A former employee spawns a security nightmare at CashApp Investing, and Conti scores ransomware hits in two industrial attacks.
Block Inc.
Exploit: Insider Risk
Block Inc: Financial Services Platforms
Risk to Business: 1.706 = Severe
More than 8 million customers of Cash App Investing may have had their personal information exposed thanks to an incident involving an ex-employee of the app’s parent company Block Inc. In an SEC filing, the company disclosed that a former employee had downloaded reports that contained customer data. This breach does not impact customers using this app’s sister product, CashApp.
Risk to Individual: 1.663 = Severe
The pilfered reports included customers’ full names and brokerage account numbers. For some customers, the data accessed also included the value and holdings of the brokerage portfolio, as well as some trading activity.
How It Could Affect Your Customers’ Business: Companies that are sloppy about removing past users’ access are likely to find themselves in this position.
Snap-on
Exploit: Ransomware
Snap-on: Tool Manufacturer
Risk to Business: 1.976 = Severe
Major tool manufacturer Snap-on has disclosed that it has been the victim of a ransomware attack. The Conti ransomware group has claimed responsibility. The group has already begun leaking Snap-on’s data online. Snap-on reported that the breach was discovered when it detected suspicious network activity, which led to them shutting down company systems. Employee and franchisee data was compromised.
Risk to Individual: 1.899 = Severe
Snap-on told the California Attorney General’s Office in a filing that the exposed data included associate and franchisee names, Social Security Numbers, dates of birth and employee identification numbers.
How It Could Affect Your Customers’ Business Attacks against industrial and manufacturing targets have been accelerating as bad actors look for fast ransoms from time-sensitive businesses.
Fox News
https://www.infosecurity-magazine.com/news/employee-info-13-million-records/
Exploit: Misconfiguration
Fox News: Television Network
Risk to Business: 2.722 = Moderate
Researchers at Website Planet have announced that they discovered a trove of information about employees of Fox News exposed in a misconfigured database. The 58GB of exposed data includes almost 13 million records of content management data, employee details, internal Fox emails, usernames, employee ID numbers, affiliate station information and more. 65,000 names of celebrities, cast and production crew members and their internal Fox ID reference numbers were also in the mix. No further specifics about exposed employee data were available at press time.
How It Could Affect Your Customers’ Business: Personal data is a hot ticket item, and big companies often have a storehouse of it in their employee records.
Parker Hannifin
https://www.securityweek.com/ransomware-gang-leaks-files-stolen-industrial-giant-parker-hannifin
Exploit: Ransomware
Parker Hannifin: Industrial Components Manufacturer
Risk to Business: 1.969 = Severe
Conti ransomware is to blame for an attack on major industrial supplier Parker Hannifin, a manufacturer of specialized in motion and control technologies used by aerospace, defense and industrial manufacturers. Conti has already published more than 5 GB of the company’s stolen data but stated that is only a small fraction of the total data they snatched.
How it Could Affect Your Customers’ Business Cybercriminals aren’t just after personal data, they’ll gladly take proprietary technical data like spec sheets, blueprints and formulas too.
United Kingdom – The Works
Exploit: Ransomware
The Works: Discount Retailer
Risk to Business: 1.227 = Extreme
Discount stationers and craft store The Works had to shut down several stores temporarily after a cyberattack crippled payment systems, identified as ransomware by media outlets. Reports also say that the attack was precipitated by an employee falling for a phishing email. The incident is under investigation and has been reported to the UK Commissioner’s Office. No word on what if any data was stolen
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How it Could Affect Your Customers’ Business Cybercriminals know that hitting businesses like this will often result in a quick ransom payment to avoid business interruption.
Russia – Gazprom Neft
https://www.infosecurity-magazine.com/news/russian-oil-gazprom-neft-hack/
Exploit: Nation-State (Hacktivism)
Gazprom Neft: Oil Company
Risk to Business: 2.017 – Severe
Russian oil heavyweight Gazprom Neft had its website, resulting in an outage. The hackers reportedly hijacked the company’s site on April 6 displaying imagery and messaging that depicted the company’s president speaking out against the Russian invasion of Ukraine. Gazprom Neft is the oil handling subsidiary of Russia’s major-league state-owned gas company Gazprom.
How it Could Affect Your Customers’ Business Hacktivists have been working to damage Russian infrastructure and assets since the invasion of Ukraine.
Nigeria – Bet9ja
Exploit: Ransomware
Bet9ja: Gambling Platform
Risk to Business: 2.176 = Severe
Popular Nigerian betting platform Bet9ja disclosed that it has been hit by a ransomware attack perpetrated by BlackCat. The company said in a statement that they had received an unspecified ransomware demand but did not plan to pay. The CEO was quick to assure users in another statement that their funds and data were secure. The company says that it is working to resolve the matter.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How it Could Affect Your Customers’ Business Ransomware is the most versatile weapon in the cybercriminal arsenal and building a strong defense is essential.
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.