The Week in Breach News: 11/30/22 – 12/06/22

Risk to Business: 1.106 = Extreme

LastPass has experienced a second data breach. The company disclosed in its blog that hackers used information obtained in the August 2022 LastPass breach to access customer information in third-party cloud storage shared with its corporate partner GoTo. LastPass specified that customers’ passwords it stores were unaffected and remain safely encrypted. It is unclear as whether or not clients of GoTo and LogMeIn were affected by this incident. All the brands involved said that the incident is under investigation and LastPass specified that it has engaged Mandiant as part of that effort. No specifics as to what information was exposed were available at press time.

Risk to Business: 2.121 = Severe

Personal information about more than 6,000 potential immigrants applying for refuge from possible torture or political persecution in the U.S. was exposed by ICE in a misconfiguration error. The data breach was first discovered by immigrant advocacy group Human Rights First. After the group reported the problem to ICE the leak was quickly corrected, but not before information about people seeking refuge from countries around the world including China, Iran and Russia was left unprotected and available to anyone for more than five hours. The agency determined that the data had been exposed accidentally as part of a website update. Unfortunately, the availability of the information may have exposed threatened people to danger.

Individual Risk: 2.207 = Severe

In this incident, immigrants’ names, case status, detention locations, and other information was published on a page where ICE regularly publishes detention statistics.

Risk to Business: 1.652 = Severe

A ransomware attack forced Virginia-based cloud solutions provider Rackspace was forced to shut down its Hosted Exchange servers on December 2. The company disclosed that Rackspace’s Hosted Exchange service began experiencing problems on December 2 and told customers that the shutdown was the result of a security incident on December 3 that was later identified as ransomware. The company told customers to shift to Microsoft 365 for email services and is offering them free access. Rackspace gave no estimated timeline for the restoration of its Exchange services but cautioned customers that the outage was expected to be extended. A company statement said that the attack was confined to its Hosted Exchange servers. The incident is under investigation but Rackspace said that it is too early to tell if any data was accessed by the threat actors.

Risk to Business: 2.107 = Severe

A school system in the greater Toronto area has experienced a major technical outage after a hacking incident. Durham District School Board said that the incident disrupted online learning for students and left schools without access to phone or email services as well as emergency contact information. The district the board oversees is responsible for public education across 136 elementary and secondary schools in the eastern Toronto area serving an estimated 74,000 students with over 7,000 teaching and educational services staff.

Risk to Business: 1.882 = Severe

Multinational healthcare group Keralty has disclosed that it has experienced a ransomware attack that has impacted the company and its subsidiaries EPS Sanitas and Colsanitas. The attack has disrupted IT operations including the scheduling of medical appointments and its websites. Reports say that patients were left waiting in lines for more than 12 hours to obtain treatment. The RansomHouse ransomware group has claimed responsibility. The cybercrime group claims to have snatched data in the incident but that is unconfirmed.

Risk to Business: 1.604 = Severe

The Zwijndrecht Police Department in Belgium has confirmed that it has experienced a data breach after an attack by the Ragnar Locker ransomware group. In an interesting twist to this story, the group initially posted to its dark website that it had successfully attacked the municipality of Zwijndrecht, but it turned out that the attack has actually been perpetrated against the city’s police department. The stolen data is reported to include thousands of car number plates, fines, crime report files, personnel details and investigation reports. No specifics about any demanded ransom were available at press time.

Risk to Business: 1.717 = Severe

The latest company victimized in the recent rash of cyberattacks o Australian companies is AGL Energy, Australia’s largest electricity provider. The company reported detecting suspicious activity on its platform on December 1. AGL said in a statement that it believed the incident was the result of bad actors obtaining reused customer credentials that had been stolen in other incidents. The energy provider disclosed that an estimated 6,00 customer accounts may have been impacted in this incident. Impacted customers were informed by mail and that federal government and relevant cyber security bodies have been notified of the incident.

Risk to Business: 2.801 = Severe

A cyberattack on New Zealand health insurer Accuro has compromised its access to several of its core systems. The not-for-profit insurer says it has not yet determined if customer data was stolen in the incident. Accuro pointed to a cyberattack on its unnamed IT services provider as the root cause of the trouble and said that systems may be down for a protracted period. The company has notified the relevant regulatory authorities, including the Office of the Privacy Commissioner and CERT NZ.

Risk to Business: 2.665 = Severe

The company has notified the relevant regulatory authorities, including the Office of the Privacy Commissioner and CERT NZ.