InTegriLogic Blog
The Week in Breach News: 07/18/24 – 07/23/24
This week: Cybercriminals make themselves at home at Basset Furniture and hackers leak two companies’ data.
Basset Furniture
https://businessofhome.com/articles/cyberattack-temporarily-halts-bassett-s-manufacturing
Exploit: Ransomware
Basset Furniture: Furniture Manufacturer
Risk to Business: 2.356 = Extreme
Basset Furniture, a Virginia-based home goods company over 100 years old, experienced ransomware last week that disrupted production and snarled retail operations. Discovered on July 10, the breach led to system shutdowns and halted manufacturing. Basset’s retail stores also experienced systems outages. Production has since resumed, and the company reported that while some data files were encrypted, no consumer personal information was compromised.
How It Could Affect Your Business: Shutting down production lines at manufacturers has been a go-to tactic for ransomware groups.
Atlassian
https://securityboulevard.com/2024/07/hacker-leaks-data-of-more-than-15-million-trello-users/
Exploit: Hacking
Atlassian: Software Company
Risk to Business: 1.356 = Moderate
A hacker going by the name “emo” has released data stolen from over 15 million Atlassian Trello accounts on the dark web. Breached in January 2024 through an unsecured API, the exposed information includes user IDs, usernames, full names, profile URLs and email addresses. While most profile details were public, the email addresses were not. Atlassian said in a statement that after the incident, it made it impossible for unauthenticated users to request another user’s public information via email.
How It Could Affect Your Business: Vulnerabilities through APIs, Zero-Days and other unexpected directions are a problem that just keeps growing.
FirstNet
https://www.benton.org/headlines/reversal-att-says-most-firstnet-customers-impacted-data-breach
Exploit: Third-Party Cyberattack
FirstNet: Public Safety Communications Network
Risk to Business: 1.721 = Severe
AT&T has disclosed that it was mistaken about the impact of the cyberattack the company suffered earlier this month on FirstNet. The public safety communications network is a program run by the U.S. Department of Commerce and relied on by first responders from federal, state, local and tribal governments for emergency public safety services like fire and police departments. The company initially said only a small portion of FirstNet data was compromised, but now admits that nearly all FirstNet numbers were compromised.
How It Could Affect Your Business: It is dangerous for this type of sensitive information to end up in the wrong hands where it can be used for dark purposes.
The Superior Court of Los Angeles County
https://www.jurist.org/news/2024/07/ransomware-attack-shuts-down-los-angeles-superior-court-systems/
Exploit: Ransomware
The Superior Court of Los Angeles County: Regional Legal Authority
Risk to Business: 1.812 = Severe
The Superior Court of Los Angeles County experienced a ransomware attack last week, leading to the shutdown of its internal computer systems, leading to a slowdown in its operations. The court confirmed the breach and stated that multiple agencies are investigating and mitigating the damage. Preliminary investigations show no evidence of compromised court data. The Superior Court of Los Angeles County is the largest trial court system in the U.S.
How It Could Affect Your Business: Cybercriminals are always looking to profit from creating disruptions in the operation of important government bodies.
Life360
https://www.techradar.com/pro/security/thousands-of-life360-users-have-data-leaked-following-breach
Exploit: Hacking
Life360: Location App
Risk to Business: 1.812 = Severe
Nearly 500,000 Life360 customers just had their data leaked on the dark web. The leak follows a suspected March 2024 data breach. A threat actor using the moniker “emo” released the data on a dark web forum. The hacker said the breach occurred when a flaw in the site’s login API was exploited, exposing users’ first names and phone numbers. The issue has since been fixed. Life360 also owns Tile, the location tracking company that fell victim to a hacker attack a few weeks ago.
How it Could Affect Your Business: Bad actors are always on the hunt for the slightest opening in a company’s armor that they can exploit to strike.
Pueblo County District 70
https://www.kktv.com/2024/07/17/pueblo-county-school-district-potentially-compromised-by-data-breach-ransomware-incident
Exploit: Ransomware
Pueblo County District 70: Regional Education Authority
Risk to Business: 2.896 = Moderate
Pueblo County School District 70 is addressing a ransomware attack and data breach potentially compromising personal information of former students (1991-2006) and current/former staff. The initial attack was detected in April 2024 by a third-party IT service provider for the district, and federal officials confirmed the data breach in May. The district is working with state and federal authorities and experts from Colorado State University Pueblo to investigate and remediate.
How it Could Affect Your Business: Schools have been at the top of the cybercriminals’ ransomware target list for several years.
Croatia – The University Hospital Centre in Zagreb (KBC Zagreb)
https://therecord.media/lockbit-claims-cyberattack-croatia-hospital
Exploit: Hacking
The University Hospital Centre in Zagreb (KBC Zagreb): Medical Center
Risk to Business: 1.661 = Severe
The LockBit ransomware group claimed responsibility for a cyberattack on Croatia’s largest hospital, KBC Zagreb, forcing a one-day IT shutdown. They accessed patient and employee information, medical records, organ and donor data, and external contracts. The attack slowed emergency services, diverting patients to other institutions. While most testing continued, the radiological system was severely affected. Croatian police and security services are investigating.
How it Could Affect Your Business: A successful cyberattack on a hospital can have a disastrous impact on the local community.
Australia – Wattle Range Council
https://www.cyberdaily.au/security/10852-exclusive-south-australian-council-confirms-lockbit-ransomware-attack
Exploit: Ransomware
Wattle Range Council: Regional Government Body
Risk to Business: 1.866 = Severe
A South Australian council fell victim to the LockBit ransomware gang, which posted details of the attack and stolen data on their darknet site. LockBit claims to have stolen 103 gigabytes of data, including 46,248 files in over 7,000 folders. The stolen documents include complaint notices, rate notices, banking applications, tax invoices, and customer information from the Southern Ocean Tourist Park. The documents, accessed between June 20 and 24, appear legitimate. LockBit has set a ransom deadline of August 4.
How it Could Affect Your Business: Bad actors know that government agencies can be rich repositories of data with many types available in one place.