The Week in Breach News: 12/29/21 – 01/04/22 | CloudSmart IT

The Week in Breach News: 12/29/21 – 01/04/22

In cybercrime news this week: Ransomware is in the picture at Shutterfly, Pro Wrestling Tees unclothed a data breach in which customer’s credit card numbers have been exposed, and cyberattacks are big news at two EU media companies. 



Shutterfly 

https://www.bleepingcomputer.com/news/security/shutterfly-services-disrupted-by-conti-ransomware-attack/ 

Exploit: Ransomware

Shutterfly: Digital Image & Photography Services 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.876=Severe

Shutterfly has been hit with a Conti ransomware attack that allegedly encrypted over 4,000 devices and 120 VMware ESXi servers. On the Conti leak site, they offer samples of stolen Shutterfly data including legal agreements, bank and merchant account info, login credentials for corporate services, spreadsheets, and customer information, including the last four digits of credit cards. Shutterfly said in a statement that their Shutterfly.com, Snapfish, TinyPrints, or Spoonflower sites were not affected by the attack. However, their corporate network, Lifetouch, BorrowLenses, and Groovebook experienced service disruptions. 

Individual Impact: Although there appears to be customer data involved in this incident including payment card data, that exposure has not been confirmed and no further information was available at press time.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business: Ransomware risk is rising for organizations in every sector, especially companies that provide important services for other businesses as well as retail users.

 


Pro Wrestling Tees 

https://www.bleepingcomputer.com/news/security/pro-wrestling-tees-discloses-data-breach-after-credit-cards-stolen/

Exploit: Hacking (Payment Skimmer)

Pro Wrestling Tees: Merchandise & Fan Experience Platform

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.612=Severe

Pro Wrestling Tees has disclosed a data breach incident that has resulted in the compromise of the financial details of tens of thousands of its customers. In a data breach notification sent to affected individuals on December 15, 2021, Pro Wrestling Tees disclosed that it was informed by law enforcement that a small portion of its customers’ credit card numbers had been compromised in a malware infection. 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.919=Severe

The unnamed cybercriminals stole full names and credit card numbers of Pro Wrestling Tees customers who processed transactions through the platform including CVV codes. The company contends that they don’t store card info within their software and that only a small number of customers who used the checkout page were affected, although users on Reddit claim that many customers have seen fraudulent charges pile up.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business Payment card skimmers and other similar malware are an occupational hazard for any company that processes online payments.

 


Maryland Department of Health

https://www.washingtonpost.com/dc-md-va/2021/12/05/maryland-health-department-cyberattack/

Exploit: Hacking

Maryland Department of Health: State Government Agency

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.717= Severe

The Maryland Department of Health experienced a cyberattack in early December that disrupted reporting of COVID-19 cases, deaths, testing and vaccination data. Some outlets are pointing to ransomware as the culprit but that has not been confirmed and state officials offered no details of the incident. The attack also impacted reporting in Baltimore. Systems were restored and the state began reporting COVID-19 data again on January 4.  

Individual Impact: No consumer/employee PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business State agencies have been high on cybercriminals’ target lists throughout 2021 because they’re likely to pay the ransom and that trend is expected to continue in 2022.

 


UK – Gloucester City Council 

https://www.bbc.com/news/uk-england-gloucestershire-59831468 

Exploit: Hacking

Gloucester City Council: Municipal Government Body 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.809 = Severe

Gloucester City Council is in the process of restoring municipal services in the wake of a December 20 cyberattack. Impacted functions include the council’s online revenue and benefits sections as well as planning and customer services. City residents are also unable to access interactive online application forms for housing benefits, council tax support, test and trace support payments and discretionary housing payments. The council is working with the National Crime Agency (NCA) and the National Cyber Security Centre (NCSC) to fix the issue. 

Individual Impact: No consumer/employee PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Infrastructure targets and municipalities have been very attractive to cybercriminals looking for quick ransom payments to restore essential services.

 

Norway – Amedia

https://therecord.media/cyberattack-on-one-of-norways-largest-media-companies-shuts-down-presses/ 

Exploit: Ransomware

Amedia: Media Company 

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.412= Extreme

Amedia, the largest local news publisher in Norway, experienced a suspected ransomware attack last week that shut down several of its essential systems, leaving it unable to publish its 78 printed newspapers until Friday in some cases. Amedia also said that its online news operations were unaffected, but the company suspects that unspecified that personal data belonging to employees may have been accessed during the attack. Vice Society is the ransomware gang purportedly responsible for this attack. 

Individual Impact: Although there appears to be employee data involved in this incident, that exposure has not been confirmed and no further information was available at press time.  

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Cybercriminals are especially likely to target companies that provide time-sensitive products and services in hopes of a fast extortion payment.

 


Portugal – Impresa 

https://www.itp.net/security/portuguese-media-group-impresa-crippled-by-ransomware-attack

Exploit: Ransomware 

Impresa: Media Company 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.701 = Severe

Portuguese media company Impresa, the owners of the country’s largest newspaper Expresso and biggest TV channel SIC TV has been hit with a ransomware attack by the Lapsus$ ransomware group. The Impresa attack hit over the New Year holiday weekend. SIC TV’s internet streaming transmission was interrupted but broadcasts remained operational. The cybercriminals responsible also gained access to Expresso’s Twitter account, announcing their success with a pinned tweet: “Lapsus$ is officially the new president of Portugal”.

Individual Impact: No consumer or employee PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Multiple media companies were hit this week, a reminder that cybercriminals sometimes set their sights on many targets in one industry at the same time.

 


Germany – Sennheiser 

https://www.hackread.com/german-audio-tech-sennheiser-expose-customers-data/ 

Exploit: Misconfiguration

Sennheiser: Audio Equipment Manufacturer

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.688 = Severe

Leading German audio equipment manufacturer, Sennheiser is in hot water after it misconfigured an Amazon Web Services (AWS) server. The unsecured server stored around 55GB of information on over 28,000 Sennheiser customers. The database contained data on customers that was collected between 2015-2018. The exposed AWS server was secured by Sennheiser quickly upon discovery.

Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Simple cybersecurity blunders and employee carelessness can create complicated and expensive security incidents.



Ghana – National Service Secretariate (NSS)

https://www.zdnet.com/article/nsw-government-casual-recruiter-suffers-ransomware-hit/ 

Exploit: Misconfiguration 

National Service Secretariate (NSS): National Government Agency

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.883 = Severe

Ghana’s National Service Secretariate (NSS) exposed 55GB worth of citizens’ data in a misconfigured AWS S3 bucket. The foul-up exposed 55GB of data on up to 700,000 citizens. NSS is a government program that manages a compulsory year of public service for Ghana-based graduates from specific educational institutions. The Computer Emergency Response Team of Ghana (CERT-GH) is investigating the incident and handling response.  

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.105 = Severe

The exposed database contained program membership cards and identity documents of the participants, including the participant’s details for the Ghana National Health Insurance Scheme and professional IDs for the candidates’ placements. The agency also stored different types of passport photos that the participants submitted in this bucket. 

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Any entity that is storing large amounts of sensitive data needs to make sure that they have taken reasonable precautions to protect it.

 


1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

View All News & Articles

Ready to customize an IT solution that fits YOUR business goals? Get free guidance from our CEO.

Ready to customize an IT solution that fits YOUR business goals?

Get free guidance from CloudSmart IT.

Book a call or call us at 615.610.3500 today for your no-cost, no-obligation consultation.