Week in Breach 5/31/23-6/6/23

Risk to Business: 1.886 = Severe

New York-based biotechnology company Enzo Biochem has disclosed that a ransomware attack in April 2023 has led to sensitive data exposure for millions of patients. Enzo Biochem produces DNA-based tests to detect viral and bacterial diseases, including COVID-19 and cancer. In an SEC filing, the company said that sensitive data including the clinical test information of 2,470,000 individuals and approximately 600,000 Social Security numbers was snatched by the unnamed ransomware group. An investigation is ongoing and no details about any ransom demand were available at press time.

Risk to Business: 1.876 = Severe

The Hillsborough County Supervisor of Elections in Florida is informing an estimated 58,000 voters that their personal information may have been stolen in a recent cyberattack. A spokesperson for the agency said that a bad actor illegally accessed and copied files containing voters’ personal identification information, including Social Security and driver’s license numbers.  officials were quick to reassure voters that the county’s voter registration system and the ballot tabulation system were not accessed. State and federal agencies are assisting in the investigation. 

Risk to Business: 2.769 = Moderate

California staffing company iSpace has filed a data breach notification in Montana. The filing says that iSpace detected suspicious activity within its computer system on February 5, 2023. An investigation revealed that some files containing sensitive consumer information were accessed and copied by an unauthorized individual between January 30, 2023, and February 5, 2023. The stolen data includes an individual’s name, Social Security number, date of birth, diagnosis information, health insurance group/policy number, health insurance information, subscriber number and prescription information.

Risk to Business: 1.419 = Extreme

A cyberattack at Idaho Falls Community Hospital left medical staff scrambling and forced some ambulances to divert to other medical centers. The attack, which took place last Monday, also impacted nearby Mountain View Hospital, urgent care center Mountain View Redicare  and several smaller clinics. Idaho Falls was forced to divert ambulances for several days, and staffers had to resort to pencil and paper charting. The hospital would not comment on whether or not the attack was ransomware or how long they expected it to take to restore normal operations.  

Risk to Business: 1.781 = Severe

A newer ransomware group, Rhysida, has claimed responsibility for a ransomware attack on the government of the island of Martinique. The group claims to have stolen a variety of data and posted a sample of the stolen data on the dark web. Rhysida offered no further information on the size of the data leak or its contents. In a notice on its website, the government said that the attack took place on May 16, 2023, and “heavily disrupted the activities of the community and directly impacted users and partners.” The attack disrupted education at Martinique’s schools at every level and caused difficulty in the payment of social benefits. No specifics were available about any ransom demand at press time.  

Risk to Business: 1.226 = Extreme

Employees of several major UK companies including British Airways, Boots and the BBC are being informed that their personal information may have been exposed in a ransomware attack on payroll company Zelis. Bad actors were able to leverage a zero-day exploit in popular file transfer system MOVEit made by Progress Software. The Cl0p ransomware group has claimed responsibility for the attack. Zelis has not disclosed which of its clients were impacted by the attack, but some have already come forward.  British Airways disclosed that employee data including National insurance numbers, salaries, contact details, sort codes and bank account numbers. Boots said that its staff had been informed that their data may have been compromised including names, surnames, employee numbers, dates of birth, email addresses, the first lines of home addresses, and national insurance numbers. Details from this incident were still emerging at press time.  

Risk to Business: 2.807 = Moderate

The Play ransomware gang is behind a ransomware attack that has snarled operations for some of Switzerland’s government. The attack on Xplain, an IT company that supplies homeland security solutions, left several Swiss government arms in the lurch including the Swiss army, government agencies the Federal Office for Customs and Border Security (FOCBS) and the Federal Office of Police (Fedpol) as well as several local police forces. Some stolen data has already been released. Xplain said that they have not communicated with the gang and do not intend to pay any ransom. The company stressed that it offers its customers online applications and does not store the applications and data itself.

Risk to Business: 2.783 = Moderate

Toyota has discovered another misconfiguration incident, following the incident from two weeks ago. In this case, the company said that data pertaining to 260,000 car owners has been exposed due to the flub. exposed data includes in-vehicle device identifiers and mapping data that’s displayed on the car navigation system of customers in Japan. More detailed data including customer names, postal and email addresses, a Toyota-issued customer identifying number and the vehicle’s registration and identifying numbers may have been exposed for an unspecified number of customers in Asia and Oceania.