InTegriLogic Blog
The Week in Breach News: 03/13/24 – 03/19/24
This week: Thousands have personal data stolen in a cyberattack on a mortgage company, 11 email accounts compromised at IMF, and Scotland’s NHS has a data breach.
Nations Direct Mortgage
https://therecord.media/nations-direct-mortgage-data-breach
Exploit: Hacking
Nations Direct Mortgage: Lender
Risk to Business: 1.341 = Extreme
Nations Direct Mortgage said more than 83,000 customers were affected by a data breach in which bad actors gained access to sensitive information. The company said it discovered a cybersecurity incident on December 30, 2023, that prompted an investigation. It ultimately determined that an unauthorized party obtained customer data including a customer’s name, address, social security number and unique Nations Direct loan number. Victims will be given two years of identity protection services from Kroll.
How It Could Affect Your Business: Cybercriminals have been continuing to pressure targets in the financial sector, and not all of those targets are banks.
International Monetary Fund (IMF)
https://therecord.media/imf-february-cyberattack-email-accounts-compromised
Exploit: Hacking
International Monetary Fund (IMF): United Nations Agency
Risk to Business: 1.766 = Severe
A February 2024 cyberattack resulted in the compromise of 11 email accounts at the International Monetary Fund (IMF). Officials said that the incident occurred on February 16. IMF noted that it sought the help of independent cybersecurity experts, and their investigation determined that 11 accounts were compromised and assisted IMF in limiting the spread of the problem. A spokesperson stressed that these were not email addresses used by its top officials.
How It Could Affect Your Business: This was a lucky break for IMF. Hackers only have to gain access to one strategic user account to do big damage fast.
Scranton School District (Pennsylvania)
https://therecord.media/pennsylvania-scranton-school-district-ransomware-attack
Exploit: Ransomware
Scranton School District (Pennsylvania): Regional Education Authority
Risk to Business: 1.801 = Severe
Schools in Pennsylvania’s Scranton School District were impacted by a cyberattack last week. The district said on social media that it is experiencing widespread technology outages as a result of the attack. Students in many areas have been unable to connect to school networks and forced to resort to old-fashioned paper and pencil. School officials also noted that some files are unavailable. The district is investigating the incident with a third-party forensics firm.
How It Could Affect Your Business: Schools have been the top target for ransomware attacks for the last few years, putting sensitive student data and learning at risk.
Encina Wastewater Authority (EWA)
https://thecyberexpress.com/encina-wastewater-authority-cyberattack/
Exploit: Hacking
Encina Wastewater Authority (EWA): Utility
Risk to Business: 1.803 = Severe
The Encina Wastewater Authority (EWA) in Carlsbad, California has disclosed that it has been the victim of a ransomware attack. EWA serves over 379,000 residents and businesses across North San Diego County, California covering a 125-square-mile area. BlackByte has claimed responsibility for the attack and posted sample data to its dark web leak site as proof. EWA’s website did not go down, leading to cybersecurity experts suggesting that the gang may have penetrated the organization’s backend systems or databases instead of its visible spaces.
How It Could Affect Your Business: Infrastructure like water treatment plants are prime cyberattack targets, creating a need for sophisticated cyber defenses.
The Office of the Colorado State Public Defender
https://statescoop.com/colorado-ransomware-personal-data-february-cyberattack/
Exploit: Ransomware
The Office of the Colorado State Public Defender: Government Agency
Risk to Business: 1.702 = Severe
The Office of the Colorado State Public Defender has announced that it has experienced a data breach as the result of a February 9 ransomware attack. The agency said that it was forced to shut down systems after detecting the malware. Officials cautioned that some personal client data was exposed but could not offer any specifics. Public defenders were prevented from accessing case information, which prompted a flurry of requests for postponements that could result in a backlog of cases across Colorado.
How it Could Affect Your Business: A ransomware attack like this could lead to the exposure of very sensitive information about court cases.
Scotland – National Health Service (NHS Dumfries and Galloway)
https://therecord.media/scottish-nhs-cyberattack-healthcare-dumfries-galloway
Exploit: Ransomware
National Health Service (NHS Dumfries and Galloway): Government Agency
Risk to Business: 2.576 = Moderate
Scotland’s National Health Service (NHS) has announced that NHS Dumfries and Galloway has experienced a cyberattack. Officials say that patients may have had sensitive data exposed in the incident, but no services have been disrupted. NHS said that it is cooperating with a variety of agencies to investigate the incident including Police Scotland, the National Cyber Security Centre and the Scottish Government. Dumfries and Galloway is a region in the south of Scotland with a population of about 150,000 people.
How it Could Affect Your Business: Attacks on healthcare providers can be very dangerous for the communities they serve.
France – France Travail
https://www.bleepingcomputer.com/news/security/french-unemployment-agency-data-breach-impacts-43-million-people/
Exploit: Hacking
France Travail: Government Agency
Risk to Business: 1.566 = Severe
France’s unemployment authority France Travail has disclosed that it has experienced a data breach. The agency said that hackers broke in between February 6 and March 5 and stole details belonging to job seekers who registered with the agency in the last 20 years. Individuals’ job candidate profiles were also exposed. The data that has been exposed includes a job seeker’s full name, date of birth, place of birth, social security number (NIR), France Travail identifier, email address, physical address and phone number. Officials stressed that people’s bank details or account passwords were not compromised.
How it Could Affect Your Business: 20 years of data from a large government agency is a treasure trove for bad actors.
Japan – Fujitsu
https://www.bleepingcomputer.com/news/security/fujitsu-found-malware-on-it-systems-confirms-data-breach/
Exploit: Malware
Fujitsu: Technology Company
Risk to Business: 2.602 = Moderate
Japanese tech giant Fujitsu has determined that some of its systems were infected by malware. The company said that files containing personal information and information related to customers were stolen. In a statement, the company said A Fujitsu spokesperson said that the company has quickly shut down systems to limit the spread of the unidentified malware. Fujitsu has informed the Personal Information Protection Commission about the incident.
How it Could Affect Your Business: Ransomware isn’t the only dangerous type of malware that businesses face; nasty surprises like wiper malware are also out there.