InTegriLogic Blog
The Week in Breach News: 07/05/23 – 07/11/23
This week: A cyberattack shuts down Japan’s largest port and Sun Life is impacted by MOVEit.
The Law Foundation of Silicon Valley
https://therecord.media/thousands-affected-by-ransomware-on-law-firm
Exploit: Ransomware
The Law Foundation of Silicon Valley: Non-Profit
Risk to Business: 1.886 = Severe
A ransomware attack on a California law firm that provides free services to those in need has resulted in data exposure for an estimated 42,000 people. The Law Foundation of Silicon Valley notified regulators in California and Maine this week that the February ransomware attack on their offices resulted in a data breach. That impacted both clients and staff members. Exposed information includes Social Security numbers, medical records, immigration numbers, financial data, driver’s license numbers, financial account/payment card information, passport/government identification, taxpayer numbers, dates of birth and digital signatures. The AlphV/Black Cat ransomware group has claimed the attack.
How It Could Affect Your Business: This data breach is going to cost a fortune after state regulators get finished with this California-based organization.
National Institutes of Health Federal Credit Union (NIHFCU)
https://www.jdsupra.com/legalnews/nih-federal-credit-union-notifies-14-1232621/
Exploit: Credential Compromise
National Institutes of Health (NIH) Federal Credit Union: Financial Institution
Risk to Business: 1.876 = Severe
The National Institutes of Health Federal Credit Union (NIHFCU) filed a notice of data breach with the Attorney General of Maine on July 5. NIHFCU said that it had discovered that bad actors had gained access to an employee email account, which resulted in those bad actors gaining access to consumers’ sensitive information, including their names and Social Security numbers.
How It Could Affect Your Business The financial sector has consistently been among the top sectors that cybercriminals have been attacking in the last few years.
Advanced Medical Management
https://www.hipaajournal.com/advanced-medical-management-reports-data-breach-affecting-319485-individuals/
Exploit: Supply Chain Attack
Advanced Medical Management: Healthcare Management Services
Risk to Business: 1.669 = Severe
Advanced Medical Management has disclosed a data breach that impacted 319,485 people. The company discovered that portions of the company’s IT network that were designed and maintained by third-party vendors were accessible to an unauthorized party. Advanced Medical Management explained in a data breach notice that the incident resulted in an unauthorized party being able to access consumers’ sensitive information between May 10, 2023, and May 13, 2023. The data exposed includes names, Social Security numbers, addresses, email addresses, phone numbers, dates of birth, driver’s license numbers, protected health information, and health insurance information.
How It Could Affect Your Business: Security awareness training isn’t just for cyberattacks, it also helps employees become more conscientious about security overall to limit mistakes.
Pepsi Bottling Ventures
https://www.securityweek.com/28000-impacted-by-data-breach-at-pepsi-bottling-ventures/
Exploit: Hacking
Pepsi Bottling Ventures: Soft Drink Distributor
Risk to Business: 2.149 = Severe
Pepsi Bottling Ventures has admitted that it suffered a data breach between December 23, 2022, and January 19, 2023, that resulted in the personal, financial, and health information of the company’s employees being accessed by an unauthorized party. The breach was discovered on January 10. The compromised data belongs to current and former employees and to contractors. That data is comprised of names, addresses, email addresses, financial account information, ID numbers, driver’s license numbers, Social Security numbers, digital signatures, medical history details and health insurance information.
How It Could Affect Your Business: Employee data is a treasure trove for bad actors as it can contain PHI, PII, financial details and other information that sells fast.
Sun Life
https://www.ctvnews.ca/business/global-cyberattack-affected-some-sun-life-members-information-company-says-1.6472126
Exploit: Supply Chain Risk
Sun Life: Insurer
Risk to Business: 2.637 = Severe
Sun Life, one of Canada’s leading insurance providers, says the personal data of some of its U.S. customers has been compromised after one of its vendors was caught up in the MOVEit exploit attack spree. Sun Life made it clear that while it doesn’t use MOVEit, one of its vendors, Pension Benefit Information (PBI) did use it and some members’ personal information was accessed by an unauthorized third party using the exploit. Bad actors may have gained access to information including a client’s name, Social Security Number, policy and account number, and/or date of birth. However, no financial information like account values or medical claims was exposed.
How it Could Affect Your Business: Supply chain relationships have become increasingly fraught for businesses and that trend will continue.
Scotland – The University of the West of Scotland (UWS)
https://news.stv.tv/west-central/university-of-west-of-scotland-working-with-police-and-government-after-cyber-attack
Exploit: Hacking
The University of the West of Scotland (UWS): Institution of Higher Learning
Risk to Business: 2.766 = Moderate
The University of the West of Scotland is experiencing an ongoing cyber incident that is affecting a number of its digital systems. The university’s website is currently down and other digital systems at the university have reportedly been down for days. The university is working with experts from Police Scotland, the National Cyber Security Centre and the Scottish government in the investigation. University officials were quick to reassure the public that graduations are continuing as planned this week with no interruption.
How it Could Affect Your Business: Targets from every part of the education sector have been popular because of the often time-sensitive nature of their business.
Australia – Ventia
https://www.securityweek.com/critical-infrastructure-services-firm-ventia-takes-systems-offline-due-to-cyberattack/
Exploit: Hacking
Ventia: Critical Infrastructure Management
Risk to Business: 1.707 = Severe
Ventia, a Sydney-based company that provides long-term management, maintenance and operations services for critical infrastructure organizations has announced that it is taking some systems offline due to a weekend cyberattack. While the company has not confirmed the nature of the attack, experts are pointing to ransomware. The company says that it has engaged with external experts and law enforcement to investigate the incident, and all operations are expected to return to normal within the following days.
How it Could Affect Your Business: Infrastructure attacks and attacks on companies that support it have been continuing to increase worldwide.
Japan – The Port of Nagoya
https://www.darkreading.com/attacks-breaches/ransomware-halts-operations-at-japan-port-of-nagoya
Exploit: Ransomware
The Port of Nagoya: Seaport
Risk to Business: 1.443 = Extreme
The largest seaport in Japan and the central shipping hub for Toyota, the Port of Nagoya, experienced a ransomware attack last Tuesday that led to a total shutdown. The port’s operator, Nagoya Harbor Transportation, disclosed that it received a ransom demand from LockBit 3.0 immediately following the beginning of systems failure in the early morning. All cargo operations, including the loading and unloading of containers onto trailers, were suspended as of July 4 but port officials expected to resume operations within a few days.
How it Could Affect Your Business: This is a good example of the destructive power of cyberattacks against infrastructure. For something like a port, even a few hours of downtime is a disaster.