Week in Breach 3/15/23-3/21/23

Risk to Business: 1.702 = Severe

Essendant, a wholesale distributor of office products, has disclosed that it is experiencing a significant and ongoing outage due to ransomware that knocked the company’s operations offline. The LockBit ransomware group had claimed responsibility for the attack, adding Essendant to its dark web leak site on March 14, 2023. Essendant’s network outage began around March 6 and has impacted many facets of the company’s operations including placement and fulfillment of online orders as well as freight carrier pickups. No ransom amount was specified.

Risk to Business: 2.711 = Moderate

 The U.S. National Basketball Association (NBA) is notifying fans of a data breach after some of their personal information was found to have potentially been exposed through a contractor for the league. A breach notice mailed to impacted fans said: “We recently became aware that an unauthorized third party gained access to, and obtained a copy of, your name and email address, which was held by a third-party service provider that helps us communicate via email with fans who have shared this information with the NBA.” The third-party contractor has not been named. The NBA reassured fans that its network has not been hacked and that fans usernames and passwords for NBA sites were safe.  

Risk to Business: 1.808 = Severe

Tuscaloosa, Alabama’s NorthStar Emergency Paramedic Services has informed patients that their information may have been exposed in a hacking incident. In an announcement on its website, the service told customers that on September 16, 2022, NorthStar discovered unusual activity on its network. Investigators determined that a threat actor had gained access to patient information. Patient data that may have been exposed includes individuals’ names, Social Security numbers, dates of birth, patient ID number, treatment information, Medicare/Medicaid number and/or health insurance information. Impacted patients have been informed by letter. 

Risk to Business: 1.623 = Severe

Centre Hospitalier Universitaire (CHU) Saint-Pierre in Brussels experienced a major disruption last week as the result of an unnamed cyberattack. The incident led to ambulances being diverted and staffers were forced to resort to old-school paper records because of a systems outage that lasted for several days. The hospital managed to get its servers back up and running over the weekend. An investigation into the incident is ongoing and appropriate law enforcement authorities have been notified. The hospital’s website remained unavailable on Monday. 

Risk to Business: 2.899 = Moderate

 Dutch maritime logistics firm Royal Dirkzwager has been struck by a ransomware attack by the Play ransomware group. The company was added to Play’s leak site over the weekend, with 5G of sample data provided as proof of the hack. The group claims to have snatched proprietary data as well as personal confidential data like employee IDs, passports and contracts. The company confirmed the attack but did not say whether or not they planned to pay a ransom, also saying that they have notified the Dutch Data Protection Authority.

Risk to Business: 1.709 = Severe

Hitachi Energy is the latest company to admit that they fell victim to an attack by the Cl0p ransomware group. The gang has been on a spree, exploiting a zero-day vulnerability in Fortra’s GoAnywhere managed file transfer (MFT) software. Cl0p claims to have breached more than 130 organizations through the vulnerability. California-based digital bank Hatch Bank, healthcare provider Community Health Systems and cybersecurity firm Rubrik have publicly admitted to being hit in that wave of attacks. Hitachi said that the incident may have resulted in the exposure of employee personal data but not consumer data, and that its network operations were not impacted.  

Risk to Business: 1.711 = Severe

Patients who participated in Australia’s largest skin cancer study are learning that their personal data may have been accessed by bad actors as part of a data security incident at a third-party contractor for the medical research company QIMR Berghofer. Servers owned and operated by Datatime, a technology company hired by QIMR Berghofer to scan and process surveys, were hacked, resulting in the personal data of an estimated 1,000 Australians becoming exposed. Impacted patients may have had data including their name, address and Medicare numbers accessed by cybercriminals. Datatime maintained that it intended to delete the survey data after 12 months, but hackers struck before that time had elapsed.  

Risk to Business: 1.473 = Extreme

Consumer credit and finance provider Latitude Financial said it has been the victim of a hacking incident. The company provides consumer finance services to a variety of retailers including Harvey Norman, JB Hi-Fi and The Good Guys. Latitude has disclosed that bad actors made off with the identification documents of 328,000 consumers including the driver’s license details of about 100,000 customers. Reports say that Latitude’s network was breached directly, enabling bad actors to gain access to two of Latitude’s service providers. The incident is ongoing, and Latitude has admitted that the scope of the stolen data may grow.