Week in Breach 8/23/23-8/29/23

Risk to Business: 2.276 = Moderate

The Ohio History Connection has disclosed that it fell victim to a cyberattack in late July that led to data exposure for an estimated 7,600 people. The non-profit said that names, addresses and Social Security numbers of some current and former employees from 2009 to 2023 may have been breached. Cybercriminals may have also accessed W-9 forms revealing information about vendors. The bad actors demanded an unspecified ransom, and the Ohio History Connection admitted that it made an offer, but that offer was refused, and data has begun to leak. There is an ongoing investigation by state and federal law enforcement.

Risk to Business: 1.832 = Severe

Mom’s Meals, a medical meal delivery service for self-paying customers or people eligible for government assistance through the Medicaid and Older Americans Act programs, has announced a data breach after a successful ransomware hit. The company said that it identified suspicious activity on its networks on February 22, 2023, and determined files on its systems had been encrypted by ransomware. Interestingly, the incident stayed quiet until March 2023, when an anonymous Mom’s Meals employee tipped off an Iowa news outlet to the company’s “internet issue” that had caused the employee to miss work and pay for a week. July 10, 2023, confirming the hackers had accessed the following data: a customer’s name, date of birth, driver’s license, state identification number, financial account information, payment card information, medical record number, Medicare and Medicaid identification, health information, treatment information, diagnosis code, meal category and cost, health insurance information, patient ID number and some Social Security numbers. The company said that 1,237,681 customers have been impacted by this incident.  

Risk to Business: 1.673 = Severe

The University of Minnesota has admitted that it has suffered a major data breach that impacts an estimated 7 million alumni involving data going back to the 1980s. University officials said that they became aware of a possible breach after a cybercrime group claimed to have snatched data from the university in late July 2023. The unnamed hacker claimed to have stolen a database containing seven million Social Security numbers. Officials said that their preliminary investigation showed that the stolen data was collected in 2021 or earlier. The incident remains under investigation.

Risk to Business: 1.310 = Extreme

London’s Metropolitan Police is facing a storm after a data breach at a contractor led to the exposure of sensitive data for an estimated 47,000 personnel. The contractor handled printing warrant cards and staff passes. A range of sensitive data was exposed, including personnel names, photographs, ranks, vetting levels and identification numbers. However, officials were quick to note that personal details like home addresses, phone numbers and financial information belonging to police personnel were not accessed. The National Crime Agency (NCA) was called in to investigate and other government agencies.

Risk to Business: 1.673 = Severe

France’s unemployment registration and financial aid agency Pôle emploi has announced that it had experienced a data breach thanks to a service provider being caught up in the ongoing MOVEit exploit spree. An estimated 10 million people had personal information exposed in this incident, the second largest single incident population so far in the MOVEit saga. The exposed data includes a citizen’s full name and social security number. The agency said that email addresses, phone numbers, passwords, and banking data were not compromised. 

Risk to Business: 1.012 = Extreme

Danish cloud hosting company CloudNordic is facing an existential crisis after an August 18 ransomware attack wiped out all of its clients’ stored data. Its sister cloud host, AzeroCloud is also in the same boat. CouldNordic said that widespread encryption has resulted in client data becoming inaccessible. The attackers hacked into network-linked cloud servers used by both companies during a migration to another data center. This enabled the hackers to gain wide access to backup systems and entire data storage silos, leading to near-complete encryption. The hackers have demanded a ransom of approximately $150,000.

Risk to Business: 1.302 = Extreme

Many charities that used Pareto Phone for some of their fundraising efforts are finding out that their donors may have had data exposed after the company admitted to a data breach. Some of the charities impacted include The Cancer Council, Canteen, Australian Conservation Foundation and Fred Hollows Foundation. Some of the charities are saying that Pareto retained their donors’ information without their knowledge, including information that was up to nine years old. That donor information has now been released on the dark web. Canteen said that its donors’ full names, date of birth, addresses, email addresses and phone numbers had been released, but not financial information.  More than 70 charities may have been impacted in the incident.  

Risk to Business: 1.682 = Severe

The BlackCat/ALPHV ransomware gang has claimed responsibility for a ransomware attack on renowned Japanese watchmaker Seiko. The company disclosed on August 10 that an unauthorized party had gained access to its network. BlackCat has begun posting samples of the stolen data including production plans, employee passport scans, new model release plans, specialized lab test results, technical schematics and Seiko watch designs. Seiko said that it has commissioned a team of external cybersecurity experts to investigate the incident and apologized to its customers.