The Week in Breach News: 08/21/24 – 08/27/24

Seattle-Tacoma International Airport is struggling after a cyberattack that began Saturday.  So far, no mass flight delays or cancellations have been reported. The Seattle Port Authority confirmed the cyberattack at the airport, which disrupted phone systems and websites as well. The airport is investigating with the help of outside experts and is working closely with federal partners, including the Transportation Security Administration (TSA) and Customs and Border Protection (CBP). 

Halliburton, the multinational oil giant, experienced a cyberattack on Wednesday that impacted operations at its Houston headquarters. The company proactively took certain systems offline and instructed some staff not to connect to internal networks. An investigation and response efforts are ongoing, including system restoration and assessing the incident’s impact. The company said that law enforcement has been notified.

VeriSource Services, Inc. (VSI) reported a data breach to the Texas Attorney General after discovering unauthorized access to sensitive information, including names, dates of birth and Social Security numbers, belonging to employees and dependents of companies using VSI’s services. The breach occurred around February 27, 2024. On August 21, 2024, VSI began notifying affected individuals of the breach through data breach letters. 

CannonDesign, a U.S.-based architectural and engineering firm, confirmed a data breach affecting 13,000 clients following an AvosLocker ransomware attack in January 2023. Attackers accessed the firm’s network from January 19 to 25, exfiltrating names, Social Security numbers, addresses and driver’s license numbers. While CannonDesign stated there was no evidence of data misuse, the breach also exposed project schematics, client details, IT information and other sensitive documents. 

The Oregon Zoo warns visitors that payment information may have been compromised for those who bought tickets online between December 20 and June 26. An unauthorized person redirected payments from a third-party vendor, potentially accessing customer names, payment card numbers, CVV codes and expiration dates. The zoo has notified federal authorities and rebuilt a secure site for online ticket purchases.

Arizona-based semiconductor manufacturer Microchip Technology detected a cyberattack on August 17, disrupting some servers and business operations. The company isolated affected systems, leading to reduced manufacturing output and impacting its ability to fulfill orders. Microchip is working to restore IT systems and normal operations. 

Meli, a community support service based in North Geelong, has confirmed it was targeted in a cyberattack, which is under investigation. The Qilin ransomware group claimed responsibility, stating they stole 419,617 files (215 GB of data) in the August 21 attack. The group posted 14 screenshots of stolen documents, including financial statements, confidentiality agreements, passports and a Medicare card, to prove their claim. Meli’s client services remain unaffected, though some internal processes are impacted. Authorities, including Victoria Police and the Australian Cyber Security Centre, have been notified. 

Toyota revealed that a misconfigured cloud bucket exposed over 2.15 million customer records to the open internet for over 10 years, from November 2013 to April 2023. The breach affects customers of Toyota’s Connected services in Japan. Additionally, the ZeroSevenGroup cybercrime gang claims to have stolen data “from a U.S. branch”, potentially a Toyota dealer, including employee and customer details, but the provenance of the data they published has not been confirmed. Toyota says that none of its internal systems were breached, pointing to an unnamed third party as the source of the data.