Week in Breach 8/16-8/22/2023 | CloudSmart IT

Week in Breach 8/16-8/22/2023

This week: Malicious insiders speed off with data at Tesla, The Clorox Company faces a big cleanup after a ransomware mess, along with other big issues in education, banking, retail, and more. These breaches show why it is so important to train employees about best practices and know how they can make your company vulnerable for the next attack if they are not careful! 
CloudSmart IT includes training for all of our clients! Click here to see CloudSmart IT’s additional options to help keep you secure! 

Tesla

https://www.bloomberg.com/news/articles/2023-08-20/tesla-data-breach-blamed-on-insider-wrongdoing-impacted-75-000?in_source=embedded-checkout-banner

Exploit: Malicious Insider

Tesla: Car Company

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.276 = Extreme

Tesla has admitted that it had a data breach in May 2023 that was caused by malicious insiders. Allegedly, two or more Tesla employees stole data including customer data from Tesla and leaked it. The German news outlet Handelsblatt obtained the data and published an analysis of it, which is how Tesla found out about the data breach. The treasure trove contained 100 gigabytes of confidential data, which included employees’ names and contact information such as addresses, cell phone numbers, and email addresses. The leaked data also included around 2,400 customer complaints about Tesla cars suddenly accelerating and a further 1,500 complaints of braking issues, including 383 cases of “phantom braking”. 

How It Could Affect Your Business: No matter how loyal a company’s staff may seem, no company should ever discount the possibility of malicious insider activity.


The Clorox Company

https://cybernews.com/news/clorox-company-hack-shutdown/

Exploit: Ransomware

The Clorox Company: Consumer Product Manufacturer 

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.405 = Extreme

The Clorox Company, best known for producing liquid bleach and cleaning products, is facing a cleanup of its own after it was forced to take some systems offline to clean up after being hit with a probable ransomware attack. The company said that the attack has impacted and will continue to impact its operations but did not specify which products may be impacted. The company did not say if any data was accessed or stolen by the bad actors. Clorox said that it has informed law enforcement of the incident and it is working with third-party cybersecurity experts to investigate the attack and restore its operations. 

How It Could Affect Your Business: A ransomware attack can be especially devastating for a manufacturer by shutting down production lines and disrupting other OT.

Prince George’s County Public Schools (PGPS)

https://www.fox5dc.com/news/pgcps-network-hit-by-cyberattack-4500-accounts-affected

Exploit: Hacking

Prince George’s County Public Schools (PGPS): Education Authority

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.673 = Severe

Right at the start of the school year, Prince George’s County Public Schools in Maryland announced that it was the victim of a cyberattack. The attack caused a broad internet outage throughout the system. impacted 4,500 of 180,000 accounts. PGPS said that it believes that the majority of the impacted accounts belonged to staffers, emphasizing that no impact has been observed in its primary business and student information systems. An investigation is ongoing.  

How It Could Affect Your Business: Schools have been under siege by bad actors hoping to score a quick ransomware payment.

Geico

https://www.wkbw.com/news/local-news/geico-aware-of-security-issues-employees-believe-they-were-hacked

Exploit: Supply Chain Attack

Geico: Insurer

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.610 = Moderate

Insurance giant Geico is the most recent company to become entangled in the MOVEit exploit saga. The company confirmed to reporters that it has experienced a data breach that has led to the exposure of employee personal data due to a service provider’s use of MOVEit. Geico sent employees a letter advising them that their data had been exposed but did not specify exactly what data may have been impacted.  

How It Could Affect Your Business: Supply chain attacks are escalating, and just one attack on a supplier can be a big problem that brings big bills for any organization.

M&T Bank

https://www.jdsupra.com/legalnews/m-t-bank-files-notice-of-data-breach-3084032/

Exploit: Supply Chain Attack

M&T Bank: Bank

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.673 = Severe

On August 14, 2023, M&T Bank filed a notice of data breach with the Attorney General of Massachusetts. In this notice, M&T explains that the breach is the result of a data security incident at a service provider related to the MOVEit exploit that resulted in an unauthorized party being able to access consumers’ sensitive information including manes and account data. M&T Bank is offering free credit monitoring services to anyone affected by the breach. The incident is in the early stages of investigation.

How it Could Affect Your Business: Governments of every size and government agencies have been high on cybercriminal hit lists.

 

United Kingdom – Swan Retail 

https://techmonitor.ai/technology/cybersecurity/swan-retail-cyberattack

Exploit: Hacking

Swan Retail: Business Services Provider 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.682 = Severe

 UK retail business services provider Swan Retail had been knocked offline, causing a major disruption for more than 300 independent retailers. The August 13, 2023, attack impacted Swan Retail’s inventory management, order fulfillment and accounting systems. The company works with around 300 independent retailers around the UK in a variety of verticals including fashion, home goods, sports, catering and garden centers. Swan Retail said it is working to restore systems quickly.  

