The Week in Breach News: 03/29/23 – 04/04/23

Western Digital

https://thehackernews.com/2023/04/western-digital-hit-by-network-security.html
Exploit: Hacking
Western Digital: Computer Hardware Manufacturer

Risk to Business: 1.702 = Severe
Western Digital, a California-based provider of data storage hardware, has announced that it was hit by a cyberattack last Monday. In the March 26, 2023, incident, bad actors gained access to a number of the company’s systems, forcing the company to take some services and systems offline. In a statement, the company acknowledged that My Cloud, My Cloud Home, My Cloud Home Duo, My Cloud OS5, SanDisk ibi, SanDisk Ixp and Wireless Charger products were impacted. Reports say that cloud, proxy, web, authentication, emails and push notification services are experiencing outages.

How It Could Affect Your Business: Manufacturers like this are sitting ducks as cybercriminals ramp up efforts against the supply chain.

NCB Management Services

https://www.securityweek.com/500k-impacted-by-data-breach-at-debt-buyer-ncb/
Exploit: Hacking

NCB Management Services: Debt Buyer

Risk to Business: 1.873 = Severe
Accounts receivable management company and debt buyer NCB Management Services has started informing consumers that their personal information was likely compromised in a data breach. The incident is expected to impact roughly 500,000 individuals. NCB said that hackers compromised some of NCB’s systems on February 1, 2023, giving them access to information from closed Bank of America credit card accounts. Included in this breach were names, addresses, phone numbers, email addresses, birth dates, driver’s license numbers, Social Security numbers and employment information for account holders. Financial data such as pay amounts, credit card numbers, routing numbers, account numbers and balances, and account statuses was also snatched.

How It Could Affect Your Business: Finance has been the top sector hit by cybercriminals for the last few years as the economy contracts

Lumen Technologies

https://www.cybersecuritydive.com/news/lumen-ransomware-attack/646135/
Exploit: Ransomware

Lumen Technologies: Communications and Network Services

Risk to Business: 1.311 = Extreme
Lumen Technologies has announced that it is dealing with not one but two cyber incidents. According to a filing with the U.S. Securities and Exchange Commission (SEC), Lumen discovered that a number of their servers that support a segmented hosting service had been infected with ransomware. The Louisiana-based company acknowledged that the ransomware is impacting a small number of its enterprise customers, disrupting call center operations. The company also said that in a separate incident, it had discovered that bad actors had gained access to another part of the company’s IT systems, installed a different type of malware and stole data. The firm is evaluating whether any personally identifiable information (PII) or other sensitive information was stolen.

How It Could Affect Your Business: This dose of double trouble will be a powerful blow to the company’s reputation as well as its finances.

Cornell University

https://theithacan.org/news/students-bank-accounts-hacked-because-of-ticketing-software-breach/
Exploit: Supply Chain Attack

Cornell University: Institution of Higher Learning

Risk to Business: 1.819 = Severe
Cornell University has released a security alert warning that purchase data for ticketholders at some of its recent events has been stolen as the result of a platform breach at one of its vendors, AudienceView. The school cautioned that people who had purchased tickets for shows and events organized by the Cornell Concert Series, Cornell Athletics, Cornell Tickets and the Schwartz Center for the Performing Arts may have had financial data stolen. In some cases, students reported that money had already been snatched from their bank accounts. Other colleges and universities including Ithaca College, Virginia Tech University, SUNY Oswego, Colorado State University, Loyola University Chicago and McMaster University in Canada have also been impacted by the AudienceView breach. The ticketing platform company said that the breach was caused by malware discovered in its systems and that it is working with Mandiant to investigate the incident.

How It Could Affect Your Business: This is a valuable score of fast-selling credit card and financial data that means big profits for the bad guys.

