Chicago Public Schools

https://www.securityweek.com/breach-exposed-data-half-million-chicago-students-staff

Exploit: Supply Chain Risk

Chicago Public Schools: Regional Education Agency

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.944 = Severe

Chicago Public Schools is facing a big breach of student data after a technology vendor experienced a data security incident. CPS has disclosed that it was recently informed that an unauthorized access incident took place at Battelle for Kids in December 2021. In that incident, a server that housed four years’ worth of personal information about students and staff from the 2015-16 through 2018-2019 school years was breached. Officials say that no Social Security numbers, no financial information, no health data, no current course or schedule information, no home addresses and no course grades, standardized test scores, or teacher evaluation scores were exposed in this incident.

cybersecurity news represented by agauge showing severe risk

Risk to Individual: 1.672 = Severe

The improperly accessed data included students’ names, schools, dates of birth, gender, CPS identification numbers, state student identification numbers, class schedule information and scores on course-specific assessments used for teacher evaluations. Employee data included names, employee identification numbers, school and course information and emails and usernames.

How It Could Affect Your Business: School system databases are popular targets because they often hold big stores of information.

 

 

Fort Sumner Municipal Schools (New Mexico) & Washington Local Schools (Ohio)

https://therecord.media/k-12-cyberattacks-new-mexico-ohio/

Exploit: Ransomware

Fort Sumner Municipal Schools (New Mexico) & Washington Local Schools (Ohio): Local Education Agency

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.804 = Severe

The Cl0p ransomware gang has posted information that points to a successful ransomware attack against the Fort Sumner Municipal Schools agency in New Mexico. The Superintendent of Schools in the district confirmed the incident. This is just the latest in a long string of ransomware attacks that have impacted public school systems in the US. Just this week, the Washington Local Schools district in Ohio was also hit with a ransomware attack, this time impacting the district’s phone, email, internet and WiFi networks as well as Google Classroom.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Business: Bad actors know that using ransomware against targets with time-sensitive business can be profitable.

 

 

The U.S. Drug Enforcement Agency (DEA)

https://www.cpomagazine.com/cyber-security/data-breach-on-dea-law-enforcement-system-grants-cyber-criminals-access-to-16-databases/

Exploit: Hacking

The U.S. Drug Enforcement Agency (DEA): Federal Government Agency

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.763 = Severe

Officials are investigating a potential breach that could allow bad actors to access key systems used by law enforcement agencies in the U.S. A tip pointed officials to information that the LAPSUS$ hacking group may have gained access to the esp.usdoj.gov data portal, the Law Enforcement Inquiry and Alerts (LEIA) system, the U.S. Drug Enforcement Agency (DEA)’s El Paso Intelligence Center (EPIC) and other DEA systems. That unauthorized access may be used by cybercriminals in myriad ways including for impersonation efforts and doxing, as well as affording the bad guys the opportunity to search databases and to obtain sensitive data.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Business: This kind of access and information in the wrong hands could be beneficial to cybercriminals including nation-state actors.

 

 

Greenland – Agency for Health and Prevention

https://therecord.media/greenland-cyberattack-healthcare-systems/

Exploit: Hacking

Agency for Health and Prevention: National Agency

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.864 = Moderate

The government of Greenland has announced that healthcare services have become extremely limited as a result of a cyberattack. While the nature of the incident was not specified, government officials noted that the network for the entire system had to be shut down, resulting in medical care providers becoming unable to access patient records and creating delays in care. The government says that patient data is not at risk, and that emergency treatment will not be impacted.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business: Healthcare targets have been at the top of the cybercriminal hit list since the start of the pandemic.

 

 

Zambia – National Bank of Zambia

https://www.bleepingcomputer.com/news/security/national-bank-hit-by-ransomware-trolls-hackers-with-dick-pics/

Exploit: Ransomware

National Bank of Zambia: Banking & Financial Services

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.917 = Severe

A cyberattack at the National Bank of Zambia has played out with a bizarre twist. After experiencing a ransomware attack by the Hive ransomware outfit that purportedly encrypted the bank’s Network Attached Storage (NAS) device, officials responded to the cybercriminals’ ransom demands with a refusal to pay. Bloomberg reports that the refusal was accompanied by images of male genitalia and a message referencing a common NSFW insult about what the bad guys could do with their demands. In a statement, the bank said that it had experienced an incident that impacted some systems such as the Bureau De Change Monitoring System and the bank’s website.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business: Organizations in the Banking & Finance sector suffered the most cyberattacks in 2021, and pressure isn’t letting up.

 

 

South Africa – Dis-Chem

https://www.infosecurity-magazine.com/news/pharmacy-giant-data-breach/

Exploit: Supply Chain Risk

Dis-Chem: Pharmaceutical Company

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.733-Severe

Major pharmaceutical retailer Dis-Chem recently announced that it had been hit by a data breach that may have exposed the personal details of 3.6 million customers thanks to a data security incident at a third-party service provider on May 1, 2022. Dis Chem is the second-largest retail pharmacy chain in South Africa. An investigation is underway, and the company has stated that it will not be offering further comment on the incident.

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.733-Severe

The investigation has determined that the incident affected a total of 3,687,881 data subjects so far, exposing subjects’ first name and surname, email addresses, and cell phone numbers.

How it Could Affect Your Business: Defense industry contractors and military-adjacent service providers are tempting targets for cybercriminals looking for back doors.

 

Singapore – Nikkei Business Publications

https://www.bleepingcomputer.com/news/security/media-giant-nikkei-s-asian-unit-hit-by-ransomware-attack/

Exploit: Ransomware

Nikkei Business Publications: Publishing Company

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.786 = Moderate

Asian publishing giant Nikkei has disclosed that the organization’s headquarters was hit by a ransomware attack on May 13, 2022. The company, the publisher of several business and technology magazines, said that it is still investigating the incident and has not yet determined if bad actors accessed customer data. Officials in both Singapore and Japan have been notified.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Business: More than half of APAC organizations experienced a cyberattack in 2021.