How it Could Affect Your Business: This is a good example of what happens when an important service provider gets shut down by ransomware

Australia – Energy One

https://www.csoonline.com/article/649923/cyberattack-on-energy-one-affects-corporate-systems-in-australia-and-the-uk.html

Exploit: Hacking

Energy One: Business Software Provider

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 1.413 = Moderate

Wholesale energy software provider Energy One has revealed that a cyberattack on August 18, 2023, resulted in some corporate systems in Australia and the United Kingdom being taken offline. Energy One specified that it has disabled some links between its corporate and customer-facing systems as a safety measure. It is also working to determine what if any data was accessed by the attackers. The company said it has engaged cyber security specialists, CyberCX, and alerted the Australian Cyber Security Centre and certain UK authorities about the incident, which remains under investigation.

How it Could Affect Your Business: It is important that companies ensure that they have a plan in place for all types of incidents.

Australia – The au Domain Administration

https://itwire.com/business-it-news/security/auda-now-admits-attack,-says-ransomware-group-provided-proof.html

Exploit: Ransomware

The au Domain Administration: Domain Authority

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.302 = Extreme

The au Domain Administration has finally admitted that it has been the victim of a cyberattack by the ransomware group NoEscape. AuDA had maintained that it had not fallen victim to a cyberattack initially but changed its tune after the ransomware group posted a sample of AuDA’s data on its leak site. NoEscape says that it has pilfered more than 15GB of data, providing screenshots of some AuDA customer documents as proof of the hack. AuDA said that it is auDA working with the Australian Cyber Security Centre, the Department of Home Affairs and the Office of the Australian Information Commissioner as well as outside cybersecurity experts in its ongoing investigation.

How it Could Affect Your Business: Ransomware can hit any organization in any sector, and every business needs to be ready.

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

This week: Malicious insiders speed off with data at Tesla, The Clorox Company faces a big cleanup after a ransomware mess. 
Click here to CloudSmart IT options to help keep you secure! 

U.S. Department of Agriculture (USDA)

https://edition.cnn.com/2023/06/17/us/department-of-agriculture-possible-data-breach/index.html

Exploit: Ransomware

U.S. Department of Agriculture (USDA): Federal Government Agency

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.886 = Severe

The U.S. Department of Agriculture has been added to the growing list of victims of cyberattacks by the Cl0p ransomware group that are fueled by the MOVEit exploit. USDA has confirmed that it is investigating a data breach after one of its vendors fell victim to Cl0p. The agency says that a small amount of personal data about USDA employees may have been exposed in the incident. Other federal government agencies including The US Office of Personnel Management (OPM) and arms of The Department of Energy (DoE), Oak Ridge Associated Universities research center and its Waste Isolation Pilot Plant in New Mexico have also been identified as federal agency or agency adjoined victims. 

How It Could Affect Your Customers’ Business: This exploit continues to snag organizations with Cl0P claiming to have hit hundreds of entities.

Onix Group

https://www.bankinfosecurity.com/real-estate-firm-hack-affects-319500-patients-employees-a-22306

Exploit: Ransomware

Onix Group: Real Estate Company

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.876 = Severe

Onix Group, a Pennsylvania-based real estate firm that also operates a chain of substance misuse treatment centers, has reported a data breach to the Department of Health and Human Services (HHS). The company said that a ransomware attack discovered on March 27 had corrupted some systems and resulted in data exfiltration. Onix’s investigation ultimately determined that an unauthorized actor had accessed Onix’s network between March 20 and March 27. The stolen files contained employee information including names, Social Security numbers, direct deposit information and health plan enrollment information. 

How It Could Affect Your Customers’ Business A data breach that involves employee information can be just as costly as a data breach that exposes consumer information.

Louisiana Office of Motor Vehicles (OMV)

https://www.bleepingcomputer.com/news/security/millions-of-oregon-louisiana-state-ids-stolen-in-moveit-breach/

Exploit: Ransomware

Louisiana Office of Motor Vehicles (OMV): Regional Government Agency

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.369 = Extreme

The Louisiana Office of Motor Vehicles has disclosed that it too has fallen victim to Cl0p and the MOVEit exploit. The agency said that it expects that every Louisianan with a state-issued driver’s license, ID, or car registration likely had their data exposed to the threat actors. The OMV says that those impacted likely had personal data exposed including their name, address, social security number, birth date, height, eye color, driver’s license number, vehicle registration information and handicap placard information. Many other U.S. federal, state and local agencies have also been swept up in the MOVEit breach. The Oregon Department of Motor Vehicles released a similar statement noting that 3,500,000 Oregonians with an ID or driver’s license had similar data exposed too.  

