Skip to main content

Here’s the latest installment of the Hacks, Attacks and Breaches cybersecurity news update.

The Logically team provides top cyber security stories every week to keep you up to date on the latest news headlines on cybersecurity, hacking, computer security, ransomware and other cybersecurity threats. Here’s what’s in store this for 04/19/23 – 04/25/23. If you missed last’s week’s news, read Hacks, Attacks and Breaches: BlackCat Ransomware and Other Groups.

TL;DR

Topping #HacksAttacks&Breaches this week, nearly 1.5 million ABA member credentials were exposed after a hack and a Canadian casino tries to restore systems and reopen 14 closed casinos after a successful ransomware attack. Here are the headlines:

  • Big breach at CFPB (federal agency) from a malicious insider, exposing loan information and other PII.
  • Ransomware busts a Canadian casino operator, forcing the closure of over a dozen casinos.
  • A supply chain attack causes problems for Webster Bank and 150,000 of their customers.

American Bar Association
Exploit
: Hacking
American Bar Association: Professional Group

Risk to Business: The American Bar Association (ABA) has experienced a data breach that has exposed information pertaining to 1,466,000 members. The ABA disclosed that a hacker was detected on its network on March 17th, 2023. An ABA statement noted that “An unauthorized third party acquired usernames and hashed and salted passwords that you may have used to access online accounts on the old ABA website prior to 2018 or the ABA Career Center since 2018.”

How it Could Affect Your Customers’ Business: Big batches of credentials like this are gold for cybercriminals and can be used to facilitate other cyberattacks.

Consumer Financial Protection Bureau (CFPB)
Exploit:
Malicious Insider
Consumer Financial Protection Bureau (CFPB): Federal Agency

Risk to Small Business: The U.S. Consumer Financial Protection Bureau (CFPB) says that they’ve experienced a data breach caused by the actions of a potentially malicious employee. In the incident, a now former employee sent a total of 14 emails that included consumer personally identifiable information to their private email address. Along with that data, the employee sent two spreadsheets that listed names and transaction-specific account numbers related to about 256,000 consumer accounts at an unnamed institution. The CFPB also said that they identified data from another institution that included approximately 140 loan numbers, of which roughly 100 also included de-identified information related to the loan or borrower, such as income, credit score and demographic information. The CFPB said that The Office of Inspector General and Federal lawmakers and government agencies have been notified, including the Department of Homeland Security.

How it Could Affect Your Customers’ Business: Malicious insiders can do a lot of damage quickly through actions like stealing sensitive data and selling it.

CommScope
Exploit
: Ransomware
CommScope: Infrastructure Provider

Risk to Small Business: The Vice Society ransomware gang has added CommScope to their dark web leak site. The data published included a variety of information including internal documents, invoices and technical drawings. The personal data of thousands of CommScope employees was also exposed, including full names, postal addresses, email addresses, personal numbers, Social Security numbers, bank account information, scans of employee passports and visa documentation. The company has disclosed that the attack happened on March 23.

How it Could Affect Your Customers’ Business: Internal data including contracts and technical data is very valuable and profitable for bad actors.

Point32 Health
Exploit
: Ransomware
Point32 Health: Health Insurer

Risk to Small Business: Massachusetts-based health insurer Point32 Health has fallen victim to a ransomware attack. The company is experiencing system outages, including systems that are used to service its members, accounts, brokers, and providers. Some customers reported experiencing problems getting prior authorizations for medical procedures Harvard Pilgrim Health Care customers are primarily affected. The incident occurred on April 17. No ransomware group has claimed responsibility.

How it Could Affect Your Customers’ Business: This will be an expensive disaster for this company that could also damage its reputation.

Webster Bank
Exploit
: Supply Chain Attack
Webster Bank: Bank

Risk to Small Business: Hundreds of thousands of customers of Webster Bank have had their data exposed after a data breach at one of the bank’s service providers. The bank notified regulators and customers after being informed of an intrusion between Nov. 27, 2022, and Jan. 22, 2023, at fraud detection services provider Guardian Analytics. In a filing with the Connecticut Attorney General’s Office, Webster Bank disclosed that 153,754 Connecticut customers were affected — 117,278 of whom had their name and account number exposed, while 36,476 had their name, account number and Social Security numbers exposed.

How it Could Affect Your Customers’ Business: Supply chain attacks have been escalating, bringing fresh danger to businesses in every sector.

Canada- Gateway Casinos & Entertainment Ltd.
Exploit
: Ransomware
Gateway Casinos & Entertainment Ltd.: Casino Operator

Risk to Small Business: Gateway Casinos has confirmed that it has fallen victim to a ransomware attack that caused the company to shut down its 14 properties in Ontario nearly a week ago. The company closed its Ontario casinos, including Casino Rama Resort on April 16. In a statement, Gateway Casinos said that it is working to restore systems and reopen the casinos as soon as possible. The incident is under investigation.

How it Could Affect Your Customers’ Business: This crippling disaster will cost this company a fortune and could impact its reputation with customers for a long time.

Canada – Yellow Pages Group
Exploit
: Ransomware
Yellow Pages Group: Directory Service

Risk to Small Business: Canada’s Yellow Pages has disclosed that it has fallen victim to a ransomware attack by the Black Basta ransomware group. The attack occurred around March 23. Black Basta published a sample of the stolen documents that included employee, ID documents (such as scans of passports and driver licenses) exposing people’s date of birth and address, tax documents, Social Insurance Number (SIN), sales and purchase agreements, budget and debt documents and other sensitive data. The incident has been reported to regulators.

How it Could Affect Your Customers’ Business: Identity documents are a valuable commodity that bad actors can sell quickly on the dark web.

Belgium – SD Worx
Exploit
: Hacking
SD Worx: Human Resources and Payroll Management Company

Risk to Small Business: Belgium’s SD Worx has shut down all IT systems for its UK and Ireland services after a cyberattack. Customers outside of that region did not lose access to their portals. The company said that it detected malicious activity around April 9, and shut down systems as part of an effort to limit the spread of the attack. The incident is under investigation, and no specifics were offered on the types of data stolen.

How it Could Affect Your Customers’ Business: A cyberattack on a service provider can impact many other businesses by causing expensive delays.

SaaS Alerts banner CTA 2