Week in Breach 7/26-8/1/2023

Risk to Business: 1.734 = Extreme

Maximus, a service provider to several U.S. federal agencies including The Department of Health and Human Services (HHS) and the Centers for Medicare & Medicaid Services (CMS), has disclosed that it has been caught up in the MOVEit exploit net. In a filing with the U.S. Security and Exchange Commission (SEC), Maximus said that it discovered in May that its corporate network was affected by the MOVEit ransomware attack. The company determined that the attackers snatched files containing sensitive information including Social Security numbers belonging to between 8 million and 11 million individuals. The investigation into the incident is ongoing.

Risk to Business: 1.876 = Severe

Website Planet reported the discovery of a large unsecured database belonging to the Southern Association of Independent Schools, Inc (SAIS) that contains highly sensitive information. Researchers discovered a variety of data inside including multiple types of student and teacher records, health information, teacher background checks and Social Security numbers, active shooter and lockdown notifications, maps of schools, financial budgets, school cybersecurity plans and much more. Incredibly, the treasure trove also contained third-party security reports that exposed weaknesses in school security, locations of cameras, access and entry points, and more. These documents could pose a potentially serious real-world security risk to the safety of students and teachers. Once informed SAIS took action to resolve the problem. 

Risk to Business: 1.612 = Severe

Rite Aid has revealed a data breach that impacts the personally identifiable information (PII) of an estimated 24,400 customers. The trouble began on May 31, 2023, when a vendor partner alerted Rite Aid about a vulnerability in their software. Unfortunately, it was too late, and Rite Aid discovered that the vulnerability had already been exploited by bad actors. Customers’ exposed PII includes a patient’s first and last names, dates of birth, addresses, prescription data like medication names and fill dates, prescriber information, and in some cases, limited insurance data such as the plan name and cardholder ID.

Risk to Business: 1.349 = Moderate

No one’s sleeping easy at Tempur Sealy as the company contends with a cyberattack. The incident began on July 23 and the company said it was forced to shut down its IT systems and implement its business continuity plan. In a filing to the U.S. Securities and Exchange Commission, Tempur Sealy said that the company’s operations had been hindered, but did not specify the extent. Although this looks like a ransomware attack, no ransomware group has claimed responsibility. The company said that it has contracted with an outside cybersecurity specialist in the investigation as well as law enforcement.

Risk to Business: 1.637 = Severe

California-based Pacific Premier Bancorp is the latest financial institution to become ensnared in the MOVEit exploit storm. In a filing with the U.S. Securities and Exchange Commission, the bank disclosed that customers’ sensitive data had been stolen in an attack on one of the bank’s vendors. The data snatched includes customers’ names, Social Security numbers, account numbers and other unspecified personally identifiable information. Impacted customers will be informed by mail. The bank did not specify how many customers had data exposed, saying that their investigation is ongoing. 

Risk to Business: 1.766 = Severe

CardioComm a Canadian heart monitoring and medical electrocardiogram solutions provider announced that it has taken systems offline following a cyberattack. The company admitted that the attack has impacted its production server environments and will have an impact on its business operations. Visitors to the company’s website are informed that CardioComm services are currently offline. CardioComm said that it does not believe that customer health information was compromised in the attack, noting that it does not collect that data.

Risk to Business: 1.707 = Severe

Canadian musical instrument maker Yamaha Canada Music has disclosed that it has been the victim of a ransomware attack. In an interesting twist, just like some of last week’s attacks, this one also features more than one ransomware group claiming responsibility, this time BlackByte and Akira. BlackByte included Yamaha Canada on its list of victims on June 14 before the company was added by Akira ransomware on its leak site on July 21. The company admitted that the personal data of some of its employees had been compromised but did not offer specifics. The incident is under investigation.

Risk to Business: 1.413 = Moderate

Data purportedly stolen from the University of Western Scotland (UWS) has made its way to the dark web courtesy of the up-and-coming Rhysida ransomware gang. The group is demanding over $450k to not expose any more data or sell the lot in the next few days. UWS’ trouble began in early July when the cyberattack caused a brief period of downtime across some of UWS’s key systems, including its public-facing website. The attackers claim that the data they have includes the personal details of staff members, including financial and National Insurance data, and a number of internal university documents. The university is working with Police Scotland and the National Cyber Security Centre (NCSC) in the investigation.