Week in Breach 1/11/23-1/17/23 | CloudSmart IT

Week in Breach 1/11/23-1/17/23

This week, we’re exploring: a bevy of big healthcare-related breaches, a scary ransomware hit in Australia and another nasty supply chain attack. With this types of attacks in the world, do you have someone watching your back to keep you safe? If not, let us help! Need to evaluate how well your security stacks up? We can help you explore that as well. 

Click here to see some of the ways CloudSmart IT can help you with your Cyberseurity needs!

 

 


San Francisco Bay Area Rapid Transit (BART)

https://therecord.media/san-francisco-bart-investigating-ransomware-attack/

Exploit: Ransomware

San Francisco Bay Area Rapid Transit (BART): Transportation Authority

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.776 = Moderate

The Vice Society ransomware gang has claimed responsibility for a cyberattack on the San Francisco Bay Area Rapid Transit (BART) system and added purportedly stolen data to its dark web leak site.  NBC News reported that the gang snatched over 120,000 highly sensitive files from BART’s police department that include data like the names of children suspected of suffering abuse, driver’s license numbers and mental health evaluation forms. A spokesperson for BART says that no BART services or internal business systems have been impacted. No information was available at press time about any ransom demand. 

How It Could Affect Your Customers’ Business: Ransomware attacks have been an ongoing threat to infrastructure and the pace is not slowing down.


Consulate Health Care

https://securityaffairs.com/140452/cyber-crime/consulate-health-care-hive-ransomware.html

Exploit: Ransomware

Consulate Health Care: Healthcare Services Company

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.221 = Extreme

Consulate Health Care, a large provider of specialty healthcare services for seniors, has been hit by the Hive ransomware group. Hive recently leaked 550 GB of data that it claims to have stolen in the attack including PHI and PII. The attack took place on December 3rd, 2022, and it was disclosed on January 6, 2023. The gang claims to have stolen a wide array of data including contracts, NDA documents, proprietary company data (internally facing budgets, plans, evaluations, revenue cycle, investors relations, company structure, etc.), employee PII (social security numbers, emails, addresses, phone numbers, photos, insurances info, payments, etc.), and patient PII and PHI (medical records, credit cards, emails, social security numbers, phone numbers, insurances, etc.). This deluge of data was revealed on Hive’s dark web leak site after Consulate Health Care apparently refused to pay an unspecified ransom.

How It Could Affect Your Customers’ Business: This incident will cost Consulate a fortune once regulators get through with them.


Des Moines Public Schools

https://therecord.media/iowa-school-district-cancels-classes-another-day-due-to-cyberattack/

Exploit: Ransomware

Des Moines Public Schools: Municipal Education Authority

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.837 = Severe

Des Moines Public Schools, a system that serves more than 30k students, was forced to suspend classes for two days following a suspected ransomware on January 9. A district official said that the district was forced to take its systems offline after discovering the incident to limit the damage. The district was able to return to in-person learning on January 12. However, it experienced ongoing problems with its virtual learning and student information system Infinite Campus and its phone systems that have since been resolved. Many students were also left without Wi-Fi on campus, and access to networked systems within individual schools was also impacted.  

How It Could Affect Your Customers’ Business: The education sector is especially attractive to bad actors because of its time-sensitive nature.


Bay Bridge Administrators

https://www.securityweek.com/251k-impacted-data-breach-insurance-firm-bay-bridge-administrators

Exploit: Hacking

Bay Bridge Administrators: Employee Benefits Administrator

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.981 = Extreme

Texas-based employee benefits administration firm Bay Bridge Administrators says that it was the victim of a successful cyberattack that may have exposed the data of more than 250K people. Bay Bridge Administrators disclosed that on August 15, 2022, a threat actor gained unauthorized access to the Bay Bridge Administrators network and used that access to exfiltrate certain data on September 3, 2022. An investigation determined that PHI and PII was exposed in the incident, and subsequently began notifying those whose data had been stolen. The information about employees whose benefits Bay Bridge Administrators managed includes names, addresses, birth dates, Social Security numbers, ID and driver’s license numbers and medical/health insurance data.  

How It Could Affect Your Customers’ Business: Business services companies like this one hold lots of valuable data, making them attractive targets for cyberattacks.



United Kingdom – Morgan Advanced Materials

https://therecord.media/british-company-that-helps-make-semiconductors-hit-by-cyber-incident/

Exploit: Ransomware

Morgan Advanced Materials: Semiconductor Supply Manufacturer

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.643 = Severe

The British company Morgan Advanced Materials, a manufacturer of specialized ceramic and carbon parts used in semiconductor manufacturing, has disclosed that it has been the victim of a probable ransomware incident that disrupted its operations. The company said that it has initiated incident response plans and “taken action within its IT systems” to limit the damage. Customers and suppliers have been told to manually process existing and upcoming orders. Morgan Advanced Materials said in a statement that it has engaged a third-party firm to investigate the incident.  

