The Week in Breach News: 10/16/24 – 10/22/24

Axis Health System, a mental health and substance use treatment provider in Southwest Colorado, is investigating a cyberattack with no confirmation yet on whether patient data was compromised. A notice on its website states that affected individuals will be notified by mail if their data is impacted. Although its patient portal is down for unrelated reasons, all other systems were restored by Tuesday morning. A screenshot in the post shows a ransom demand from the Rhysida ransomware group for 25 Bitcoins (around $1.6 million).

Dark web legend IntelBroker claims to have accessed Cisco’s systems on October 6. Allegedly stolen data includes source code, GitHub and GitLab projects, certificates, API tokens, AWS and Azure storage buckets, confidential documents and encryption keys. Alleged victims include Microsoft, AT&T, Bank of America, Vodafone Australia and government entities like the Australian Department of Defence. Cisco denies an internal breach, attributing the leak to a public-facing DevHub environment. The investigation is ongoing.

Varsity Brands, a leading manufacturer of cheer and sports uniforms based in Texas, has reported a May 2024 ransomware attack affecting over 65,000 individuals to the Maine Attorney General. Exposed data may include names, Social Security numbers, birthdates, financial info and employee IDs. Affected individuals are offered free credit monitoring and identity theft protection.

Globe Life, a major life and health insurer, is being extorted by a hacker who stole sensitive data from its subsidiary, American Income Life Insurance (AIL). The breach exposed customer names, addresses, phone numbers and some Social Security numbers as well as health data and policy details. So far, about 5,000 individuals are confirmed to have been affected, though the full extent is still under investigation. The hacker claims to have more data, but Globe Life states no financial information, like credit card or banking data, appears to be involved. 

The Internet Archive has faced a challenging October, suffering at least three cyberattacks including the theft of millions of usernames and email addresses, a brief site defacement and multiple days offline due to a DDoS attack. Its Wayback Machine experienced a data breach, with a 6.4GB SQL file containing 31 million records, including user emails, screen names and Bcrypt-hashed passwords, leaked. The latest timestamp on the data is September 28, 2024. In October the Archive also encountered a DDoS attack by the BlackMeta hacktivist group and a breach of its Zendesk support system, amid warnings about stolen GitLab authentication tokens. The Archive has been dedicated to preserving the internet as a historical and cultural resource since 1996.

The Calgary Public Library was forced to limit its services last week following a cyberattack that compromised its systems. The library, which serves 1.3 million residents across 22 branches, was briefly forced to close and disable all of its servers and computers. The library was able to reopen after a few days, however, patrons were limited to accessing only areas and services that do not require technology. No book returns can be processed, due dates are extended and all digital services, including WiFi and eResources, are offline. Customers cannot book rooms or register for programs online. The incident remains under investigation and has been reported to the Canadian Centre for Cyber Security.

Japanese electric motor maker Nidec confirmed that a ransomware attack in August 2024 compromised its Vietnam-based subsidiary, Nidek Precision (NPCV). After Nidec refused to pay the ransom, the attackers leaked 50,694 stolen files on their Tor site, including internal documents on procurement, health and safety, policies and business transactions. The breach likely occurred using stolen credentials from an NPCV domain account. In response, Nidec said that it investigated the incident, reviewed server access, changed passwords and suspended a VPN suspected to be part of the attack in response to the intrusion. Both the 8base and Everest ransomware groups have claimed responsibility for this attack. 

JD Sports suffered a cyberattack compromising customer data from online orders placed between November 2018 and October 2020 across its brands, including JD, Size?, Millets and Blacks. The breach affected nearly 10 million customers, exposing names, addresses, emails, phone numbers, order details and the last four digits of bank cards. No full card details or passwords were accessed. JD Sports is working with cybersecurity experts and the UK’s Information Commissioner’s Office (ICO) to address the incident.