Week in Breach 3/1/23-3/7/23

Risk to Business: 1.402 = Extreme

The U.S. Marshals Service announced that it is investigating a ransomware attack on its system. The attack has compromised some of its most sensitive information, including law enforcement materials, and the personal information of employees and potential targets of federal investigations. In the February 17 incident, cybercriminals were able to obtain access to sensitive administrative data including personal information of certain employees, and data about wanted fugitives, as well as information on unidentified third parties. The affected system also contained sensitive law enforcement information like ongoing legal procedures.  

Risk to Business: 1.702 = Severe

Pipefitters Local 537 in Boston is investigating a cyberattack that resulted in a loss of $6.4 million. Officials called the incident a social engineering attack, saying that their internal systems were not compromised or hacked. The evidence so far points to a business email compromise attack. The union was quick to assure members that it does not appear that the personal information of members was stolen or compromised and that this attack will have no impact on the members’ health fund. The incident is under investigation by private and federal investigators.

Risk to Business: 1.808 = Severe

A misconfigured database owned by Animaker.com has exposed test and personal data belonging to over 700,000 people who are users of the websites getshow.io (an all-in-one video marketing platform) and animaker.com (a DIY video animation software). The database contains 5.3 GB of data, and new data is still being added daily. Exposed data includes full names, device type, postal codes, IP addresses, mobile numbers, email addresses, Animaker profile details and user country/city/state/location. The company doesn’t think that user passwords were exposed.  

Risk to Business: 2.779 = Moderate

 Fast food giant Chick-fil-A has confirmed that over 71,000 customers’ accounts were breached in a months-long credential stuffing attack. In this attack, threat actors were able to use customers’ stored rewards balances and access those customers’ personal information. In a security notice submitted to multiple Attorney General offices, the company specified that they suffered a credential stuffing attack between December 18, 2022, and February 12, 2023. This sustained attack allowed the threat actors to hack a total of 71,473 Chick-fil-A accounts. The cybercriminals had access to customers’ personal information including their name, email address, Chick-fil-A One membership number and mobile pay number, QR code, masked credit/debit card number and the amount of Chick-fil-A credit (e.g., e-gift card balance) on your account (if any). 

Risk to Business: 1.783 = Severe

 Denver Public Schools (DPS has disclosed that the personal information of an estimated 15,000 system employees was recently exposed in a hacking incident. The district said that between Dec. 13, 2022, and Jan. 13, 2023, a hacker accessed, and potentially downloaded employee-related files stored on the district’s computer servers.  Data stolen in this incident includes the names and Social Security numbers of current and former participants in the DPS employee health plan, employee fingerprints, bank account numbers or pay card numbers, driver’s license numbers, passport numbers and health plan enrollment information.  No student information was involved.  

Risk to Business: 1.709 = Severe

Southeastern Louisiana University is experiencing a cyberattack that has left students and staff unable to access systems for at least five days. The university was left without a functional website, email system or system for submitting assignments after being forced to shut its network down as a response to an unnamed cyberattack. Students and faculty have been struggling with getting though daily business like completing coursework and conducting remote classes since late last week. Systems are slowly being restored.

Risk to Business: 2.701 = Moderate

Leading convenience store and newsstand chain WH Smith has disclosed that they have experienced a data breach. In this incident, bad actors gained illegal access to some company data, including current and former employee data. The company reassured the public that there was no business interruption expected and that customer data was not affected because it is stored on separate systems. No further information was given about the incident, which remains under investigation.  

Risk to Business: 2.397 = Severe

An unprotected server has been uncovered that is storing the personal information of a significant number of customers of the European hotel chain Falkensteiner. Researchers discovered more than 102,000 records in the exposed database. Some records were repeats, but they ultimately determined that unique records for 22,000 people were involved. The exposed data includes full names, phone numbers, email addresses and booking details. The company says that it is investigating the incident.