InTegriLogic Blog
The Week in Breach News: 08/30/23 – 09/05/23
This week: Thieves went data shopping at Forever 21, more trouble for DeFI companies in a hacking incident at Kroll, Chinese and nation-state hackers hit Japan’s National Center of Incident Readiness.
Kroll
https://www.bleepingcomputer.com/news/security/kroll-data-breach-exposes-info-of-ftx-blockfi-genesis-creditors/
Exploit: Hacking
Kroll: Financial and Risk Advisory Company
Risk to Business: 1.676 = Severe
Kroll, a financial advisory firm, has recently experienced a data breach. The firm is handling bankruptcy proceedings for DeFi companies FTX, BlockFi, and Genesis Global Holdco. Kroll said that on August 19, bad actors targeted a T-Mobile account belonging to an employee and gained access to it. The hackers then gained access to files containing the personal information of bankruptcy claimants in the matters of BlockFi, FTX and Genesis. The company was quick to make it clear that the damage is restricted to only those three matters.
How It Could Affect Your Business: Business service providers hold a variety of information, especially personal data, that makes them prime targets for cyberattacks
Paramount
https://www.bleepingcomputer.com/news/security/paramount-discloses-data-breach-following-security-incident/
Exploit: Hacking
Paramount: Entertainment Company
Risk to Business: 1.832 = Moderate
Paramount Global disclosed a data breach after its systems got hacked and attackers gained access to personally identifiable information (PII). Paramount said in breach notification letters that the attackers had access to its systems between May and June 2023. In the attack, bad actors stole some customers’ names, date of birth, Social Security number or other government-issued identification number (such as driver’s license number or passport number) and information related to their relationship with Paramount. Paramount claims that about 100 people were impacted in this incident which remains under investigation.
How It Could Affect Your Business: Customers develop distrust for companies that allow their personal data to be stolen.
Forever 21
https://nextdoorsec.com/recent-cyber-incident-hits-forever-21/
Exploit: Hacking
Forever 21: Fashion Retailer
Risk to Business: 1.673 = Severe
Clothing retailer Forever 21 has disclosed a data breach to the Office of the Maine Attorney-General that the personal information of over 500,000 people was exposed in a cyberattack. The retailer said that a cyberattack hit its systems in March 2023. In the incident, bad actors gained access to what appears to be employee data including an employee’s full name, social security number (SSN), date of birth, bank account number and Forever 21 health plan information. Forever 21 said that it has hired a specialist firm to investigate the incident.
How It Could Affect Your Business: Retailers aren’t just at risk for exposing customer data, employee data must be protected too.
The National Safety Council
https://securityaffairs.com/150138/security/nasa-tesla-doj-verizon-2k-leaks.html
Exploit: Supply Chain Attack
Metropolitan Police: Law Enforcement Agency
Risk to Business: 1.710 = Severe
The U.S. National Safety Council (NSC), a non-profit that works to improve driving and workplace safety training, has admitted that a glitch in its’ website left information about some of the world‘s largest companies unprotected for five months. In total, the unsecured website leaked nearly 10,000 emails and passwords of their members, exposing information and leaked credentials for about 2000 organizations, including governmental organizations like the U.S. Department of Justice (DoJ), U.S. Navy, The Occupational Safety and Health Administration (OSHA) as well as big corporations like Tesla, Siemens and Exxon. NSC says that it has fixed the problem.
How It Could Affect Your Business: Employee mistakes like this one can be more costly than a cyberattack, but training can prevent them.
Callaway
https://www.bleepingcomputer.com/news/security/golf-gear-giant-callaway-data-breach-exposes-info-of-11-million/
Exploit: Hacking
Callaway: Golf Equipment Manufacturer
Risk to Business: 1.673 = Severe
Golf Giant Callaway has revealed that it fell victim to a cyberattack that may have exposed consumer data. The company said that the August 1 incident affected the availability of its e-commerce services briefly and exposed certain customer information to bad actors. Exposed customer data includes full names, shipping addresses, email addresses, phone numbers, order histories, account passwords and answers to security questions. This impacts customers of Callaway’s other brands as well including Odyssey, Ogio, and Callaway Gold Preowned.
How it Could Affect Your Business: A successful cyberattack or data security incident impacting one of a company’s brands can easily extend to others quickly.
Commission des services electriques de Montréal (CSEM)
https://therecord.media/montreal-electricity-organization-lockbit-victim
Exploit: Ransomware
Commission des services electriques de Montréal (CSEM): Infrastructure Manager
Risk to Business: 2.312 = Severe
The LockBit cybercrime gang has claimed responsibility for an attack on Montréal’s 100-year-old electricity infrastructure management organization, Commission des services electriques de Montréal (CSEM). The organization confirmed the attack occurred on August 3 but said it refused to pay the unnamed ransom. CSEM was quick to reassure the public that the data snatched in the attack represents a low risk for both the security of the public and for the operations carried out by the CSEM. The organization said all its systems have been restored and it is working with national authorities and law enforcement in Quebec to investigate the incident.
How it Could Affect Your Business: Any successful cyberattack against a utility company or manager is scary, even a minor one like this.
Australia – Pareto Phone
https://www.abc.net.au/news/2023-08-23/qld-charity-donors-dark-web-cyber-criminals-pareto-phone/102757194
Exploit: Third-party Attack
University of Sydney (USYD): Institution of Higher Learning
Risk to Business: 1.302 = Extreme
The University of Sydney (USYD) has announced that a data breach at a third-party service provider may have exposed the personal information of recently applied and enrolled international applicants. The public university started operations in 1850. USYD has not offered specifics about the types or nature of data stolen in the incident, saying that it is still under investigation. The university said that impacted students will be contacted and receive support to mitigate the risk of exposure.
How it Could Affect Your Business: Colleges and Universities have been high on cybercriminal priority lists and look set to continue to hold that position in 2024
Japan – National Center of Incident Readiness and Strategy for Cybersecurity (NISC)
https://therecord.media/japan-cybersecurity-agency-breached-report
Exploit: Nation-State Attack
National Center of Incident Readiness and Strategy for Cybersecurity (NISC): Government Agency
Risk to Business: 1.282 = Extreme
New reporting says that Chinese hackers breached Japan’s cybersecurity agency and potentially accessed sensitive data stored on its networks for nine months before being discovered. The agency admitted in August that personal data linked to stored email exchanges may have been compromised by the same threat actors in a cyberattack that hit the agency in October of last year. Chinese officials have denied that China is behind the attack.
How it Could Affect Your Business: Chinese threat actors being able to penetrate security and dwell for months is not a good look for the agency.