The Week in Breach News: 11/22/23 – 11/28/23

Risk to Business: 1.617 = Severe

The ALPHV/BlackCat cybercrime group says that it is responsible for a ransomware attack on Fortune 500 company Fidelity National Financial (FNF). The company confirmed the hack in a filing with the U.S. Securities and Exchange Commission (SEC), saying it had been forced to shut down a number of systems because of a cyberattack. Specifically, the company said that its title insurance, escrow and other title-related services, mortgage transaction services and technology to the real estate and mortgage industries had been impacted by the attack. FNF completed its SEC filing on November 19, and ALPHV/BlackCat claimed the attack on November 22. 

Risk to Business: 1.291 = Severe

Healthcare Software-as-a-Service (SaaS) company Welltok has disclosed that it experienced a data breach thanks to the MOVEit file transfer exploit. The company said that its MOVEit transfer server was breached on July 26, 2023, exposing the personal data of nearly 8.5 million patients in the U.S. Patient data exposed during the breach, included full names, email addresses, physical addresses, and telephone numbers. For some, it also includes Social Security Numbers (SSNs), Medicare/Medicaid ID numbers, and certain Health Insurance information. The breach impacted institutions in various states, including Minnesota, Alabama, Kansas, North Carolina, Michigan, Nebraska, Illinois and Massachusetts.  

Risk to Business: 1.803 = Severe

AutoZone is warning tens of thousands of its customers that it suffered a data breach as part of the Cl0p MOVEit file transfer attacks. AutoZone has disclosed that it suffered a data breach on or about August 15, 2023, resulting in the compromise of data of 184,995 people. The company noted in a filing that after a three-month investigation, it determined that a mix of proprietary, employee and customer data had been stolen including employee names and Social Security numbers.  

Risk to Business: 1.440 = Extreme

SiegedSed, a hacktivist collective that claims to be made up of “furries” says that it has stolen an assortment of data from the Idaho National Laboratory (INL). Officials at INL confirmed that it has experienced a data breach after bad actors infiltrated its Oracle HCM system. The exposed data belongs to employees of the facility and includes employees’ full names, dates of birth, email addresses, phone numbers, Social Security Numbers (SSN), physical addresses and employment information. INL has been in touch with the U.S. Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) to investigate. 

Risk to Business: 1.673 = Severe

The Municipal Water Authority of Aliquippa, Pennsylvania says that an Iranian hacker group took control of one of its booster stations last weekend. The group calls itself Cyber Av3ngers and claims that it targeted the facility because it contains equipment from an Israeli company. Officials were quick to assure the public that an alarm sounded immediately, enabling them to prevent any impact on the water supply to Raccoon and Potter Townships. The incident is under investigation. The group claims to have hacked 10 water stations in Israel.

Risk to Business: 1.216 = Extreme

A Thanksgiving weekend ransomware incident at healthcare company Ardent Health Services has left hospitals scrambling and ambulances diverted from medical facilities in three states. Those facilities include a 263-bed hospital in downtown Albuquerque, New Mexico, a 365-bed hospital in Montclair, New Jersey, and a network of several hospitals in East Texas. Ardent said that it was forced to take its network offline to combat the attack. That knocked out user access to its information technology applications, including corporate servers, Epic software, internet and clinical programs. Other Ardent-operated facilities have felt various impacts. News outlets are also reporting that Ardent did not discover the attack itself. Instead, the company warned of malicious cyber activity affecting its computer systems by CISA on November 22.  

Risk to Business: 1.891 = Severe

Canada’s federal government is warning current and former public service employees and members of the Canadian Armed Forces and Royal Canadian Mounted Police that their personal and financial information may have been exposed in a data breach. Brookfield Global Relocation Services (BGRS) and SIRVA Worldwide Relocation & Moving Services, companies that hold government contracts to provide relocation support, informed the Government of Canada that they’d both been hacked in October 2023. The data breach may include any personal and financial information that employees provided to the companies as early as 1999. The Government of Canada acted quickly, saying in a statement that services such as credit monitoring or reissuing valid passports that may have been compromised will be provided to individuals impacted by this data breach.

Risk to Business: 1.802 = Severe

The organization that manages wastewater for nine million people in and around Paris was hit with a cyberattack last week. Service public de l’assainissement francilien (SIAAP) said that it worked since Wednesday to secure industrial systems and close off all external connections in order to prevent the suspected ransomware attack from spreading. An emergency order has been issued authorizing officials at the organization to hire outside cybersecurity firms and purchase any equipment necessary to recover or restore systems. The incident remains under investigation.