The Week in Breach: 03/31/21-04/06/21 | CloudSmart IT

The Week in Breach: 03/31/21-04/06/21

 
 

This Week in Breach News: A massive Facebook leak exposes personal data for millions in the US and India, and the Clop ransomware gang had a very good week (and US universities had a very bad week). 


United States – The New York Foundling

https://cybernews.com/security/new-york-charity-leaves-sensitive-patients-data-unsecured/

Exploit: Unsecured Database

The New York Foundling: Children’s Charity 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.662= Severe

The New York Foundling, a venerable children’s charity, has had a significant data exposure. Researchers discovered an unsecured database contained more than 2,000 CSV and TXT files, each with hundreds or thousands of entries related to patients’ medical records, children’s legal guardians, case workers, doctors, and other child welfare specialists.

cybersecurity news represented by agauge showing severe risk

Individual Risk : 1.707 = Severe

At least 13,000 entries on medical procedures including vaccines, diagnostic tests, patient IDs, referral details, chart notes with descriptions and patient IDs. Another 7,000 entries for patients are in the trove, including: patient names and birthdates, parent/guardian names and phone numbers and insurance or agency information. A TXT file containing SSNs and what appears to be IDs, but without names or other identifying information is in the mix. Employee information is also included with staff names, ID numbers and other details.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business: Making simple, avoidable blunders like this is a tragedy. Not only have many families had data exposed, but this charity hospital will also be paying huge HIPAA fines.


United States – Facebook

https://www.businessinsider.in/tech/news/533-million-facebook-users-phone-numbers-and-personal-data-have-been-leaked-online/articleshow/81889315.cms 

Exploit: Hacking

Facebook: Social Media Company 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.627 = Severe

A treasure trove of Facebook user data landed in a hacking forum over the weekend. Hackers dropped a slew of PII on Facebook users including phone numbers and some contact information of hundreds of millions of users for free online. A Facebook spokesperson told Insider that the data was scraped due to a vulnerability that the company patched in 2019.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.627 = Severe

This fresh dump of exposed data includes various PII for over 533 million Facebook users from 106 countries, including over 32 million records on users in the US, 11 million on users in the UK and 6 million on users in India. Exposed data includes their phone numbers, Facebook IDs, full names, locations, birthdates, bios and email addresses. This information can be used to mount spear phishing and brand impersonation schemes.

Customers Impacted: 533 million

How it Could Affect Your Customers’ Business Cybercriminals will love this windfall. Data like this lives forever on the dark web, providing ammunition for future cyberattacks and fraud.



United States – University of Maryland Baltimore (UMB)

https://www.govtech.com/education/higher-ed/University-of-Maryland-Student-Data-Exposed-by-Cyber-Attack.html

Exploit: Ransomware

University of Maryland Baltimore (UMB): Institution of Higher Learning

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.412 = Severe

The Clop ransomware gang had a banner week. UMB is one of at least 6 US colleges that they’ve hit successfully in the past week after gaining access to systems at data transfer and processing behemoth Accellion in late 2020. Here’s the full list of impacted colleges. At UMB, the gang snatched an assortment of student and staff data including federal tax documents, requests for tuition remission paperwork, applications for the Board of Nursing, passports, ID data and tax summary documents.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 2.309 = Severe

The saff data featured lists of individuals and their Social Security numbers, retirement documentation, and 2019/2020 benefit enrollment and adjustment requests. In the student data batch, the gang scored photos, dates of birth, home addresses, passport numbers, immigration status, names of individuals and Social Security numbers. 

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: This is a textbook illustration of what happens when one of your business partners, suppliers or service providers has a data breach – cybercriminals get a le up on breaking into your systems too.


United States – 200 Networks LLC

https://www.hackread.com/call-center-provider-experiences-data-leak/

Exploit: Unsecured Database

200 Networks LLC: Call Center Operator

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.412 = Severe

A wide-open database belonging to 200 Networks was discovered by security researchers just leaking information freely. The data included logs for at least 1.48 million robocalls The dataset was exposed for almost 24 hours and the database kept growing in real-time as business continued adding thousands of fresh calls and records to the mix every hour. The exposed record contained only swatches of data on the callers but included extensive inside information for the company including technical data.

