InTegriLogic Blog
The Week in Breach News: 03/14/23 – 03/21/23
Essendant
Exploit: Ransomware
Essendant: Office Supply Retailer
Risk to Business: 1.702 = Severe
Essendant, a wholesale distributor of office products, has disclosed that it is experiencing a significant and ongoing outage due to ransomware that knocked the company’s operations offline. The LockBit ransomware group had claimed responsibility for the attack, adding Essendant to its dark web leak site on March 14, 2023. Essendant’s network outage began around March 6 and has impacted many facets of the company’s operations including placement and fulfillment of online orders as well as freight carrier pickups. No ransom amount was specified.
How It Could Affect Your Business: Suppliers and service providers have been squarely in cybercriminal sights.
U.S. National Basketball Association (NBA)
Exploit: Misconfiguration
U.S. National Basketball Association (NBA): Sports League
Risk to Business: 2.711 = Moderate
The U.S. National Basketball Association (NBA) is notifying fans of a data breach after some of their personal information was found to have potentially been exposed through a contractor for the league. A breach notice mailed to impacted fans said: “We recently became aware that an unauthorized third party gained access to, and obtained a copy of, your name and email address, which was held by a third-party service provider that helps us communicate via email with fans who have shared this information with the NBA.” The third-party contractor has not been named. The NBA reassured fans that its network has not been hacked and that fans usernames and passwords for NBA sites were safe.
How It Could Affect Your Business: Supply chain attacks have been consistently rising as cybercriminals look for new ways to squeeze businesses.
NorthStar Emergency Paramedic Services
Exploit: Hacking
NorthStar Emergency Paramedic Services: Ambulance Service
Risk to Business: 1.808 = Severe
Tuscaloosa, Alabama’s NorthStar Emergency Paramedic Services has informed patients that their information may have been exposed in a hacking incident. In an announcement on its website, the service told customers that on September 16, 2022, NorthStar discovered unusual activity on its network. Investigators determined that a threat actor had gained access to patient information. Patient data that may have been exposed includes individuals’ names, Social Security numbers, dates of birth, patient ID number, treatment information, Medicare/Medicaid number and/or health insurance information. Impacted patients have been informed by letter.
How It Could Affect Your Business: Even a small healthcare sector business will incur a big fine if they have an information security issue.
Belgium – Centre Hospitalier Universitaire (CHU) Saint-Pierre
https://therecord.media/brussels-hospital-cyberattack-belgium-saint-pierre
Exploit: Hacking
Centre Hospitalier Universitaire (CHU) Saint-Pierre: Medical Center
Risk to Business: 1.623 = Severe
Centre Hospitalier Universitaire (CHU) Saint-Pierre in Brussels experienced a major disruption last week as the result of an unnamed cyberattack. The incident led to ambulances being diverted and staffers were forced to resort to old-school paper records because of a systems outage that lasted for several days. The hospital managed to get its servers back up and running over the weekend. An investigation into the incident is ongoing and appropriate law enforcement authorities have been notified. The hospital’s website remained unavailable on Monday.
How It Could Affect Your Business: IBad actors know that hospitals are time-sensitive institutions, making them especially attractive ransomware targets.
The Netherlands – Royal Dirkzwager
https://securityaffairs.com/143714/cyber-crime/play-ransomware-royal-dirkzwager.html
Exploit: Ransomware
Royal Dirkzwager: Maritime Logistics Company
Risk to Business: 2.899 = Moderate
Dutch maritime logistics firm Royal Dirkzwager has been struck by a ransomware attack by the Play ransomware group. The company was added to Play’s leak site over the weekend, with 5G of sample data provided as proof of the hack. The group claims to have snatched proprietary data as well as personal confidential data like employee IDs, passports and contracts. The company confirmed the attack but did not say whether or not they planned to pay a ransom, also saying that they have notified the Dutch Data Protection Authority.
How it Could Affect Your Business: Shipping companies, both on land and by sea, have become favored targets for cybercriminals in the last two years.
Switzerland – Hitachi Energy
https://securityaffairs.com/143640/data-breach/hitachi-energy-data-breach.html
Exploit: Hacking
Hitachi Energy: Energy Technology Company
Risk to Business: 1.709 = Severe
Hitachi Energy is the latest company to admit that they fell victim to an attack by the Cl0p ransomware group. The gang has been on a spree, exploiting a zero-day vulnerability in Fortra’s GoAnywhere managed file transfer (MFT) software. Cl0p claims to have breached more than 130 organizations through the vulnerability. California-based digital bank Hatch Bank, healthcare provider Community Health Systems and cybersecurity firm Rubrik have publicly admitted to being hit in that wave of attacks. Hitachi said that the incident may have resulted in the exposure of employee personal data but not consumer data, and that its network operations were not impacted.
How it Could Affect Your Business: Infrastructure targets are constantly at risk, and bad actors discovering a zero-day exploit doesn’t help the cause.
Australia – QIMR Berghofer
https://www.abc.net.au/news/2023-03-20/australias-largest-cancer-survey-hit-by-data-breach/102105720
Exploit: Supply Chain Attack
QIMR Berghofer: Medical Researcher
Risk to Business: 1.711 = Severe
Patients who participated in Australia’s largest skin cancer study are learning that their personal data may have been accessed by bad actors as part of a data security incident at a third-party contractor for the medical research company QIMR Berghofer. Servers owned and operated by Datatime, a technology company hired by QIMR Berghofer to scan and process surveys, were hacked, resulting in the personal data of an estimated 1,000 Australians becoming exposed. Impacted patients may have had data including their name, address and Medicare numbers accessed by cybercriminals. Datatime maintained that it intended to delete the survey data after 12 months, but hackers struck before that time had elapsed.
How it Could Affect Your Business: A hack like this scores medical data and personal data at the same time, giving bad guys two valuable commodities on the dark web.
Australia – Latitude Financial
https://www.smh.com.au/business/banking-and-finance/328-000-ids-feared-stolen-in-sophisticated-latitude-financial-hack-20230316-p5cslo.html
Exploit: Credential Compromise
Latitude Financial: Financial Services Firm
Risk to Business: 1.473 = Extreme
Consumer credit and finance provider Latitude Financial said it has been the victim of a hacking incident. The company provides consumer finance services to a variety of retailers including Harvey Norman, JB Hi-Fi and The Good Guys. Latitude has disclosed that bad actors made off with the identification documents of 328,000 consumers including the driver’s license details of about 100,000 customers. Reports say that Latitude’s network was breached directly, enabling bad actors to gain access to two of Latitude’s service providers. The incident is ongoing, and Latitude has admitted that the scope of the stolen data may grow.
How it Could Affect Your Business: Credential compromise inevitably leads to bad outcomes like this expensive, damaging disaster.