Week in Breach 6/7-6/13/2023

Risk to Business: 1.886 = Severe

Austin’s Ascension Seton hospital system has announced that two of its websites have experienced a data breach. In a statement last Tuesday, the healthcare provider said that two of its legacy websites Seton.net and DellChildrens.net were breached on March 1 and 2, 2023. Both sites were operated by the technology service provider Vertex. Some users’ personal details, such as name, address, Social Security number, credit card numbers and insurance information may be at risk if they were entered through Seton.net or DellChildrens.net. Ascension Seton has replaced the hacked sites with new sites that it is hosting in-house.  

Risk to Business: 1.876 = Severe

The government of Nova Scotia announced last week that an estimated 100 million records containing people’s personally identifiable information were stolen in a cyberattack identified last week. A wide variety of people have been impacted including 55,000 records of past and present teachers in the province, records of 26,000 students over the age of 16 and records of 5,000 short-term housing accommodations owners, 3,800 people who applied for jobs with Nova Scotia Health, about 1,400 Nova Scotia pension recipients and 1,085 people who have been issued parking tickets in Halifax have been identified as potential victims so far. Current and past employees of Nova Scotia Health, the IWK Health Centre and the provincial civil service may also be impacted. The attack came as the result of ransomware gang Cl0p’s exploitation of the MOVEit file transfer protocol. The incident remains under investigation, with a strong possibility of more victims being uncovered.  

Risk to Business: 2.769 = Moderate

The Ministry of National Security (MNS) disclosed that a cyberattack has affected access to the JamaicaEye website. The popular website came about as a result of the island’s National Closed-Circuit Television Surveillance Programme. Launched in 2018, citizens and business owners with cameras pointing in the public space have been able to voluntarily input their feeds into the national system. MNS has not commented on whether or not any data was stolen about camera owners who participate in the program. A team from the ministry, the Jamaica Constabulary Force and the Major Organised Crime & Anti-Corruption Agency are investigating the incident. 

Risk to Business: 2.149 = Severe

A ransomware group named Medusa is behind the cyberattack on Argentina’s National Securities Commission (CNV). The gang has demanded $500,000 within a week, threatening to leak the purported 1.5 terabytes of the commission’s confidential records, files, documents and databases that it stole in the incident. The incident is under investigation.

Risk to Business: 1.337 = Extreme

A Ukrainian hacking team known as the Cyber.Anarchy.Squad has claimed responsibility for a cyberattack that took down Russian telecom provider Infotel JSC last Thursday evening. That attack sent shockwaves through the Russian banking world. Infotel JSC is a Moscow-based provider of connectivity services between the Russian Central Bank and other Russian banks, stores and credit institutions. Reports say that multiple Russian banks were hamstrung after the attack. The telecom had admitted that the attack took place and noted that some of its network equipment was damaged in the incident. As proof of their success, the Ukrainian hackers released screenshots of a diagram of Infotel’s network and a compromised email account. 

Risk to Business: 1.826 = Severe

Researchers have identified a leaking Amazon Web Services (AWS) bucket as belonging to German Healthcare recruiting company Pflegia. The leaky cloud instance contained over 360,000 files about German job seekers. Data exposed may include a job seeker’s full name, date of birth, occupation history, home address, phone number and email address. The bucket has since been reconfigured to stop the data leak.

Risk to Business: 1.607 = Severe

Ofcom, Britain’s communications regulator, admitted on Monday that confidential information about the companies it regulates was stolen in a cyberattack. The attack involved exploiting the MOVEit file transfer protocol by the busy cybercrime gang Cl0p. The gang claims to have hit hundreds of organizations using the exploit. Ofcom said that information about companies it regulates as well as the personal data of 412 Ofcom employees, was downloaded during the attack. The incident is under investigation.  

Risk to Business: 1.783 = Severe

A cyberattack on Australian bond broker FIIG Securities late last week was the work of the notorious cybercrime gang BlackCat. The group said that they snatched 385 gigabytes of data. FIIG Securities began contacting clients to inform them that their personal data including their names, addresses, birth dates, driver’s license information, passport scans, bank accounts and tax file numbers might have been compromised in the attack. No ransom information was available at press time. The incident has been reported to the Office of the Australian Information Commissioner.