The Week in Breach News: 05/24/23 – 05/30/23

Risk to Business: 1.886 = Severe

BlackCat has claimed responsibility for a ransomware attack impacting Casepoint, a legal technology platform used by the Securities and Exchange Commission and the Department of Defense as well as major brands. The bad actors claim to have stolen 2TB of company data including sensitive files like attorney notes, publishing what appears to be an ID scan and a certificate as proof of the hack. No information about a ransom amount had been released at press time.

Risk to Business: 1.876 = Severe

Managed Care of North America (MCNA) Dental, one of the biggest government-sponsored (Medicaid and CHIP) dental care and oral health insurance providers in the U.S., has announced a data breach that could impact nine million people. MCNA noted that it became aware of unauthorized access to its computer systems on March 6th, 2023. Patient data that may have been exposed in this incident includes a patient’s full name, address, date of birth, phone number, email, Social Security number, driver’s license number, government-issued ID number, health insurance (plan information, insurance company, member number, Medicaid or Medicare ID numbers), plans of care for teeth or braces (visits, dentist name, doctor name, past care, x-rays/photos, medicines, and treatment), bills and insurance claims information.

Risk to Business: 2.769 = Moderate

Philadelphia-based tire retailer SimpleTire is in hot water after a database configuration error led to the exposure of 1TB of records. Internet researchers uncovered a non-password protected database that was publicly accessible to anyone with an internet connection for at least three weeks before finally being locked down. The SimpleTire database contained over 2.8 million records, including nearly 1.2 million order confirmation PDFs. Possibly exposed data for customers includes customer names, phone numbers and billing addresses as well as partial credit card numbers and expiration dates.

Risk to Business: 1.719 = Severe

The BlackByte ransomware gang has claimed responsibility for a ransomware attack that has impacted the city of Augusta, Georgia. The ransomware attack took down city websites that are being slowly restored. BlackByte also claims to have snatched sensitive data, leaking a sample of 10GB of data as proof. The data sample posted contains payroll information, contact details, personally identifiable information (PII), physical addresses, contracts and city budget allocation data. BlackByte appears to be demanding a ransom of $400,000.

Risk to Business: 2.781 = Moderate

Fresh Del Monte Produce has filed a data breach notification saying that some employee information may have been stolen in a data security incident. The data breach occurred in January 2023, when Fresh Del Monte first noticed unauthorized activity on its network. The breached information varies depending on the individual, it may include current and former employees. The information exposed includes the employee’s name, Social Security number, driver’s license number, passport number, financial account information and protected health information.

Risk to Business: 1.826 = Severe

 Apria Healthcare has disclosed that a data security incident in its network may have led to data exposure for two million people. In a strange twist, Apria said that it discovered the intrusion in late 2021 and it is just informing people who were affected now. Apria also said that it didn’t believe any of the exposed data had been misused. Instead, Apria’s data breach letter to people potentially impacted stated that Apra “believes the purpose of the unauthorized access was to fraudulently obtain funds from Apria and not to access personal information of its patients or employees.” Exposed patient data includes personal, medical, health insurance and financial information, financial information including bank account and credit card numbers in combination with security codes, access codes, passwords and account PINs and Social Security numbers.  

Risk to Business: 2.807 = Moderate

The Insurance Information Bureau of India (IIB), an industry repository of data and analytics, has been hit by a ransomware attack. The attack took place between March 30 and April 3, 2023, and first came to light in April. Compromised administration accounts enabled bad actors to deploy ransomware, knock out IBB’s website and encrypt its data. No group has claimed responsibility, but news outlets are reporting that a $250,000 ransom has been demanded.

Risk to Business: 1.386 = Extreme

Suzuki Motorcycle has experienced an operational disruption as the result of a successful ransomware attack. Production of bikes and scooters at Suzuki Motorcycle’s Indian plant has ground to a halt resulting in a loss of an estimated 20,000 vehicles. The company has also postponed its annual supplier conference, likely as a result of the attack. No group has claimed responsibility and no ransom demand has been made public. Suzuki says that the incident is under investigation.