Week in Breach 3/8/23-3/14/23 Copy | CloudSmart IT

Week in Breach 3/8/23-3/14/23 Copy

 This week: big breaches at AT&T and Acer, bad actors have some unusual demands for a Ukrainian video game company, Cerebral’s expensive tracking pixel disaster and a look at our previously unpublished data about incident response and recovery plans around the world. 

These breaches just go to show that you cannot ever have enough protection from the bad guys. See how we can help by visiting our cybersecurity page!


AT&T 

https://www.bleepingcomputer.com/news/security/atandt-alerts-9-million-customers-of-data-breach-after-vendor-hack/

Exploit: Supply Chain Attack

AT&T: Communications Conglomerate

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.802 = Severe

AT&T is notifying roughly 9 million customers that some of their information was exposed after a marketing vendor was hacked in January 2023. The company did not name the vendor, and they were quick to reassure customers that financial data and Social Security numbers were not involved. Impacted customers have been informed that some or all of their Customer Proprietary Network Information (CPNI) has been exposed, including customer first names, wireless account numbers, wireless phone numbers and email addresses. The company said that a small percentage of customers also had additional data exposed including their rate plan name, past due amount, monthly payment amount, minutes used and various other monthly charges. AT&T said that the data was several years old but didn’t specify a time period.  

How It Could Affect Your Customers’ Business: Supply chain risk is spinning out of control for businesses, and IT professionals need to be ready to mitigate it fast.


https://wtop.com/dc/2023/03/dc-health-link-responds-to-data-breach-saying-investigation-in-the-works/

Exploit: Hacking

DC Health Link: Health Insurance Marketplace

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.702 = Severe

The U.S. Federal Bureau of Investigation (FBI) is investigating a cyberattack on DC Health Link that Left some information exposed for more than 56,000 people including members of Congress. The health insurance marketplace became aware it had been hacked last Wednesday. People whose information was leaked include small business owners, uninsured District residents and lawmakers, including members of Congress and their staff. The data stolen includes names, Social Security numbers, dates of birth, health plan information and other personal information, including home addresses, phone numbers, email addresses, ethnicity and citizenship status. 

How It Could Affect Your Customers’ Business: This kind of information security disaster will be a big, expensive and painful mess to clean up.


Cerebral

https://www.bleepingcomputer.com/news/security/mental-health-provider-cerebral-alerts-31m-people-of-data-breach/

Exploit: Human Error

Cerebral: Telehealth Provider

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.267 = Extreme

Mental health platform Cerebral is informing 3.8 million customers that it has experienced a data breach. The company recently admitted that it had been using invisible pixel trackers from Google, Meta (Facebook), TikTok and other third parties on its online services since October 12, 2019. Those pixels had data logging features, resulting in the exposure of sensitive medical information of people who used the provider’s platform to third parties without the customer’s knowledge. Exposed patient information includes a client’s full name, phone number, email address, date of birth, IP address, client ID number, demographic information, self-assessment responses and associated health information, subscription plan type, appointment dates, treatment details, clinical data, and health insurance and pharmacy benefit information. Social Security numbers, credit card information, and bank account information have not been impacted. 

How It Could Affect Your Customers’ Business: This debacle is a disaster for Cerebral and will end up costing the company a fortune after regulators get finished with it.


Group 1001 Insurance

https://www.cybersecuritydive.com/news/insurance-holding-1001-restored-ransomware/644330/

Exploit: Ransomware

Group 1001: Financial Services Company

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.779 = Moderate

New York-based financial services and insurance holding company Group 1001 has announced that it was the victim of a ransomware attack that impacted some of its member companies. The February 9, 2023, attack snarled operations for several member companies, including Delaware Life Insurance, Delaware Life Insurance Company of New York, Clear Spring Life and Annuity, Clear Spring Property and Casualty and Clear Spring Health. The company said that it did not pay a ransom but offered no specifics about the attacker, noting that they’ve brought in a third-party forensics team to investigate this incident along with the FBI. The Gainbridge subsidiary of Group 1001 was not affected. Operations have since been restored. People who were impacted are being informed by mail.

How It Could Affect Your Customers’ Business: Ransomware attacks against financial industry targets like this have proliferated in the past three years.



