The Week in Breach News: 09/11/24 – 09/17/24

Kemper Sports Management, a golf course management and hospitality company, has disclosed a data breach affecting the personal information of over 62,000 individuals. The breach involved unauthorized access to systems containing names and Social Security numbers, which was discovered in April 2024. The breach primarily impacted current and former employees. Affected individuals will receive one year of complimentary credit monitoring and identity restoration services.

A data breach at Infosys McCamish Systems affected over 6 million customers of T. Rowe Price Retirement Plan Services and New York Life Group Benefits Solutions. The Infosys McCamish Systems breach also impacted Principal Life, Prudential and Oceanview Life. The incident resulted in bad actors gaining access to consumers’ sensitive information. T. Rowe Price has notified affected individuals. The Infosys McCamish Systems breach has so far impacted at least five companies.  

Slim CD, a provider of electronic payment processing software, reported that nearly 1.7 million credit card records were exposed to an unauthorized actor in mid-June. The compromised data included names, addresses, credit card numbers and expiration dates. An investigation revealed the intruder accessed systems as early as August 2023, with the breach occurring on June 14, 2024, and lasting about a day. Slim CD has notified law enforcement, engaged a security specialist, and reviewed its policies to prevent future incidents.

Cybersecurity giant Fortinet confirmed that a hacker had obtained and subsequently leaked a small amount of their data from a third-party cloud-hosted storage site, The hacker, who posted under the cheeky name, “Fortibitch,” leaked 440GB of data, claiming Fortinet refused a ransom demand. The hacker claimed to have obtained the data from an Azure SharePoint site. Fortinet stressed that the incident did not involve any data encryption, deployment of ransomware or access to Fortinet’s corporate network The breach involved unauthorized access to files on a third-party cloud drive and affected less than 0.3% of its 775,000 customers. Fortinet reports no significant operational or financial impact from the incident. 

Charles Darwin School in Bromley, England, notified parents on September 6 that the “IT issues” were actually a ransomware attack. With 1,320 students, the school will be closed from September 9 to 11 while IT staff wipe devices and teachers reorganize lessons. Internet, email, and other systems are expected to be down for about three weeks. The school has reported the breach to the UK Information Commissioner’s Office and is working with a cybersecurity firm for a forensic investigation. The BlackSuit group has claimed responsibility.

Up-and-coming ransomware gang Hunters International claims to have stolen more than 5.2 million files belonging to the London branch of the Industrial and Commercial Bank of China (ICBC), a Chinese state-owned bank and financial service corporation. The gang set a deadline of September 13 for ransom payment. The fledgling ransomware group says it swiped 6.6 TB of the bank’s data. ICBC is the world’s largest bank by assets, boasting $6.3 trillion in assets as of mid-2024, with an annual revenue of $113 billion.

A hacker group called ZeroSevenGroup is claiming that they snatched 240GB of data from Toyota. The stolen information runs the gamut including employee and customer records, contracts, network infrastructure data, credentials, contacts, financial data, schematics, photos, databases and emails. The data appears to be from 2022. Toyota first said the hack was limited in scope and did not impact their systems, later pivoting to saying that the data was stolen from an unspecified third party. The company provided no further details.

The RansomHub ransomware group has leaked 487 GB of sensitive data allegedly stolen from Kawasaki Motors Europe (KME) following a recent cyberattack. The breach includes critical business documents, financial data, banking records, dealership information, and internal communications, raising cybersecurity concerns for global companies. Kawasaki publicly acknowledged the attack last week, stating that the breach had not achieved its intended goals. KME has since informed its customers about the data exposure.