The Week in Breach News: 07/31/24 – 08/06/24

Risk to Business: 2.356 = Extreme

A July 17 ransomware attack on OneBlood, a nonprofit serving hospitals in Florida, has disrupted its ability to ship blood products. The organization has implemented manual processes, which are slower and affect inventory availability. Over 250 hospitals were asked to activate their critical blood shortage protocols while OneBlood works to resolve the issue. State officials are pointing the finger at Russia, but that has not been confirmed. 

Risk to Business: 1.356 = Severe

Rhysida has announced that it stole 6.5 terabytes of sensitive data from City of Columbus servers following a ransomware attack on July 18. The attack led to the shutdown of multiple online city services and compromised the personal information of many police officers, including their bank accounts. Notably, no data was encrypted. The stolen information includes internal logins, city databases, a full dump of servers with emergency services applications, and access to city video cameras. Rhysida has demanded a $1.9 million ransom. The incident is under investigation by cybersecurity experts, the U.S. Federal Bureau of Investigation (FBI) and the U.S. Department of Homeland Security. 

Risk to Business: 1.721 = Severe

Jerico Pictures Inc., operating as the background-checking data company National Public Data, exposed the personal information of nearly 3 billion individuals in an April breach. The threat actor known as USDoD announced the sale of this data, including full names, Social Security numbers, and addresses, on a dark web forum for $3.5 million. National Public Data collects such information by scraping non-public sources.

Risk to Business: 2.632 = Moderate

Fresnillo PLC, the world’s leading silver producer, has reported a significant cybersecurity incident involving unauthorized access to IT systems and data. The company has activated response protocols and assures stakeholders that operations continue normally with no reported financial or operational impact. The incident is still under investigation. 

Risk to Business: 1.612 = Severe

Sable International, with offices in the UK, Australia, and South Africa, has been targeted by a sophisticated cyberattack that forced the company to shut down its servers, website, and transactional portals. The BianLian ransomware gang has claimed responsibility and is pressuring the firm by emailing demands its customers who had data stolen. As of Friday afternoon, the company’s website remains offline. 

Risk to Business: 1.896 = Severe

ZB Financial Holdings, a major Zimbabwean financial institution, suffered a ransomware attack in July, resulting in the leak of data to the internet after the company refused to pay the ransom. The leaked data includes customer and employee information, account applications, and files dating back to 2017. The attack may be connected to a notice ZB issued on July 16 about system instability.

Risk to Business: 1.661 = Severe

C-Edge Technologies: Financial Services C-Edge Technologies, a tech service provider for banks, suffered a ransomware attack, leading to its temporary isolation from the NPCI’s retail payment systems. This disruption caused nearly 300 small Indian banks to shut down temporarily. The issue, reported on July 29, impacted cooperative and regional rural banks, affecting about 0.5% of the country’s payment systems. The connection with C-Edge was restored on August 1.

Risk to Business: 2.236 = Moderate

McDowall Affleck, an Australian engineering firm specializing in designing storage tanks and pipelines, has reported a cyber incident after the RansomHub ransomware group claimed responsibility. RansomHub alleges to have accessed 470 GB of internal data, including critical documents, insurance records, and personal information. The company has notified the Australian Cyber Security Centre and regional police and is cooperating with authorities.