The Week in Breach News: 03/02/22 – 03/08/22 | CloudSmart IT

The Week in Breach News: 03/02/22 – 03/08/22

Nation-state hacking impacts thousands, Lapsus$ spills the beans on Samsung’s source code and the 2022 Global MSP Survey Benchmark Report is here.



Washington State Department of Licensing

https://www.washingtonpolicy.org/publications/detail/the-washington-state-department-of-licensing-has-restored-its-website-after-650000-individuals-data-was-leaked

Exploit: Hacking

Washington State Department of Licensing: Government Agency

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.337= Severe

Washington State Department of Licensing (DOL) experienced a data breach that has impacted approximately 650,000 former and current licensees. After discovering unexpected activity, the agency’s website was taken offline in January. At the time, no data loss was expected but that has since changed. 

cybersecurity news represented by agauge showing severe risk

Individual Risk: 2.416= Severe

The exposed data includes former and current licensing information as well as licensees’ social security numbers, driver’s license or ID numbers and dates of birth.  

How It Could Affect Your Customers’ Business: This trove of data combines business and personal information, making it especially useful and potentially profitable for the bad guys

 


AON

https://www.bleepingcomputer.com/news/security/insurance-giant-aon-hit-by-a-cyberattack-over-the-weekend/

Exploit: Ransomware

AON: Insurer

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.176=Moderate

Insurance giant AON disclosed that it had suffered a cyberattack last week in a filing with the U.S. Securities and Exchange Commission (SEC). The company said that it had discovered an incident that impacted some systems. AON does not suspect that there will be a material impact on clients or operations. The incident is suspected to involve ransomware. It is under investigation and the company has brought in outside experts.

How It Could Affect Your Customers’ Business Companies like this that hold or store large amounts of valuable data are high on cybercriminal shopping lists.

 


Monongalia Health System

https://www.securityweek.com/healthcare-company-mon-health-discloses-second-data-breach

Exploit: Hacking

Monongalia Health System: Healthcare Provider

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.367 = Extreme

West Virginia healthcare organization Monongalia Health System (Mon Health) has announced another data breach. The company operators of Monongalia County General Hospital, Preston Memorial Hospital, Stonewall Jackson Memorial Hospital and other healthcare centers, is informing patients and staffers that they had data stolen in December 2021. This is the second breach announcement in 3 months for Mon Health. Attackers did not gain access to the organization’s health electronic records systems.

cybersecurity news gauge indicating extreme risk

Individual Risk: 1.377 = Extreme

Exposed data may include patient, employee, provider and contractor data including names, addresses, birth dates, Social Security numbers, health insurance claim numbers, medical record numbers, patient account numbers, medical treatment information, and various other data. 

How It Could Affect Your Customers’ Business: Every medical sector organization needs to take extra precautions against data-hungry cybercriminals to avoid a major HIPAA fine. Or two in this case.

 


Adafruit

https://www.bleepingcomputer.com/news/security/adafruit-discloses-data-leak-from-ex-employees-github-repo/

Exploit: Insider Risk

Adafruit: Open-Source Hardware

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.847 = Moderate

An employee’s publicly accessible GitHub repository is to blame for a data security breach at New York hardware developer Adafruit, resulting in exposure of information about some users on or before 2019. The company was quick to provide assurances that the data set did not contain any user passwords or financial information such as credit cards, but not so quick to send emails to impacted users, waiting until after publishing a notification on its blog that was picked up by media outlets.

cybersecurity news represented by a gauge indicating moderate risk

Individual Risk: 2.802 = Moderate

Exposed data for users may include names, email addresses, shipping/billing addresses, order details and order placement status via payment processor or PayPal.

How it Could Affect Your Customers’ Business Whether they’re malicious or not, insider actions can have a major effect on companies even if the insider no longer works there.

 


Viasat

https://www.zdnet.com/article/viasat-confirms-cyberattack-causing-outages-across-europe/

Exploit: Nation-State Cyberattack

Viasat: Internet Service Provider

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.661=Severe

An estimated 10 thousand people found themselves without internet access after a cyberattack took down service to fixed broadband customers in Ukraine and elsewhere on its European KA-SAT network. The attack, starting about the same time as the Russian invasion of Ukraine, is suspected to be the work of Russia-aligned nation-state threat actors. No data was accessed or stolen in the incident, which is still under investigation.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Customers’ Business Nation-state cybercriminals are highly likely to strategically attack Utilities and Infrastructure targets during times of trouble.

 



PressReader 

https://www.infosecurity-magazine.com/news/pressreader-suffers-cyber-attack/ 

Exploit: Nation-State CyberattackPressReader: Media App

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.719 = Severe

A cyberattack impacting PressReader, the world’s largest digital newspaper and magazine distribution platform, left readers in the US, UK, Australia and Canada unable to access more than 7000 publications. Some of the unavailable publications include The Guardian, Vogue, Forbes and the New York Times. PressReader said it has resolved the issue and is working to make missed content available to users after experiencing an unspecified cybersecurity event. This may be a nation-state attack; the incident happened shortly after PressReader announced that it was removing dozens of Russian titles from its catalog and publicly stated that it would help the Ukrainian citizens access the news following Russia’s invasion of their country.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Customers’ Business Unsurprisingly, Russia-aligned threat actors are trying to control the flow of information about the invasion of Ukraine, leaving news outlets especially vulnerable right now.

 



Japan – Acro

https://portswigger.net/daily-swig/japanese-beauty-retailer-acro-blames-third-party-hack-for-breach-of-100k-payment-cards

Exploit: Third-Party Risk

Acro: Beauty Retailer

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.826 = Severe

Japanese e-commerce beauty company Acro has disclosed a data breach that has exposed the details of more than 100,000 payment cards. The incident included two of the company’s four retail websites. Acro is pointing to a security incident at a third-party service provider as the cause. The company specified that the compromised data related to 89,295 payment cards used to pay for goods on the Three Cosmetics domain and 103,935 cards used on its Amplitude site. Victims potentially include anyone who made purchases on either of the two sites between May 21, 2020, and August 18, 2021.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.713 = Severe

The stolen data potentially contains credit card information including cardholder names, payment card numbers, expiration dates and security codes.

How it Could Affect Your Customers’ Business Cybercriminals love credit card data because it’s a reliable commodity in dark web markets for quick profits.

 


Korea – Samsung

https://appleinsider.com/articles/22/03/06/hackers-leak-190gb-of-data-taken-in-alleged-samsung-breach

Exploit: Ransomware

Samsung: Electronics Maker

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.664 = Severe

The Lapsus$ hacking group just published a 190-gigabyte trove of confidential data including source code that it claims to have seized from Samsung Electronics in a ransomware attack. Reports say that the stolen code contains the source for every Trusted Applet in Samsung’s TrustZone environment, which handles sensitive tasks such as hardware cryptography and access control. It may also include biometric unlock operation algorithms, the bootloader source for recent devices, activation server source code and the full source code used to authenticate and authorize Samsung accounts. Samsung says that they’re investigating the incident.  

No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Customers’ Business Proprietary data is just as much of a win for cybercriminals as credit card or personal data, and worth a chunk of change for the right buyer.



1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

View All News & Articles

Ready to customize an IT solution that fits YOUR business goals? Get free guidance from our CEO.

Ready to customize an IT solution that fits YOUR business goals?

Get free guidance from CloudSmart IT.

Book a call or call us at 615.610.3500 today for your no-cost, no-obligation consultation.