InTegriLogic Blog
InTegriLogic has been serving the Tucson area since 1999, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.
The Week in Breach News: 07/07/21 – 07/13/21
Northwestern Memorial HealthCare
https://portswigger.net/daily-swig/data-breach-at-third-party-provider-exposes-medical-information-of-us-healthcare-patientsExploit: Third-Party Data Breach
Northwestern Memorial HealthCare: Hospital System
Risk to Business: 1.771= Severe
A data breach at a third-party provider, Elekta, has potentially exposed the private medical information of patients at Northwestern Memorial HealthCare (NMHC) providers. Unknown cybercriminals were able to access a database owned by Elekta, a company that provides a cloud-based platform that handles legally required cancer reporting to the State of Illinois. Those potentially affected are patients of Northwestern Medicine Central DuPage Hospital, Northwestern Medicine Delnor Community Hospital, Northwestern Medicine Huntley Hospital, Northwestern Medicine Kishwaukee Hospital, Northwestern Medicine Lake Forest Hospital, Northwestern Medicine McHenry Hospital, Northwestern Memorial Hospital, Northwestern Medicine Valley West Hospital and Northwestern Medicine Valley West Hospital.
Individual Risk: 1.603= Severe
The hospital system has announced that attackers made a copy of datasets, which include patient names, dates of birth, Social Security numbers, health insurance information, and medical record numbers. The database also contained clinical information related to cancer treatment, including medical histories, physician names, dates of service, treatment plans, diagnoses, and/or prescription information.
How It Could Affect Your Business: Proprietary data like this is cybercriminal gold. It’s both useful for committing future cybercrime and quickly saleable in the busy dark web data markets.
Morgan Stanley
https://www.bleepingcomputer.com/news/security/morgan-stanley-reports-data-breach-after-vendor-accellion-hack/Exploit: Third-Party Data Breach
Morgan Stanley: Financial Services Firm
Risk to Business: 2.216 = Severe
Morgan Stanley has reported a third-party data breach after attackers reportedly stole customer data by hacking into the Accellion FTA server of a third-party vendor. That vendor, Guidehouse, is a third-party vendor that provides account maintenance services to Morgan Stanley’s StockPlan Connect business. Guidehouse notified the investment banking company in May 2021 that attackers had accessed its Accellion FTA server. The Clop ransomware gang claimed responsibility for the original Accellion hack.
Risk to Individual: 2.462 = Severe
Morgan Stanley says that the information stolen in this incident does not include financial information but does include stock plan participants’ names, addresses (last known address), dates of birth, social security numbers and corporate/company names. The files stolen from Guidehouse’s FTA server did not contain password information or credentials that the threat actors could use to gain access to impacted Morgan Stanley customers’ financial accounts.
How it Could Affect Your Business: Ransomware can have ripple consequences that complicate response for everyone involved, creating unexpected risk.
Republican National Committee (RNC)
https://www.bloomberg.com/news/articles/2021-07-06/russian-state-hackers-breached-republican-national-committeeExploit: Nation-State Cybercrime
Republican National Committee (RNC): Political Organization
Risk to Business: 2.223=Severe
Russian-aligned nation-state cybercriminals hacked into the Republican National Committee last week. Initially dismissive of the hack, RNC officials ultimately admitted that their security had been breached. However, those officials attributed the hack to a data security incident at a subcontractor, Synnex. The RNC announced that they are working with experts at Microsoft to investigate this incident.
Customers Impacted: Unknown
How it Could Affect Your Business: Reviewing potential avenues of risk can help you and your customers make a strong defensive plan.
GETTR
https://therecord.media/gettr-leaks-email-addresses-and-user-details-in-api-security-snafu/Exploit: Hacking
GETTR: Social Media Platform
Risk to Business: 1.575 = Severe
A hacker has reported that they have breached GETTR, a new right-wing social media platform popular with personalities who have been banned from mainstream social media. The data was purportedly collected in two batches, on July 1 and July 5. According to copies of the leaked file and the leaker’s claims, the first batch of the stolen data was collected through scraping on July 1 and the second batch was obtained through endpoint exploitation. The sum of the data collected in both leaks is estimated at more than 90,065 user profiles.
