The Conti ransomware gang focuses on Shutterfly, an incident sours business at Japanese confectioner Morinaga, Anonymous continues its pressure on Russian organizations and Lapsus$ is back.
The Partnership HealthPlan of California (PHC)
Exploit: Ransomware
The Partnership HealthPlan of California (PHC): Health Insurer
Risk to Business: 2.227 = Severe
The Hive ransomware group says that they’re responsible for a ransomware attack on The Partnership HealthPlan of California (PHC), claiming to have snatched 400 GB of data including 850,000 unique records. PHC has been experiencing computer system disruptions and the organization said that it is working to investigate and recover from the attacks with support from third-party forensic specialists. The stolen data is known to include names, Social Security numbers, and addresses of current and past PHC members.
How It Could Affect Your Customers’ Business: Healthcare data is an especially popular commodity for bad actors and incidents like this are expensive disasters for the institutions that have them.
The New York City Department of Education
https://www.k12dive.com/news/data-breach-exposes-820k-new-york-city-students-information/621352/
Exploit: Supply Chain Risk
The New York City Department of Education: Government Agency
Risk to Business: 2.829 = Moderate
The New York City Department of Education has discovered that the personal information of an estimated 850,000 students was exposed in a supply chain service provider data breach in January. That incident occurred at Illuminate Education, a California-based company that provides software to track grades and attendance. An agreement that the vendor had with NYC Schools called for the data to be encrypted, but it was discovered to not have occurred at the time of the breach. The incident is under investigation by New York state officials.
Individual Impact: No information about the student data or any consumer/employee PII, PHI or financial data exposure was available at press time.
How It Could Affect Your Customers’ Business A security failure at a supplier can lead to a headache like a data breach for any organization.
United States – Shutterfly
Exploit: Ransomware
Shutterfly: Photography Retail Platform
Risk to Business: 2.735 = Moderate
Shutterfly has disclosed a data breach that exposed employee information in a ransomware attack by the Conti group. Shutterfly disclosed that its network was breached on December 3rd, 2021, and threat actors gained access to employee information. The company went on to disclose that documents stolen during the attack may have contained employees’ personal information, including names, salary and compensation information and FMLA leave or workers’ compensation claims. Shutterfly is offering two years of free credit monitoring from Equifax for those affected.
How It Could Affect Your Customers’ Business: Personal data is a hot ticket item, and big companies often have a storehouse of it in their employee records.
Argentina – Globant
https://thehackernews.com/2022/03/lapsus-claims-to-have-breached-it-firm.html
Exploit: Ransomware
Globant: IT and Software Development
Risk to Business: 1.969 = Severe
Cybercrime outfit Lapsus$ is back in the saddle, claiming responsibility for a successful ransomware attack against IT powerhouse Globant. The company confirmed the incident. Lapsus$ posted images that it claims are of extracted data and credentials belonging to the company’s DevOps infrastructure on its Telegram channel. They also shared a torrent file that they claims holds around 70GB of Globant’s source code as well as other data including administrator passwords associated with the firm’s Atlassian suite, including Confluence and Jira, and the Crucible code review tool. One unusual detail: Lapsus$ pointed out the fact that a number of the stolen passwords had been reused several times and were compromised before they got ahold of them, chiding the company for weak password security.
How it Could Affect Your Customers’ Business The Information Technology sector was the third most impacted sector for ransomware in 2021.
Germany – Nordex Group
https://www.nasdaq.com/articles/nordex-impacted-by-cyber-security-incident
Exploit: Hacking (Nation-State)
Nordex Group: Wind Turbine Manufacturer
Risk to Business: 2.017 = Severe
The Nordex Group, a major manufacturer of wind turbines, has announced that it has been experiencing systems outages since March 31, 2022, due to an unnamed cyberattack. The company claims to have detected the attack in its early stages and successfully moved to contain it, going on to say that the outage may impact employees, customers and stakeholders. This is the second hit on a German wind turbine company since the start of the Russia/Ukraine conflict and early reports say that this may be a nation-state incident.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How it Could Affect Your Customers’ Business Nation-state cybercriminals are all about infrastructure attacks, as illustrated in the run-up to the Russia/Ukraine conflict.
Spain – Iberdrola
Exploit: Hacking (Nation-State)
Iberdrola: Energy Company
Risk to Business: 2.017 – Severe
Spanish power company Iberdrola has disclosed a cyberattack that exposed data for an estimated 1.3 million customers. Iberdrola said that the attack was part of a pattern of attacks on utility and infrastructure targets in Spain and Europe that are suspected to be related to the Russia/Ukraine conflict. The incident is under investigation by the National Cryptology Centre. Exposed customer data includes ID numbers, addresses, phone numbers and email addresses, but not bank account details, credit card numbers or information about the clients’ use of energy.
How it Could Affect Your Customers’ Business The US government recently warned infrastructure operators to expect a fresh wave of attacks by nation-state actors aligned with Russia.
Russia – Marathon Group
https://securityaffairs.co/wordpress/129713/hacktivism/anonymous-hacked-marathon-group.html
Exploit: Nation-State (Hacktivism)
Marathon Group: Investment Firm
Risk to Business: 2.176 = Severe
Anonymous announced that it has hacked into the Marathon Group, releasing 62,000 company emails (a 52GB archive) through DDoSecrets. Reports identify the Marathon Group as a Russian investment firm owned by EU-sanctioned oligarch Alexander Vinokuro, the son-in-law of Russian Foreign Minister Lavrov. The firm and its owner are suspected of financing Russian government activities.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How it Could Affect Your Customers’ Business Anonymous has been hard at work hacking assets that belong to Russia and its allies after the Collective announced it was siding with Ukraine.
Japan – Morinaga
Exploit: Hacking
Morinaga: Confectioner
Risk to Business: 2.176 = Severe
Candy company Morinaga has announced that it has had a data breach impacting its online store. The incident has potentially exposed the personal information of more than 1.6 million customers who bought products from the candy maker between May 1, 2018, and March 13, 2022. The company also disclosed that their initial investigation confirmed that several of their servers had been subjected to unauthorized access “and that access to some data had been locked,” although there has been no clarification as to whether or not this was a ransomware attack. The confectioner also noted that there may be minor production impacts.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How it Could Affect Your Customers’ Business Manufacturers of all kinds have been high on the cybercriminal hit list in recent months.
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.