Two big ransomware attacks impact governments in Costa Rica and Brazil, and supply chain risk takes the glow off of vacations for passengers on Canada’s Sunwing Airlines.
Exploit: Business Email Compromise
Christie Clinic: Healthcare Provider
Risk to Business: 1.802 = Severe
Illinois medical services provider Christie Clinic has informed an estimated 500,000 individuals that their personal information was potentially compromised in a data breach that occurred last year. In the incident, a bad actor gained unauthorized access to one of the practice’s email accounts in a suspected business email compromise operation with the intent of interrupting financial communications between July 14 and August 19, 2021. The practice assured patients that the bad actor did not compromise other systems, electronic medical records, or the firm’s patient portal.
Risk to Individual: 2.771 = Moderate
Christie Clinic is unsure of the scope of the breach but says that the bad actor may have gained access to patient names, addresses, medical and health insurance information and Social Security numbers through the compromised account.
How It Could Affect Your Customers’ Business: Business email compromise is the most expensive cyberattack businesses face and in this case, that price will come with regulatory trouble.
The Unified Government of Wyandotte County and Kansas City, Kansas
The Unified Government of Wyandotte County and Kansas City, Kansas: Regional Government
Risk to Business: 1.802 = Severe
Residents of Wyandotte Country and Kansas City, Kansas (UG) are missing access to several government services after an Easter weekend cyberattack snarled the regional government’s IT systems. Some systems have been restored, but many services remain unavailable including appraisals, court cases, motor vehicle services and procurement. A UG statement said that it is actively working with the U.S. Department of Homeland Security, Federal Bureau of Investigation, and the Mid-America Regional Council cybersecurity task force to investigate the incident.
How It Could Affect Your Customers’ Business Government entities have been popular cybercrime targets for both data theft and ransomware in the last two years.
Bob’s Red Mill Natural Foods
Bob’s Red Mill Natural Foods: Grocery Brand
Risk to Business: 2.761 = Moderate
Bob’s Red Mill Natural Foods has announced that it has experienced a data breach after data scraping malware was found to be operating on its website. The company said on April 15 that the malware was in operation between February 23 and March 1, 2022. The company’s initial investigation did not uncover any exfiltration, but after a customer complaint that has changed.
Risk to Business: 2.814 = Moderate
Customer information impacted includes online customers’ payment card information, billing and shipping addresses, email addresses, phone numbers and purchase amounts. The company said that no information had been found to indicate that any Social Security numbers, dates of birth, driver’s license numbers or other government-issued ID numbers had been exposed in the attack.
How It Could Affect Your Customers’ Business: Customers aren’t going to respond well to companies that can’t keep their payment card data safe.
Exploit: Supply Chain Attack
Sunwing Airlines: Passenger Air Carrier
Risk to Business: 1.346 = Extreme
Sunwing Airlines passengers are finding themselves delayed or stranded in airports across the Caribbean after a cyberattack brought down boarding and check-in services maintained by Illinois-based service provider Airline Choice. The airline has been forced to manually check in passengers and handwrite boarding passes, causing massive delays, with passengers stranded in the Caribbean, Mexico and Central America, some for days. The company says it’s working to resolve the situation and get stranded passengers to their destinations as quickly as possible.
How it Could Affect Your Customers’ Business This is a nightmare scenario that will have a serious impact on Sunwing’s future business.
Costa Rica – The Government of Costa Rica
The Government of Costa Rica: National Government
Risk to Business: 1.271 = Extreme
The Conti group has claimed responsibility for a ransomware attack on the federal government of Costa Rica that has caused trouble in several government agencies for more than a week. Government ministries impacted include Finance, experiencing impacts in customs and tax collection, Labor and the social security agency’s human resources system. Conti’s extortion site claims that the group has published 50% of the stolen data including more than 850 gigabytes of material from the Finance Ministry and other institutions’ databases. Reports say that the group has demanded a $10 million ransom, which the Costa Rican government has stated it will not pay.
How it Could Affect Your Customers’ Business Ransomware is a major threat to governments and cybercriminals have not been shy about using it.
Brazil – The City of Rio de Janeiro
The City of Rio de Janeiro: Municipal Government
Risk to Business: 1.909-Severe
The LockBit ransomware group claimed to have attacked systems connected to the Finance department of the city government in Rio de Janeiro, stealing about 420 GB of data. The Secretary of State for Finance confirmed the attack. The ministry has said that the attackers only captured a small fraction of the ministry’s data. Spokespeople also said that the gang was demanding an unspecified ransom to keep the data from publication. Rio de Janeiro’s economy ranks 30th in GDP among all cities in the world.
How it Could Affect Your Customers’ Business In a challenging economy, no government can afford this kind of incident or the associated bills.
United Kingdom – Funky Pigeon
Funky Pigeon: Retailer
Risk to Business: 2.776 = Moderate
Gift card retailer Funky Pigeon, a division of UK retail giant WHSmith, has announced that it was the victim of a cyberattack that has seriously impacted its operations. Funky Pigeon was forced offline, suspending sales temporarily. The company was quick to reassure consumers that no payment data was at risk and did not believe any account passwords were compromised. The incident remains under investigation.
How it Could Affect Your Customers’ Business Online retailers have been a popular target for cybercriminals, especially for payment skimming attacks.
Russia – Tendertech
Exploit: Nation-State Hacking (Hacktivism)
Tendertech: Documents Processor
Risk to Business: 1.976 = Severe
The Anonymous collective has announced that it penetrated systems at Tendertech, a Russia-based processor of financial services and banking documents. The firm counts Transcapitalbank, Bank Uralsib, Bank Soyuz, RGS Bank, Bank ZENIT and Otkritie Bank among its customers. Anonymous claims to have stolen 426,000 emails and leaked an archive of 160 GB in size through Demonstrated Denial of Secrets. Anonymous also claims to have hit other Russian government and quasi-governmental targets including GUOV i GS – General Dept. of Troops and Civil Construction, Neocom Geoservice and Gazregion.
How it Could Affect Your Customers’ Business Nation-state cybercrime can impact businesses outside the government or military sphere quickly.
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.