The Week in Breach: 07/07/21-07/13/21

 
 

Shopping platforms are on the hit list this week, learn the details of the RNC hack and let us show you the benefits of security automation for your customers and your team in dollars and cents.

Northwestern Memorial HealthCare 

https://portswigger.net/daily-swig/data-breach-at-third-party-provider-exposes-medical-information-of-us-healthcare-patients

Exploit: Third-Party Data Breach 

Northwestern Memorial HealthCare: Hospital System 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.771= Severe

A data breach at a third-party provider, Elekta, has potentially exposed the private medical information of patients at Northwestern Memorial HealthCare (NMHC) providers. Unknown cybercriminals were able to access a database owned by Elekta, a company that provides a cloud-based platform that handles legally required cancer reporting to the State of Illinois. Those potentially affected are patients of Northwestern Medicine Central DuPage Hospital, Northwestern Medicine Delnor Community Hospital, Northwestern Medicine Huntley Hospital, Northwestern Medicine Kishwaukee Hospital, Northwestern Medicine Lake Forest Hospital, Northwestern Medicine McHenry Hospital, Northwestern Memorial Hospital, Northwestern Medicine Valley West Hospital and Northwestern Medicine Valley West Hospital. 

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.603= Severe

The hospital system has announced that attackers made a copy of datasets, which include patient names, dates of birth, Social Security numbers, health insurance information, and medical record numbers. The database also contained clinical information related to cancer treatment, including medical histories, physician names, dates of service, treatment plans, diagnoses, and/or prescription information. 

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business: Proprietary data like this is cybercriminal gold. It’s both useful for committing future cybercrime and quickly saleable in the busy dark web data markets.


Morgan Stanley

https://www.bleepingcomputer.com/news/security/morgan-stanley-reports-data-breach-after-vendor-accellion-hack/

Exploit: Third-Party Data Breach

Morgan Stanley: Financial Services Firm 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.216 = Severe

Morgan Stanley has reported a third-party data breach after attackers reportedly stole customer data by hacking into the Accellion FTA server of a third-party vendor. That vendor, Guidehouse, is a third-party vendor that provides account maintenance services to Morgan Stanley’s StockPlan Connect business. Guidehouse notified the investment banking company in May 2021 that attackers had accessed its Accellion FTA server. The Clop ransomware gang claimed responsibility for the original Accellion hack. 

cybersecurity news represented by agauge showing severe risk

Risk to Individual: 2.462 = Severe

Morgan Stanley says that the information stolen in this incident does not include financial information but does include stock plan participants’ names, addresses (last known address), dates of birth, social security numbers and corporate/company names. The files stolen from Guidehouse’s FTA server did not contain password information or credentials that the threat actors could use to gain access to impacted Morgan Stanley customers’ financial accounts. 

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Ransomware can have ripple consequences that complicate response for everyone involved, creating unexpected risk.


Republican National Committee (RNC) 

https://www.bloomberg.com/news/articles/2021-07-06/russian-state-hackers-breached-republican-national-committee

Exploit: Nation-State Cybercrime

Republican National Committee (RNC): Political Organization

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.223=Severe

Russian-aligned nation-state cybercriminals hacked into the Republican National Committee last week. Initially dismissive of the hack, RNC officials ultimately admitted that their security had been breached. However, those officials attributed the hack to a data security incident at a subcontractor, Synnex. The RNC announced that they are working with experts at Microsoft to investigate this incident.

Individual Impact: There has not yet been confirmation that consumer personal or financial information has been compromised in this incident but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Reviewing potential avenues of risk can help you and your customers make a strong defensive plan.


GETTR

https://therecord.media/gettr-leaks-email-addresses-and-user-details-in-api-security-snafu/

Exploit: Hacking

GETTR: Social Media Platform 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.575 = Severe

A hacker has reported that they have breached GETTR, a new right-wing social media platform popular with personalities who have been banned from mainstream social media. The data was purportedly collected in two batches, on July 1 and July 5. According to copies of the leaked file and the leaker’s claims, the first batch of the stolen data was collected through scraping on July 1 and the second batch was obtained through endpoint exploitation. The sum of the data collected in both leaks is estimated at more than 90,065 user profiles.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.502 = Severe

According to the hackers, the snatched data included information such as real names, profile descriptions, site usernames, along with other public information, but also non-public information such as a user’s email address, birth year, and location information.

Customers Impacted: 40,000

How it Could Affect Your Customers’ Business Strong endpoint security and security awareness training are vital for the success of security plans.



