Week in Breach 3/29-4/4/23 | CloudSmart IT

Week in Breach 3/29-4/4/23

Financial institutions have a huge responsibility to keep their clients’ most sensitive data secure. As you will see this week, there can be cracks in their defense and put sensitive information at risk. There are also a number of breaches that have occurred in other businesses and institutions that remind us that bad actors never rest. 

Since the bad guys never rest, neither do we!  CloudSmart IT partners with one of the best 24/7/365 Security Operations Center (SOC) in the world for a solution to cover your business’s back around the clock. Check out more about those offerings on the CloudSmart IT cybersecurity page so you can rest easy! 


 

Western Digital

https://thehackernews.com/2023/04/western-digital-hit-by-network-security.html

Exploit: Hacking

Western Digital: Computer Hardware Manufacturer

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.702 = Severe

Western Digital, a California-based provider of data storage hardware, has announced that it was hit by a cyberattack last Monday. In the March 26, 2023, incident, bad actors gained access to a number of the company’s systems, forcing the company to take some services and systems offline. In a statement, the company acknowledged that My Cloud, My Cloud Home, My Cloud Home Duo, My Cloud OS5, SanDisk ibi, SanDisk Ixp and Wireless Charger products were impacted. Reports say that cloud, proxy, web, authentication, emails and push notification services are experiencing outages.

How It Could Affect Your Customers’ Business: Manufacturers like this are sitting ducks as cybercriminals ramp up efforts against the supply chain.

NCB Management Services

https://www.securityweek.com/500k-impacted-by-data-breach-at-debt-buyer-ncb/

Exploit: Hacking

NCB Management Services: Debt Buyer

1.51 – 2.49 = Severe Risk

Risk to Business: 1.873 = Severe

Accounts receivable management company and debt buyer NCB Management Services has started informing consumers that their personal information was likely compromised in a data breach. The incident is expected to impact roughly 500,000 individuals. NCB said that hackers compromised some of NCB’s systems on February 1, 2023, giving them access to information from closed Bank of America credit card accounts. Included in this breach were names, addresses, phone numbers, email addresses, birth dates, driver’s license numbers, Social Security numbers and employment information for account holders. Financial data such as pay amounts, credit card numbers, routing numbers, account numbers and balances, and account statuses was also snatched.

How It Could Affect Your Customers’ Business: Finance has been the top sector hit by cybercriminals for the last few years as the economy contracts

Lumen Technologies

https://www.cybersecuritydive.com/news/lumen-ransomware-attack/646135/

Exploit: Ransomware

Lumen Technologies: Communications and Network Services

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.311 = Extreme

Lumen Technologies has announced that it is dealing with not one but two cyber incidents. According to a filing with the U.S. Securities and Exchange Commission (SEC), Lumen discovered that a number of their servers that support a segmented hosting service had been infected with ransomware. The Louisiana-based company acknowledged that the ransomware is impacting a small number of its enterprise customers, disrupting call center operations. The company also said that in a separate incident, it had discovered that bad actors had gained access to another part of the company’s IT systems, installed a different type of malware and stole data. The firm is evaluating whether any personally identifiable information (PII) or other sensitive information was stolen.  

How It Could Affect Your Customers’ Business: This dose of double trouble will be a powerful blow to the company’s reputation as well as its finances.

Cornell University

https://theithacan.org/news/students-bank-accounts-hacked-because-of-ticketing-software-breach/

Exploit: Supply Chain Attack

Cornell University: Institution of Higher Learning

1.51 – 2.49 = Severe Risk

Risk to Business: 1.819 = Severe

Cornell University has released a security alert warning that purchase data for ticketholders at some of its recent events has been stolen as the result of a platform breach at one of its vendors, AudienceView. The school cautioned that people who had purchased tickets for shows and events organized by the Cornell Concert Series, Cornell Athletics, Cornell Tickets and the Schwartz Center for the Performing Arts may have had financial data stolen. In some cases, students reported that money had already been snatched from their bank accounts. Other colleges and universities including Ithaca College, Virginia Tech University, SUNY Oswego, Colorado State University, Loyola University Chicago and McMaster University in Canada have also been impacted by the AudienceView breach. The ticketing platform company said that the breach was caused by malware discovered in its systems and that it is working with Mandiant to investigate the incident.  

How It Could Affect Your Customers’ Business: This is a valuable score of fast-selling credit card and financial data that means big profits for the bad guys.

