The Week in Breach News: 08/07/24 – 08/13/24

ADT has disclosed a data breach resulting from a cyberattack, where threat actors accessed certain databases containing customer order information. However, ADT’s investigation indicates that customers’ home security systems and financial data, such as credit card or banking information, were not compromised. The company does not anticipate significant operational or financial impacts. The threat actor claims that over 30,800 records, including customer emails, addresses, user IDs and purchase details, were exposed in the breach.

McLaren Health Care confirmed that the disruption to its IT and phone systems was due to a cyberattack. The healthcare provider said its IT team is working with external cybersecurity experts to assess the attack and reduce its impact. It’s unclear if any patient or employee data was compromised. Despite the disruption, most facilities remain operational, including emergency departments and most surgeries. Some non-emergency appointments are being rescheduled as a precaution. The attack affected all 13 Michigan hospitals and the health system’s network across Michigan, Indiana and Ohio. 

First Commonwealth FCU notified individuals of a data breach via mailed letters on August 2, 2024. The breach was discovered after investigating suspicious activity on its network starting June 27, 2024. The investigation revealed that hackers had compromised a significant amount of personal information, including names, Social Security numbers, and account details. 

CSC ServiceWorks recently disclosed that tens of thousands of individuals had their personal information stolen in a cyberattack that occurred in 2023. The New York-based company, which provides over a million internet-connected laundry machines to residential buildings, hotels and university campuses across North America and Europe, confirmed in a data breach notification filed late on Friday that the breach affected at least 35,340 people, including more than 100 in Maine. CSC employs over 3,200 team members, according to its website.

The Sumter County Sheriff’s Office in Florida has been targeted by the Rhysida ransomware group, which has threatened to release stolen data including ID scans and fingerprints. The Sheriff’s Office disclosed the attack on Tuesday, stating that while law enforcement operations will not be affected, access to some records may be limited during the investigation. The Rhysida group posted the breach on its leak site Friday, with a seven-day countdown for bidding on the stolen data, starting at 7 bitcoin (approximately $423,000). 

A cyberattack on UK-based Mobile Guardian, a mobile device management firm, has caused widespread disruption to schools and businesses across North America, Europe, and Singapore. The attack resulted in data loss and the remote wiping of iOS and ChromeOS devices for thousands of users. Mobile Guardian confirmed the incident, which occurred on August 4th, affected users globally. In Singapore, the education sector was hit hard, with around 13,000 students from 26 secondary schools having their iPads and Chromebooks rendered inoperable.

Schlatter Industries, a Switzerland-based manufacturer, reported a ransomware attack had hit its network last Friday. The attack took out the company’s email system. The company is investigating whether data was stolen while working to restore system functionality. Schlatter Industries did not share the ransom demand. Schlatter Industries specializes in resistance welding technology and manufacturing weaving machines for specialized purposes.

Australian gold miner Evolution Mining reported a cyberattack last week, joining a wave of similar incidents. The company has notified the Australian Cyber Security Centre and stated that the attack is not expected to impact operations. Evolution worked with external cyber forensics experts to investigate the incident, which was discovered on August 8. The company believes the attack is now contained but did not disclose details about the ransomware or any potential extortion payment.