InTegriLogic Blog
The Week in Breach News: 05/29/24 – 06/04/24
This week: LiveNation/TicketMaster hits a sour note with a major data breach and ransomware at a metal producer rocks the global supply chain.
Everbridge
https://www.bleepingcomputer.com/news/security/everbridge-warns-of-corporate-systems-breach-exposing-business-data/
Exploit: Accidental Insider (Phishing)
Everbridge: Communications Firm
Risk to Business: 1.401 = Severe
Everbridge, a crisis management software company, informed customers of a recent breach where attackers accessed files containing business and user data. Detected on Tuesday, May 21, the attackers used information from a prior phishing attack on employees to breach the system. Compromised files included admin and user contact information, subscribed services and access methods. Everbridge is collaborating with incident response experts from Mandiant and Stroz Friedberg to evaluate the breach’s severity and impact.
How It Could Affect Your Business: An employee falling for a phishing attack is a fast path to disaster, but training can mitigate the risk.
Seattle Public Library
https://statescoop.com/ransomware-seattle-public-library/
Exploit: Hacking
Seattle Public Library: Library System
Risk to Business: 1.8606 = Severe
The Seattle Public Library suffered a ransomware attack over Memorial Day weekend, forcing all 27 locations to take their systems offline. While preparing for scheduled server maintenance, the library’s systems were attacked. The website and some digital services were restored overnight, but many services, including e-book access, computers, Wi-Fi, and printing, remain affected. The library is posting updates on its blog and cannot confirm if data was compromised or when full functionality will be restored.
How It Could Affect Your Business: Every organization is at risk of a cyberattack that can disrupt its functions and services, even if it doesn’t handle much money or sensitive data.
LiveNation/Ticketmaster
https://abcnews.go.com/US/ticketmaster-hit-cyber-attack-compromised-user-data/story?id=110737962
Exploit: Third-Party Data Breach
LiveNation/Ticketmaster: Ticket Seller
Risk to Business: 1.227 = Extreme
Live Nation, the parent company of Ticketmaster, revealed Friday evening that it was the victim of a cyber attack that compromised user data. The company said in a filing with the U.S. Securities and Exchange Commission that it discovered an “unauthorized activity within a third-party cloud database,” on May 20 and promptly launched an investigation. ShinyHunters claimed responsibility for the breach in an online forum and was seeking $500,000 for the data, which reportedly includes names, addresses, phone numbers and some credit card details of millions of Ticketmaster customers.
How It Could Affect Your Business: Companies like this hold a treasure trove of profitable data that cybercriminals are always itching to get their hands on.
Canada – First Nations Health Authority
https://globalnews.ca/news/10518052/first-nations-health-authority-cyber-attack/
Exploit: Hacking
First Nations Health Authority: Government Agency
Risk to Business: 1.803 = Severe
The First Nations Health Authority in British Columbia confirmed a cyberattack on its corporate network detected on May 13. They deployed countermeasures to prevent network encryption but believe some employee and limited personal information was impacted. The health authority did not specify the type of data affected but stated no clinical information systems were impacted. They have engaged external cybersecurity experts and notified law enforcement and the Office of the Information and Privacy Commissioner.
How It Could Affect Your Business: government agencies off all types at every level have been prime targets for bad actors, a trend that looks set to continue.
UK – BBC
https://www.theguardian.com/media/article/2024/may/29/data-breach-exposes-details-of-25000-current-and-former-bbc-employees
Exploit: Hacking
BBC: Television Network
Risk to Business: 2.712 = Severe
The BBC is investigating a data breach that exposed details of over 25,000 current and former employees. The corporation’s pension scheme notified members that their information had been stolen in a data security incident, affecting about 25,290 people. The breach involved data copied from an online storage service, including names, dates of birth, sex, home addresses, national insurance numbers and pension scheme membership status. No bank details, financial information, contact details, usernames, password or health information were compromised. The BBC confirmed there is no evidence of a ransomware attack.
How it Could Affect Your Business: While not a serious breach, a data security incident like this will still rack up major costs for a company.
UK – King’s College Hospital
https://www.bbc.com/news/articles/c288n8rkpvno
Exploit: Supply Chain Risk
King’s College Hospital: Medical Center
Risk to Business: 1.376 = Extreme
Major London hospitals have declared a critical incident after a cyber-attack disrupted operations and emergency services, affecting those partnered with Synnovis, a pathology services provider. This includes King’s College Hospital, Guy’s and St Thomas’ (including the Royal Brompton and Evelina London Children’s Hospital), and primary care services. The attack has severely impacted services, particularly blood transfusions and test results, leading to some procedures being canceled or redirected to other National Health Service (NHS) providers. GP services in Bexley, Greenwich, Lewisham, Bromley, Southwark and Lambeth are also affected. Despite this, emergency care remains available, and patients should attend appointments unless advised otherwise by the NHS.
How it Could Affect Your Business: Bad actors will seek out any opening to exploit, making penetration testing a must-have to close gaps.
Norway – Norsk Hydro ASA
https://www.itprotoday.com/attacks-breaches/cyber-attack-puts-a-spotlight-on-fragile-global-supply-chain
Exploit: Ransomware
Norsk Hydro ASA: Aluminum Manufacturer
Risk to Business: 1.366 = Extreme
A ransomware attack has severely impacted Norsk Hydro ASA, a leading aluminum maker, forcing the shutdown of several automated production lines in the U.S. and Europe. The company is maintaining operations using manual processes. The aluminum industry, with few producers of technical products, is feeling the threat of supply disruption that could have a major ripple effect. It is too early to determine the exact operational and financial impact.
How it Could Affect Your Business: This is a good illustration of how the compromise of one point in the global supply chain can have far-reaching effects.
Australia – Guardian Childcare
https://www.insurancebusinessmag.com/au/news/cyber/major-childcare-provider-grapples-with-cyberattack-491544.aspx
Exploit: Hacking
Guardian Childcare: Daycare Center Operator
Risk to Business: 2.602 = Moderate
Guardian Childcare, a major provider in Victoria, suffered a cyberattack potentially affecting thousands of families. The breach led to the theft of scanned identification documents. Guardian advised affected families to contact the issuing authority for replacements and stay alert for potential scams.
How it Could Affect Your Business: Organizations that hold any data about children, especially sensitive medical or behavioral data, must take extra care to protect it.