Week in Breach 3/8/23-3/14/23 Copy

Risk to Business: 1.802 = Severe

AT&T is notifying roughly 9 million customers that some of their information was exposed after a marketing vendor was hacked in January 2023. The company did not name the vendor, and they were quick to reassure customers that financial data and Social Security numbers were not involved. Impacted customers have been informed that some or all of their Customer Proprietary Network Information (CPNI) has been exposed, including customer first names, wireless account numbers, wireless phone numbers and email addresses. The company said that a small percentage of customers also had additional data exposed including their rate plan name, past due amount, monthly payment amount, minutes used and various other monthly charges. AT&T said that the data was several years old but didn’t specify a time period.  

Risk to Business: 1.702 = Severe

The U.S. Federal Bureau of Investigation (FBI) is investigating a cyberattack on DC Health Link that Left some information exposed for more than 56,000 people including members of Congress. The health insurance marketplace became aware it had been hacked last Wednesday. People whose information was leaked include small business owners, uninsured District residents and lawmakers, including members of Congress and their staff. The data stolen includes names, Social Security numbers, dates of birth, health plan information and other personal information, including home addresses, phone numbers, email addresses, ethnicity and citizenship status. 

Risk to Business: 1.267 = Extreme

Mental health platform Cerebral is informing 3.8 million customers that it has experienced a data breach. The company recently admitted that it had been using invisible pixel trackers from Google, Meta (Facebook), TikTok and other third parties on its online services since October 12, 2019. Those pixels had data logging features, resulting in the exposure of sensitive medical information of people who used the provider’s platform to third parties without the customer’s knowledge. Exposed patient information includes a client’s full name, phone number, email address, date of birth, IP address, client ID number, demographic information, self-assessment responses and associated health information, subscription plan type, appointment dates, treatment details, clinical data, and health insurance and pharmacy benefit information. Social Security numbers, credit card information, and bank account information have not been impacted. 

Risk to Business: 2.779 = Moderate

New York-based financial services and insurance holding company Group 1001 has announced that it was the victim of a ransomware attack that impacted some of its member companies. The February 9, 2023, attack snarled operations for several member companies, including Delaware Life Insurance, Delaware Life Insurance Company of New York, Clear Spring Life and Annuity, Clear Spring Property and Casualty and Clear Spring Health. The company said that it did not pay a ransom but offered no specifics about the attacker, noting that they’ve brought in a third-party forensics team to investigate this incident along with the FBI. The Gainbridge subsidiary of Group 1001 was not affected. Operations have since been restored. People who were impacted are being informed by mail.

Risk to Business: 1.783 = Severe

Engineering firm Black & McDonald, a major defense contractor for the Canadian military, has been struck by a ransomware attack. Black & McDonald is the parent company of Canadian Base Operators, a contractor for Defence Construction Canada, a contractor that provides facilities management and other military infrastructure across Canada. Canada’s Department of National Defence (DND) told reporters that it was informed of the incident on February 10, 2023. DND does not believe that any sensitive information or systems were compromised. The incident is under investigation, and no ransomware group had claimed responsibility as of press time.  

Risk to Business: 1.709 = Severe

The RansomHouse ransomware operation has claimed responsibility for an attack on Hospital Clínic de Barcelona that caused a major disruption to the facility’s operations. All applications and communications remained down over the weekend as hospital staff were forced to resort to manual recordkeeping, slowing care and preventing doctors from accessing patients’ records. Radiology, endoscopic tests, radiological scans, dialysis, and outpatient pharmacy services will continue operating normally. Officials said that three associated medical centers, CAP Casanova, CAP Borrell and CAP Les Corts were also impacted. No information about a ransom demand was available at press time.  

Risk to Business: 2.701 = Moderate

Ukrainian game studio GSC Game World, which moved its headquarters to Prague in response to the Russian invasion of that country, announced on Twitter that it has been the victim of a successful cyberattack, the latest in a series of cyber incidents that has buffeted the game developer. According to GSC Game World, a Russian hacker group known as Vestnik TSS gained access to staff accounts and stole about 30 GB of unpublished content about the game. The group has made some unique demands, saying that they will leak 30 GB of content from the studio’s upcoming Stalker 2 game if they aren’t met by March 15. The hackers are demanding that the company apologize to players in Russia and Belarus, that the game have a Russian translation and that the game’s launch in the region is guaranteed. GSC Game World maintains that it has been the victim of a campaign of ongoing cyber harassment from pro-Russia hackers for months.

Risk to Business: 2.697 = Moderate

Technology giant Acer has confirmed that its servers were breached in a cyberattack in mid-February. However, the company says that no customer data was stolen or exposed in this incident. A hacker has advertised the data for sale on dark web marketplace BreachForums including 655 directories and 2,869 files. The threat actor claims to have snatched confidential slides and presentations, staff technical manuals, Windows Imaging Format files, binaries, backend infrastructure data, confidential product documents, Replacement Digital Product Keys, ISO files, Windows System Deployment Image files, BIOS components and ROM files.