The Week in Breach News: 03/27/24 – 04/02/24

Risk to Business: 1.741 = Extreme

AT&T has confirmed that a trove of data released on the dark web belongs to its customers. The company said that the data appears to be from 2019 or earlier. This data leak is expected to impact approximately 7.6 million current AT&T account holders and 65.4 million former account holders. The telecom giant also noted that it has not determined whether the data originated from AT&T or one of its vendors, specifying that AT&T does not have evidence of a security breach within its own network at this time.  

Risk to Business: 1.856 = Severe

The City of Frederick, Maryland has disclosed that it experienced a business email compromise (BEC) in November 2023 related to a municipal construction project. Officials said that bad actors capitalized on a project to retrofit an existing municipal building, the William Donald Schaefer Building, into a police department headquarters. The saga began with a phishing attack that resulted in a fraudulent wire transfer that cost the city $280,000. The city says its network security was never compromised during the attack. The municipal government was able to recover the money minus a $50,000 insurance deductible.

Risk to Business: 1.721 = Severe

Victory is sweet for cybercriminals after a ransomware attack on snack maker Carolina Foods. The Black Basta gang has claimed responsibility for the attack, claiming it snatched 450 gigabytes of company data. No ransom demand was publicized. The company has not commented on any impact that this incident may have on its operations or production of treats like its famous honey bun.

Risk to Business: 2.103 = Severe

Fast fashion retailer Hot Topic is informing customers that they may have had data exposed as the result of a credential stuffing attack. In a data breach notice, the retailer said that the attackers targeted Hot Topic Rewards accounts in automated attacks using login information obtained from an unknown source on two occasions: November 18-19 and November 25, 2023. Customers may have their name, email address, order history, phone number, the last four digits of a payment card, date of birth and mailing addresses. Hot Topic said it has been working with cybersecurity experts in its investigation. 

Risk to Business: 2.202 = Moderate

Activision is alerting customers that they should reset their passwords after bad actors published a database of login data they stole using infostealer malware. The malware has impacted users of various gaming websites, including players that use cheat codes and pay-to-cheat services. At least 12 gaming-related outfits had data exposed in this database including Discord with 14 million entries, Battlenet with 3,662,647 entries and Activision with 561,183. The malware was distributed in a variety of ways. In one instance, malware was attached to some free or cheap software advertised to Call of Duty users. 

Risk to Business: 2.376 = Severe

Canadian discount retailer Giant Tiger says contact information for some of its customers was compromised in a data breach at one of its vendors. In an email to customers, Giant Tiger said that it confirmed that the unnamed service provider experienced a security incident on March 4, 2024, and concluded that customer information was involved by March 15. Customers may have had names, emails, addresses and phone numbers exposed. The company assured customers that no payment information or passwords were involved.

Risk to Business: 1.866 = Severe

The UK-based trade union Communications Workers Union (CWU) has disclosed that it is working to mitigate a cyberattack. Union officials first described the incident as an IT outage but later admitted that it was a cyberattack. Officials also said that some servers have been taken offline as a precaution and its email system is unavailable. A source told The Register that finance, payroll and membership information was compromised in the attack, but this was not confirmed by CWU. The union has an estimated 185,000 members including tech and telecom workers.

Risk to Business: 2.602 = Moderate

The Big Issue, a UK street newspaper sold by the unhoused, has confirmed that it has been impacted by a ransomware attack by the Qilin group. The bad actors added the publication to its dark web forum, claiming that it stole 550 gigabytes of confidential data including files related to commercial and personnel operations. The publisher said that it has engaged an external IT expert as well as working with the National Cyber Security Centre and the Metropolitan Police, to investigate the attack.