The Week in Breach News: 03/20/24 – 03/26/24

Risk to Business: 1.741 = Severe

The Rhysida ransomware group has taken credit for an attack on Maryland-based boat dealer MarineMax. MarineMax announced in a filing with federal authorities that it fell victim to a cyberattack that led to some disruption. The gang claims to have snatched a variety of data from the boat dealer. Rhysida offered proof on its dark web site in the form of a couple of screenshots showing financial documents and spreadsheets. The gang has demanded a 15 bitcoin ($950,000) ransom.

Risk to Business: 1.766 = Severe

Securities lending platform Equilend Holdings has informed employees and former employees that their data was stolen in a January ransomware attack. The company claims that it first noticed an intrusion on January 22, 2024, and was forced to shut down systems to prevent further spreading on January 24. The LockBit ransomware group has claimed responsibility. Equilend said that all client-facing services were back online, and it did not find evidence that any client transaction data was exposed or stolen.

Risk to Business: 1.801 = Severe

Washington-based logistics technology provider Radiant Logistics says that it has been forced to shut down many of its systems in Canada due to a cyber-attack. In a regulatory filing, the company said that it first noticed an intrusion in its Canadian systems on March 14, 2024. Radiant Logistics said that upon discovery it immediately isolated its Canadian operations from the rest of its network and engaged the services of cybersecurity and forensics professionals to investigate. Some clients in Canada are experiencing shipping delays that the company claims will be resolved within the week.

Risk to Business: 1.803 = Severe

Lockbit is claiming responsibility for a ransomware attack on Crinetics Pharmaceuticals. The company said that it discovered that bad actors had gained access to its network through a compromised employee email account. The gang is demanding a $4 million payment. Crinetics said that upon discovery of the problem, it enacted its incident response plan and contracted outside cybersecurity experts to investigate. The company specified that the incident has not affected the company’s operations or its discovery and study databases.

Risk to Business: 1.702 = Severe

The city government of Jacksonville Beach, Florida has disclosed that residents likely had data exposed in a January cyberattack. City officials disclosed that in the January 29, 2024, incident, bad actors may have obtained names, Social Security numbers, driver’s license numbers and bank account information for some employees and customers of Beaches Energy Services. The incident forced City Hall and most city facilities to shut down as well as knocking out employee email and phone systems. LockBit has claimed responsibility for the attack.

Risk to Business: 2.576 = Moderate

Roku is informing customers that it has experienced a data breach. The company has disclosed that bad actors were able to gain access to an estimated 15,000 customers’ credit card information. Roku told regulators that it discovered the intrusion between January 4 and February 21, 2024, and determined that threat actors compromised its network between December 28, 2023, and February 21, 2024. Roku said that “a limited number of accounts” were accessed by bad actors using login credentials obtained from previous breaches of third-party services. Once they gained access, the cybercriminals changed the login information to gain unrestricted access and attempted to purchase streaming subscriptions using the stored credit cards. Roku was quick to reassure customers that the unauthorized actors did not gain access to customers’ Social Security numbers, full payment account numbers, dates of birth or other sensitive personal information.

Risk to Business: 1.566 = Severe

Spanish air carrier Air Europa has experienced a data breach as the result of an October 2023 cyberattack. The airline, Spain’s third largest air carrier, was recently acquired by International Consolidated Airlines Group (IAG). Customers who had data exposed have been informed by letter that their names, dates of birth, nationalities, ID cards, passport information and phone numbers may have been taken by the hackers.

Risk to Business: 2.602 = Extreme

A cyberattack on MediaWorks may have resulted in data exposure for an estimated 403,000 people. The company said that the attack took place on March 14. The perpetrator has been identified as OneERA, who claims they stole 2,461,180 records purportedly containing personally identifiable information (PII) of individuals in New Zealand. The attackers have advertised the sale of MediaWorks’ data including PII and data from other sources like survey responses, videos, music content and electoral information. MediaWorks said that The Privacy Commissioner and police have been notified.