InTegriLogic Blog
The Week in Breach News: 12/14/22 – 12/20/22
United States Federal Bureau of Investigation
https://www.hackread.com/fbi-infragard-hacked-data-sold/
Exploit: Hacking
United States Federal Bureau of Investigation: Federal Government Agency
Risk to Business: 2.176 = Severe
The U.S. Federal Bureau of Investigation (FBI)’s InfraGard program has experienced a data breach. The program, launched in 1996, encourages physical and cyber threat information-sharing collaborations between the public and private sector. Cybercriminals advertised a database that they purportedly snatched on the dark web containing contact details of over 87,000 members of InfraGard. Initially, the threat actors were asking for $50k for the database. However, Hackread reported that the thieves had a change of heart and decided not to sell or release the database, telling that publication that they’d decided the stolen InfraGard database would no longer be posted for sale as it would ‘‘cause more harm to everyone’’ than benefit for the hackers.
How It Could Affect Your Business: This kind of database is especially sensitive and its exposure could have major national security implications.
Uber
Exploit: Supply Chain Attack
Uber: Ride Sharing & Delivery Service
Risk to Business: 1.657 = Severe
Uber has suffered a new data breach. A threat actor going by the name of “UberLeaks” published a sample of data purportedly snatched from Uber and Uber Eats including employee email addresses, corporate reports and IT asset information stolen from a third-party vendor, thought to be Teqtivity, which it uses for asset management and tracking services, on its dark web leak site. The leaked data also includes files claiming to be source code associated with the mobile device management platforms (MDM) used by Uber and Uber Eats as well as their third-party vendor services. No user data appears to be involved in this breach.
How It Could Affect Your Business: This isn’t the first data breach for Uber, further eroding customer confidence in the company’s ability to keep their information safe.
The Centers for Medicare and Medicaid Services (CMS)
https://www.bankinfosecurity.com/subcontractor-breach-affects-245k-medicare-beneficiaries-a-20727
Exploit: Supply Chain Attack
The Centers for Medicare and Medicaid Services (CMS): Federal Government Agency
Risk to Business: 1.211 = Extreme
The Centers for Medicare and Medicaid Services (CMS) has experienced a data breach that impacts 245,000 Medicare beneficiaries. The agency said that the initial security incident that led to the breach was experienced by a subcontractor to another company contracted by Medicare to resolve system errors related to beneficiary entitlement and premium payment records. The subcontractor has been identified as Healthcare Management Solutions and the main contractor is ASRC Federal Data Solutions. CMS explained in its breach notification letter that its initial investigation points to the subcontractor having “acted in violation of its obligations.”
Individual Risk: 1.272 = Severe
The incident may have exposed Medicare beneficiaries’ sensitive data including names, birthdates, phone numbers, Medicare identifiers, banking information, such as routing and account numbers, Medicare enrollment, entitlement and premium information and Social Security numbers.
How It Could Affect Your Business: This breach can put a lot of very sensitive data at risk for vulnerable people including financial details and will almost certainly incur big regulatory fines
SevenRooms
Exploit: Hacking
SevenRooms: Customer Relationship Platform
Risk to Business: 1.981 = Severe
SevenRooms, a customer relationship management platform used by brands including MGM and Wolfgang Puck, has confirmed it suffered a data breach. A threat actor posted samples of data purportedly stolen from the New York-based company on a dark web forum on December 15. Bad actors claim that they’ve stolen a 427 GB backup database containing information about SevenRooms customers. The company was quick to reassure the public that guests’ credit card information, bank account data, social security numbers, or any other similarly highly sensitive information was not stored on compromised servers or exposed in the attack. The incident is still under investigation.
How It Could Affect Your Business: Service providers of all types have been high on cybercriminals’ priority lists as they search for both data and possible backdoors into companies.
Colombia – Empresas Públicas de Medellín (EPM)
Exploit: Ransomware
Empresas Públicas de Medellín (EPM): Energy Company
Risk to Business: 2.107 = Severe
Empresas Públicas de Medellín (EPM), one of Colombia’s largest public energy, water, and gas providers, providers, has fallen victim to a ransomware attack. The BlackCat ransomware group is thought to be responsible for the attack. The company’s IT infrastructure down and websites were knocked out in the attack. However, power services were not impacted. The BlackCat group claims to have snatched a large quantity of data in the attack as well as encrypting systems. No specifics were available about the types of data stolen or the demanded ransom was available at press time.
How it Could Affect Your Business: Utilities and other infrastructure targets have been experiencing extreme pressure from ransomware gangs.
Sweden – The Cities of Borgholm and Mörbylånga
https://therecord.media/crisis-situation-declared-as-two-swedish-municipalities-hit-by-cyberattack/
Exploit: Hacking
The Cities of Borgholm and Mörbylånga – Municipal Governments
Risk to Business: 1.603 = Severe
The Swedish cities of Borgholm and Mörbylånga are experiencing serious systems outages across their government agencies and services after falling victim to a cyberattack. The two municipalities, which together make up the island of Öland, share an IT system. The city of Mörbylånga’s website is unavailable, but the website for the city of Borgholm, hosted by an external provider, is still accessible. A range of citizen services provided by both municipalities are unavailable. Healthcare services are also impacted, leaving clinics using pencil and paper to handle patient care. Officials warn that the outage could be extended and that websites for municipal companies including Bornholm Energi, the local energy company, may be affected. This may be a ransomware incident, however that had not been confirmed. At press time.
How it Could Affect Your Business: Ransomware attacks on governments and government agencies have been steadily escalating in the last two years.
Australia – Fire Rescue Victoria (FRV)
https://securityaffairs.co/wordpress/139764/cyber-crime/fire-service-victoria-australia-australia.html
Exploit: Hacking
Rescue Victoria (FRV): Regional Emergency Services Agency
Risk to Business: 1.904 = Severe
As Australia’s cyberattack troubles continue, Fire Rescue Victoria (FRV) has reported that it is the latest victim of a cyberattack. The fire and rescue service in the state of Victoria, Australia, reports that it has been forced to shut down its network as a result of the unspecified attack. FRV operates 85 stations in the region. FRV says that the cyberattack is affecting most of its systems, including network, emails and dispatch. However, FRV was quick to inform the public that public safety has not been impacted.
How it Could Affect Your Business: Bad actors have been having a field day hitting small and large local government entities worldwide.
New Zealand – Medical Assurance Society (MAS)
Exploit: Supply Chain Attack
Medical Assurance Society (MAS): Insurer
Risk to Business: 2.103 = Severe
New Zealand’s Medical Assurance Society (MAS), the country’s largest provider of insurance for medical professionals, has experienced a data breach as a result of a cybersecurity incident at one of its third-party service providers. That service provider handles MAS’s after-hours call center. MAS warned that the information of its members may have been accessed by cybercriminals, but did not specify exactly what information may be at risk beyond suggesting that members change their login details.
How it Could Affect Your Business: Every business services provider is at risk of falling victim to a cyberattack as bad actors hunt for valuable, saleable data.
About the author
