The Week in Breach News: 10/11/23 – 10/17/23

Risk to Business: 1.403 = Extreme

Construction materials giant Simpson Manufacturing has revealed that it was hit by a disruptive cyberattack The California-based company said in its filing with the U.S. Securities and Exchange Commission (SEC) that it discovered malicious activity in its network infrastructure and immediately took systems offline to limit the damage. The company expects continued snags to its operations in the wake of the attack.

Risk to Business: 1.603 = Severe

The ALPHV/BlackCat ransomware group has claimed responsibility for a ransomware attack on Florida’s First Judicial Circuit Court. The court confirmed that it had experienced a successful cyberattack on October 2. That attack has resulted in major disruptions in the operations of the court system. A statement from the court said that the Circuit is prioritizing essential court proceedings but will cancel and reschedule other proceedings and pause related operations for several days, beginning October 2. No ransom demand has been made public.

Risk to Business: 1.873 = Moderate

CDW, a major supplier of technology services to businesses and the U.S. federal government, has been added to the LockBit ransomware group’s leak site. The company confirmed that it had experienced a cyberattack but noted that the attack was limited to a few servers dedicated solely to the internal support of Sirius Federal, a subsidiary of CDW’s government services arm CDW-G. CDW was quick to reassure customers that the affected servers are non-customer-facing and isolated from CDW’s main network and other CDW-G systems. LockBit has demanded a whopping $80 million in ransom, one of the largest ransom demands ever publicly released. LockBit published a small amount of the stolen data as proof of its hack, including images of employee badges, audit data, commission payout data and other account-related information.  

Risk to Business: 1.710 = Severe

Morrison Community Hospital has been the victim of a ransomware attack. The ALPH-V/BlackCat ransomware gang has added the medical center to its dark web leak site. The group said that it stole 5TB of data including patients’ and employee’s information, backups and PII documents. The group has published a sample of the data on its leak site. In a twist, BlackCat stated that the hospital has not responded, threatening to begin contacting patients.

Risk to Business: 1.673 = Severe

One of the world’s largest retailers has informed the U.S. Department of Health and Human Services Office for Civil Rights that is has experienced a data breach. Walmart did not specify what type of data was stolen but the nature of the filing offers insight, pointing to the exposed data being protected health information. Walmart said that this data breach affected 85,952 individuals.  

Risk to Business: 1.612 = Severe

Spanish air carrier Air Europa is informing customers that they have suffered a data breach. The breach of customer credit card details resulted from exposure through Air Europa’s online payment system. The airline emailed customers whose credit card details were exposed. Air Europa did not specify the number of customers affected. The company said no other information had been exposed, and it has informed the relevant authorities.

Risk to Business: 2.802 = Moderate

A ransomware group is claiming to have snatched data from LDLC ASVEL Villeurbanne, a Euro League basketball team owned by the former NBA star Tony Parker. The gang NoEscape has added ASVEL to its dark web leak site, claiming that they stole 32GB of data. That data supposedly includes players’ passports and IDs, ASVEL’s financial and tax data, team non-disclosure agreements (NDAs), player scouting contracts and other confidential information.

Risk to Business: 1.716 = Severe

PC gaming cloud services provider Shadow PC has confirmed that the company has experienced a cyberattack that led to the exposure of half a million customers’ data. The company said that one of its employees had fallen victim to a social engineering attack that began on the Discord platform. An employee apparently downloaded malware in the guise of a game on the Steam platform. The stolen data includes full customer names, email addresses, dates of birth, billing addresses and credit card expiration dates. Passwords and payment data were not impacted.