This week: Ransomware puts the brakes on production at Suzuki Motorcycle, BlackByte demands $400 million from beleaguered Augusta, Georgia, a fresh integration between Graphus and Datto SaaS Protection and what you need to know about dangerous activity by Chinese threat actors Volt Typhoon.
Casepoint
https://techmonitor.ai/technology/cybersecurity/casepoint-ransomware-blackcat
Exploit: Ransomware
Casepoint: Legal Technology Platform
Risk to Business: 1.886 = Severe
BlackCat has claimed responsibility for a ransomware attack impacting Casepoint, a legal technology platform used by the Securities and Exchange Commission and the Department of Defense as well as major brands. The bad actors claim to have stolen 2TB of company data including sensitive files like attorney notes, publishing what appears to be an ID scan and a certificate as proof of the hack. No information about a ransom amount had been released at press time.
How It Could Affect Your Customers’ Business: Law firms handle all kinds of sensitive data that could be used by cybercriminals in blackmail schemes.
Managed Care of North America (MCNA) Dental
Exploit: Hacking
Managed Care of North America (MCNA) Dental: Insurer
Risk to Business: 1.876 = Severe
Managed Care of North America (MCNA) Dental, one of the biggest government-sponsored (Medicaid and CHIP) dental care and oral health insurance providers in the U.S., has announced a data breach that could impact nine million people. MCNA noted that it became aware of unauthorized access to its computer systems on March 6th, 2023. Patient data that may have been exposed in this incident includes a patient’s full name, address, date of birth, phone number, email, Social Security number, driver’s license number, government-issued ID number, health insurance (plan information, insurance company, member number, Medicaid or Medicare ID numbers), plans of care for teeth or braces (visits, dentist name, doctor name, past care, x-rays/photos, medicines, and treatment), bills and insurance claims information.
How It Could Affect Your Customers’ Business: Information about dental care is still protected health data, making this an expensive mess to clean up.
SimpleTire
https://www.infosecurity-magazine.com/news/database-error-leaks-one-million/?&web_view=true
Exploit: Misconfiguration
SimpleTire: Tire Retailer
Risk to Business: 2.769 = Moderate
Philadelphia-based tire retailer SimpleTire is in hot water after a database configuration error led to the exposure of 1TB of records. Internet researchers uncovered a non-password protected database that was publicly accessible to anyone with an internet connection for at least three weeks before finally being locked down. The SimpleTire database contained over 2.8 million records, including nearly 1.2 million order confirmation PDFs. Possibly exposed data for customers includes customer names, phone numbers and billing addresses as well as partial credit card numbers and expiration dates.
How It Could Affect Your Customers’ Business: Employee mistakes lie misconfiguring a database can be just as dangerous and expensive to handle as a cyberattack.
The City of Augusta, Georgia
https://www.theregister.com/2023/05/26/blackbyte_augusta_malware/?&web_view=true
Exploit: Ransomware
The City of Augusta, Georgia: Municipal Government
Risk to Business: 1.719 = Severe
The BlackByte ransomware gang has claimed responsibility for a ransomware attack that has impacted the city of Augusta, Georgia. The ransomware attack took down city websites that are being slowly restored. BlackByte also claims to have snatched sensitive data, leaking a sample of 10GB of data as proof. The data sample posted contains payroll information, contact details, personally identifiable information (PII), physical addresses, contracts and city budget allocation data. BlackByte appears to be demanding a ransom of $400,000.
How It Could Affect Your Customers’ Business: Governments and government agencies at every level have been prime targets for cyberattacks in the last few years.
Fresh Del Monte Produce
https://www.jdsupra.com/legalnews/fresh-del-monte-produce-notifies-8673018/
Exploit: Hacking
Fresh Del Monte Produce: Agriculture Company
Risk to Business: 2.781 = Moderate
Fresh Del Monte Produce has filed a data breach notification saying that some employee information may have been stolen in a data security incident. The data breach occurred in January 2023, when Fresh Del Monte first noticed unauthorized activity on its network. The breached information varies depending on the individual, it may include current and former employees. The information exposed includes the employee’s name, Social Security number, driver’s license number, passport number, financial account information and protected health information.
How it Could Affect Your Customers’ Business: Employee data is a treasure trove for bad actors that often nets them PII and financial information.
Apria Healthcare
https://www.theregister.com/2023/05/23/apria_healthcare_breach/?&web_view=true
Exploit: Hacking
Apria Healthcare: Medical Equipment Company
Risk to Business: 1.826 = Severe
Apria Healthcare has disclosed that a data security incident in its network may have led to data exposure for two million people. In a strange twist, Apria said that it discovered the intrusion in late 2021 and it is just informing people who were affected now. Apria also said that it didn’t believe any of the exposed data had been misused. Instead, Apria’s data breach letter to people potentially impacted stated that Apra “believes the purpose of the unauthorized access was to fraudulently obtain funds from Apria and not to access personal information of its patients or employees.” Exposed patient data includes personal, medical, health insurance and financial information, financial information including bank account and credit card numbers in combination with security codes, access codes, passwords and account PINs and Social Security numbers.
How it Could Affect Your Customers’ Business: Waiting so long to tell customers that their data had been exposed isn’t a good look and may impact this company’s reputation.
India – Insurance Information Bureau of India (IIB)
Exploit: Ransomware
Insurance Information Bureau of India (IIB): Insurance Analyst
Risk to Business: 2.807 = Moderate
The Insurance Information Bureau of India (IIB), an industry repository of data and analytics, has been hit by a ransomware attack. The attack took place between March 30 and April 3, 2023, and first came to light in April. Compromised administration accounts enabled bad actors to deploy ransomware, knock out IBB’s website and encrypt its data. No group has claimed responsibility, but news outlets are reporting that a $250,000 ransom has been demanded.
How it Could Affect Your Customers’ Business: compromised credentials are the bane of every IT department and a hacker’s best friend.
India – Suzuki Motorcycle
Exploit: Ransomware
Suzuki Motorcycle: Motorcycle Factory
Risk to Business: 1.386 = Extreme
Suzuki Motorcycle has experienced an operational disruption as the result of a successful ransomware attack. Production of bikes and scooters at Suzuki Motorcycle’s Indian plant has ground to a halt resulting in a loss of an estimated 20,000 vehicles. The company has also postponed its annual supplier conference, likely as a result of the attack. No group has claimed responsibility and no ransom demand has been made public. Suzuki says that the incident is under investigation.
How it Could Affect Your Customers’ Business: This loss in productivity is a disaster for Suzuki and the revenue will be hard to recoup.
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.