 

TMX Finance

https://www.bleepingcomputer.com/news/security/consumer-lender-tmx-discloses-data-breach-impacting-48-million-people/

Exploit: Hacking

TMX Finance: Consumer Lender

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.423 = Extreme

TMX Finance, a lender based in Canada with operations in the U.S. and Canada, has disclosed a data breach that impacts customers of its subsidiaries TitleMax, TitleBucks, and InstaLoan. TMX said that the breach likely began in early December 2022 but that it did not detect the breach until February 13th, 2023. The personal data of 4,822,580 customers was potentially exposed in the incident. TMX says that the exposed customer data includes a client’s Full name, date of birth, passport number, driver’s license number, federal/state identification card number, tax identification number, U.S. Social Security number, financial account information, phone number, physical address and email address. 

How it Could Affect Your Customers’ Business: This will be an expensive disaster for TMX after regulators in both countries wind their way through its subsidiaries.

 

UK – Capita

https://www.infosecurity-magazine.com/news/outsourcer-capita-contained-cyber/

Exploit: Hacking 

Capita: Business Services Provider 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.709 = Severe

London-based business services giant Capita has disclosed that it has been hit by a cyberattack that has caused disruption to some of its internal processes. The company said in a statement that the cyberattack, which took place last Friday primarily impacted access to internal Microsoft Office 365 applications and some online services for customers. The fallout lasted for about three days. Capita performs crucial operations for the NHS and the military in Britain. The company was still restoring online services for customers on Monday morning.  

How it Could Affect Your Customers’ Business: Business services providers have been front and center in the rising tide of supply chain cyberattacks.

Italy – Toyota Italy

https://securityaffairs.com/144151/hacking/toyota-customer-data-leak.html

Exploit: Human Error 

Toyota Italy: Car Company 

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.836 = Moderate

Toyota Italy has acknowledged that it accidentally leaked sensitive data about its customers for at least the last 18 months. The data leak occurred through likely misconfiguration in its Salesforce Marketing Cloud and Mapbox APIs. The company exposed its credentials to the Salesforce Marketing Cloud, giving bad actors possible access to Toyota clients’ phone numbers and email addresses, customer tracking information and email, SMS and push-notification contents. The company also exposed application programming interface (API) tokens for Mapbox, a U.S. based mapmaker. Toyota Italy said that it has taken steps to close those gaps.

How it Could Affect Your Customers’ Business: Even a small misconfiguration or mistake with an API can be a huge, expensive disaster for a company

 

Crown Resorts 

https://www.reuters.com/technology/crown-resorts-data-vendor-hacked-limited-number-its-files-impacted-2023-03-27/

Exploit: Hacking

Crown Resorts: Casino Operator

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.733 = Moderate

Crown Resorts is the latest company to fall victim to the exploitation of GoAnywhere. By the Cl0p ransomware group. The company said last Monday that a ransomware group had contacted Crown Resorts, claiming to have gained access to some files through the GoAnywhere file transfer service zero-day exploit. Crown Resorts was quick to reassure the public that no customer data was compromised, and the company’s resort, casino and business operations have not been impacted. More than 100 companies have been hit by Cl0p in the GoAnywhere snafu.  

How it Could Affect Your Customers’ Business: This might have been avoidable with fast patching once this exploit became public weeks ago.

Meriton

https://www.9news.com.au/national/meriton-cyber-hack-australia/63d500ca-8685-466b-8097-b45c25d40697

Exploit: Hacking

Meriton: Hotel Operator

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.733 = Severe

Major Australian hotel and holiday home operator Meriton has disclosed that it has experienced a cyber indent that led to the exposure of personal data. More than 1800 guests and staff members employed by Meriton may potentially have had their data stolen when hackers struck the luxury developer on January 14, 2023. Guests staying in Meriton properties may have had their contact information exposed. Meriton employees were hit harder, with their bank accounts, tax file numbers and employment information, which includes particulars about salaries, disciplinary history and performance appraisals possibly accessed by hackers. The company said that the incident was reported to the Australian Cyber Security Centre and the Office of the Australian Information Commissioner.

How it Could Affect Your Customers’ Business: This breach hit two tracks of data for Meriton, doubling its chance of a big fine.


 

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident

 

 

Our Approach to Cybersecurity

Business Runs on IT

We provide a comprehensive cybersecurity service so that you can spend more time doing what you do best- running your business. From installation to long-term management and support, we’ll always be there!

View All News & Articles

Ready to customize an IT solution that fits YOUR business goals? Get free guidance from our CEO.

Ready to customize an IT solution that fits YOUR business goals?

Get free guidance from CloudSmart IT.

Book a call or call us at 615.610.3500 today for your no-cost, no-obligation consultation.