InTegriLogic Blog
The Week in Breach News: 06/21/23 – 06/27/23
This week: An unusual demand in a cyberattack on Reddit and more MOVEit victims emerge.
Gen Digital
https://www.securityweek.com/norton-parent-says-employee-data-stolen-in-moveit-ransomware-attack/
Exploit: Ransomware
Gen Digital: Technology Company
Risk to Business: 1.886 = Severe
Gen Digital, the parent company of cybersecurity brands such as Avast, Avira, AVG, Norton, and LifeLock, has confirmed that employees’ personal information was compromised in a ransomware attack tied to the MOVEit exploit. The company disclosed that some personal information of Gen employees and contractors was potentially exposed including a worker’s name, company email address, employee ID number, and in some limited cases home address and date of birth. The company was quick to note that it does not believe that any customer data was stolen.
How It Could Affect Your Business: Zero-day attacks and similar exploits are an unfortunate reality that businesses have to handle now and moving forward.
https://www.bleepingcomputer.com/news/security/reddit-hackers-threaten-to-leak-data-stolen-in-february-breach/
Exploit: Ransomware
Reddit: Online Forum
Risk to Business: 1.876 = Severe
BlackCat claims that it snatched 80GB of data from Redditt in a ransomware attack in February 2023 that is just coming to light. Reddit confirmed the attack, admitting that the bad actors made off with an array of internal documents, source code, employee data and limited data about the company’s advertisers. User data was not impacted. In an interesting twist, BlackCat is threatening to leak Reddit’s data if the company doesn’t pay the ransom and backtrack on its plans on charging for API access. Reddit has been facing backlash over its plan to charge for API access at an expected price of $0.24 per 1,000 calls.
How It Could Affect Your Business Using ransomware to punish companies for instituting unpopular policies is just one more use for that dangerous menace.
The California Public Employees’ Retirement System (CalSTRS)
https://www.planadviser.com/calpers-calstrs-hit-third-party-cybersecurity-breach/
Exploit: Ransomware
The California Public Employees’ Retirement System (CalSTRS): Benefits System
Risk to Business: 1.469 = Severe
The California Public Employees’ Retirement System, the largest of its kind in the U.S., has announced that it has fallen victim to a cyberattack thanks to the MOVEit exploit that may impact 769,000 members. CalSTRS said that it became mixed up in this ongoing cyber incident through one of its service providers, PBI Research Services, on June 24. How much and what kind of data was stolen was not available at press time. CalSTRS says that retirees and beneficiaries with impacted personal information are being contacted by mail. The California State Teachers Retirement System, the public pension fund serving California teachers, has also disclosed that it is a victim of a similar attack.
How It Could Affect Your Business: Many exploits can be avoided by regularly patching and updating software and systems.
Pilot Credentials
https://www.theregister.com/2023/06/26/american_southwest_airline_breach/
Exploit: Hacking
Pilot Credentials: Recruiting Platform
Risk to Business: 2.149 = Severe
Airline pilot recruiting platform Pilot Credentials has disclosed that it has experienced a data breach. The Texas-based company said that bad actors obtained access to its network on April 30 and the impacted airlines, including Southwest Airlines and American Airlines, were notified of the attack on May 3. The files stolen contained a range of data about pilot applicants, including their names, Social Security numbers, passport numbers, driver’s license numbers, dates of birth, Airman Certificate numbers, and other government-issued identification numbers. An estimated 8000 people had their data exposed.
How It Could Affect Your Business: This kind of very specialized data has many uses for bad actors, especially for spear phishing.
Suncor Energy
https://www.bleepingcomputer.com/news/security/suncor-energy-cyberattack-impacts-petro-canada-gas-stations/
Exploit: Hacking
Suncor Energy: Fuel Company
Risk to Business: 1.337 = Extreme
Suncor Energy, the parent company of Petro-Canada gas stations, announced last week that it had been the victim of a cyberattack. The incident left customers unable to pay with a credit card or use their rewards points. The company assured the public that they are working to fix the problem quickly, but transactions with customers and suppliers will continue to be negatively impacted until the incident is resolved. Suncor Energy also stressed that it does not believe that any customer or employee data was taken.
How it Could Affect Your Business: A cyberattack can often also lead to lost productivity and lost sales, adding more expense to the cleanup.
Ireland – Public Appointments Service (PAS)
https://www.independent.ie/irish-news/almost-16000-state-job-applicants-informed-of-possible-data-breach/a636184229.html
Exploit: Human Error
Public Appointments Service (PAS): Recruiter
Risk to Business: 2.766 = Moderate
Ireland’s Public Appointments Service (PAS), and independent recruiter for government and civil service jobs, has disclosed that it has experienced a data breach caused by an employee error. PAS said that an administrative error when collating the mailing list for job message alerts led to the exposure of some job seeker data including a candidate’s name and the job alerts that they had subscribed to for an estimated 15,471 candidates.
How it Could Affect Your Business: Employee mistakes can easily lead to expensive and damaging cybersecurity disasters, but training reduces the rate of an employee mistake.
Australia – National Disability Insurance Agency
https://www.theguardian.com/australia-news/2023/jun/20/ndis-agency-scrambles-over-risk-of-leaked-sensitive-client-information-in-hwl-ebsworth-hack
Exploit: Supply Chain Attack
National Disability Insurance Agency: Government Agency
Risk to Business: 1.607 = Severe
Australia’s National Disability Insurance Agency is working to determine the extent of data theft that is connected with a February attack on law firm HWL Ebsworth. The agency had contracted with HWL Ebsworth for representation in legal appeals brought against the agency regarding client NDIS plans. HWL Ebsworth announced that it had first learned that a cyberattack (likely ransomware) by the BlackCat group had struck the firm on June 9, 2023, and the bad actors made off with data from a number of clients. BlackCat says that it obtained 3.6TB worth of data from the firm’s clients including this agency and the Office of the Australian Information Commissioner, and the gang began releasing the stolen data on its dark web leak site last week.
New Zealand – Smartpay
https://www.reuters.com/technology/new-zealands-smartpay-experiences-ransomware-attack-2023-06-16/
Exploit: Ransomware
Smartpay: Electronic Payment Solutions Company
Risk to Business: 2.773 = Moderate
Smartpay announced that it had been the victim of a ransomware attack last week. The electronic payments provider confirmed that information from customers in Australia and New Zealand was stolen in the attack. The company did not specify exact data types, simply saying that it doesn’t collect or store individual cardholder information. Smartpay said it is investigating the incident with third-party experts CyberCX, and the government.
How it Could Affect Your Business: Banks, credit card companies, lenders and other financial industry players have been at the top of cybercriminal hit lists for the past few years.
About the author
