The Week in Breach News: 01/19/22 – 01/25/22 | CloudSmart IT

The Week in Breach News: 01/19/22 – 01/25/22

A cyberattack impacting the International Red Cross endangers refugees, phishing costs a US city over $200K, more crypto and financial sector trouble and inside 2021’s data breach landscape to see who got hit and how it happened.




RR Donnelly

https://www.bleepingcomputer.com/news/security/marketing-giant-rrd-confirms-data-theft-in-conti-ransomware-attack/

Exploit: Ransomware

RR Donnelly: Marketing & Communications Firm

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.227= Severe

Major marketing company RR Donnelly has disclosed that they had data stolen in a December cyberattack attributed to ransomware. The Conti ransomware group is suspected to be to blame. In the attack on December 27, 2021, the company experienced a systems intrusion that led it to shut down its network to prevent the attack’s spread. That led to disruptions for customers, with some unable to receive printed documents required for vendor payments, disbursement checks and motor vehicle documentation. The Conti ransomware gang claimed responsibility on January 15 and began leaking 2.5GB of the stolen data that has since been removed.  

Individual Impact: No specifics about consumer/employee PII or financial data loss were available at press time.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business: A recent rash of ransomware attacks against media and communications organizations should have everyone in that sector on notice.


Strategic Benefits Advisors, Inc

https://www.jdsupra.com/legalnews/data-breach-alert-strategic-benefits-8267696/

Exploit: Hacking

Strategic Benefits Advisors: Human Resources Consulting Firm

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.223 =Severe

 In a recent legal filing, Strategic Benefits Advisors disclosed that an unauthorized third party had gained access to its data and may have removed several files containing consumer information. The Georgia-based company provides full-service employee benefits consulting for companies in many industries. 

cybersecurity news represented by agauge showing severe risk

Individual Risk: 2.419=Severe

Strategic Benefits Advisors sent breach notification letters to more than 58,000 people to inform them of the exposure which the company says was limited to full names and Social Security numbers. 

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business Hackers have been especially interested in breaching companies that maintain large stores of data for other companies lately.


City of Tenino, Washington

https://www.govtech.com/security/washington-city-loses-280-309-to-successful-phishing-scam

Exploit: Phishing/BEC

City of Tenino, Washington: Municipality

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.717= Severe

The City of Tenino, Washington is down $280,309 in public funds according to the Washington State Auditor’s Office after a city employee fell for a phishing message that launched a business email compromise scam. Reports say that former Clerk Treasurer John Millard fell victim to a phishing message and paid cybercriminals a boatload of money, some without city council approval. The official reportedly initiated 20 automated clearing house payments from the city’s bank account to multiple out-of-state bank accounts. News outlets are also reporting that a warning was sent out to clerks about the phishing scam immediately but that didn’t stop this disaster from happening. 

Individual Impact: No specifics about any consumer/employee PII or financial data loss were available at press time.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business BEC is the most expensive cybercrime according to the FBI, 64X more expensive than ransomware – and it usually starts with phishing.

 



Switzerland – The International Red Cross

https://www.npr.org/2022/01/20/1074405423/red-cross-cyberattack 

Exploit: Third Party/Supply Chain

The International Red Cross: Humanitarian Aid Organization

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.719 = Severe

The International Committee of the Red Cross has revealed that hackers have stolen data from a Swiss contractor that stores it for them. The stolen data includes information about over 515,000 highly vulnerable people that it has served, recipients of aid and services from at least 60 affiliates of the organization worldwide. The Red Cross says it typically reunites 12 missing people with their families every day through that program. As a result of this cyberattack, The International Red Cross has been forced to temporarily halt a program that reunites families torn apart by violence, migration or other tragedies. A spokesperson for the ICRC told news outlets that there have been no demands from the hackers in exchange for stolen data and that they were working with specialized firms to recover.  

Individual Impact: No specifics about any consumer/employee PII or financial data loss were available at press time.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Once again, a service provider that maintains a large array of records full of PII was hit, gaining cybercriminals a data bonanza.


