InTegriLogic Blog
The Week in Breach News: 08/23/23 – 08/29/23
This week: A huge data breach rocks London’s Metropolitan Police and CloudNordic takes a potentially deadly blow after ransomware encrypts all its clients’ data irretrievably.
Ohio History Connection
https://www.10tv.com/article/news/local/cyberattack-on-ohio-history-connection/530-408f271d-6274-439c-b395-6e69e4df64ae
Exploit: Ransomware
Ohio History Connection: Historical Society
Risk to Business: 2.276 = Moderate
The Ohio History Connection has disclosed that it fell victim to a cyberattack in late July that led to data exposure for an estimated 7,600 people. The non-profit said that names, addresses and Social Security numbers of some current and former employees from 2009 to 2023 may have been breached. Cybercriminals may have also accessed W-9 forms revealing information about vendors. The bad actors demanded an unspecified ransom, and the Ohio History Connection admitted that it made an offer, but that offer was refused, and data has begun to leak. There is an ongoing investigation by state and federal law enforcement.
How It Could Affect Your Business: Non-profits are just as at risk for cybersecurity trouble as any other organization and they must be ready for it.
Mom’s Meals
https://www.bleepingcomputer.com/news/security/moms-meals-discloses-data-breach-impacting-12-million-people/
Exploit: Ransomware
Mom’s Meals: Meal Delivery Service
Risk to Business: 1.832 = Severe
Mom’s Meals, a medical meal delivery service for self-paying customers or people eligible for government assistance through the Medicaid and Older Americans Act programs, has announced a data breach after a successful ransomware hit. The company said that it identified suspicious activity on its networks on February 22, 2023, and determined files on its systems had been encrypted by ransomware. Interestingly, the incident stayed quiet until March 2023, when an anonymous Mom’s Meals employee tipped off an Iowa news outlet to the company’s “internet issue” that had caused the employee to miss work and pay for a week. July 10, 2023, confirming the hackers had accessed the following data: a customer’s name, date of birth, driver’s license, state identification number, financial account information, payment card information, medical record number, Medicare and Medicaid identification, health information, treatment information, diagnosis code, meal category and cost, health insurance information, patient ID number and some Social Security numbers. The company said that 1,237,681 customers have been impacted by this incident.
How It Could Affect Your Business: Businesses that hold a variety of data can be prime targets for data thieves looking to score a quick profit.
University of Minnesota
https://www.fox9.com/news/university-of-minnesota-investigating-potential-data-breach
Exploit: Hacking
University of Minnesota: Institution for Higher Learning
Risk to Business: 1.673 = Severe
The University of Minnesota has admitted that it has suffered a major data breach that impacts an estimated 7 million alumni involving data going back to the 1980s. University officials said that they became aware of a possible breach after a cybercrime group claimed to have snatched data from the university in late July 2023. The unnamed hacker claimed to have stolen a database containing seven million Social Security numbers. Officials said that their preliminary investigation showed that the stolen data was collected in 2021 or earlier. The incident remains under investigation.
How It Could Affect Your Business: Schools at every level have been under siege by bad actors hoping to score a quick ransomware payment.
United Kingdom – Metropolitan Police
https://www.bbc.com/news/uk-england-london-66631386
Exploit: Supply Chain Attack
Metropolitan Police: Law Enforcement Agency
Risk to Business: 1.310 = Extreme
London’s Metropolitan Police is facing a storm after a data breach at a contractor led to the exposure of sensitive data for an estimated 47,000 personnel. The contractor handled printing warrant cards and staff passes. A range of sensitive data was exposed, including personnel names, photographs, ranks, vetting levels and identification numbers. However, officials were quick to note that personal details like home addresses, phone numbers and financial information belonging to police personnel were not accessed. The National Crime Agency (NCA) was called in to investigate and other government agencies.
How It Could Affect Your Business: Supply chain attacks are escalating, and just one attack on a supplier can be a big problem that brings big bills for any organization.
France – Pôle emploi
https://www.bleepingcomputer.com/news/security/data-breach-at-french-govt-agency-exposes-info-of-10-million-people/
Exploit: Supply Chain Attack
Pôle emploi: Government Agency
Risk to Business: 1.673 = Severe
France’s unemployment registration and financial aid agency Pôle emploi has announced that it had experienced a data breach thanks to a service provider being caught up in the ongoing MOVEit exploit spree. An estimated 10 million people had personal information exposed in this incident, the second largest single incident population so far in the MOVEit saga. The exposed data includes a citizen’s full name and social security number. The agency said that email addresses, phone numbers, passwords, and banking data were not compromised.
How it Could Affect Your Business: Governments of every size and government agencies have been high on cybercriminal hit lists.
Denmark – CloudNordic
https://techmonitor.ai/technology/cybersecurity/ransomware-attack-on-cloudnordic-azerocloud-loses-all-data
Exploit: Ransomware
CloudNordic: Cloud Hosting Company
Risk to Business: 1.012 = Extreme
Danish cloud hosting company CloudNordic is facing an existential crisis after an August 18 ransomware attack wiped out all of its clients’ stored data. Its sister cloud host, AzeroCloud is also in the same boat. CouldNordic said that widespread encryption has resulted in client data becoming inaccessible. The attackers hacked into network-linked cloud servers used by both companies during a migration to another data center. This enabled the hackers to gain wide access to backup systems and entire data storage silos, leading to near-complete encryption. The hackers have demanded a ransom of approximately $150,000.
How it Could Affect Your Business: One successful ransomware attack can be enough to deal a company a blow that they may not be able to recover from.
Australia – Pareto Phone
https://www.abc.net.au/news/2023-08-23/qld-charity-donors-dark-web-cyber-criminals-pareto-phone/102757194
Exploit: Hacking
Pareto Phone: Telemarketing Firm
Risk to Business: 1.302 = Extreme
Many charities that used Pareto Phone for some of their fundraising efforts are finding out that their donors may have had data exposed after the company admitted to a data breach. Some of the charities impacted include The Cancer Council, Canteen, Australian Conservation Foundation and Fred Hollows Foundation. Some of the charities are saying that Pareto retained their donors’ information without their knowledge, including information that was up to nine years old. That donor information has now been released on the dark web. Canteen said that its donors’ full names, date of birth, addresses, email addresses and phone numbers had been released, but not financial information. More than 70 charities may have been impacted in the incident.
How it Could Affect Your Business: This expensive disaster will be even worse if the company has improperly held or failed to destroy data as required by Australia’s privacy rules.
Japan – Seiko
https://www.bleepingcomputer.com/news/security/japanese-watchmaker-seiko-breached-by-blackcat-ransomware-gang/
Exploit: Ransomware
Seiko: Watchmaker
Risk to Business: 1.682 = Severe
The BlackCat/ALPHV ransomware gang has claimed responsibility for a ransomware attack on renowned Japanese watchmaker Seiko. The company disclosed on August 10 that an unauthorized party had gained access to its network. BlackCat has begun posting samples of the stolen data including production plans, employee passport scans, new model release plans, specialized lab test results, technical schematics and Seiko watch designs. Seiko said that it has commissioned a team of external cybersecurity experts to investigate the incident and apologized to its customers.
How it Could Affect Your Business: Bad actors aren’t just looking for personal or financial data, they’re happy to steal a company’s intellectual property and research data too.