How it Could Affect Your Customers’ Business: Hits on manufacturers can cause a cascade of supply chain problems that impact other businesses too.


United Kingdom – Royal Mail

https://www.theguardian.com/business/2023/jan/11/royal-mail-services-suffer-severe-disruption-after-cyber-incident

Exploit: Ransomware

Royal Mail: Postal Service

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.643 = Severe

Britain’s Royal Mail is in chaos as a successful ransomware attack by the Lockbit Group has left the service reeling. Royal Mail said it is temporarily unable to dispatch export items, warning that letters and parcels in transit to international destinations may be delayed. Royal Mail officials said that Royal Mail’s Parcelforce Worldwide brand is still operating to all international destinations, but customers should expect delays. Officials were also quick to assure people that the domestic post has not been affected. The service is asking people to not post anything going to an international destination until the situation has been resolved. The perpetrator was first identified as a Russia-aligned cybercrime gang that ultimately turned out to be Lockbit. Royal Mail says that it informed the government’s National Cyber Security Centre to help in the investigation. No ransom demand if any has been made public.

How it Could Affect Your Customers’ Business: Hits on manufacturers can cause a cascade of supply chain problems that impact other businesses too.


France – Family Allowance Fund (CAF)

https://www.csoonline.com/article/3685233/data-leak-exposes-information-of-10-000-french-social-security-beneficiaries.html

Exploit: Human Error

Family Allowance Fund (CAF): Social Security Agency

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.702 = Severe

Family Allowance Fund (CAF), France’s social security agency, is facing a problem after information about citizens was exposed. The incident occurred when a local branch office of CAF in Gironde (Nouvelle-Aquitaine) reportedly sent a file containing PII of 10,204 beneficiaries to a service provider responsible for training the organization’s statisticians to be used in training exercises. The unnamed service provider the information was sent to claims that it did not know that the CAF file contained real, and not fictitious, information. Complicating matters, the file was also posted on a public-facing webpage in March 2021 in the course of the training exercises without any security and easily downloadable by anyone. The surnames, first names and postal codes of beneficiaries were removed from the file, but other information remained including a beneficiary’s address (number and street name), date of birth, household composition and income, amounts and types of benefits received. 

How it Could Affect Your Customers’ Business: Human error is the most likely cause of expensive disasters like a data breach, and failure to train is a common reason for employee errors.



Australia – Fire Rescue Victoria (FRV)

https://www.bankinfosecurity.com/ransomware-group-behind-victoria-fire-department-outage-a-20913

Exploit: Ransomware

Fire Rescue Victoria (FRV): Public Safety Service

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.831 = Severe

The Vice Society ransomware group has claimed responsibility for a ransomware attack on Fire Rescue Victoria that resulted in data theft. The December 2022 attack led to a widespread IT outage for the fire department, a public safety threat. Vice Society has released a sample of the stolen data on its dark web leak site. That leaked data includes budget documents, job applications and other sensitive information. FRV has recovered many critical systems since the incident, but reports say that its overall IT infrastructure is still not fully operational. FRV has had to resort to using older, offline resources such as dispatch crews, mobile phones, pagers and radios. Firefighting crews and trucks remained operational throughout the incident, which remains under investigation.  

How it Could Affect Your Customers’ Business: Although this attack did not have an impact on public safety, it could have created a very dangerous circumstance.



Japan – Aflac

https://www.theregister.com/2023/01/11/japan_aflac_zurich_data_breaches/

Exploit: Human Error

Aflac: Insurer

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.103 = Severe

Aflac’s Japanese branch disclosed in a statement that personal data describing more than three million customers of its cancer insurance product has been leaked online by a third-party contractor. Aflac’s apology states the contractor’s servers were accessed on January 7, 2023, and that the contractor in question was U.S. based, but no further details were disclosed about the unnamed contractor. AFLAC admitted that Japanese customers of their cancer insurance offering had their surname, age, gender, and insurance coverage details exposed.

How it Could Affect Your Customers’ Business: Employee mistakes are the cause of many expensive disasters that security awareness training can help prevent.

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

View All News & Articles

Ready to customize an IT solution that fits YOUR business goals? Get free guidance from our CEO.

Ready to customize an IT solution that fits YOUR business goals?

Get free guidance from CloudSmart IT.

Book a call or call us at 615.610.3500 today for your no-cost, no-obligation consultation.