The Week in Breach News: 03/06/24 – 03/12/24

Risk to Business: 1.771 = Severe

Fidelity Investments Life Insurance Company (FILI) is informing about 20,000 customers that it has experienced a data breach due to a cybersecurity incident at one of its vendors, Infosys McCamish (IMS). That vendor was also responsible for the recent Bank of America data breach. In November 2023, IMS notified FILI about an unspecified “cybersecurity event” that disrupted its services. After an investigation, IMS discovered that its systems were breached between October 29 and November 2, 2023. IMS determined that the bad actor was able to obtain data stored on those systems. FILI informed customers that their stolen data may have included individual names, Social Security numbers, states of residence, bank account and routing numbers and dates of birth.

Risk to Business: 1.691 = Severe

Cybersecurity and Infrastructure Security Agency (CISA) has disclosed that it was forced to take two servers offline after bad actors were able to breach them in February. The agency said that the cause of the trouble was vulnerabilities in Ivanti products. While CISA would not comment on which systems or what data was accessed, reports point to hackers accessing the Infrastructure Protection (IP) Gateway, which houses critical information about the interdependency of U.S. infrastructure, and the Chemical Security Assessment Tool (CSAT), which houses private sector chemical security plans. CISA said in a statement “This is a reminder that any organization can be affected by a cyber vulnerability and having an incident response plan in place is a necessary component of resilience.”

Risk to Business: 1.301 = Extreme

South Saint Paul Public Schools in Minnesota has informed parents, students and faculty that it is experiencing a cybersecurity problem that has knocked out online platforms, email and other digital services. The district said they were forced to shut some systems down after discovering an intrusion. Officials stressed that they are prioritizing ensuring that students and staff are able to maintain a productive learning environment.

Risk to Business: 1.462 = Extreme

Financial Transactions and Reports Analysis Centre of Canada (FINTRAC), Canada’s financial intelligence agency, has announced that it has had to pull its systems offline due to a cyber incident that struck over the weekend. The agency was quick to reassure the public that the incident did not involve the Centre’s intelligence or classified systems but did not further specify exactly which systems or functions were impacted. The incident remains under investigation.

Risk to Business: 1.702 = Severe

The City of Hamilton, Canada, a municipality located about 40 miles away from Toronto, has experienced a ransomware attack that has impacted city systems and services. The attack was discovered on February 25. Critical infrastructure including water and wastewater treatment, waste collection and transit are operational but many other city services are not. Citizens must pay taxes, tickets or fines in person. Most public agencies are without phone service, and libraries are unable to offer Wi-Fi. All city council meetings before March 15 have been canceled. No ransomware gang has claimed responsibility for the attack.

Risk to Business: 1.836 = Severe

Duvel Moortgat Brewery, maker of popular Belgian beer brand Duvel and abbey beers Vedett, Maredsous and La Chouffe, has been forced to take systems offline and halt beer production due to a ransomware attack on March 5. The company said that it does not know when production will restart. However, the company says that beer drinkers don’t need to worry because they have plenty of beer on hand and do not expect any impact on distribution. But residents of Breendonk, the Belgian village where Duvel Moortgat Brewery is located, are not having a very good March so far in terms of creature comforts – local coffee roasters Koffie Beyers was also hit by a cyberattack this week.

Risk to Business: 1.566 = Severe

The Jersey Office of the Information Commissioner is investigating a data breach at the Jersey Financial Services Commission (JFSC). The agency experienced a data breach on January 24, 2024, as a result of a misconfiguration in its third-party-supplied Registry system. The misconfiguration allowed access to non-public names and addresses. However, the stolen data did not link any individuals to registered entities or roles held. The incident is under investigation.

Risk to Business: 1.802 = Severe

The Leicester City Council says that it expects its IT systems and phone lines to be down until at least midweek after a cyberattack took out some systems on March 7, 2024. The attack snarled operations for many city services. A spokesperson said that they expect that at least some services will be restored by Wednesday. Emergency phone lines have been set up for those who need urgent assistance.