Week in Breach 7/19/23-7/25/23

Risk to Business: 1.734 = Severe

Legendary beauty brand Estée Lauder has disclosed that it has been the victim of a cyberattack that has resulted in data loss after an unauthorized third party gained access to some of its systems. The company warns that this incident will have an impact on its consumer-facing operations as well as its business operations. In an interesting twist, two different cybercrime gangs are claiming to have conducted successful attacks on Estée Lauder at virtually the same time. Cl0p claims to have hit the company as part of its MOVEit exploit spree. BlackCat/Alphv claimed that they’d attacked separately, saying on July 18 that they still had access to the company’s systems. Estée Lauder is working with Microsoft and Mandiant to investigate and remediate the incident.  

Risk to Business: 1.876 = Severe

TGH reports that information of up to 1.2 million people may have been compromised in a cyberattack on the hospital that went on for over a week. Hospital officials confirmed that an unauthorized party accessed TGH’s network and stole data from its systems between May 12th and May 30th, 2023. The Snatch ransomware group is claiming to have 4T of compromised patient data. However, another up-and-coming ransomware group, Nokoyawa, has also added TGH to their dark web leak site. Stolen patient information may have included patients’ names, addresses, phone numbers, dates of birth, Social Security numbers, health insurance information, medical record and patient account numbers, dates of service and treatment information.

Risk to Business: 1.302 = Extreme

George County, MS is undertaking recovery efforts after a ransomware attack over the weekend. County officials said the trouble began when a county employee received a phishing message that they needed to download an update but actually downloaded ransomware. The trouble began last Saturday night and continued into Sunday. The county admits that its three servers are encrypted. In an interview, an official said that a ransom note had been left behind by the attackers but did not name the gang or share the amount of the ransom demand. The U.S. Federal Bureau of Investigation and agencies from the State of Mississippi are assisting in the investigation.

Risk to Business: 2.149 = Severe

1st Source Corp has fallen victim to the MOVEit exploit. The lender said on Monday that about 450,000 records had been exposed in the incident. The bank told the Maine Attorney General’s Office that attackers may have accessed individuals’ names, dates of birth, SSNs, driver’s license or state identification card numbers, and other government identification numbers. Affected individuals are being offered identity monitoring services. 

Risk to Business: 1.637 = Severe

Imagine360 has also fallen victim to CL0p’s MOVEit hacking campaign. The company admitted that it experienced a data breach first noticed in its Citrix that tracked back to MOVEit. In the January incident, sensitive files were copied by bad actors. Compromised information about policyholders includes names, medical information, health insurance information, and Social Security numbers. According to a data breach notification filed with Maine’s Attorney General’s Office, the incident has affected over 130,000 customers.

Risk to Business: 1.766 = Severe

TSG Interactive US Services Limited, the U.S. -registered company behind popular gambling platform PokerStars in the U.S. has begun notifying users of a data breach caused by the MOVEit file transfer exploit. The company said that the data was snatched between May 30 and May 31, 2023. Personal user details, including names, addresses and Social Security numbers belonging to an estimated 110,291 people were exposed.  

Risk to Business: 1.707 = Severe

Connecticut-based Charter Oak Federal Credit Union was forced to shut down operations on a busy Friday after being hit by a cyberattack. Credit union officials said that the credit union was forced to shut down its IT systems, access to the website and its online banking portal on Friday because of the attack. The credit union’s 80,000 members can only bank in person or by phone. The U.S. Federal Bureau of Investigation and the National Credit Union Administration are involved in the investigation.

Risk to Business: 1.713 = Severe

Norwegian mining and recycling giant TOMRA says it has shut down and isolated some systems after a cyberattack. The attack began on July 16, impacting internal IT services and some back-office applications, and potentially causing supply chain management problems. TOMRA’s office locations are offline with staff working remotely. The company’s reverse vending machines and non-mining divisions like Recycling and Food are also experiencing intermittent difficulties, but the bulk of the damage appears to be in the company’s mining operations. TOMRA said it is working with external specialists to resolve the situation.