Individual Impact: No sensitive personal or financial information was announced as impacted in this incident, but the investigation is ongoing.

Customers Impacted: 1.48 million

How it Could Affect Your Customers’ Business: Failing to protect the secrets of your success is problematic for any business. This information will likely make its way to the dark web quickly.


The Netherlands – Royal Dutch Shell

https://www.theregister.com/2021/03/29/shell_clop_ransomware_leaks_update/

Exploit: Ransomware

Royal Dutch Shell: Oil Company

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.863 = Severe

The Clop ransomware gang is going to need a vacation after this week. They also struck gold at Royal Dutch Shell, scooping up an assortment of business documents and posting a sample on their leak site. Once again, the gangs foray into Accellion paid off, enabling them to gain access to Royal Dutch Shell. Spokesmen for the company admit that data was stolen but are not saying that this was a ransomware hit, although that is this gang’s stock in trade.

Individual Impact: No sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware can cause catastrophic delays in production, crippling factories. Preventing it from hitting systems is just as important as protecting data.

France – Asteelflash

https://www.bleepingcomputer.com/news/security/asteelflash-electronics-maker-hit-by-revil-ransomware-attack/

Exploit: Ransomware

Asteelflash: Electronics Manufacturer

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.802 = Severe

REvil has come to call at French firm Asteelflash, specialists in the design, engineering, and printing of printed circuit boards. This is the latest attack in a series of incidents impacting manufacturers and developers adjacent to the beleaguered semiconductor sector. The gang asked for an initial $12 million ransom, but Asteelflash apparently chose not to pay that within the specified timeframe, so the ransom doubled to $24 million. Data proving the incursion was posted to the gang’s website last week.

Individual Impact: No sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: An incident like this is even more costly when your industry is under pressure, as electronics companies are right now. Cybercriminals are always looking for the opportunity to hold businesses up in challenging times.


Italy – Boggi Milano Menswear 

https://threatpost.com/ragnarok-ransomware-boggi-milano-menswear/165161/

Exploit: Ransomware

Boggi Milano Menswear: Luxury Fashion Retailer 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.055 = Severe

Italian clothier Boggi Milano menswear had an unwelcome delivery this wee. The Ragnarok ransomware gang snatched 40 gigabytes of data from the fashion house, including HR and salary details. Researchers looking into the hack found payroll files, payment PDFs, vouchers, tax documents and other business data on the dark web. The incident is under investigation.

Individual Impact: No sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: It’s no longer acceptable to just survive a cyberattack – businesses have to be prepared to endure challenges and still keep going.



1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

 

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.




Automation Saves Everyone’s Nerves 


Are you tired of filing a trouble ticket and waiting for a technician for every little IT issue? When you ake advantage of the automation capabilities that many of today’s smrt solutions feature, you don’t have to. Affordable automation means that you can make just few small adjustments to your security plan that bring big results, reducing your trouble tickets while increasing your security posture.

By far the most common trouble ticket that helpdesks receive is a password reset. On average, 20% to 50% of all IT help desk tickets each year are for password resets. one password reset can set you back around $100. This calculator using averaged data can help you determine the cost of a password reset for your business.

Don’t stress out yourself or your security team with a sea of trouble tickets for mundane issues. No one wants to spend the day waiting for IT to reset a password. Affordable automation lowers everyone’s stress. Automate as many routine processes as you can and free up your staff to do something more important with their time.

Follow us on social media to find out about breach news, new blog posts, product updates, and other important news!

View All News & Articles

Ready to customize an IT solution that fits YOUR business goals? Get free guidance from our CEO.

Ready to customize an IT solution that fits YOUR business goals?

Get free guidance from CloudSmart IT.

Book a call or call us at 615.610.3500 today for your no-cost, no-obligation consultation.