Individual Risk: 1.502 = Severe
According to the hackers, the snatched data included information such as real names, profile descriptions, site usernames, along with other public information, but also non-public information such as a user’s email address, birth year, and location information.
How it Could Affect Your Business: Strong endpoint security and security awareness training are vital for the success of security plans
Switzerland – Comparis
https://www.reuters.com/technology/ransomware-attack-hits-swiss-consumer-outlet-comparis-2021-07-09/Exploit: Hacking
Comparis: Shopping Platform
Risk to Business: 1.302 = Extreme
Swiss online consumer outlet Comparis has disclosed a ransomware attack by filing a criminal complaint. The attack purportedly blocked some of the information technology systems, causing scattered disruptions for several days. Sister company Credaris, a financial services provider that uses the same server environment, may also have experienced unconfirmed malicious access to unspecified information. According to the hackers, the snatched data included information such as real names, profile descriptions, site usernames, along with other public information, but also non-public information such as a user’s email address, birth year, and location information.
Customers Impacted: Unknown
How it Could Affect Your Business: Personal data is gold in dark web markets, and cybercriminals are hungry to find new stores of it to sell.
Germany – Spreadshop
https://www.privacysharks.com/spreadshop-hit-by-cyber-attack-payment-details-emails-and-passwords-breached/Exploit: Hacking
Spreadshop: Shopping Platform
Risk to Business: 1.919 = Severe
German merchandise platform Spreadshop has disclosed that on July 8th, 2021, it was the victim of a malicious cyberattack. The company confirmed that personal user data, including bank account details, were compromised. The platform is the commerce arm of a web of businesses that also includes Spreadshirt and TeamShirts.
Individual Risk: 2.271 = Severe
According to a statement from Spreadshop, the compromised data includes address and contractual data belonging to customers, partners, employees and external suppliers. Also affected are the payment details of a small number of customers who made payments to Spreadshirt, Spreadshop, or TeamShirts via bank transfer or who have received a refund via bank transfer.
How it Could Affect Your Business: If client data was impacted, GDPR carries stiff penalties for customer data loss and those continue to climb.
India – Technisanct
https://ciso.economictimes.indiatimes.com/news/data-breach-in-trading-platform/83829525Exploit: Hacking
Technisanct: Trading Platform
Risk to Business: 2.801 = Moderate
Big data startup Technisanct has disclosed a data breach in a trading platform that it operates in India. Information from over 3.4 million customers was compromised. The security breach was identified by Technisanct’s digital risk monitoring tool. Researchers have reported that the pilfered data was for sale in an online platform dedicated to these kinds of transactions, and some of the information was published on June 15.
Idividual Risk: 2.766 = Moderate
The company has disclosed that Personal Identifiable Information (PII) was exposed including name, customer ID, contact number, email ID, trade login ID, branch ID, city and country.
How it Could Affect Your Business: PII was the second most popular category of data in dark web markets last year according to the Verizon/Ponemon DBIR 2021 report.
Taiwan – Adata
https://www.bleepingcomputer.com/news/security/adata-suffers-700-gb-data-leak-in-ragnar-locker-ransomware-attack/Exploit: Ransomware
Adata: Computer Chip Maker
Risk to Business: 1.801 = Severe
The Ragnar Locker ransomware gang has announced that they’ve acquired more than 700GB of archived data stolen from Taiwanese memory and storage chip maker ADATA. A set of 13 archives, allegedly containing sensitive ADATA files, have been publicly available at a cloud-based storage service, at least for some time. According to reports, the largest archive is close to 300GB, and the second largest is 117GB and the archives likely contain corporate financial information, non-disclosure agreements and sales data.
Customers Impacted: Unknown
How it Could Affect Your Business: That’s a huge trove of data that will be very popular in hacker marketplaces.
About the author