TMX Finance

https://www.bleepingcomputer.com/news/security/consumer-lender-tmx-discloses-data-breach-impacting-48-million-people/
Exploit: Hacking

TMX Finance: Consumer Lender

Risk to Business: 1.423 = Extreme
TMX Finance, a lender based in Canada with operations in the U.S. and Canada, has disclosed a data breach that impacts customers of its subsidiaries TitleMax, TitleBucks, and InstaLoan. TMX said that the breach likely began in early December 2022 but that it did not detect the breach until February 13th, 2023. The personal data of 4,822,580 customers was potentially exposed in the incident. TMX says that the exposed customer data includes a client’s Full name, date of birth, passport number, driver’s license number, federal/state identification card number, tax identification number, U.S. Social Security number, financial account information, phone number, physical address and email address.

How it Could Affect Your Business: This will be an expensive disaster for TMX after regulators in both countries wind their way through its subsidiaries.

UK – Capita

https://www.infosecurity-magazine.com/news/outsourcer-capita-contained-cyber/
Exploit: Hacking

Capita: Business Services Provider

Risk to Business: 1.709 = Severe
London-based business services giant Capita has disclosed that it has been hit by a cyberattack that has caused disruption to some of its internal processes. The company said in a statement that the cyberattack, which took place last Friday primarily impacted access to internal Microsoft Office 365 applications and some online services for customers. The fallout lasted for about three days. Capita performs crucial operations for the NHS and the military in Britain. The company was still restoring online services for customers on Monday morning.

How it Could Affect Your Business: Business services providers have been front and center in the rising tide of supply chain cyberattacks.

Italy – Toyota Italy

https://securityaffairs.com/144151/hacking/toyota-customer-data-leak.html
Exploit: Human Error

Toyota Italy: Car Company

Risk to Business: 2.836 = Moderate
Toyota Italy has acknowledged that it accidentally leaked sensitive data about its customers for at least the last 18 months. The data leak occurred through likely misconfiguration in its Salesforce Marketing Cloud and Mapbox APIs. The company exposed its credentials to the Salesforce Marketing Cloud, giving bad actors possible access to Toyota clients’ phone numbers and email addresses, customer tracking information and email, SMS and push-notification contents. The company also exposed application programming interface (API) tokens for Mapbox, a U.S. based mapmaker. Toyota Italy said that it has taken steps to close those gaps.

How it Could Affect Your Business: Even a small misconfiguration or mistake with an API can be a huge, expensive disaster for a company

Crown Resorts

https://www.reuters.com/technology/crown-resorts-data-vendor-hacked-limited-number-its-files-impacted-2023-03-27/
Exploit: Hacking

Crown Resorts: Casino Operator

Risk to Business: 2.733 = Moderate
Crown Resorts is the latest company to fall victim to the exploitation of GoAnywhere. By the Cl0p ransomware group. The company said last Monday that a ransomware group had contacted Crown Resorts, claiming to have gained access to some files through the GoAnywhere file transfer service zero-day exploit. Crown Resorts was quick to reassure the public that no customer data was compromised, and the company’s resort, casino and business operations have not been impacted. More than 100 companies have been hit by Cl0p in the GoAnywhere snafu.

How it Could Affect Your Business: This might have been avoidable with fast patching once this exploit became public weeks ago.

Meriton

https://www.9news.com.au/national/meriton-cyber-hack-australia/63d500ca-8685-466b-8097-b45c25d40697

Exploit: Hacking

Meriton: Hotel Operator

Risk to Business: 1.733 = Severe
Major Australian hotel and holiday home operator Meriton has disclosed that it has experienced a cyber indent that led to the exposure of personal data. More than 1800 guests and staff members employed by Meriton may potentially have had their data stolen when hackers struck the luxury developer on January 14, 2023. Guests staying in Meriton properties may have had their contact information exposed. Meriton employees were hit harder, with their bank accounts, tax file numbers and employment information, which includes particulars about salaries, disciplinary history and performance appraisals possibly accessed by hackers. The company said that the incident was reported to the Australian Cyber Security Centre and the Office of the Australian Information Commissioner.

How it Could Affect Your Business: This breach hit two tracks of data for Meriton, doubling its chance of a big fine.