The Week in Breach News: 04/17/24 – 04/23/24

Risk to Business: 1.741 = Extreme

Frontier Communications has told the U.S. Securities and Exchange Commission that it experienced a cyberattack on April 14, 2024. The telecom giant said that it discovered an intrusion on that date and took measures to contain it including shutting down some systems. The shutdown led to a service interruption for some customers. Frontier also said that some customers’ information was snatched by the attackers but has not yet offered specifics. The company said that it was restoring systems as quickly as possible, and the incident is under investigation.

Risk to Business: 1.856 = Extreme

The MITRE Corporation said that suspicious activity was detected on one of its networks, causing it to shut down its Networked Experimentation, Research and Virtualization Environment (NERVE), an unclassified collaborative network used for research and development. The organization stated that a threat actor exploited two Ivanti Connect Secure zero-day vulnerabilities to target Mitre’s Virtual Private Networks, then slipped into the organization’s VMware infrastructure using a compromised administrator account. MITRE points to unnamed nation-state threat actors as the culprit.  

Risk to Business: 1.721 = Severe

Solano County, California’s Library Services system has been hit with a ransomware attack. The cyberattack occurred April 5, 2024, and affected facilities in the Solano Partner Libraries and St. Helena network, or SPLASH. The unnamed threat actors purportedly demanded $100,000 or they would release data stolen in the attack. Officials did not offer a timeline for restoration of networks or services. The incident remains under investigation.

Risk to Business: 1.803 = Severe

Notorious threat actor IntelBroker claims that it stole data belonging to 10,000 Home Depot employees. Home Depot confirmed the data breach, pointing the finger at an unnamed third-party Software-as-a-Service (SaaS) vendor. Home Depot said the vendor inadvertently made some Home Depot associates’ names, work email addresses and User IDs public during the testing of their systems. Home Depot is still investigating the incident.

Risk to Business: 1.712 = Severe

The United Nations Development Programme (UNDP) has disclosed that it has become the victim of a ransomware attack. The 8Base ransomware group has claimed responsibility. UNDP said that the attack took out the network in its Copenhagen offices. The agency believes that the attackers stole an assortment of data including human resources and procurement information. On its dark website, 8Base claims to have obtained accounting documents, personal data, employment contracts, confidentiality agreements, personal files, certificates, invoices, receipts, a “huge amount of confidential information” and more.

Risk to Business: 2.376 = Severe

Swiss pharmaceutical company Octoplasma pharma has experienced a cyberattack that impacted technology systems, leading to the temporary closure of 190 plasma donation centers in 35 U.S. states. The company said that it first identified suspicious activity in its network on April 17, 2024. Experts suspect that the fledgling ransomware gang BlackSuit is responsible for the attack. No information was offered about stolen data or a ransom demand.

Risk to Business: 1.866 = Moderate

French medical center Hospital Simone Veil in Cannes (CHC-SV) was hit by a cyberattack last week that impacted medical procedures. The system outages forced personnel to return to pen and paper. The hospital’s website directs patients to reschedule non-urgent consultations. The hospital’s phone systems were unaffected. The incident is under investigation by ANSSI, Cert Santé, Orange CyberDéfense and GHT06.

Risk to Business: 2.602 = Moderate

The troubled Pandemonium Rocks music festival has taken another massive blow after a major data breach. First, seven of the 10 acts scheduled to perform canceled their appearances. That led to a rush for refunds from angry ticketholders. Organizers said that a clerical error in the refund forms it used left the Administrator tab open. That gave bad actors a window on April 14, 2024, between 5.47 pm and 7.20 pm, to steal ticketholders’ personal data including bank details, email addresses and phone numbers.