Switzerland – Comparis

https://www.reuters.com/technology/ransomware-attack-hits-swiss-consumer-outlet-comparis-2021-07-09/

Exploit: Hacking

Comparis: Shopping Platform 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.302 = Extreme

Swiss online consumer outlet Comparis has disclosed a ransomware attack by filing a criminal complaint. The attack purportedly blocked some of the information technology systems, causing scattered disruptions for several days. Sister company Credaris, a financial services provider that uses the same server environment, may also have experienced unconfirmed malicious access to unspecified information. According to the hackers, the snatched data included information such as real names, profile descriptions, site usernames, along with other public information, but also non-public information such as a user’s email address, birth year, and location information.

Individual Impact: There has not yet been confirmation that consumer personal or financial information has been compromised in this incident but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Personal data is gold in dark web markets, and cybercriminals are hungry to find new stores of it to sell.


Germany – Spreadshop 

https://www.privacysharks.com/spreadshop-hit-by-cyber-attack-payment-details-emails-and-passwords-breached/

Exploit: Hacking 

Spreadshop: Shopping Platform 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.919 = Severe

German merchandise platform Spreadshop has disclosed that on July 8th, 2021, it was the victim of a malicious cyberattack. The company confirmed that personal user data, including bank account details, were compromised. The platform is the commerce arm of a web of businesses that also includes Spreadshirt and TeamShirts. 

cybersecurity news represented by agauge showing severe risk

Individual Risk: 2.271 = Severe

According to a statement from Spreadshop, the compromised data includes address and contractual data belonging to customers, partners, employees and external suppliers. Also affected are the payment details of a small number of customers who made payments to Spreadshirt, Spreadshop, or TeamShirts via bank transfer or who have received a refund via bank transfer.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: If client data was impacted, GDPR carries stiff penalties for customer data loss and those continue to climb.



India – Technisanct 

https://ciso.economictimes.indiatimes.com/news/data-breach-in-trading-platform/83829525

Exploit: Hacking 

Technisanct: Trading Platform

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.801 = Moderate

Big data startup Technisanct has disclosed a data breach in a trading platform that it operates in India. Information from over 3.4 million customers was compromised. The security breach was identified by Technisanct’s digital risk monitoring tool. Researchers have reported that the pilfered data was for sale in an online platform dedicated to these kinds of transactions, and some of the information was published on June 15. 

cybersecurity news represented by a gauge indicating moderate risk

Idividual Risk: 2.766 = Moderate

The company has disclosed that Personal Identifiable Information (PII) was exposed including name, customer ID, contact number, email ID, trade login ID, branch ID, city and country.

Customers Impacted: 3.4 million

How it Could Affect Your Customers’ Business: PII was the second most popular category of data in dark web markets last year according to the Verizon/Ponemon DBIR 2021 report.


Taiwan – Adata

https://www.bleepingcomputer.com/news/security/adata-suffers-700-gb-data-leak-in-ragnar-locker-ransomware-attack/

Exploit: Ransomware

Adata: Computer Chip Maker 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.801 = Severe

The Ragnar Locker ransomware gang has announced that they’ve acquired more than 700GB of archived data stolen from Taiwanese memory and storage chip maker ADATA. A set of 13 archives, allegedly containing sensitive ADATA files, have been publicly available at a cloud-based storage service, at least for some time. According to reports, the largest archive is close to 300GB, and the second largest is 117GB and the archives likely contain corporate financial information, non-disclosure agreements and sales data.

Individual Impact: There has not yet been confirmation that consumer personal or financial information has been compromised in this incident but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: That’s a huge trove of data that will be very popular in hacker marketplaces and a pain for ADATA for years to come.



1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

 

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.




Get Stronger Defense Without Weakening Your Bottom Line, Automatically


Cybersecurity can be a bit of a rollercoaster ride, and 2021 is proving to be no exception. But just as the bad guys are planning new kinds of attacks, on the other side of the equation we’re innovating new security technologies to fight back – and this particular innovation is an absolute game-changer

Security automation has many benefits to offer for your business. An automated phishing defense solution will catch 40% more email threats than a conventional one or an old-fashioned SEG. Tired of filing password reset requests? Why not automate that process to accomplish the task instantly. Plus, automatic warnings for exposed credentials give you peace of mind.

Best of all, automated security technology isn’t expensive. Strong, smart security can be automatic – and experts agree that security automation is the number one way to reduce a company’s attack surface. It’s time to put security automation to work for your business today.

Follow us on social media to find out about breach news, new blog posts, product updates, and other important news!

View All News & Articles

Ready to customize an IT solution that fits YOUR business goals? Get free guidance from our CEO.

Ready to customize an IT solution that fits YOUR business goals?

Get free guidance from CloudSmart IT.

Book a call or call us at 844.200.0549 today for your no-cost, no-obligation consultation.