Week in Breach 7/19/23-7/25/23 | CloudSmart IT

Week in Breach 7/19/23-7/25/23

This week there are more major medical breaches and it wasn’t a pretty week for a major beauty company. In Mississippi, there was some major phishing going on. Unfortunately, it wasn’t for a fresh dinner catch. 

When the breaches are this big and cause so much damage, it’s a reminder that you need to be as protected as possible! See how CloudSmart IT can help by visiting our cybersecurity page

Estée Lauder


Exploit: Ransomware

Estée Lauder: Beauty Company

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.734 = Severe

Legendary beauty brand Estée Lauder has disclosed that it has been the victim of a cyberattack that has resulted in data loss after an unauthorized third party gained access to some of its systems. The company warns that this incident will have an impact on its consumer-facing operations as well as its business operations. In an interesting twist, two different cybercrime gangs are claiming to have conducted successful attacks on Estée Lauder at virtually the same time. Cl0p claims to have hit the company as part of its MOVEit exploit spree. BlackCat/Alphv claimed that they’d attacked separately, saying on July 18 that they still had access to the company’s systems. Estée Lauder is working with Microsoft and Mandiant to investigate and remediate the incident.  

How It Could Affect Your Customers’ Business: Zero-day exploits are cybercriminal gold mines, but there are measures that can be taken to reduce risk.


Tampa General Hospital (TGH)


Exploit: Ransomware

Tampa General Hospital (TGH): Medical Center

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.876 = Severe

TGH reports that information of up to 1.2 million people may have been compromised in a cyberattack on the hospital that went on for over a week. Hospital officials confirmed that an unauthorized party accessed TGH’s network and stole data from its systems between May 12th and May 30th, 2023. The Snatch ransomware group is claiming to have 4T of compromised patient data. However, another up-and-coming ransomware group, Nokoyawa, has also added TGH to their dark web leak site. Stolen patient information may have included patients’ names, addresses, phone numbers, dates of birth, Social Security numbers, health insurance information, medical record and patient account numbers, dates of service and treatment information.

How It Could Affect Your Customers’ Business Up-and-coming ransomware groups will try to pull off large or high-profile attacks to gain notoriety.


George County, Mississippi


Exploit: Ransomware

George County, Mississippi: Regional Government

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.302 = Extreme

George County, MS is undertaking recovery efforts after a ransomware attack over the weekend. County officials said the trouble began when a county employee received a phishing message that they needed to download an update but actually downloaded ransomware. The trouble began last Saturday night and continued into Sunday. The county admits that its three servers are encrypted. In an interview, an official said that a ransom note had been left behind by the attackers but did not name the gang or share the amount of the ransom demand. The U.S. Federal Bureau of Investigation and agencies from the State of Mississippi are assisting in the investigation.

How It Could Affect Your Customers’ Business: Governments and government agencies have been prime targets for ransomware attacks and need to take precautions to reduce risk.


1st Source Corporation


Exploit: Hacking

1st Source Corporation: Financial Services

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.149 = Severe

1st Source Corp has fallen victim to the MOVEit exploit. The lender said on Monday that about 450,000 records had been exposed in the incident. The bank told the Maine Attorney General’s Office that attackers may have accessed individuals’ names, dates of birth, SSNs, driver’s license or state identification card numbers, and other government identification numbers. Affected individuals are being offered identity monitoring services. 

How It Could Affect Your Customers’ Business: Obtaining names and social security numbers enables bad actors to facilitate identity theft.




Exploit: Ransomware

Imagine360: Health Plan Solutions Company

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.637 = Severe

Imagine360 has also fallen victim to CL0p’s MOVEit hacking campaign. The company admitted that it experienced a data breach first noticed in its Citrix that tracked back to MOVEit. In the January incident, sensitive files were copied by bad actors. Compromised information about policyholders includes names, medical information, health insurance information, and Social Security numbers. According to a data breach notification filed with Maine’s Attorney General’s Office, the incident has affected over 130,000 customers.

How it Could Affect Your Customers’ Business: Healthcare data can contain several data types, making it especially attractive to bad actors.




Exploit: Hacking

PokerStars: Gaming Platform

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.766 = Severe

TSG Interactive US Services Limited, the U.S. -registered company behind popular gambling platform PokerStars in the U.S. has begun notifying users of a data breach caused by the MOVEit file transfer exploit. The company said that the data was snatched between May 30 and May 31, 2023. Personal user details, including names, addresses and Social Security numbers belonging to an estimated 110,291 people were exposed.  

How it Could Affect Your Customers’ Business: Companies need to take smart precautions now to minimize their risk of trouble from zero-day exploits.


Charter Oak Federal Credit Union


Exploit: Hacking

Charter Oak Federal Credit Union: Financial Institution

1.51 – 2.49 = Severe Risk

Risk to Business: 1.707 = Severe

Connecticut-based Charter Oak Federal Credit Union was forced to shut down operations on a busy Friday after being hit by a cyberattack. Credit union officials said that the credit union was forced to shut down its IT systems, access to the website and its online banking portal on Friday because of the attack. The credit union’s 80,000 members can only bank in person or by phone. The U.S. Federal Bureau of Investigation and the National Credit Union Administration are involved in the investigation.

How it Could Affect Your Customers’ Business: the financial services and banking sector has been pummeled by cybercriminals for the last few years.


Norway – TOMRA


Exploit: Ransomware

TOMRA: Mining & Recycling

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.713 = Severe

Norwegian mining and recycling giant TOMRA says it has shut down and isolated some systems after a cyberattack. The attack began on July 16, impacting internal IT services and some back-office applications, and potentially causing supply chain management problems. TOMRA’s office locations are offline with staff working remotely. The company’s reverse vending machines and non-mining divisions like Recycling and Food are also experiencing intermittent difficulties, but the bulk of the damage appears to be in the company’s mining operations. TOMRA said it is working with external specialists to resolve the situation.

How it Could Affect Your Customers’ Business: Industrials have been facing an increased risk for cybersecurity trouble and increased threats to operational technology (OT).

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

View All News & Articles

Ready to customize an IT solution that fits YOUR business goals? Get free guidance from our CEO.

Ready to customize an IT solution that fits YOUR business goals?

Get free guidance from CloudSmart IT.

Book a call or call us at 615.610.3500 today for your no-cost, no-obligation consultation.