How It Could Affect Your Customers’ Business: Many exploits can be avoided by regularly patching and updating software and systems.

Intellihartx

https://www.securityweek.com/intellihartx-informs-490k-patients-of-goanywhere-related-data-breach/

Exploit: Ransomware

Intellihartx: Debt Collector

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.149 = Severe

Intellihartx, a provider of patient balance resolution services to hospitals, is informing roughly 490,000 individuals that their personal information was compromised after the company discovered that it had become caught up in the GoAnywhere zero-day exploit flood that occurred earlier this year. Exposed data includes names, addresses, insurance data and medical billing, diagnosis and medication information, birth dates and Social Security numbers of patients carrying medical debt. Cl0p has already made the stolen data available on its leak site

How It Could Affect Your Customers’ Business: an exploit doesn’t have to be a zero-day anymore to still be problematic for businesses.

Exploit: Hacking

Zacks Investment Research: Data and Analysis Firm

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.737 = Moderate

Internet researchers at Have I Been PWNED announced that they’ve discovered that Zacks Investment Research (Zacks) has allegedly experienced a previously undisclosed data breach that impacts 8.8 million of its customers. The researchers said that a database of Zacks customers’ information was dumped on the dark web last week. The database contained clients’ email addresses, usernames, unsalted SHA256 passwords, addresses, phone numbers, first and last names and other data. Zacks had previously disclosed another data breach in January 2023.

How it Could Affect Your Customers’ Business: A second big breach of customer data in just six months may damage Zacks’ reputation and turn potential customers off.


Chile – Chilean Army

https://www.bleepingcomputer.com/news/security/rhysida-ransomware-leaks-documents-stolen-from-chilean-army/

Exploit: Ransomware (Malicious Insider)

Chilean Army: Military

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.126 = Extreme

A newer ransomware group named Rhysida has leaked a trove of documents that they claim to have stolen from the network of the Chilean Army (Ejército de Chile). The Chilean Army did confirm on May 29 that its systems were impacted in a security incident detected over the weekend on May 27 and data was likely stole. Interestingly, in the days following the announcement of the hack, an Army corporal was arrested and charged for his involvement in the incident, suggesting that the ransomware was deployed by a malicious insider. Rhysida ransomware has since published around 360,000 Chilean Army documents on its dark web leak site and claimed that they comprise about 30% of the data that was stolen. The incident is under investigation by Chile’s Computer Security Incident Response Team (CSIRT) of the Joint Chiefs of Staff and the Ministry of National Defense. 

How it Could Affect Your Customers’ Business: Every organization is susceptible to malicious insider threats no matter how loyal its employees seem to be.

 


UK – Shell

https://therecord.media/shell-impacted-in-clop-ransomware-attack

Exploit: Ransomware

Shell: Fuel Company

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.607 = Severe

Oil and gas behemoth Shell has announced that it too is a victim of Cl0p’s cybercrime spree using the MOVEit exploit. The company says that there was no damage to its internal systems but that a small amount of employee data was stolen. Shell is among the hundreds of companies that have been added to Cl0p’s dark web leak site. Those companies have been given a deadline of June 21 to pay a ransom or have their data exposed. However, Cl0p posted that Shell was refusing to negotiate on its site last Friday.

 


South Africa – Development Bank of Southern Africa (DBSA)

https://therecord.media/development-bank-of-southern-africa-akira-ransomware-attack

Exploit: Ransomware

Development Bank of Southern Africa (DBSA): State-Owned Bank

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.783 = Severe

 The state-owned Development Bank of Southern Africa has disclosed that it was hit with a ransomware attack by the Akira group last month. The bank says that the attack occurred around May 21. In the incident servers, logfiles and documents were encrypted. DBSA says that sensitive information about its clients including business names, the names of directors and shareholders, addresses, identification documents and contact information like phone numbers and email addresses was stolen in the incident. Many of the documents purportedly also included details of commercial or employment relationships with DBSA and financial information of stakeholders. The attack is under investigation by South African law enforcement agencies and regulators as well as third-party forensic investigators.

How it Could Affect Your Customers’ Business: Banks and other financial institutions have been at the top of cybercriminal hit lists for the past few years.


1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

View All News & Articles

Ready to customize an IT solution that fits YOUR business goals? Get free guidance from our CEO.

Ready to customize an IT solution that fits YOUR business goals?

Get free guidance from CloudSmart IT.

Book a call or call us at 615.610.3500 today for your no-cost, no-obligation consultation.