The Week in Breach News: 09/27/23 – 10/03/23

Risk to Business: 1.803 = Severe

Progressive Leasing announced that it was the victim of a cyberattack last week that took down the company’s systems. The company told the U.S. Securities and Exchange Commission that bad actors stole data including customers’ personally identifiable information including social security numbers. Progressive said that it has engaged a third-party firm to investigate the incident.

Risk to Business: 1.603 = Severe

The ALPHV/BlackCat ransomware gang has added McLaren Health Care in Michigan to its list of victims on its dark web leak site. The group claims to have 6TB of data impacting 2.5 million patients. As part of this attack, McLaren was forced to shut down IT systems temporarily at 14 of its facilities. Hospitals in four states were forced to cancel appointments, divert ambulances and use paper records. The incident remains under investigation.

Risk to Business: 1.873 = Moderate

A cyberattack has left a small city in Kansas without government email, phone and online payment systems. Officials in Pittsburg, KS, population 20,000, said that the cyberattack was discovered over the weekend. They were quick to reassure citizens that the city’s emergency services and 911 capabilities were not impacted. City officials said that their IT personnel reacted quickly and took proactive measures to protect city data and network systems. The incident remains under investigation.

Risk to Business: 1.710 = Severe

Canadian Flair Airlines has suffered a data breach caused by misconfiguration. The company left credentials to sensitive databases and email addresses open for at least seven months on the flyflair.com website. The public .env files revealed the MySQL database credentials and location for the local database, the MySQL database credentials and location for the remote, internet-connected database, the SMTP configuration, including credentials and secret tokens and a Laravel App key. Other stolen data may include a database of customer records that includes a customer’s first and last name, email address, phone number, flight details (destinations, dates, flight numbers, etc.) and other personal information. 

Risk to Business: 1.673 = Severe

German motel chain Motel One had suffered a ransomware attack. The chain was added to the dark web leak site of ALPHV/BlackCat. The group claims to have stolen 24,449,137 files amounting to approximately 6 TB of data. The stolen data includes booking confirmations for the past three years as well as customer records including customers’ names, addresses, dates of reservation, payment methods and contact information. 

Risk to Business: 1.612 = Severe

A newer ransomware group called Dark Angels is claiming responsibility for a ransomware attack that shut down some of Johnson Controls’ offices. Several subsidiaries of the company in Asia and other areas experienced IT outages as officials took systems offline in response to the attack. The gang has asked for $51 million in ransom. CNN reported that they obtained an internal memo from the U.S. Department of Homeland Security raising alarm about the incident and warning that the attack on Johnson Controls may have “compromised sensitive physical security information such as DHS floor plans.” The gang claims to have snatched 27 TB of data. 

Risk to Business: 2.802 = Moderate

The European Telecommunications Standards Institute (ETSI) announced last week that it had been the victim of a cyberattack that led to a data breach. ETSI said that bad actors stole a database identifying its users. The non-profit said that bad actors were able to take advantage of an unnamed exploit to grab the data. The company said that the problem has since been corrected. ETSI has more than 900 member organizations from over 60 countries.

Risk to Business: 1.716 = Severe

 A misconfigured server is the culprit in a data breach at The World Baseball Softball Confederation (WBSC). On June 5th, security researchers discovered a misconfigured Amazon Web Services (AWS) bucket belonging to WBSC that contained nearly 48,000 files. Some of those files contained copies of 4,600 peoples’ national passports. The WBSC, headquartered in Switzerland, was established in 2013 and currently has 141 countries as members located in Asia, Africa, the Americas, Europe and Oceania.