The Week in Breach News: 03/09/22 – 03/15/22

Risk to Business: 2.214 = Severe

South Denver Cardiology Associates apparently kicked off 2022 with a data breach that they’ve just disclosed to their patients on their website. The medical practice believes that an unauthorized party gained access to its systems between January 2, 2022, and January 5, 2022. During that time, certain files stored on the system were accessed that contained the protected health information of patients. They were careful to note that there was no impact to the contents of patient medical records and no unauthorized access to the patient portal.

Individual Risk: 2.371 = Severe

Information potentially exposed includes names, dates of birth, Social Security numbers and/or drivers’ license numbers, patient account numbers, health insurance information, and clinical information, such as physician names, dates/types of service and diagnoses. South Denver Cardiology Associates is offering credit monitoring to impacted patients who have been informed by mail.  

Risk to Business: 1.872 = Severe

E-commerce giant Mercado Libre has confirmed that an unauthorized party accessed its systems last week, snatching up a part of its source code. The ransomware gang Lapsus$ has claimed responsibility. Mercado admitted that threat actors had accessed data of around 300,000 of its users but stopped short of disclosing that this was a ransomware attack, clarifying what data was stolen or sharing ransom demands.  The company said that they do not believe “any users’ passwords, account balances, investments, financial information, or credit card information were obtained”. 

Risk to Business: 2.311 = Severe

Lapsus$ was busy this week. The group also claimed responsibility for a hack at Vodafone. In a Telegram message to its subscribers, Lapsus$ claimed to have 200GB of Vodafone source code in its possession, allegedly the fruit of 5,000 GitHub repositories. No word on the specifics of the stolen data. Lapsus$ is reportedly a South American gang that also claimed responsibility for recent attacks on Nvidia and Impresa.

Risk to Business: 1.867 = Severe

French video game company Ubisoft has admitted that a cyber security incident knocked many games, services and systems offline. Guess who claimed responsibility? If you answered “Lapsus$”, you’re right!  Ubisoft says that no customer information was accessed, and games should be operating normally now. Credential compromise appears to have been a factor as Ubisoft employees have reportedly been required to change their passwords.  

Risk to Business: 1.661 = Severe

Hacktivist collective Anonymous is still hard at work disrupting Russia’s technology infrastructure in response to that country’s continued aggression in Ukraine. This week, Anonymous chose to hit Roskomnadzor (Federal Service for Supervision of Communications, Information Technology and Mass Media). That agency is the watchdog that censors media outlets within Russia. The group leaked around 820 GB of data, available on the website Distributed Denial of Secrets (aka DDoSecrets). Roskomnadzor was recently tasked by the Putin regime to block Facebook, Twitter, and other online platforms within Russia. Anonymous had been loud, open and very busy in its support of Ukraine, claiming attacks on more than 300 Russian strategic targets within the first 72 hours of the Russian invasion of Ukraine.  

Risk to Business: 2.601 = Severe

The German subsidiary of the Russian energy company Rosneft has disclosed that they’d experienced a cyberattack. The attack snarled operations from last Friday night through the weekend. Reuters reports that German news outlet Die Welt points to “Anonymous” as the source behind the attack as part of its ongoing campaign against Russia in opposition to its invasion of Ukraine. 

Risk to Business: 1.402 = Extreme

Cybercrime group Pandora released a statement on Sunday saying it had snatched sensitive data from Denso, a supplier to Toyota. Just two weeks ago, Toyota had been forced to halt production in Japan because of a supply chain cybersecurity incident and this appears to be it. The company disclosed that it had detected unauthorized access to its network using ransomware at DENSO Automotive Deutschland GmbH, an associated firm in Germany. No information about the ransom or specifics on stolen data were available.  

Risk to Business: 1.436 = Extreme

 Major Japanese animation studio Toei announced that there will be delays in the release of several popular anime series, including the long-awaited episode 1000 of ONE PIECE, because of a cyberattack. The anime studio said that they detected unauthorized access to their systems on March 6th, 2022, forcing a system-wide shutdown that impacted their production schedule. In a statement, Toei revealed that new releases for series including Dragon Quest Dai no Daibouken, Delicious Party Precure, Digimon Ghost Game and ONE PIECE will be delayed until further notice.