The Week in Breach News: 12/06/23 – 12/12/23

Risk to Business: 1.617 = Severe

A major shipbuilder that holds contracts with the U.S. Department of Defense (DoD) and the Department of Homeland Security (DHS) has fallen victim to a ransomware attack. The cybercrime group Hunters International is claiming the hit on Austal USA, a subsidiary of the Australian shipbuilder Austal. The company reported that no personal or confidential data was compromised as a result of the incident. Hunters International has exposed some of the company’s proprietary data on its data leak site and claims to have more of that data including finance information, recruiting details, engineering data, certifications and compliance files. No ransom demand has been made public. 

Risk to Business: 1.691 = Severe

Ransomware continues to be the bane of schools and school districts. Attacks hit school systems in several U.S. states including Maine, Indiana and Georgia. Henry County Schools, a Georgia school system, disclosed last week that it discovered suspicious activity impacting its network operations during the first week of November. School officials were quick to reassure the public that the hackers did not breach sensitive student and employee systems, contending that the hackers were only able to access a “file storage area containing mostly historical procedural documents.” The school system has since restored all systems and functions impacted by the cyberattack, which remains under investigation by law enforcement. 

Risk to Business: 2.703 = Moderate

The Greater Richmond Transit Company (GRTC), the operator of public buses and specialized transportation services for the Richmond, Virginia area, said last week that it had been the victim of a cyberattack. The Thanksgiving weekend attack temporarily knocked out part of the transportation system’s network and impacted some services. An official said that those services have since been restored and schedules are back to normal. 

Risk to Business: 1.840 = Severe

Kentucky health system Norton Healthcare has filed a data breach notification with the Maine Attorney General’s Office disclosing that it experienced a data breach in May 2023 as the result of a ransomware attack. Norton Healthcare said that the intrusion was discovered on May 9. Norton Healthcare said that threat actors had access to some of its network storage devices between May 7 and 9, but its medical record system was not compromised. An investigation determined that an estimated 2.5 million people had data exposed in this incident including patients’ names, contact information, Social Security numbers, dates of birth, health and insurance information and medical ID numbers.  

Risk to Business: 1.673 = Severe

The notorious ALPHV/BlackCat ransomware group claims to be behind a likely ransomware attack on business digital transformation service provider HTC Global Services. The gang leaked a sample of the data it purportedly stole to its dark web leak site including images of passports, contact lists, emails and confidential documents. Experts believe that the attack vector was a zero-day Citrix Bleed vulnerability that was discovered in October but may have been active as early as August 2023.

Risk to Business: 1.736 = Severe

The city government of Huber Heights, Ohio says that it is still working to determine the extent of the damage from a cyberattack that started three weeks ago. The BlackSuit ransomware gang claims to be behind the hit. It says it has released a 129-GB file of the city’s data. The attack was initially discovered on November 12. All city agencies and services are fully operational; however, some are still operating on temporary devices while the city’s IT infrastructure is restored.  

Risk to Business: 1.239 = Extreme

180 homes and businesses in the area around Erris in northwestern Ireland were left without water for several days last week after a politically motivated cyberattack on their water distribution system. The bad actors said that the community’s water station was targeted because the equipment inside was made by Eurotronics, a company based in Israel that is a major supplier of water pumping technology. The water was restored last Friday night. Government officials are assisting in the investigation of the incident. 

Risk to Business: 2.823 = Moderate

Nissan is warning its customers in Australia and New Zealand that their personal information may have been exposed as the result of a cyberattack on the carmaker. Nissan has not offered specifics about the likely stolen data, simply posting a warning on their regional website warning customers in Australia and New Zealand to be on guard for possible scams and phishing attempts. Nissan also said that it has notified the Australian Cyber Security Centre and the New Zealand National Cyber Security Centre of the incident.