The Week in Breach News: 06/12/24 – 06/18/24

Risk to Business: 2.201 = Severe

PCBA manufacturing giant Keytronic reported a data breach by the Black Basta ransomware gang, which leaked 530GB of stolen data. Initially an OEM for keyboards and mice, Keytronic disclosed in SEC filings that a May 6 cyberattack disrupted operations, causing a two-week shutdown in the U.S. and Mexico. The attack also compromised unspecified personal information. Keytronic confirmed the incident will significantly impact its financial performance in the fourth quarter ending June 29, 2024, though normal operations have now resumed.

Risk to Business: 1.856 = Severe

Truist Bank, a major U.S. commercial bank, has confirmed a data breach resulting from an October 2023 cyberattack. A threat actor known as Sp1d3r is selling stolen data allegedly containing information of 65,000 employees, bank transactions, client details like names and account numbers, as well as source code for Truist’s automated phone system, for $1 million on a hacking forum. Truist’s investigation revealed that an unauthorized party accessed a small number of employee accounts on October 27, 2023, enabling them to access client information. The bank did not provide further details on the extent of the breach.

Risk to Business: 1.721 = Moderate

Tile, the Bluetooth tracking device company owned by Life360, has suffered a major data breach in which hackers stole sensitive customer data like names, physical and email addresses and phone numbers. The hackers also accessed law enforcement tools used for location requests, suggesting potential hacktivism motives. They have demanded a ransom for the safe return of the data through an email to Life360. However, Tile has reassured customers that financial information and individual device locations were not compromised in the hack.

Risk to Business: 1.803 = Severe

Cleveland city officials have confirmed that the city’s government systems were hit by a ransomware attack, leading to the closure of City Hall for most of the week. The attack, discovered on Sunday, has disrupted various services, including the processing of building permits and vital records. While employees have returned to work, City Hall will remain closed to the public on Monday as efforts continue to restore and recover the computer systems. The duration of the closure is currently unknown as officials work to resolve the issues caused by the ransomware attack. 

Risk to Business: 1.312 = Extreme

Snowflake, a cloud data platform, has finally acknowledged that up to 165 of its customers may have had their information potentially exposed as part of a data theft and extortion campaign. Initially, the embattled company claimed only a limited number of customers were impacted, and an executive even claimed that those customers’ own weak security practices were to blame. However, Snowflake has since partnered with Mandiant to investigate the incident. Mandiant is tracking the problem as UNC5537, calling the perpetrator a financially motivated threat actor. The situation remains evolving, with the company reassessing the scope of the breach as the investigation progresses.

Risk to Business: 1.376 = Extreme

A cyberattack on Synnovis, a pathology services provider for the UK’s NHS, disrupted over 800 surgeries and 700 outpatient appointments. Synnovis, a partnership between Guy’s and St Thomas’ NHS FT, King’s College Hospitals NHS FT and SYNLAB, confirmed the attack on June 3, 2024. The incident mainly affected patients at Guy’s, St Thomas’, King’s College Hospitals, and GP services in Bexley, Greenwich, Lewisham, Bromley, Southwark and Lambeth. NHS officials assured that emergency care remains available and advised patients to attend appointments unless informed otherwise, warning that recovery may take several weeks.

Risk to Business: 1.866 = Severe

Major Russian discount retail chain Verny, with over 1,000 stores across the country, suffered a disruptive cyberattack over the weekend. The attack crippled the company’s operations for several days, forcing its stores to accept only cash payments, as indicated by printed signs on their doors. The company’s general director suspects the attack was an extortion attempt, although no specific ransom demand was mentioned. The unknown attackers disabled Verny’s website and mobile app, preventing the supermarkets from processing bank card payments or handling online orders and deliveries. 

Risk to Business: 2.602 = Moderate

The Victorian Racing Club (VRC) has confirmed being the victim of a cyberattack by the Medusa ransomware operation, which claims to have obtained over 100 gigabytes of the club’s data. The Medusa gang is demanding a ransom of $700,000 to delete the data. The leaked data includes information related to gaming machines, financial details, customer invoices, marketing details, personal information of VRC members such as names, email addresses, and mobile phone numbers. The VRC has informed the Australian Cyber Security Centre about the attack and stated that operations will continue as normal.