Week in Breach 7/26-8/1/2023 | CloudSmart IT

Week in Breach 7/26-8/1/2023

This week we see multiple industries suffer attacks. A couple of education groups get failing grades as the school year approach, a major pharmacy needs a prescription for better cybersecurity, and a breach at a major mattress company will keep customers from resting easy at night. Cyber breaches have big consequences. Be sure to protect your company as much as you can! 

CloudSmart IT is here to help! Click here to see some of the tools we have to offer for cybersecurity support!


Maximus

https://www.securityweek.com/up-to-11-million-people-hit-by-moveit-hack-at-government-services-firm-maximus/

Exploit: Hacking

Maximus: Government Services Company

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.734 = Extreme

Maximus, a service provider to several U.S. federal agencies including The Department of Health and Human Services (HHS) and the Centers for Medicare & Medicaid Services (CMS), has disclosed that it has been caught up in the MOVEit exploit net. In a filing with the U.S. Security and Exchange Commission (SEC), Maximus said that it discovered in May that its corporate network was affected by the MOVEit ransomware attack. The company determined that the attackers snatched files containing sensitive information including Social Security numbers belonging to between 8 million and 11 million individuals. The investigation into the incident is ongoing.

How It Could Affect Your Business: This zero-day exploit has been a gold mine for Cl0p and new companies are added to the victim list every day.


Southern Association of Independent Schools, Inc (SAIS)

https://www.websiteplanet.com/news/sais-breach-report/

Exploit: Misconfiguration

Southern Association of Independent Schools, Inc (SAIS): Accreditation Non-Profit

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.876 = Severe

Website Planet reported the discovery of a large unsecured database belonging to the Southern Association of Independent Schools, Inc (SAIS) that contains highly sensitive information. Researchers discovered a variety of data inside including multiple types of student and teacher records, health information, teacher background checks and Social Security numbers, active shooter and lockdown notifications, maps of schools, financial budgets, school cybersecurity plans and much more. Incredibly, the treasure trove also contained third-party security reports that exposed weaknesses in school security, locations of cameras, access and entry points, and more. These documents could pose a potentially serious real-world security risk to the safety of students and teachers. Once informed SAIS took action to resolve the problem. 

How It Could Affect Your Business Education has been a top sector for ransomware attacks because it’s both time-sensitive and a great source of data.


Rite Aid

https://healthitsecurity.com/news/software-vulnerability-triggers-rite-aid-data-breach-24k-impacted

Exploit: Hacking

Rite Aid: Pharmacy Chain

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.612 = Severe

Rite Aid has revealed a data breach that impacts the personally identifiable information (PII) of an estimated 24,400 customers. The trouble began on May 31, 2023, when a vendor partner alerted Rite Aid about a vulnerability in their software. Unfortunately, it was too late, and Rite Aid discovered that the vulnerability had already been exploited by bad actors. Customers’ exposed PII includes a patient’s first and last names, dates of birth, addresses, prescription data like medication names and fill dates, prescriber information, and in some cases, limited insurance data such as the plan name and cardholder ID.

How It Could Affect Your Business: This breach will be very expensive for Rite Aid after investigation costs and regulatory penalties are added up.


Tempur Sealy

https://therecord.media/mattress-giant-tempur-sealy-cyberattack

Exploit: Hacking

Tempur Sealy: Mattress Manufacturer

Risk OK

Risk to Business: 1.349 = Moderate

No one’s sleeping easy at Tempur Sealy as the company contends with a cyberattack. The incident began on July 23 and the company said it was forced to shut down its IT systems and implement its business continuity plan. In a filing to the U.S. Securities and Exchange Commission, Tempur Sealy said that the company’s operations had been hindered, but did not specify the extent. Although this looks like a ransomware attack, no ransomware group has claimed responsibility. The company said that it has contracted with an outside cybersecurity specialist in the investigation as well as law enforcement.

How It Could Affect Your Business: Even one small cyberattack can be a big problem that brings big bills for any business.


Pacific Premier Bancorp

https://www.reuters.com/technology/pacific-premier-says-vendor-hit-by-moveit-data-breach-2023-07-25/

Exploit: Supply Chain Attack

Pacific Premier Bancorp: Bank

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.637 = Severe

California-based Pacific Premier Bancorp is the latest financial institution to become ensnared in the MOVEit exploit storm. In a filing with the U.S. Securities and Exchange Commission, the bank disclosed that customers’ sensitive data had been stolen in an attack on one of the bank’s vendors. The data snatched includes customers’ names, Social Security numbers, account numbers and other unspecified personally identifiable information. Impacted customers will be informed by mail. The bank did not specify how many customers had data exposed, saying that their investigation is ongoing. 

How it Could Affect Your Business: Supply chain risk is constantly growing for businesses as bad actors ramp up strategic attack pressure.



Canada – CardioComm

https://www.securityweek.com/cardiocomm-takes-systems-offline-following-cyberattack/

Exploit: Hacking

CardioComm: Medical Technology Company

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.766 = Severe

CardioComm a Canadian heart monitoring and medical electrocardiogram solutions provider announced that it has taken systems offline following a cyberattack. The company admitted that the attack has impacted its production server environments and will have an impact on its business operations. Visitors to the company’s website are informed that CardioComm services are currently offline. CardioComm said that it does not believe that customer health information was compromised in the attack, noting that it does not collect that data.

How it Could Affect Your Business: Even if they don’t steal any data, the bad guys can cause trouble with disruptive cyberattacks.


Yamaha Canada Music

https://www.scmagazine.com/brief/cyberattack-claimed-by-ransomware-gangs-disclosed-by-yamaha-canada-music

Exploit: Ransomware

Yamaha Canada Music: Musical Instrument Company

1.51 – 2.49 = Severe Risk

Risk to Business: 1.707 = Severe

Canadian musical instrument maker Yamaha Canada Music has disclosed that it has been the victim of a ransomware attack. In an interesting twist, just like some of last week’s attacks, this one also features more than one ransomware group claiming responsibility, this time BlackByte and Akira. BlackByte included Yamaha Canada on its list of victims on June 14 before the company was added by Akira ransomware on its leak site on July 21. The company admitted that the personal data of some of its employees had been compromised but did not offer specifics. The incident is under investigation.

How it Could Affect Your Business: Employee data is just as useful and profitable for bad actors as consumer data.


Scotland – University of Western Scotland (UWS)

https://www.computerweekly.com/news/366546112/Scottish-university-hit-by-Rhysida-ransomware-gang

Exploit: Ransomware

University of Western Scotland (UWS): Institution of Higher Learning

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 1.413 = Moderate

Data purportedly stolen from the University of Western Scotland (UWS) has made its way to the dark web courtesy of the up-and-coming Rhysida ransomware gang. The group is demanding over $450k to not expose any more data or sell the lot in the next few days. UWS’ trouble began in early July when the cyberattack caused a brief period of downtime across some of UWS’s key systems, including its public-facing website. The attackers claim that the data they have includes the personal details of staff members, including financial and National Insurance data, and a number of internal university documents. The university is working with Police Scotland and the National Cyber Security Centre (NCSC) in the investigation.

How it Could Affect Your Business: The sum requested is outrageous, but fledgling ransomware groups often do things like that to make a name for themselves.

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

View All News & Articles

Ready to customize an IT solution that fits YOUR business goals? Get free guidance from our CEO.

Ready to customize an IT solution that fits YOUR business goals?

Get free guidance from CloudSmart IT.

Book a call or call us at 615.610.3500 today for your no-cost, no-obligation consultation.