The Week in Breach News: 02/22/23 – 02/28/23

Dish Network

https://siliconangle.com/2023/02/26/dish-network-services-remain-offline-sunday-following-suspected-cyberattack/

Exploit: Ransomware
Dish Network: Television Service

Risk to Business: 1.402 = Extreme
Major U.S. satellite television provider Dish Network has been knocked off the air by a suspected ransomware attack. Customers first noticed the service outage last Thursday and the problem persisted through the weekend. The outage appears to affect most parts of the company, including online bill payment services, customer service and Boost Mobile, the prepaid wireless carrier acquired by Dish in 2020. Dish has not made a formal statement about the incident and no ransomware group has claimed responsibility

How It Could Affect Your Business: This kind of ongoing service interruption is a nightmare and will certainly push customers to switch to another service.

U.S. Department of Defense

https://techcrunch.com/2023/02/21/sensitive-united-states-military-emails-spill-online/

Exploit: Misconfiguration

U.S. Department of Defense: Federal Government Agency

Risk to Business: 1.702 = Severe
The U.S. Department of Defense (DoD) is facing a storm of trouble after a wealth of sensitive information was accidentally left unprotected by a password or security measures on a misconfigured server. The exposed server was hosted on Microsoft’s Azure government cloud. The server in question functioned as part of an internal mail system. It held an estimated three terabytes of internal military emails including messages related to U.S. Special Operations Command, or USSOCOM, the U.S. military unit tasked with conducting special military operations. Personnel files with records of clearance investigations may have been exposed in this incident. The data remained unprotected for at least two weeks until the blunder was reported to DoD by an outside researcher.

How It Could Affect Your Business: Even the strictest and most secure environments can experience trouble thanks to human error.

The City of Hilliard, Ohio

https://www.usatoday.com/story/news/crime/2023/02/16/the-city-of-hilliard-has-fired-its-finance-director-in-phishing-scheme/69907805007/

Exploit: Business Email Compromise

The City of Hilliard, Ohio: Municipal Government

Risk to Business: 1.808 = Severe
A business email compromise attack that netted cybercriminals more than $200k against the city of Hilliard, Ohio has resulted in the city’s finance director being fired. The trouble started on December 8, 2022, when an accounting assistant in the city’s finance department fell for phishing messages from an unnamed bad actor pretending to be an existing city vendor, Strawser Paving Company. The cybercriminals corresponded with the employee about payment due for services supposedly rendered. The cybercriminals struck again with the next phase of the scam on December 19, 2022, this time convincing the same employee to change the bank account routing information the city had for the company. On December 20, 2022, the city employee then paid the company’s fraudulent bill for $218,992.06. The finance employee involved in this affair and the city’s finance director were placed on paid administrative leave on February 6, 2023. Ultimately, the finance director was fired for failing to report the event to other officials in a timely manner, and the employee resigned. The city is working to get its money back and has filed an insurance claim.

How It Could Affect Your Business: Municipal governments have been prime targets for the bad guys because often lax security means there is easy money to be made.

Stanford University

https://gbhackers.com/stanford-university-data-breach/

Exploit: Hacking

Stanford University: Institution of Higher Learning

Risk to Business: 2.779 = Moderate
California’s Stanford University has reported a data breach that impacted 897 candidates in its Ph.D. program. Bad actors gained access to files containing sensitive admission information for the Economics Ph.D. program from the university’s website. The incident occurred between December 2022 and January 2023, and the university says that two unauthorized downloads of the data were made during that period. applicants’ applications as well as the materials that accompanied them. Applicants may have had personal information exposed including their first and last name, date of birth, home address, mailing address, phone number, mail address, race, ethnicity, citizenship, gender, transcripts, personal statements, resume and letters of recommendation. No financial data was involved in this incident.

How It Could Affect Your Business: In states with especially stringent data privacy laws, incidents like this can be punishingly expensive.

Reventics

https://healthitsecurity.com/news/revenue-cycle-management-company-reports-healthcare-data-breach-impacting-250k

Exploit: Hacking

Reventics: Business Services Provider

Risk to Business: 1.899 = Severe
Medical revenue management company Reventics suffered a data breach that has affected several major U.S. Healthcare providers. The company filed a data breach notice on February 10, 2023, detailing the incident to regulators in Montana. Reventics says that a hacker accessed the company’s network in December 2022 and stole confidential consumer information from the company’s computer network. Information exposed in the incident included consumers’ names, Social Security numbers, dates of birth, financial information, and protected health information. More than 200k people have been impacted in this incident.

How it Could Affect Your Business: Security problems at service providers quickly end up becoming security problems for their clients.

Ireland – Dole Food Company

https://www.cybersecurityconnect.com.au/commercial/8745-irish-multinational-agribusiness-company-hit-by-ransomware-attack-systems-taken-offline

Exploit: Ransomware

Dole Food Company: Agribusiness

Risk to Business: 1.709 = Severe
Fruit and vegetable giant Dole Food Company announced that they have experienced a ransomware attack that has snarled much of the company’s systems. Dole told retailers that the February 22 attack caused the company to shut down its North American network, including processing plants, and press pause on all shipments, resulting in produce shortages at some North American grocers. No group has claimed responsibility. Dole said in a statement that it has hired a third-party cybersecurity firm to investigate the incident.

How it Could Affect Your Business: Bad actors have been setting their sights on manufacturers of every stripe as supply chain attacks increase.

Australia – The Good Guys

https://www.channelnews.com.au/1-85m-good-guys-customers-impacted-by-data-breach/
Exploit: Supply Chain Attack

The Good Guys: Discount Retailer

Risk to Business: 1.711 = Severe
Discount warehouse retailer The Good Guys has experienced a data breach as a result of an incident at a service provider. The company is contacting 1.85 million past and present members of its Concierge loyalty program to let them know that some of their personal information may have been exposed in 2021 in an incident at the company that ran Good Guys’ loyalty program, Pegasus Group Australia (now called My Rewards). A Good Guys spokesperson said that the company no longer has a relationship with My Rewards. The company said that no customer data like identity documents or financial information such as driver’s license, passport or credit card data was exposed in this breach.

How it Could Affect Your Business: Supply chain attacks are increasing and every company needs to be ready for trouble with a strong incident response plan.