Week in Breach 4/19-4/25/2023 | CloudSmart IT

Week in Breach 4/19-4/25/2023

This week: Big breaches at ABA and CFPB, you might find yourself gambling with your identity if you visited a Canadian casino, a supply chain attack causes problems for Webster Bank, three essential EDR resources and a look at the major rise in cybercrime damages.

When the breaches are this big and cause so much damage, it’s a reminder that you need to be as protected as possible! See how CloudSmart IT can help by visiting our cybersecurity page


American Bar Association

https://www.bleepingcomputer.com/news/security/american-bar-association-data-breach-hits-14-million-members/

Exploit: Hacking

American Bar Association: Professional Group

1.51 – 2.49 = Severe Risk

Risk to Business: 1.673 = Severe

The American Bar Association (ABA) has experienced a data breach that has exposed information pertaining to 1,466,000 members. The ABA disclosed that a hacker was detected on its network on March 17th, 2023. An ABA statement noted that “An unauthorized third party acquired usernames and hashed and salted passwords that you may have used to access online accounts on the old ABA website prior to 2018 or the ABA Career Center since 2018.”   

How It Could Affect Your Customers’ Business: Big batches of credentials like this are gold for cybercriminals and can be used to facilitate other cyberattacks.


Consumer Financial Protection Bureau (CFPB)

https://edition.cnn.com/2023/04/20/business/cfpb-confidential-data/index.html

Exploit: Malicious Insider

Consumer Financial Protection Bureau (CFPB): Federal Agency

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.213 = Extreme

The U.S. Consumer Financial Protection Bureau (CFPB) says that they’ve experienced a data breach caused by the actions of a potentially malicious employee. In the incident, a now former employee sent a total of 14 emails that included consumer personally identifiable information to their private email address. Along with that data, the employee sent two spreadsheets that listed names and transaction-specific account numbers related to about 256,000 consumer accounts at an unnamed institution. The CFPB also said that they identified data from another institution that included approximately 140 loan numbers, of which roughly 100 also included de-identified information related to the loan or borrower, such as income, credit score and demographic information. The CFPB said that The Office of Inspector General and Federal lawmakers and government agencies have been notified, including the Department of Homeland Security. 

How It Could Affect Your Customers’ Business: Malicious insiders can do a lot of damage quickly through actions like stealing sensitive data and selling it.

CommScope

https://techcrunch.com/2023/04/17/hackers-publish-sensitive-employee-data-stolen-during-commscope-ransomware-attack/

Exploit: Ransomware

CommScope: Infrastructure Provider

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.681 = Severe

The Vice Society ransomware gang has added CommScope to their dark web leak site. The data published included a variety of information including internal documents, invoices and technical drawings. The personal data of thousands of CommScope employees was also exposed, including full names, postal addresses, email addresses, personal numbers, Social Security numbers, bank account information, scans of employee passports and visa documentation. The company has disclosed that the attack happened on March 23.

How It Could Affect Your Customers’ Business: Internal data including contracts and technical data is very valuable and profitable for bad actors.

Point32 Health

https://www.hipaajournal.com/major-massachusetts-health-insurer-suffers-ransomware-attack/

Exploit: Ransomware

Point32 Health: Health Insurer

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.119 = Severe

Massachusetts-based health insurer Point32 Health has fallen victim to a ransomware attack. The company is experiencing system outages, including systems that are used to service its members, accounts, brokers, and providers. Some customers reported experiencing problems getting prior authorizations for medical procedures Harvard Pilgrim Health Care customers are primarily affected. The incident occurred on April 17. No ransomware group has claimed responsibility

How It Could Affect Your Customers’ Business: This will be an expensive disaster for this company that could also damage its reputation.

Webster Bank

https://www.ctinsider.com/news/article/webster-bank-data-breach-ct-customers-17906370.php

Exploit: Supply Chain Attack

Webster Bank: Bank

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.663 = Severe

Hundreds of thousands of customers of Webster Bank have had their data exposed after a data breach at one of the bank’s service providers. The bank notified regulators and customers after being informed of an intrusion between Nov. 27, 2022, and Jan. 22, 2023, at fraud detection services provider Guardian Analytics. In a filing with the Connecticut Attorney General’s Office, Webster Bank disclosed that 153,754 Connecticut customers were affected — 117,278 of whom had their name and account number exposed, while 36,476 had their name, account number and Social Security numbers exposed. 

How it Could Affect Your Customers’ Business: Supply chain attacks have been escalating, bringing fresh danger to businesses in every sector.



Canada- Gateway Casinos & Entertainment Ltd.

https://www.casino.org/news/gateway-casinos-confirms-cyberattack-on-ontario-it-infrastructure/

Exploit: Ransomware

Gateway Casinos & Entertainment Ltd.: Casino Operator

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.336 = Extreme

Gateway Casinos has confirmed that it has fallen victim to a ransomware attack that caused the company to shut down its 14 properties in Ontario nearly a week ago. The company closed its Ontario casinos, including Casino Rama Resort on April 16. In a statement, Gateway Casinos said that it is working to restore systems and reopen the casinos as soon as possible. The incident is under investigation. 

How it Could Affect Your Customers’ Business: This crippling disaster will cost this company a fortune and could impact its reputation with customers for a long time.

Canada – Yellow Pages Group

https://www.bleepingcomputer.com/news/security/yellow-pages-canada-confirms-cyber-attack-as-black-basta-leaks-data/

Exploit: Ransomware

Yellow Pages Group: Directory Service

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.772 = Moderate

Canada’s Yellow Pages has disclosed that it has fallen victim to a ransomware attack by the Black Basta ransomware group. The attack occurred around March 23. Black Basta published a sample of the stolen documents that included employee, ID documents (such as scans of passports and driver licenses) exposing people’s date of birth and address, tax documents, Social Insurance Number (SIN), sales and purchase agreements, budget and debt documents and other sensitive data. The incident has been reported to regulators.

How it Could Affect Your Customers’ Business: Identity documents are a valuable commodity that bad actors can sell quickly on the dark web.

 



Belgium – SD Worx

https://www.bleepingcomputer.com/news/security/sd-worx-shuts-down-uk-payroll-hr-services-after-cyberattack/

Exploit: Hacking

SD Worx: Human Resources and Payroll Management Company

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.786 = Severe

Belgium’s SD Worx has shut down all IT systems for its UK and Ireland services after a cyberattack. Customers outside of that region did not lose access to their portals. The company said that it detected malicious activity around April 9, and shut down systems as part of an effort to limit the spread of the attack. The incident is under investigation, and no specifics were offered on the types of data stolen.  

How it Could Affect Your Customers’ Business: A cyberattack on a service provider can impact many other businesses by causing expensive delays.

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

View All News & Articles

Ready to customize an IT solution that fits YOUR business goals? Get free guidance from our CEO.

Ready to customize an IT solution that fits YOUR business goals?

Get free guidance from CloudSmart IT.

Book a call or call us at 615.610.3500 today for your no-cost, no-obligation consultation.