Black & McDonald

https://therecord.media/canada-national-defence-black-mcdonald-ransomware

Exploit: Ransomware

Black & McDonald: Defense Contractor

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.783 = Severe

Engineering firm Black & McDonald, a major defense contractor for the Canadian military, has been struck by a ransomware attack. Black & McDonald is the parent company of Canadian Base Operators, a contractor for Defence Construction Canada, a contractor that provides facilities management and other military infrastructure across Canada. Canada’s Department of National Defence (DND) told reporters that it was informed of the incident on February 10, 2023. DND does not believe that any sensitive information or systems were compromised. The incident is under investigation, and no ransomware group had claimed responsibility as of press time.  

How it Could Affect Your Customers’ Business: Defense contractors and other military service providers are prime targets for ransomware thanks to the data they hold.



Spain – Hospital Clínic de Barcelona

https://www.bleepingcomputer.com/news/security/hospital-cl-nic-de-barcelona-severely-impacted-by-ransomware-attack/

Exploit: Ransomware

Hospital Clínic de Barcelona: Medical Center

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.709 = Severe

The RansomHouse ransomware operation has claimed responsibility for an attack on Hospital Clínic de Barcelona that caused a major disruption to the facility’s operations. All applications and communications remained down over the weekend as hospital staff were forced to resort to manual recordkeeping, slowing care and preventing doctors from accessing patients’ records. Radiology, endoscopic tests, radiological scans, dialysis, and outpatient pharmacy services will continue operating normally. Officials said that three associated medical centers, CAP Casanova, CAP Borrell and CAP Les Corts were also impacted. No information about a ransom demand was available at press time.  

How it Could Affect Your Customers’ Business: Ransomware is an especially nasty risk for medical centers that can’t afford downtime, making them a popular target.


Czech Republic – GSC Game World

https://www.pcgamer.com/stalker-2-developer-suffers-russia-linked-security-breach-we-have-been-enduring-constant-cyberattacks-for-more-than-a-year-now/

Exploit: Hacking

GSC Game World: Videogame Developer

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.701 = Moderate

Ukrainian game studio GSC Game World, which moved its headquarters to Prague in response to the Russian invasion of that country, announced on Twitter that it has been the victim of a successful cyberattack, the latest in a series of cyber incidents that has buffeted the game developer. According to GSC Game World, a Russian hacker group known as Vestnik TSS gained access to staff accounts and stole about 30 GB of unpublished content about the game. The group has made some unique demands, saying that they will leak 30 GB of content from the studio’s upcoming Stalker 2 game if they aren’t met by March 15. The hackers are demanding that the company apologize to players in Russia and Belarus, that the game have a Russian translation and that the game’s launch in the region is guaranteed. GSC Game World maintains that it has been the victim of a campaign of ongoing cyber harassment from pro-Russia hackers for months.

How it Could Affect Your Customers’ Business: This incident is interesting because while it doesn’t meet the definition of nation-state cybercrime, it is an attack with political overtones



Taiwan – Acer

https://www.channelnews.com.au/acer-hit-with-cyberattack/

Exploit: Hacking

Acer: Computer Hardware Manufacturer

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.697 = Moderate

Technology giant Acer has confirmed that its servers were breached in a cyberattack in mid-February. However, the company says that no customer data was stolen or exposed in this incident. A hacker has advertised the data for sale on dark web marketplace BreachForums including 655 directories and 2,869 files. The threat actor claims to have snatched confidential slides and presentations, staff technical manuals, Windows Imaging Format files, binaries, backend infrastructure data, confidential product documents, Replacement Digital Product Keys, ISO files, Windows System Deployment Image files, BIOS components and ROM files.

How it Could Affect Your Customers’ Business: Data pertaining to operational technology (OT) is very valuable, and attacking manufacturers is an easy way for bad actors to get their hands on it.

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breac

View All News & Articles

Ready to customize an IT solution that fits YOUR business goals? Get free guidance from our CEO.

Ready to customize an IT solution that fits YOUR business goals?

Get free guidance from CloudSmart IT.

Book a call or call us at 615.610.3500 today for your no-cost, no-obligation consultation.