InTegriLogic Blog
The Week in Breach News: 08/14/24 – 08/20/24
This week: Human error leads to two big data breaches and hackers hit an influential newspaper as U.S. election season moves into high gear.
Specialty Networks
https://radiologybusiness.com/topics/health-it/enterprise-imaging/radiology-information-systems-provider-reports-data-breach
Exploit: Hacking
Specialty Networks: Medical Business Services Provider
Specialty Networks, a radiology information systems provider based in Chattanooga, Tennessee, reported a data breach that may have exposed the personal health information of current and former patients. The breach, first detected on December 18, involved unauthorized access to data including names, Social Security numbers, medical records and more. The company has since secured its network and is notifying those affected while taking steps to prevent future incidents.
How It Could Affect Your Business: In addition to the big bills this company faces for investigation and recovery, it is likely to incur big fines from regulators.
Flint, Michigan
https://www.securityweek.com/city-of-flint-scrambling-to-restore-services-following-ransomware-attack
Exploit: Ransomware
Flint, Michigan: Municipal Government
The city of Flint, Michigan, is working to restore network systems after a ransomware attack on August 14 that disrupted payment and communication services. The attack affected the city’s billing system, halting online and credit card transactions for water, sewer, and tax payments, but emergency services like 911 were unaffected. No late fees or water shutoffs will occur during the outage. The attack also impacted GIS maps and email services, though public health services remain fully operational.
How It Could Affect Your Business: Beyond snarling services like bill paying or licensing, attacks against municipal governments can be dangerous for the local community.
The Washington Times
https://cybernews.com/news/washington-times-ransomware-attack-rhysida-claim/
Exploit: Ransomware
The Washington Times: Newspaper
The Washington Times, an influential U.S. newspaper, was reportedly compromised by the Rhysida ransomware group, which listed the paper as a victim on its dark web blog. The group claims to be auctioning the Washington Times’ “exclusive” data, including corporate files and employee documents, for 5 bitcoins (approximately $304,518) with a seven-day deadline to start the auction.
How It Could Affect Your Business: During election season cyberattack danger ramps up for a wide variety of organizations including newspapers, campaign PAC and party websites and think tanks
FlightAware
https://readwrite.com/flightaware-data-leak/
Exploit: Misconfiguration
FlightAware: Technology Company (Apps)
Popular flight tracking app FlightAware has informed users that it recently experienced a data breach. On July 25, 2024, FlightAware discovered a configuration error that may have exposed personal information from user accounts, including user IDs, passwords, email addresses, and potentially full names, addresses, credit card details and account activity.
How It Could Affect Your Business: Even a small mistake in configuration can result in a big mess for a company, but training can help reduce employee errors.
Canada – AutoCanada
https://www.scmagazine.com/news/rhysida-ransomware-hits-sumter-county-sheriff-in-latest-ci-attack
Exploit: Ransomware
Sumter County Sheriff: Law Enforcement
The Sumter County Sheriff’s Office in Florida has been targeted by the Rhysida ransomware group, which has threatened to release stolen data including ID scans and fingerprints. The Sheriff’s Office disclosed the attack on Tuesday, stating that while law enforcement operations will not be affected, access to some records may be limited during the investigation. The Rhysida group posted the breach on its leak site Friday, with a seven-day countdown for bidding on the stolen data, starting at 7 bitcoins (approximately $423,000).
How it Could Affect Your Business: This is another major blow for car dealers that are just starting to bounce back from a supply chain attack earlier this year.
Chile – Caja Los Andes
https://www.csoonline.com/article/3481871/over-13000-phones-wiped-clean-as-cyberattack-cripples-mobile-guardian.html
Exploit: Misconfiguration
Caja Los Andes: Pension and Social Security Fund
On July 4th, a massive data leak at Caja Los Andes, Chile’s largest Family Allowance Compensation Fund, exposed the private information of 10 million Chileans—over half the country’s population. The leak occurred due to an unsecured Apache Cassandra database, leaving names, addresses, birthdates, phone numbers, and credit details accessible online. Although the fund had over four million members in 2023, the breach affected data for more than twice that number.
How it Could Affect Your Business: This is a huge score of profitable data for bad actors, and they get to scoop it up without doing any work because of employee errors.
France – The Grand Palais
https://coinjournal.net/news/hackers-demanded-crypto-ransom-amid-cyber-attack-at-paris-2024-olympics/
Exploit: RansomwareT
The Grand Palais: Sports Arena
The Grand Palais in Paris, a key venue for the 2024 Summer Olympics, was targeted by a cyberattack in early August 2024. Hackers infiltrated its digital systems, accessing sensitive financial data and demanding a ransom in cryptocurrency. The Paris 2024 Olympics organizing committee, alongside cybersecurity experts and law enforcement, acted swiftly to secure the compromised systems and implement safeguards to prevent further attacks.
How it Could Affect Your Business: High-profile events and the organizations associated with them make juicy targets for bad actors because it makes it easy for them to add time pressure.
Germany – Rödl Management, Inc.
https://www.reuters.com/technology/australian-gold-miner-evolution-flags-ransomware-attack-2024-08-12/
Exploit: Hacking
Rödl Management, Inc.: Business Service Provider
On August 12, 2024, Rödl Management, Inc. reported a data breach affecting Jamestown, L.P. and JT Tax Services L.P. After discovering unauthorized access to its computer network, Rödl determined that sensitive consumer information, including names and Social Security numbers, was compromised. The breach occurred between January 30 and February 9, 2024, and Rödl has since notified affected individuals and involved federal law enforcement.
How it Could Affect Your Business: A cybersecurity incident at a supplier or service provider can be a problem for that company’s customers too.