InTegriLogic Blog
The Week in Breach News: 10/04/23 – 10/10/23
This week: A cyberattack slows Estes Express Lines and Sony gets caught up in a MOVEit-related data breach.
Estes Express Lines
https://www.wric.com/news/local-news/richmond/richmond-based-freight-transport-company-estes-express-lines-experiences-cyberattack/
Exploit: Hacking
Estes Express Lines: Trucking Company
Risk to Business: 1.803 = Severe
Virginia-based trucking company Estes Express lines has disclosed that it was the victim of a cyberattack. The company posted on its blog that the attack caused an outage in its core infrastructure, impacting a number of its systems. Estes was careful to say that its terminals and drivers are still effectively picking up and delivering freight. The company is still working on restoring its systems and investigating the incident.
How It Could Affect Your Business: Bad actors have been heavily targeting important hubs in the supply chain like trucking companies.
District of Columbia Board of Elections (DCBOE)
https://www.bleepingcomputer.com/news/security/dc-board-of-elections-confirms-voter-data-stolen-in-site-hack/
Exploit: Supply Chain Attack
District of Columbia Board of Elections (DCBOE): Government Agency
Risk to Business: 1.603 = Severe
The District of Columbia Board of Elections (DCBOE) has discovered that it has experienced a data breach. The agency said that its investigation into the claims has revealed that the attackers accessed voter data through the web server of DataNet, its hosting provider. DCBOE said that it became aware of cybersecurity incident on October 5. DCBOE was quick to say that its internal databases and servers were not compromised. A threat actor known as RansomedVC has claimed responsibility for the attack.
How It Could Affect Your Business: Supply chain attacks have been steadily rising and businesses need to have a plan in place to handle them.
23andMe
https://cyberscoop.com/23andme-user-data-theft/
Exploit: Hacking
23andMe: DNA Testing Company
Risk to Business: 1.873 = Moderate
23andMe is investigating a cybersecurity incident after a cybercrime group boasted of obtaining its data. The unidentified group said that it had snatched 20 million pieces of data from 23andMe. The company confirmed that certain 23andMe customer profile information was compiled through unauthorized access to individual 23andMe.com accounts but did not admit to a data breach.23andMe said that some user accounts that had opted in to 23andMe’s “DNA Relatives” service had potentially been scraped. The information obtained may have included users’ display name, profile photo, profile sex, birth year, location, predicted relationships to their match, the percent DNA match and number of shared genetic segments and portions of their genetic ancestry results, including haplogroups, which provide information about ancestry.
How It Could Affect Your Business: This kind of data is highly sensitive and cybercriminals could use it to spear phish or facilitate blackmail
Builders Mutual Insurance Company
https://www.cybersecuritydive.com/news/builders-mutual-data-breach/695697/
Exploit: Supply Chain Attack
Builders Mutual Insurance Company: Insurer
Risk to Business: 1.710 = Severe
Builders Mutual Insurance Company has discovered that an unauthorized party was able to access the company’s computer network. Builders Mutual said in a filing with the Maine Attorney General that in this incident bad actors had been able to access sensitive information belonging to claimants and current and former employees including their names, Social Security numbers, medical information, health insurance information and workers’ compensation information. The company said that the attack occurred in December 2022, but it had not determined exactly whose data had been impacted until August 2023 and it sent out data breach notification letters to those affected on September 29, 2023.
How It Could Affect Your Business: Insurers may hold a wide variety of potentially valuable information about insureds that cybercriminals would love to get their hands on.
Flagstar Bank
https://www.bleepingcomputer.com/news/security/third-flagstar-bank-data-breach-since-2021-affects-800-000-customers/
Exploit: Supply Chain Attack
Flagstar Bank: Financial Institution
Risk to Business: 1.673 = Severe
Flagstar Bank has informed an estimated 800,000 US customers had their personal information stolen by cybercriminals due to a breach at a third-party service provider. The bank said that the information had been compromised as a result of a MOVEit-related attack on one of its service providers Fiserv, a provider of payment processing and mobile banking services used by many financial institutions. Flagstaff Bank was quick to reassure customers that this incident didn’t involve any of Flagstar Bank’s systems and did not impact its ability to service the customers.
How it Could Affect Your Business: Ransomware risk has been steadily rising for companies in the financial sector, and all companies should be working to mitigate it.
United Kingdom – Lyca Mobile
https://www.hackread.com/lyca-mobile-cyber-attack-investigate-ransomware/
Exploit: Ransomware
Lyca Mobile: Mobile Virtual Network Operator
Risk to Business: 1.612 = Severe
Lyca Mobile said that it had fallen victim a cyberattack that caused widespread disruption for millions of its customers. The company said that it detected the incident on September 30 and took action to contain it. However, bad actors were able to steal some data. Lyca Mobile said that it holds customer information including names, dates of birth, addresses, copies of identity documents such as copies of passports or identity cards as well as records of customer service interactions and some payment card information, including the last four digits of customers’ credit card numbers. Lyca Mobile says that it notified the U.K.’s Information Commissioner’s Office of the incident.
How it Could Affect Your Business: Customer service records can contain a treasure trove of data for bad actors.
Australia – Royal Women’s Hospital
https://thecyberexpress.com/royal-womens-hospital-data-breach/
Exploit: Credential Compromise
Royal Women’s Hospital: Medical Center
Risk to Business: 2.802 = Moderate
The Royal Women’s Hospital in Melbourne has fallen victim to a data breach. The hospital said that cybercriminals had gained unauthorized access to a staff member’s private email account, which had been used to review and coordinate patient appointments and care strategies. An investigation uncovered that personal information belonging to 192 patients may have been exposed. Officials were quick to emphasize that there was no breach of the hospital’s official email or IT systems and that the electronic medical records of patients remain secure.
How it Could Affect Your Business: Security awareness training helps prevent employees from falling victim to social engineering and giving up their credentials.
Japan – Sony
https://www.bleepingcomputer.com/news/security/sony-confirms-data-breach-impacting-thousands-in-the-us/
Exploit: Ransomware
Sony: Electronics and Entertainment Conglomerate
Risk to Business: 1.716 = Severe
Sony revealed that it has suffered a data breach related to the MOVEit vulnerability. The company said that 6,800 current and former employees had data exposed in this indent. The Cl0p ransomware group, the gang behind the hack, added Sony to its leak site in July, but Sony just confirmed the hack. The company said that the incident occurred on May 28, just two days before the vulnerability was made public.
How it Could Affect Your Business: Zero-day vulnerabilities are becoming more frequent and that’s big problem that businesses have to face today.