Week in Breach 10/26/22-11/01/22

Risk to Business: 1.863 = Severe

Big-box retailer Bed, Bath and Beyond has experienced a data breach. The company disclosed that a third party had improperly accessed its data through a phishing scam. Bad actors gained access to the hard drive and certain shared drives of one of its employees earlier this month. The retailer was quick to reassure consumers that it does not believe that any sensitive or personally identifiable information was accessed. 

Risk to Business: 1.423 = Extreme

The U.S. division of UK company See Tickets has revealed that its platform has been hosting a credit card skimmer for an estimated two and a half years. In a data breach notification shared with the Montana Attorney General’s office, See Tickets disclosed that it discovered the breach in April 2021 and ultimately determined that the skimmer was activated on June 25, 2019. However, it wasn’t until January 8, 2022, that the malicious code was fully removed from its site. The company says that it worked with forensic experts and Visa, MasterCard, American Express and Discover in the investigation.

Individual Risk: 1.307 = Extreme

The customer information that the hackers might have stolen includes a client’s full name, physical address, ZIP code, payment card number, card expiration date and CVV number. No number of clients affected was specified.

Risk to Business: 2.687 = Moderate

Kenosha Unified School District in Wisconsin has been the victim of a successful ransomware attack by the Snatch ransomware group. The gang added the district to its dark web leak site last week.  Kenosha Unified School District officials admitted that the district was forced to take systems offline to deal with the attack but they’ve since been restored.  No ransom amount has been reported, nor did the district elaborate on what data had been stolen. The district serves an estimated 20,000 students.  

Risk to Business: 2.624 = Severe

The Pendragon Group, the operator of more than 200 car dealerships in the UK, has been the victim of a ransomware attack by LockBit 2.0. Pendragon owns CarStore, Evans Halshaw and Stratstone luxury car dealerships. The auto dealer says that the gang has demanded $60 million to decrypt files and not leak them, but they have no intention of paying the extortionists. The company disclosed that the attack took place about a month ago and says that only about 5% of its data was stolen. No specifics were available about the nature of that data at press time. 

Risk to Business: 1.619 = Severe

Europe’s top copper smelter Aurarubis announced that it had been the victim of a cyberattack that caused the company to shut down its IT systems. The company said that production was not disrupted badly, and environmental controls were not impacted. Aurarubis also said that incoming and outgoing shipments are being handled manually. There was no timeline provided for when the company expected to have all of its systems back online. The company pointed to this attack as part of a larger pattern of cyberattacks in the metals and mining industry.

Risk to Business: 1.684 = Severe

 BlackByte ransomware is behind an attack on Asahi Group Holdings, Ltd. The group claims to have snatched gigabytes of documents from the beverage company, including financial and sales reports. The gang is reportedly demanding $500K to buy the stolen data back or $600K to delete the stolen data. There was no word at press time if the beverage company intended to pay. Asahi is the largest beer brewer in Japan and also distributes imported beer and soft drinks.  

Risk to Business: 2.783 = Extreme

A ransomware attack has struck a communications platform used by military personnel and public servants from The Australian Department of Defence. The platform, ForceNet is run by a subcontractor. Initial reports stated that no data was stolen or at risk, but that was later updated with the news that data related to private communications between current and former Australian Defence Force members may have been compromised, with as many as 40,000 records at risk in a likely breached dataset from 2008. However, authorities are confident no personal data has been accessed. No further information about the exact nature of the exposed data or any ransom demand was available at press time. 

Risk to Business: 1.771 = Severe

The latest victim in Australia’s recent surge of cyberattacks is Medilab Pathology. The company disclosed that an unauthorized party has gained access to a huge store of data including more than 17,500 individual medical and health records, more than 28,000 credit card numbers and individuals’ names and more than 128,600 Medicare numbers. Medilab investigated a data breach in February 2022 but found that no data was taken. That changed after the Australian Cyber Security Centre (ACSC) contacted Medilabs’ parent company Australian Clinical Labs in June 2022 and informed the company that Medlab information had been posted on the dark web. No additional details about the stolen data were available at press time.