Here’s the latest installment of the Hacks, Attacks and Breaches cybersecurity news update.
The Logically team provides top cyber security stories every week to keep you up to date on the latest news headlines on cybersecurity, hacking, computer security, ransomware and other cybersecurity threats.
Chicago Public Schools
Exploit: Supply Chain Risk
Chicago Public Schools: Regional Education Agency
Risk to Small Business: Chicago Public Schools is facing a big breach of student data after a technology vendor experienced a data security incident. CPS has disclosed that it was recently informed that an unauthorized access incident took place at Battelle for Kids in December 2021. In that incident, a server that housed four years’ worth of personal information about students and staff from the 2015-16 through 2018-2019 school years was breached. Officials say that no Social Security numbers, no financial information, no health data, no current course or schedule information, no home addresses and no course grades, standardized test scores, or teacher evaluation scores were exposed in this incident.
How it Could Affect Your Business: School system databases are popular targets because they often hold big stores of information.
Fort Sumner Municipal Schools (New Mexico) & Washington Local Schools (Ohio)
Fort Sumner Municipal Schools (New Mexico) & Washington Local Schools (Ohio): Local Education Agency
Risk to Small Business: The Cl0p ransomware gang has posted information that points to a successful ransomware attack against the Fort Sumner Municipal Schools agency in New Mexico. The Superintendent of Schools in the district confirmed the incident. This is just the latest in a long string of ransomware attacks that have impacted public school systems in the US. Just this week, the Washington Local Schools district in Ohio was also hit with a ransomware attack, this time impacting the district’s phone, email, internet and WiFi networks as well as Google Classroom.
How it Could Affect Your Business: Bad actors know that using ransomware against targets with time-sensitive business can be profitable.
The U.S. Drug Enforcement Agency (DEA)
The U.S. Drug Enforcement Agency (DEA): Federal Government Agency
Risk to Small Business: Officials are investigating a potential breach that could allow bad actors to access key systems used by law enforcement agencies in the U.S. A tip pointed officials to information that the LAPSUS$ hacking group may have gained access to the esp.usdoj.gov data portal, the Law Enforcement Inquiry and Alerts (LEIA) system, the U.S. Drug Enforcement Agency (DEA)’s El Paso Intelligence Center (EPIC) and other DEA systems. That unauthorized access may be used by cybercriminals in myriad ways including for impersonation efforts and doxing, as well as affording the bad guys the opportunity to search databases and to obtain sensitive data.
How it Could Affect Your Business: This kind of access and information in the wrong hands could be beneficial to cybercriminals including nation-state actors.