the dark web forum Breachforums. The 12 GB worth of leaked data includes users’ email addresses, full names, genders, phone numbers and locations as well as 37,000 invoices detailing travel plans.

How it Could Affect Your Business: This kind of data is attractive to bad actors and can bring them a pretty penny when reselling it on the dark web.