The Week in Breach News: 07/10/24 – 07/16/24

Risk to Business: 2.356 = Extreme

Telecommunications giant AT&T disclosed in a regulatory filing on Friday that hackers had breached a cloud platform containing customer data, accessing records of subscribers’ calls and text messages over a six-month period in 2022. The compromised data includes phone numbers, aggregate call duration, and some cell site details, according to AT&T. Reports suggest that AT&T paid the hackers over $307,000. An AT&T spokesperson informed CNBC that the cloud service was owned by Snowflake, the embattled cloud data platform also implicated in the recent Neiman Marcus breach.

Risk to Business: 2.356 = Extreme

The Heritage Foundation experienced a data breach last week. Self-proclaimed “Gay Furry Hackers” SiegedSec claimed credit for the attack. The group stated that this hack is the result of their opposition to Project 2025, a recently released Christian Nationalist action plan crafted to serve as a roadmap of steps that a new Trump administration could take to swing the U.S. hard to the right. The Heritage Foundation first denied that the hackers had breached their systems, then claimed that only old records from its newsletter were accessed, finally pivoting to saying that the cyberattack likely came from nation-state hackers. This is a developing story.

Risk to Business: 1.721 = Severe

The drugstore chain giant Rite Aid experienced a data breach in June following a cyberattack by the RansomHub ransomware group. While Rite Aid has not disclosed what specific customer data was accessed or the number of individuals affected, it confirmed that health or financial information was not compromised. The gang claims to have obtained over 10 GB of customer information, equating to around 45 million lines of personal data. This includes names, addresses, driver’s licenses or ID numbers, birthdates, and Rite Aid rewards numbers. Although the incident occurred in June, RansomHub only recently added Rite Aid to their site, citing a breakdown in payment negotiations.

Risk to Business: 1.812 = Severe

The Florida Department of Health (DOH) has confirmed that it was targeted by the ransomware group RansomHub. After the state refused to pay the ransom, hackers exfiltrated and published 100 gigabytes of sensitive data on the dark web. Over 20,000 files containing highly sensitive information about Floridians have been leaked, including lab results, signed medical release forms, workers’ compensation records, and COVID-19 diagnoses. Some files even contain photos of passports and detailed personal information, such as full names, dates of birth, addresses, Social Security numbers, and insurance details. Most of these records are from 2023 and 2024. Florida’s DOH says that it is in the process of notifying impacted individuals.

Risk to Business: 1.812 = Severe

Advance Auto Parts is notifying over 2.3 million individuals that their personal data was stolen in a recent data breach linked to the Snowflake data theft attacks. On June 5, 2024, a threat actor known as ‘Sp1d3r’ began selling a 3TB database purportedly containing 380 million Advance customer records, including orders, transaction details, and other sensitive information. On June 19, the company confirmed the breach in a Form 8-K filing, stating it only affects current and former employees and job applicants.

Risk to Business: 2.896 = Moderate

The Goshen Central School District in New York experienced a ransomware attack late Wednesday afternoon, resulting in the disruption of its computer services, which has subsequently affected access to phones and email systems. Authorities have been informed, and the district has initiated collaboration with cybersecurity specialists to identify the origin of the attack and promptly address the issues. Fortunately, as most U.S. schools are currently on summer break, there has been no impact on educational activities. The district’s schools and offices will continue to operate for in-person meetings, while summer programs will proceed as scheduled.

Risk to Business: 1.661 = Severe

The Walt Disney Company’s internal communications on Slack have been leaked online, revealing sensitive information about everything from advertising campaigns to interview candidates. The hacker group NullBulge has claimed responsibility for the breach, announcing in a blog post that they released over one terabyte of data from 10,000 Disney Slack channels. The conversations include computer code, studio technology discussions, the management of Disney’s corporate website, software development discussions and information on unreleased projects, with the leaked conversations dating back to at least 2019. NullBulge stated that they gained access to the information by compromising the computer of a Disney software development manager. The group said they chose to hack Disney to protect artists’ rights and compensation. This story was still developing at press time.

Risk to Business: 1.866 = Severe

Saskatoon-based Federated Co-operatives Ltd. (FCL) reported experiencing a cybersecurity “incident” impacting several of its operations, including its fuel cardlock system that provides fuel to corporate clients around the clock. The fuel cardlock system is now fully back online after being disrupted for several days. However, FCL’s website, as well as the websites of various member cooperatives, remained offline. In a statement posted on its social media channels, FCL stated that it does not believe customer data was compromised by the attack.

Risk to Business: 1.612 = Severe

Last Thursday, platinum and gold mining company Sibanye-Stillwater announced that a cyberattack on its IT system, which began Monday morning, has caused limited disruption to its global operations. The company emphasized that its core mining and processing business continues to operate normally. The Johannesburg-based precious metals producer reported that it successfully protected its data.  The attack brought down its server and disrupted the system globally. An investigation into the incident is underway.