Here’s the latest installment of the Hacks, Attacks and Breaches cybersecurity news update.
The Logically team provides top cyber security stories every week to keep you up to date on the latest news headlines on cybersecurity, hacking, computer security, ransomware and other cybersecurity threats.
South Denver Cardiology Associates
South Denver Cardiology Associates: Medical Clinic
Risk to Small Business: South Denver Cardiology Associates apparently kicked off 2022 with a data breach that they’ve just disclosed to their patients on their website. The medical practice believes that an unauthorized party gained access to its systems between January 2, 2022, and January 5, 2022. During that time, certain files stored on the system were accessed that contained the protected health information of patients. They were careful to note that there was no impact to the contents of patient medical records and no unauthorized access to the patient portal.
How it Could Affect Your Business: This incident could end up being very expensive even if no real damage was done to the practice after regulators get finished with them.
Argentina – Mercado Libre
Mercado Libre: E-commerce & Payments
Risk to Small Business: E-commerce giant Mercado Libre has confirmed that an unauthorized party accessed its systems last week, snatching up a part of its source code. The ransomware gang Lapsus$ has claimed responsibility. Mercado admitted that threat actors had accessed data of around 300,000 of its users but stopped short of disclosing that this was a ransomware attack, clarifying what data was stolen or sharing ransom demands. The company said that they do not believe “any users’ passwords, account balances, investments, financial information, or credit card information were obtained”.
How it Could Affect Your Business: Ransomware gangs have been quick to snatch data from large repositories, especially personal data or payment card information
United Kingdom – Vodafone
Risk to Small Business: Lapsus$ was busy this week. The group also claimed responsibility for a hack at Vodafone. In a Telegram message to its subscribers, Lapsus$ claimed to have 200GB of Vodafone source code in its possession, allegedly the fruit of 5,000 GitHub repositories. No word on the specifics of the stolen data. Lapsus$ is reportedly a South American gang that also claimed responsibility for recent attacks on Nvidia and Impresa.
How it Could Affect Your Business: Source code can be very profitable for ransomware gangs, and companies need to ensure that they’re protecting their proprietary resources well.
France – Ubisoft
Ubisoft: Video Game Studio
Risk to Small Business: French video game company Ubisoft has admitted that a cyber security incident knocked many games, services and systems offline. Guess who claimed responsibility? If you answered “Lapsus$”, you’re right! Ubisoft says that no customer information was accessed, and games should be operating normally now. Credential compromise appears to have been a factor as Ubisoft employees have reportedly been required to change their passwords.
How it Could Affect Your Business: Protecting proprietary digital assets is especially important for companies like this who rely on them completely to do business.