Week in Breach 10/18-10/24/23

Risk to Business: 2.403 = Moderate

Television advertising giant Ampersand has admitted that it has become the victim of a cyberattack. The Black Basta ransomware has claimed responsibility. Ampersand provides viewership data about an estimated 85 million households to advertisers. The company said that it experienced a ransomware incident that briefly interrupted regular operations last week. No word on what if any data was stolen or any ransom demand. 

Risk to Business: 1.211 = Extreme

Charity AIDS Alabama has disclosed that the organization has experienced a data breach of some very sensitive data. AIDA Alabama said that the breach occurred between October 11, 2021, and August 9, 2022. The exposed data includes sensitive personal information, including names, addresses, Social Security numbers, medical diagnoses, healthcare providers, health insurance details, email addresses and services received.  

Risk to Business: 1.873 = Moderate

The Orange County, California District Attorney’s Office has disclosed that it has been the victim of a cyberattack. A spokesperson for the office said that the office’s IT systems were hacked last weekend, resulting in portions of the system being shut down to limit damage. The agency’s ability to send and receive email was affected. The agency also said that it is investigating the incident in concert with the U.S. Federal Bureau of Investigation. The spokesperson was unable to comment on whether or not this was a ransomware attack, or if any data was stolen. The Orange County Sheriff’s Department said that it had severed its connection with the DA’s office to minimize its cyber risk after it was informed of the hack.  

Risk to Business: 1.710 = Severe

The busy ALPHV/BlackCat ransomware group has also claimed responsibility for a ransomware attack on banking equipment provider Quality Service Installation (QSI). The company is a major supplier of NCR cash handling solutions including ATMs. The group says that it stole a wide variety of data including financial, client, personal and product-related data from the QSI INC cyberattack. They also claimed that they nabbed SQL base data amounting to 5TB in the October 14 incident.

Risk to Business: 1.673 = Severe

The convenience store chain Kwik Trip has finally admitted that it suffered a cyberattack that caused some operational disruption. The incident started two weeks ago, but the company claimed it was having a network problem and did not experience a cyberattack. However, customers were concerned that their data had been exposed. The company’s Kwik Rewards Program, support systems, phones and email were all knocked offline and are being restored.  

Risk to Business: 1.612 = Severe

Arietis Health is the latest victim of the MOVEit exploit. The medical billing company is informing its partners that they may have had their patients’ data stolen. The incident has impacted more than 1.9 million individuals across more than 50 healthcare organizations. A variety of patient data was exposed including names, driver’s license numbers, Social Security numbers, dates of birth, medical record numbers, patient account numbers, diagnosis and treatment information, health insurance information, and prescription and provider information. 

Risk to Business: 2.002 = Severe

UK-based electronics and cabling manufacturing company Volex said that it was hit by a cyberattack that impacted its IT systems. The company said that bad actors gained access to its network last week. Volex was quick to reassure customers that all of its worksites remain operational, with minimal disruption expected in its global production. The company also said that it has hired a third-party firm to investigate the incident.  

Risk to Business: 2.716 = Moderate

D-Link, a leading manufacturer of routers, has experienced a data breach. The company claims that the data was not from the cloud but likely originated from an old D-View 6 system. D-Link said that the data was used for registrations in 2015. D-Link was involved in another data breach incident just two weeks ago after bad actors posted samples of the source code for D-Link’s D-View network management software on a dark web forum.