The Week in Breach News: 12/28/22 – 1/03/23

The Housing Authority of the City of Los Angeles (HACLA)

https://therecord.media/los-angeles-housing-authority-says-cyberattack-disrupting-systems/

Exploit: Ransomware
The Housing Authority of the City of Los Angeles (HACLA): Municipal Government Agency

Risk to Business: 2.176 = Severe
The Housing Authority of the City of Los Angeles (HACLA) has been hit by a cyberattack that is impacting its data security. HACLA appeared on the dark web leak site operated by the LockBit ransomware group last week. Reports say that on December 31, 2022, the LockBit ransomware group claimed that it had stolen 15 TB of data. The group also gave HACLA a deadline of January 12, 2023, to pay an undisclosed ransom.  No specifics were available at press time about exactly what types of data were stolen or who that data may have belonged to.

How It Could Affect Your Business: This database could contain many kinds of privileged information and its loss will incur a heavy fine from data protection regulators.

Avem Health Partners

https://www.bankinfosecurity.com/hack-on-services-firms-vendor-affects-271000-patients-a-20755

Exploit: Supply Chain Attack

Avem Health Partners: IT Services Provider

Risk to Business: 1.201 = Extreme
Avem Health Partners has filed a data breach notification with the Maine’s attorney general’s office. Avem disclosed that patient information stored on servers of one of its vendors was subject to unauthorized access in an external hacking incident in May. Avem says that the breach was at a third-party data center the vendor in question used, 365 Data Centers. Further complicating the situation, that data center is disputing Avem’s version of events. An estimated 271,000 people had information exposed in this incident. Patient information that may have been impacted in this breach includes names, birthdates, Social Security numbers, driver’s license numbers, health insurance information and diagnosis/treatment information.

How It Could Affect Your Business: Supply chain risk is a huge problem for businesses that will only keep growing in 2023.

Iowa Public Broadcasting Service

https://therecord.media/royal-ransomware-group-claims-it-attacked-iowa-pbs-station/

Exploit: Ransomware

Iowa Public Broadcasting Service: Television Station

Risk to Business: 1.821 = Severe
The Royal ransomware group has claimed responsibility for a successful ransomware attack on Iowa’s Public Broadcasting Station (PBS). The incident occurred on November 20, 2022. Iowa PBS said in a statement that the attack did not disrupt its ability to serve its viewers, and that all broadcast, livestream and digital platforms are still operational. However, local news outlets reported that the station had been forced to cut its annual fundraising drive short due to the cyberattack. It also appears that information was snatched by the gang. The station said that it sent out data breach notifications but has not specified who received them or what information was stolen.

How It Could Affect Your Business: Media organizations have been experiencing an increased level of cyberattacks, especially ransomware.

Jakks Pacific

https://therecord.media/toy-maker-jakks-pacific-reports-cyberattack-after-multiple-ransomware-groups-post-stolen-data/

Exploit: Ransomware

Jakks Pacific: Toymaker

Risk to Business: 1.981 = Severe
California-based toy company Jakks Pacific has disclosed that it was the victim of a successful ransomware attack. The company said that its servers were encrypted on December 8, 2022. Oddly, two major ransomware groups have posted data purportedly stolen from Jakks Pacific on their sites, Hive and BlackCat. Hive posted information allegedly snatched from Jakks Pacific first on December 19, 2022. BlackCat followed them with a post on December 28, 2022. The gangs featured screenshots of the reportedly stolen information on their individual leak sites. Hive’s spokesperson told reporters that both gangs had purchased access to the data from an initial access broker, and they’d agreed to split the demanded $5 million ransom. The Hive representative also said that Jakks Pacific did not negotiate with the extortionists or pay the demanded ransom.

How It Could Affect Your Business: The Manufacturing sector has experienced a plague of cyberattacks that are compounding supply chain woes.

Hospital for Sick Children

https://www.cbc.ca/news/canada/toronto/sickkids-cyber-security-breach-1.6691980

Exploit: Ransomware

Hospital for Sick Children: Medical Center

Risk to Business: 2.843 = Moderate
Operations were snarled at Toronto’s Hospital for Sick Children after a ransomware attack by the Lockbit group struck the facility on December 18, 2022. However, in the wake of the attack, the Lockbit group announced that it had suspended the attack and given the hospital a decryptor for free because the attack on the hospital, conducted by one of its affiliates, violated the group’s policies. The group also apologized, saying in a statement that “the partner who attacked this hospital violated our rules, is blocked and is no longer in our affiliate program.”

How it Could Affect Your Business: This is definitely an unusual situation as ransomware criminals aren’t known for being picky about their targets.
 

Canadian Copper Mountain Mining Corporation (CMMC)

https://www.bleepingcomputer.com/news/security/canadian-mining-firm-shuts-down-mill-after-ransomware-attack/

Exploit: Ransomware

Canadian Copper Mountain Mining Corporation (CMMC): Mining Company

Risk to Business: 1.603 = Severe
British Columbia-based Canadian Copper Mountain Mining Corporation (CMMC) was the victim of a ransomware attack. The company was forced to suspend operations at its mill after the December 27, 2022, incident. CMMC was quick to assure the public that the incident did not compromise its safety measures or cause environmental damage. Bleeping Computer reported that a cybersecurity firm discovered compromised credentials belonging to a CMMC employee on a dark web site shortly before the attack.

How it Could Affect Your Business: Ransomware gangs are especially likely to target businesses that can’t afford downtime in hopes of a fast payoff.

UK – The Guardian

https://www.infosecurity-magazine.com/news/ransomware-attack-guardian/
Exploit: Ransomware

The Guardian: News Organization

Risk to Business: 1.904 = Severe
Legendary UK newspaper The Guardian has fallen victim to a cyberattack. A spokesperson said that parts of the company’s technology infrastructure were impacted, including unspecified behind-the-scenes services, resulting in a temporary shutdown of the news organization’s offices worldwide. However, digital publishing operations continue normally, and staffers are working from home. No information was available about any ransom demanded or if any data was stolen in the attack.

How it Could Affect Your Business: News organizations are time-sensitive, making ransomware attacks against them very attractive for bad actors looking for a quick payday.
 

Hong Kong – BTC Mining

https://heimdalsecurity.com/blog/cryptocurrency-exchange-btc-com-suffers-massive-cyber-attack/

Exploit: Hacking

BTC Mining: Cryptocurrency Mining

Risk to Business: 2.103 = Severe
The biggest cryptocurrency mining pool in the world has suffered a cyberattack that has resulted in an estimated $3 million in losses. The company said in a statement that it had experienced a cyberattack on December 3, 2022. As a result of that attack, some digital assets were stolen, including approximately US$700,000 in asset value owned by BTC.com’s clients, and approximately US$2.3 million in asset value owned by the company. The company also said that it has subsequently recovered an unspecified amount of company-owned assets. BTC maintains that its client fund services are unaffected and it is operating normally.

How it Could Affect Your Business: Cryptocurrency and DeFi platforms have been hammered by cybercrime and need powerful security to steer clear of trouble.