The Week in Breach News: 11/29/23 – 12/05/23

Risk to Business: 1.617 = Severe

A Cyber Monday attack on office supply retailer Staples threw a wrench in the company’s business on one of the busiest shopping days of the year. Staples said that it was forced to take many of its systems offline, disrupting staples.com processing and delivery capabilities, communications channels and customer service lines. Most services were restored by the end of the week, and there was no word about data theft at press time. 

Risk to Business: 1.691 = Severe

Blue Shield California is the latest company to fall victim to a MOVEit-related hack by the Cl0p ransomware gang. Data was stolen from a Blue Shield server managing vision care data on May 28 and May 31, 2023. The insurer said that it became aware of the problem on September 1, 2023.  The stolen data may have included names of members, their dates of birth, social security numbers and information related to their vision health care. The company said it has brought in a third-party cybersecurity company and law enforcement for the investigation. 

Risk to Business: 2.703 = Moderate

WeMystic, a website that offers its users astrology, spiritual well-being care and fortune telling has experienced a data breach caused by a server misconfiguration. Experts discovered an open server with 34 gigabytes of data about 1. 3 million people. The exposed data includes users’ names, email addresses, dates of birth, IP addresses, gender, horoscope signs and other user system data.  

Risk to Business: 1.840 = Severe

 A north Texas water utility that serves more than 2.3 million people in 13 cities has fallen victim to a ransomware attack. North Texas Municipal Water District (NTMWD). Officials said that the attack only impacted its phone system and the systems in its business office, assuring the public that the attack did not impact its core water, wastewater and solid waste services. The cybercrime group Diaxin has claimed responsibility for the attack.  

Risk to Business: 1.673 = Severe

The Qilin ransomware group has claimed responsibility for a cyberattack on one of the world’s largest automotive parts manufacturers, Yanfeng Automotive Interiors (Yanfeng). This attack forced the car company to stop production at its North American plants. The threat actors published multiple samples as proof of the hack including financial documents, non-disclosure agreements, quotation files, technical data sheets and internal reports.  

Risk to Business: 1.736 = Severe

The notorious ransomware group LockBit has added India’s space agency National Aerospace Laboratories (NAL) to its dark web leak site. The gang claims to have snatched a wide variety of data including confidential letters, an employee’s passport and other internal documents. NAL’s website also experienced an outage.  

Risk to Business: 1.791 = Severe

The Japan Aerospace Exploration Agency (JAXA) has disclosed that it has experienced an unauthorized intrusion into its network.  The agency was made aware of the break-in over the summer. It was quick to assure the public that it doesn’t believe that any data pertaining to rockets or satellites was accessed. The incident remains under investigation. 

Risk to Business: 1.802 = Severe

Major Japanese cycling component manufacturer Shimano was the victim of a ransomware attack by the LockBit group. The gang claims to have stolen 4.5 terabytes of sensitive company data, including confidential employee details, financial documents, a client database and other confidential company documents. The group had placed a November 5 deadline on the publication of the purloined data, but only published a fraction of the data after the deadline passed.