Italy – Montcler

https://www.bleepingcomputer.com/news/security/fashion-giant-moncler-confirms-data-breach-after-ransomware-attack/ 

Exploit: Ransomware

Montcler: Luxury Fashion & Outerwear

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.727= Severe

Luxury retailer Montcler has disclosed that it suffered a data breach in December 2021 after data began appearing on a cybercriminal leak site. The company confirmed that some data related to its employees, former employees, suppliers, consultants, business partners, and customers was stolen and subsequently leaked after they refused to pay the demanded $3 million ransom. The AlphaV (BlackCat) ransomware operation has claimed responsibility. The stolen data is said to include earning statements, spreadsheets with what appears to be customer information, invoices and other documents, but no specifics were provided.

Individual Impact: No information about exposed customer personal or financial data was available at press time.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business retailers have been steadily climbing the cybercriminal’s target hit list, especially luxury brands and specialty retailers.



New Zealand- Kings Plant Barn

https://www.nzherald.co.nz/business/kings-plant-barn-the-latest-retailer-hit-by-click-and-collect-data-breach/HJ45OFWAJ7NGGICU4THWBEZYOI/ 

Exploit: Third Party/Supply Chain

Kings Plant Barn: Garden Retailer

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.677 = Severe

Kings Plant Barn is notifying customers that it has experienced a data breach after a data security incident at FlexBooker. The garden chain says that client names, email addresses and collection times were exposed but not passwords or other sensitive data. FlexBooker experienced an attack before the holidays that resulted in the theft of more than three million user records. The platform is used for scheduling and employee calendar management by small businesses like doctor’s offices, real estate companies, service sector businesses and similar companies.

Individual Impact: No specifics about consumer/employee PII or financial data loss were available at press time.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business In an increasingly interconnected world, SMBs need to be prepared for the security risks that they may face from a service provider’s security incident.



Singapore – Crypto.com

https://www.vice.com/en/article/epxb8m/crypto-protocol-publicly-announces-flaw-users-relentlessly-owned-by-hackers

Exploit: Hacking

Crypto.com: Cryptocurrency Trading Platform

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.806 = Severe

Crypto.com, a platform that allows users to swap tokens between blockchains, publicly announced an incident in which a flaw in the platform’s security allowed cybercriminals to snatch an estimated $31 million in cryptocurrency. The company disclosed that 483 users were impacted by unauthorized cryptocurrency withdrawals on their accounts amounting to 4,836.26 ETH, 443.93 BTC, and approximately US$66,200 in other cryptocurrencies. In response to this incident, the company is adjusting its protocols to include safeguards like requiring all customers to re-login and set up their 2FA token to ensure only authorized activity would occur and a new policy where the first withdrawal to a whitelisted address must wait 24 hours among other measures. 

Individual Impact: No specifics about consumer/employee PII or financial data loss were available at press time.

Customers Impacted: 483

How it Could Affect Your Customers’ Business The financial industry has been besieged by cybercriminals and nothing si taking more of a beating than cryptocurrency and DeFi.

 


Indonesia – Bank Indonesia

https://www.bleepingcomputer.com/news/security/indonesias-central-bank-confirms-ransomware-attack-conti-leaks-data/ 

Exploit: Ransomware

Bank Indonesia: Financial Institution 

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.721 = Moderate

Bank Indonesia (BI), the central bank of the Republic of Indonesia, confirmed that a ransomware attack hit its networks last month. In a statement, BI said that their operational activities were not disrupted. CNN reported that the hackers made off with non-critical data belonging to Bank Indonesia employees before deploying ransomware payloads on over a dozen systems on the bank’s network. Conti has claimed responsibility. It claims to have 13.88 GB worth of documents and leaked a sample of files allegedly stolen from Bank Indonesia’s network as proof. 

Individual Impact: No specifics about any consumer/employee PII or financial data loss were available at press time.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Personal data is always a winner for cybercriminals who are looking to make a quick profit in the booming dark web data markets.


1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

View All News & Articles

Ready to customize an IT solution that fits YOUR business goals? Get free guidance from our CEO.

Ready to customize an IT solution that fits YOUR business goals?

Get free guidance from CloudSmart IT.

Book a call or call us at 615.610.3500 today for your no-cost, no-obligation consultation.