Here’s the latest installment of the Hacks, Attacks and Breaches cybersecurity news update.
The Logically team provides top cyber security stories every week to keep you up to date on the latest news headlines on cybersecurity, hacking, computer security, ransomware and other cybersecurity threats.
Shutterfly
Exploit: Ransomware
Shutterfly: Digital Image & Photography Services
Risk to Small Business: Shutterfly has been hit with a Conti ransomware attack that allegedly encrypted over 4,000 devices and 120 VMware ESXi servers. On the Conti leak site, they offer samples of stolen Shutterfly data including legal agreements, bank and merchant account info, login credentials for corporate services, spreadsheets, and customer information, including the last four digits of credit cards. Shutterfly said in a statement that their Shutterfly.com, Snapfish, TinyPrints, or Spoonflower sites were not affected by the attack. However, their corporate network, Lifetouch, BorrowLenses, and Groovebook experienced service disruptions.
How it Could Affect Your Business: Ransomware risk is rising for organizations in every sector, especially companies that provide important services for other businesses as well as retail users.
Pro Wrestling Tees
Exploit: Hacking (Payment Skimmer)
Pro Wrestling Tees: Merchandise & Fan Experience Platform
Risk to Small Business: Pro Wrestling Tees has disclosed a data breach incident that has resulted in the compromise of the financial details of tens of thousands of its customers. In a data breach notification sent to affected individuals on December 15, 2021, Pro Wrestling Tees disclosed that it was informed by law enforcement that a small portion of its customers’ credit card numbers had been compromised in a malware infection.
How it Could Affect Your Business: Payment card skimmers and other similar malware are an occupational hazard for any company that processes online payments.
Maryland Department of Health
Exploit: Hacking
Maryland Department of Health: State Government Agency
Risk to Small Business: The Maryland Department of Health experienced a cyberattack in early December that disrupted reporting of COVID-19 cases, deaths, testing and vaccination data. Some outlets are pointing to ransomware as the culprit but that has not been confirmed and state officials offered no details of the incident. The attack also impacted reporting in Baltimore. Systems were restored and the state began reporting COVID-19 data again on January 4.
How it Could Affect Your Business: State agencies have been high on cybercriminals’ target lists throughout 2021 because they’re likely to pay the ransom and that trend is expected to continue in 2022.