InTegriLogic Blog
The Week in Breach News: 10/09/24 – 10/15/24
This week: A new cybercrime gang hits the scene with a spate of attacks and ADT is breached another time in just two months.
Fidelity Investments
https://thehill.com/homenews/4928970-fidelity-data-breach-exposed-info-from-77000-customers-was-your-account-compromised
Exploit: Credential Compromise
Industry: Finance
Fidelity Investments has reported a data breach to Maine’s attorney general. The filing revealed that over 77,000 customers’ personal information, including Social Security numbers and driver’s licenses, was compromised between August 17 and 19, 2024. The breach occurred through two newly established customer accounts, though Fidelity did not explain how these accounts accessed other customers’ data. Fidelity stopped the breach on August 19. The impacted clients, only a small portion of Fidelity’s 51.5 million customers, are being offered 24 months of free credit monitoring and identity restoration services.
How It Could Affect Your Business: a data breach that exposes even a small set of a company’s data can still be expensive and impact operations.
ADT
https://www.bleepingcomputer.com/news/security/adt-discloses-second-breach-in-2-months-hacked-via-stolen-credentials
Exploit: Credential Compromise
Industry: Security
Security titan ADT has experienced another data breach. The company said that this breach was caused by credentials that were stolen from a third-party business partner. Those credentials then enabled threat actors to breach ADT’s systems. The company disclosed that it is investigating the incident with third-party cybersecurity experts. As part of its investigations, it was determined that encrypted account data for employees was stolen in the attack. This is ADT’s second breach in the past two months after a late August 2024 leak of an estimated 38K customer records. No ransomware gangs or other threat actors have claimed responsibility for the attack.
How It Could Affect Your Business: A data breach two months in a row can seriously undermine a company’s reputation and impact its business relationships.
American Water
https://www.infosecurity-magazine.com/news/american-water-cyberattack-billing
Exploit: Hacking
Industry: Utility
American Water, the largest US water utility, disclosed a cyberattack affecting internal systems on October 3. The company, which serves over 14 million people across 14 states, said that it acted quickly to secure its networks and confirmed that its water and wastewater facilities remain fully operational. There was no interruption in service. While assessing the breach’s scope, American Water has disconnected certain systems and suspended customer billing, assuring customers they won’t incur late fees. No cybercrime group has claimed responsibility.
How It Could Affect Your Business: Attacks on critical infrastructure like utilities that can impact service delivery are a terrifying prospect in the digital age.
Australia – Funlab
https://www.cyberdaily.au/security/11234-exclusive-aussie-owner-of-strike-bowling-and-other-venues-confirms-ransomware-attack
Exploit: Ransomware
Industry: Entertainment
Australian entertainment company Funlab has confirmed a ransomware attack after being listed by the Lynx gang, a suspected rebranding of the INC Ransomware on its leak site. The company said that the incident took place between September 20 and 22. Funlab does not believe guest data has been accessed, and the leak was limited to current and former employees. While Lynx hasn’t disclosed the ransom or data volume stolen, they posted screenshots and documents as proof, revealing folders like Payroll, Finance and Gsuite Backup. Leaked files include budget spreadsheets and internal communications. Funlab operates a variety of entertainment venues including Strike Bowling.
How It Could Affect Your Business: Entertainment venues are just as likely to experience a cyber attack or data breach as any other business.
Australia – Perfection Fresh
https://www.cyberdaily.au/security/11221-exclusive-aussie-fresh-produce-company-perfection-fresh-confirms-ransomware-attack
Exploit: Ransomware
Industry: Agriculture
Australian produce company Perfection Fresh has been listed by the Sarcoma ransomware group, one of three Australian victims in 24 hours. Sarcoma claims to have stolen 690GB of data, including files and SQL databases and has leaked internal documents as proof. While no ransom demand has been made public, Perfection Fresh has confirmed the breach. Perfection Fresh said that it has informed the Australian Cyber Security Centre and the Office of the Australian Information Commissioner.
How it Could Affect Your Business: Food distributors are critical infrastructure just like everything else agricultural, and they need to be serious about cybersecurity.
Australia – The Plastic Bag Company
https://www.cyberdaily.au/security/11217-exclusive-the-plastic-bag-company-falls-victim-to-sarcoma-ransomware-attack
Exploit: Ransomware
Industry: Manufacturing
Sydney-based manufacturer The Plastic Bag Company suffered a data breach, with the up-and-coming ransomware group Sarcoma ransomware group claiming to have stolen 3.6GB of data. The company’s website has also been knocked offline. Sarcoma has leaked documents, including tax returns, wage details, insurance records and passport scans from Australian and New Zealand nationals. The gang threatens to release the full data in 26 days, though no ransom has been specified.
How it Could Affect Your Business: A cyberattack can lead to more than just data theft including a ripple effect of damage and negative consequences.
Japan – Game Freak
https://www.cyberdaily.au/security/11233-pokemon-game-developer-confirms-data-breach-exposing-employee-and-game-data
Exploit: Hacking
Industry: Entertainment
Game Freak, the developer behind the Pokémon video games confirmed a major data breach affecting over 2,000 current and former employees. A wide array of information was shared on a forum called r/PokeLeaks including employee information, development documents, source code and art. The incident has been dubbed the “TeraLeak,” Game Freak said in a statement that the breach occurred due to unauthorized server access in August 2024.
How it Could Affect Your Business: A cyberattack that allows bad actors to get their hands on intellectual property can lead to a cascade of headaches and lost revenue for the victim company.
Japan – Casio
https://www.bleepingcomputer.com/news/security/casio-confirms-customer-data-stolen-in-a-ransomware-attack
Exploit: Ransomware
Industry: Technology
Casio has confirmed that it experienced a ransomware attack earlier this month, with personal and confidential data of employees, job candidates and some customers stolen. Disclosed Monday, the attack caused system disruptions and outages. The Underground ransomware group claimed responsibility. The compromised data includes personal details of Casio employees, business partners, job candidates and customers, along with contracts, financial data and internal documents. Casio clarified that customer payment information and systems like CASIO ID and ClassPad.net were unaffected, as they are hosted separately.
How it Could Affect Your Business: This wide variety of personal and financial data could be very profitable for cybercriminals.