The Week in Breach News: 05/08/24 – 05/15/24

Risk to Business: 1.741 = Severe

Dell has admitted that it suffered a data breach. The company said that 49 million customer records dating back to 2017 were snatched by cybercriminals. A bad actor has claimed on the dark web that they obtained the records by hacking the company’s partner portal. Customers who purchased or own Dell hardware may have had data exposed including warranty information, service tags, customer names, installed locations, customer numbers and order numbers. Dell was quick to reassure customers that the stolen records did not include financial or payment information, email address, telephone number or any highly sensitive customer data. 

Risk to Business: 1.856 = Severe

Officials have admitted that the Rockville Volunteer Fire Department in Rockville, MD, fell victim to a business email compromise (BEC) attack. A spokesperson said that the fire department intended to purchase new ambulances. In late April 2024, volunteer fire department officials picked a vendor, approved the purchase of two units, signed the contract and put down a $220,000 deposit. Unfortunately for the volunteer fire department, when it initiated the wire transfer to the ambulance manufacturer, cybercriminals intercepted it, routing the money to themselves. An investigation revealed that the computer used for the transfer was infected with malware and had been spoofed. The fire department’s bank was only able to recover $100k.  

Risk to Business: 1.721 = Severe

Zscaler said it had to take a test environment offline for analysis after discovering that it had been hacked. The company confirmed that it is investigating a cybersecurity incident on May 8, 2024. Around the same time, dark web player IntelBroker announced that it is selling SMTP access, PAuth access, and SSL passkeys and certificates for a total price of $20,000 in cryptocurrency. Zscaler stressed that its production, customer and corporate environments were not impacted. However, screenshots provided by IntelBroker appear to indicate that other servers may have been impacted.

Risk to Business: 1.803 = Severe

Brandywine Realty Trust has confirmed that it has fallen victim to a ransomware attack that resulted in the theft of data from its network. The Philadelphia-based company told regulators that the attack disrupted the company’s business operations including its corporate functions and financial reporting systems. Brandywine said that it is still investigating whether any sensitive or personal information was taken. The company has a portfolio of 70 properties across Austin, Philadelphia and Washington, DC.

Risk to Business: 2.615 = Moderate

The Ohio Lottery is sending a data breach notification to 538,959 after a ransomware attack led to a data breach on Christmas Eve 2023. The DragonForce ransomware group has claimed responsibility for the attack, claiming to have snatched 94GB of data. Officials said that they did not confirm the theft of information until April 5, 2024. Ohio Lottery is providing impacted individuals free credit monitoring and identity theft protection services through IDX. 

Risk to Business: 1.376 = Extreme

Legendary auction house Christie’s has found itself stuck with something that it didn’t want this spring: a cyberattack, just days before one of its biggest events of the year. The company said it would go ahead with its New York art auction this week, featuring an estimated $850M worth of art for up for bids. Customers noticed that the company’s website became inaccessible on May 9, 2024. By May 10, the company’s website featured a message telling visitors that Christie’s was working to restore functionality as quickly as possible. Clients were directed to telephone numbers for its offices in London, New York, Paris and Hong Kong or a general email address. This outage is especially problematic for buyers intending to bid through Christie’s website as the spring season kicks off.

Risk to Business: 1.866 = Severe

Europol has disclosed that it has experienced a cybersecurity problem related to its Europol Platform for Experts (EPE) portal. An unnamed threat actor claims that they hacked into the system and stole a variety of sensitive data, including documents marked For Official Use Only (FOUO) that contain classified data. The agency said that no operational information is processed on the EPE application, and no core systems of Europol are affected, and no operational data from Europol has been compromised.  

Risk to Business: 2.602 = Moderate

Iress Ltd., an Australian company that makes financial services software, said that it has experienced a data breach through a third party. The company said that it discovered that bad actors had intruded into its GitHub repository on May 3, 2024. Iress Ltd. Confirmed the breach, stressing that it does not hold customer or financial data in that repository. There has been no disruption to the business or its clients’ ability to use its software and systems.