The Week in Breach News: 04/10/24 – 04/16/24

Risk to Business: 1.741 = Extreme

On the heels of its massive cyber disaster a few weeks ago, Change Healthcare has fallen victim to a ransomware attack yet again. A threat actor new to the scene calling themselves RansomHub claims to have snatched 4TB of sensitive data from the organization’s network. The bad actors claim to have obtained a variety of data including the personal identifying information (PII) of active US service members and other patients, medical records, insurance records, payment information and over 3,000 source code files for Change Healthcare technology.

Risk to Business: 1.856 = Extreme

Roku is cleaning up after its second credential stuffing attack in as many months. The company said about 576,000 customers were impacted. Roku said that the attackers likely did not steal any customer information. However, malicious hackers made fraudulent purchases of Roku hardware and streaming subscriptions using the payment data stored in about 400 users’ accounts. Those charges have been refunded. Roku said it discovered this incident while investigating a credential stuffing attack we covered two weeks ago. when 15,000 Roku users had their accounts compromised.

Risk to Business: 1.721 = Severe

Banking giant Wells Fargo has sent a data breach notice to some customers. In the letter, the bank said that an employee violated company policy by sending information to his personal account. Wells Fargo told customers that their personal information and mortgage account numbers were exposed in the incident. It is not known how many customers were impacted. 

Risk to Business: 1.803 = Severe

 In a rare move, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released a short statement noting that it is investigating a data breach from a cyberattack on analytics technology company Sisense. The company counts major organizations including infrastructure operators among its clients. CISA warned customers to reset their passwords immediately. The purloined data included millions of access tokens, email account passwords and SSL certificates among other data. Sisense confirmed that bad actors accessed a restricted server. The incident is under investigation.

Risk to Business: 1.712 = Severe

Conservative think tank the Heritage Foundation admitted that they fell victim to a cyberattack last week. A spokesperson from the group said that they suspect they’ve fallen victim to nation-state hackers, although there is no solid evidence that is the case. The group was not forthcoming about any stolen data.

Risk to Business: 2.376 = Severe

Classes have been canceled for a week as the result of a ransomware attack on New Mexico Highlands University (NMHU). School officials said that its Information Technology Services department identified a technology issue on April 3, 2024. NMHU said that the impacted system was the college’s internal portal for staff, students and faculty. The incident is still under investigation.

Risk to Business: 1.866 = Moderate

Toronto-based online auto retailer EBlock has fallen victim to a data breach. The company disclosed that an unauthorized party had accessed specific areas of the legacy ABS Auto Auctions infrastructure. The personal information of its clients was stolen including dates of birth, Social Security numbers, driver’s licenses, bank account numbers and bank routing numbers.  

Risk to Business: 2.602 = Moderate

The City of Saint-Nazaire, France is among five cities in the Loire Valley region that experienced a cyberattack last week that knocked out city systems and services. French officials are describing this as a “large-scale cyberattack”. The cities impacted are Saint-Nazaire, Montoir-de-Bretagne, Donges, La Chapelle-des-marais and Pornichet. In Saint-Nazaire, the attack that occurred last Tuesday night left city employees with no access to their workspaces, files or business software. No word on what, if any, data was stolen or a timeline on restoring impacted systems.