"Your Information Technology Leader"

Client Portal Payment Portal

Blog

InTegriLogic Blog

InTegriLogic has been serving the Tucson area since 1999, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

The Week in Breach News: 08/30/23 – 09/05/23

Breach-1

This week: Thieves went data shopping at Forever 21, more trouble for DeFI companies in a hacking incident at Kroll, Chinese and nation-state hackers hit Japan’s National Center of Incident Readiness.

 

Kroll 

https://www.bleepingcomputer.com/news/security/kroll-data-breach-exposes-info-of-ftx-blockfi-genesis-creditors/

Exploit: Hacking

Kroll: Financial and Risk Advisory Company

 

Risk to Business: 1.676 = Severe

Kroll, a financial advisory firm, has recently experienced a data breach. The firm is handling bankruptcy proceedings for DeFi companies FTX, BlockFi, and Genesis Global Holdco. Kroll said that on August 19, bad actors targeted a T-Mobile account belonging to an employee and gained access to it. The hackers then gained access to files containing the personal information of bankruptcy claimants in the matters of BlockFi, FTX and Genesis. The company was quick to make it clear that the damage is restricted to only those three matters.

How It Could Affect Your Business: Business service providers hold a variety of information, especially personal data, that makes them prime targets for cyberattacks


 

Paramount

https://www.bleepingcomputer.com/news/security/paramount-discloses-data-breach-following-security-incident/

Exploit: Hacking

Paramount: Entertainment Company

 

Risk to Business: 1.832 = Moderate

Paramount Global disclosed a data breach after its systems got hacked and attackers gained access to personally identifiable information (PII). Paramount said in breach notification letters that the attackers had access to its systems between May and June 2023. In the attack, bad actors stole some customers’ names, date of birth, Social Security number or other government-issued identification number (such as driver’s license number or passport number) and information related to their relationship with Paramount. Paramount claims that about 100 people were impacted in this incident which remains under investigation.   

How It Could Affect Your Business: Customers develop distrust for companies that allow their personal data to be stolen.


 

Forever 21

https://nextdoorsec.com/recent-cyber-incident-hits-forever-21/

Exploit: Hacking

Forever 21: Fashion Retailer

 

Risk to Business: 1.673 = Severe

Clothing retailer Forever 21 has disclosed a data breach to the Office of the Maine Attorney-General that the personal information of over 500,000 people was exposed in a cyberattack. The retailer said that a cyberattack hit its systems in March 2023. In the incident, bad actors gained access to what appears to be employee data including an employee’s full name, social security number (SSN), date of birth, bank account number and Forever 21 health plan information. Forever 21 said that it has hired a specialist firm to investigate the incident. 

How It Could Affect Your Business: Retailers aren’t just at risk for exposing customer data, employee data must be protected too.


 

The National Safety Council

https://securityaffairs.com/150138/security/nasa-tesla-doj-verizon-2k-leaks.html

Exploit: Supply Chain Attack

Metropolitan Police: Law Enforcement Agency

 

Risk to Business: 1.710 = Severe

The U.S. National Safety Council (NSC), a non-profit that works to improve driving and workplace safety training, has admitted that a glitch in its’ website left information about some of the world‘s largest companies unprotected for five months. In total, the unsecured website leaked nearly 10,000 emails and passwords of their members, exposing information and leaked credentials for about 2000 organizations, including governmental organizations like the U.S. Department of Justice (DoJ), U.S. Navy, The Occupational Safety and Health Administration (OSHA) as well as big corporations like Tesla, Siemens and Exxon. NSC says that it has fixed the problem. 

How It Could Affect Your Business: Employee mistakes like this one can be more costly than a cyberattack, but training can prevent them.


 

Callaway

https://www.bleepingcomputer.com/news/security/golf-gear-giant-callaway-data-breach-exposes-info-of-11-million/

Exploit: Hacking

Callaway: Golf Equipment Manufacturer

 

Risk to Business: 1.673 = Severe

Golf Giant Callaway has revealed that it fell victim to a cyberattack that may have exposed consumer data. The company said that the August 1 incident affected the availability of its e-commerce services briefly and exposed certain customer information to bad actors. Exposed customer data includes full names, shipping addresses, email addresses, phone numbers, order histories, account passwords and answers to security questions. This impacts customers of Callaway’s other brands as well including Odyssey, Ogio, and Callaway Gold Preowned. 

How it Could Affect Your Business: A successful cyberattack or data security incident impacting one of a company’s brands can easily extend to others quickly.


 

Commission des services electriques de Montréal (CSEM)

https://therecord.media/montreal-electricity-organization-lockbit-victim

Exploit: Ransomware

Commission des services electriques de Montréal (CSEM): Infrastructure Manager

cybersecurity news represented by agauge showing severe risk

 

Risk to Business: 2.312 = Severe

The LockBit cybercrime gang has claimed responsibility for an attack on Montréal’s 100-year-old electricity infrastructure management organization, Commission des services electriques de Montréal (CSEM). The organization confirmed the attack occurred on August 3 but said it refused to pay the unnamed ransom. CSEM was quick to reassure the public that the data snatched in the attack represents a low risk for both the security of the public and for the operations carried out by the CSEM. The organization said all its systems have been restored and it is working with national authorities and law enforcement in Quebec to investigate the incident.

How it Could Affect Your Business: Any successful cyberattack against a utility company or manager is scary, even a minor one like this.


 

Australia – Pareto Phone

https://www.abc.net.au/news/2023-08-23/qld-charity-donors-dark-web-cyber-criminals-pareto-phone/102757194

Exploit: Third-party Attack

University of Sydney (USYD): Institution of Higher Learning

cybersecurity news represented by a gauge indicating moderate risk

 

Risk to Business: 1.302 = Extreme

The University of Sydney (USYD) has announced that a data breach at a third-party service provider may have exposed the personal information of recently applied and enrolled international applicants. The public university started operations in 1850. USYD has not offered specifics about the types or nature of data stolen in the incident, saying that it is still under investigation. The university said that impacted students will be contacted and receive support to mitigate the risk of exposure. 

How it Could Affect Your Business: Colleges and Universities have been high on cybercriminal priority lists and look set to continue to hold that position in 2024


 

Japan – National Center of Incident Readiness and Strategy for Cybersecurity (NISC)

https://therecord.media/japan-cybersecurity-agency-breached-report

Exploit: Nation-State Attack

National Center of Incident Readiness and Strategy for Cybersecurity (NISC): Government Agency

1 – 1.5 = Extreme Risk

 

Risk to Business: 1.282 = Extreme

New reporting says that Chinese hackers breached Japan’s cybersecurity agency and potentially accessed sensitive data stored on its networks for nine months before being discovered. The agency admitted in August that personal data linked to stored email exchanges may have been compromised by the same threat actors in a cyberattack that hit the agency in October of last year. Chinese officials have denied that China is behind the attack.  

How it Could Affect Your Business: Chinese threat actors being able to penetrate security and dwell for months is not a good look for the agency.


 

The Week in Breach News: 09/06/23 – 09/12/23
The Week in Breach News: 08/23/23 – 08/29/23

Customer Login

News & Updates

InTegriLogic is proud to announce the launch of our new website at www.integrilogic.com. The goal of the new website is to make it easier for our existing clients to submit and manage support requests, and provide more information about our services for ...

Contact us

Learn more about what InTegriLogic can do for your business.

InTegriLogic
1931 W Grant Road suite 310
Tucson, Arizona 85745

Copyright InTegriLogic. All Rights Reserved.