The Week in Breach News: 06/26/24 – 07/02/24

Risk to Business: 1.801 = Severe

After claiming to have breached the Federal Reserve last week, which experts doubt, LockBit has published 33 TB of data on its dark web leak site. This data appears to have originated from Evolve Bank & Trust. On Wednesday, Evolve Bank & Trust informed its retail customers and financial technology partners that it is investigating a potential personal information breach. The bank had recently faced an enforcement action by the Federal Reserve over its anti-money laundering, risk management, and consumer compliance programs, which may have led the gang to believe they had breached the agency when obtaining this data.

Risk to Business: 2.856 = Moderate

Famed luxury department store chain Neiman Marcus has disclosed that it has had a data breach related to the recent troubles at cloud data platform Snowflake. The venerable retailer said that the dark web exposure of sensitive data about more than 64,000 people was traced back to the company’s account. In a regulatory filing, Neiman Marcus said that the attackers had snatched customers’ names, contact information, dates of birth and Neiman Marcus/Bergdorf Goodman gift card numbers. In a post that has since been removed from a notorious dark web forum, up-and-coming threat actor Sp1d3r claimed to have been behind the theft and offered the data for $150,000.

Risk to Business: 1.721 = Severe

Geisinger Health, a Pennsylvania-based healthcare provider, has disclosed a data breach affecting approximately 1M people. The breach occurred on November 29, 2023, when a former employee of Nuance Communications, a technology services vendor, accessed patient information two days after being terminated. Nuance quickly shut down the employee’s accounts and launched an investigation, revealing that personal details such as birth dates, addresses, medical record numbers, and contact information were accessed. Geisinger was quick to reassure the public that no claims, insurance details, financial information or Social Security numbers were compromised. 

Risk to Business: 1.303 = Extreme

.Mass General Brigham announced a data breach caused by two malicious insiders, potentially exposing patients’ personal information. The health system discovered the issue on April 4, 2024. The breach, involving unauthorized access for an unauthorized person that was facilitated by two now former employees, occurred between February 26, 2023, and April 2, 2024. Hospital officials say that patients’ names, addresses, medical record numbers, birthdates, email addresses, phone numbers, health insurance policy numbers, and clinical records, including visit details and diagnoses, may have been exposed in this incident. The employees involved have been fired.  

Risk to Business: 2.312 = Moderate

The INC ransomware group claims to have deployed ransomware in the network of Cambridge University Press & Assessment. On June 24, 2024, the group published stolen documents on their disclosure blog as proof of the intrusion. Cambridge University Press & Assessment has not released an official statement regarding the incident. Founded in 1534, Cambridge University Press is the world’s oldest publishing house. 

Risk to Business: 1.896 = Severe

TeamViewer, the German remote management software company, announced a recent hacking incident by the Russia-linked APT group Midnight Blizzard. On June 26, 2024, TeamViewer’s security team detected an irregularity in its internal corporate IT environment. The company reassured clients that this environment is entirely separate from the product environment, and there is no evidence that customer data or the product environment was affected. 

Risk to Business: 1.866 = Severe

Kadokawa Group, a Japanese publishing house and entertainment company, has announced that it experienced a data breach. The conglomerate is the parent company of FromSoftware, the makers of the popular videogame Elden Ring, and video sharing platform Niconico, which experienced a data breach on June 8. A significant cyberattack, including ransomware, targeted Niconico and other services. The company stated that no credit card information is stored in its systems and has not disclosed whether any data was stolen. Kadokawa Group plans to provide an update on the incident in late July.

Risk to Business: 1.412 = Extreme

The Indonesian government has confirmed that its National Data Center (PDN), operated by the Ministry of Communication and Information Technology, was hit by ransomware on June 20. The identity of the attacker appears to be LockBit, although that is unconfirmed. The attack disrupted services for at least 210 institutions, including immigration services, impacting visa, passport, and residence permit processing. The attackers demanded a ransom of $8 million.