Week in Breach 4/19-4/25/2023

Risk to Business: 1.673 = Severe

The American Bar Association (ABA) has experienced a data breach that has exposed information pertaining to 1,466,000 members. The ABA disclosed that a hacker was detected on its network on March 17th, 2023. An ABA statement noted that “An unauthorized third party acquired usernames and hashed and salted passwords that you may have used to access online accounts on the old ABA website prior to 2018 or the ABA Career Center since 2018.”   

Risk to Business: 1.213 = Extreme

The U.S. Consumer Financial Protection Bureau (CFPB) says that they’ve experienced a data breach caused by the actions of a potentially malicious employee. In the incident, a now former employee sent a total of 14 emails that included consumer personally identifiable information to their private email address. Along with that data, the employee sent two spreadsheets that listed names and transaction-specific account numbers related to about 256,000 consumer accounts at an unnamed institution. The CFPB also said that they identified data from another institution that included approximately 140 loan numbers, of which roughly 100 also included de-identified information related to the loan or borrower, such as income, credit score and demographic information. The CFPB said that The Office of Inspector General and Federal lawmakers and government agencies have been notified, including the Department of Homeland Security. 

Risk to Business: 1.681 = Severe

The Vice Society ransomware gang has added CommScope to their dark web leak site. The data published included a variety of information including internal documents, invoices and technical drawings. The personal data of thousands of CommScope employees was also exposed, including full names, postal addresses, email addresses, personal numbers, Social Security numbers, bank account information, scans of employee passports and visa documentation. The company has disclosed that the attack happened on March 23.

Risk to Business: 2.119 = Severe

Massachusetts-based health insurer Point32 Health has fallen victim to a ransomware attack. The company is experiencing system outages, including systems that are used to service its members, accounts, brokers, and providers. Some customers reported experiencing problems getting prior authorizations for medical procedures Harvard Pilgrim Health Care customers are primarily affected. The incident occurred on April 17. No ransomware group has claimed responsibility

Risk to Business: 1.663 = Severe

Hundreds of thousands of customers of Webster Bank have had their data exposed after a data breach at one of the bank’s service providers. The bank notified regulators and customers after being informed of an intrusion between Nov. 27, 2022, and Jan. 22, 2023, at fraud detection services provider Guardian Analytics. In a filing with the Connecticut Attorney General’s Office, Webster Bank disclosed that 153,754 Connecticut customers were affected — 117,278 of whom had their name and account number exposed, while 36,476 had their name, account number and Social Security numbers exposed. 

Risk to Business: 1.336 = Extreme

Gateway Casinos has confirmed that it has fallen victim to a ransomware attack that caused the company to shut down its 14 properties in Ontario nearly a week ago. The company closed its Ontario casinos, including Casino Rama Resort on April 16. In a statement, Gateway Casinos said that it is working to restore systems and reopen the casinos as soon as possible. The incident is under investigation. 

Risk to Business: 2.772 = Moderate

Canada’s Yellow Pages has disclosed that it has fallen victim to a ransomware attack by the Black Basta ransomware group. The attack occurred around March 23. Black Basta published a sample of the stolen documents that included employee, ID documents (such as scans of passports and driver licenses) exposing people’s date of birth and address, tax documents, Social Insurance Number (SIN), sales and purchase agreements, budget and debt documents and other sensitive data. The incident has been reported to regulators.

Risk to Business: 1.786 = Severe

Belgium’s SD Worx has shut down all IT systems for its UK and Ireland services after a cyberattack. Customers outside of that region did not lose access to their portals. The company said that it detected malicious activity around April 9, and shut down systems as part of an effort to limit the spread of the attack. The incident is under investigation, and no specifics were offered on the types of data stolen.