Here’s the latest installment of the Hacks, Attacks and Breaches cybersecurity news update.
The Logically team provides top cyber security stories every week to keep you up to date on the latest news headlines on cybersecurity, hacking, computer security, ransomware and other cybersecurity threats. Here’s what’s in store this for 03/29/23 – 04/04/23. If you missed last’s week’s news, read Hacks, Attacks and Breaches: Sabotage.
Topping #HacksAttacks&Breaches this week, we’ll look at the big 3 targets – Finance, Education, and Communication. Here are the headlines:
- A massive breach at a Canadian finance company
- AudienceView’s breach gave cybercriminals the ticket to financial data from events at half a dozen colleges
- Why the booming dark web economy is so dangerous
- The five worst email-based scams
Western Digital: Computer Hardware Manufacturer
Risk to Business: Western Digital, a California-based provider of data storage hardware, has announced that it was hit by a cyberattack last Monday. In the March 26, 2023, incident, bad actors gained access to a number of the company’s systems, forcing the company to take some services and systems offline. In a statement, the company acknowledged that My Cloud, My Cloud Home, My Cloud Home Duo, My Cloud OS5, SanDisk ibi, SanDisk Ixp and Wireless Charger products were impacted. Reports say that cloud, proxy, web, authentication, emails and push notification services are experiencing outages.
How it Could Affect Your Customers’ Business: Manufacturers like this are sitting ducks as cybercriminals ramp up efforts against the supply chain.
NCB Management Services
NCB Management Services: Debt Buyer
Risk to Small Business: Accounts receivable management company and debt buyer NCB Management Services has started informing consumers that their personal information was likely compromised in a data breach. The incident is expected to impact roughly 500,000 individuals. NCB said that hackers compromised some of NCB’s systems on February 1, 2023, giving them access to information from closed Bank of America credit card accounts. Included in this breach were names, addresses, phone numbers, email addresses, birth dates, driver’s license numbers, Social Security numbers and employment information for account holders. Financial data such as pay amounts, credit card numbers, routing numbers, account numbers and balances, and account statuses was also snatched.
How it Could Affect Your Customers’ Business: Finance has been the top sector hit by cybercriminals for the last few years as the economy contracts.
Lumen Technologies: Communications and Network Services
Risk to Small Business: Lumen Technologies has announced that it is dealing with not one but two cyber incidents. According to a filing with the U.S. Securities and Exchange Commission (SEC), Lumen discovered that a number of their servers that support a segmented hosting service had been infected with ransomware. The Louisiana-based company acknowledged that the ransomware is impacting a small number of its enterprise customers, disrupting call center operations. The company also said that in a separate incident, it had discovered that bad actors had gained access to another part of the company’s IT systems, installed a different type of malware and stole data. The firm is evaluating whether any personally identifiable information (PII) or other sensitive information was stolen.
How it Could Affect Your Customers’ Business: This dose of double trouble will be a powerful blow to the company’s reputation as well as its finances.
Exploit: Supply Chain Attack
Cornell University: Institution of Higher Learning
Risk to Small Business: Cornell University has released a security alert warning that purchase data for ticketholders at some of its recent events has been stolen as the result of a platform breach at one of its vendors, AudienceView. The school cautioned that people who had purchased tickets for shows and events organized by the Cornell Concert Series, Cornell Athletics, Cornell Tickets and the Schwartz Center for the Performing Arts may have had financial data stolen. In some cases, students reported that money had already been snatched from their bank accounts. Other colleges and universities including Ithaca College, Virginia Tech University, SUNY Oswego, Colorado State University, Loyola University Chicago and McMaster University in Canada have also been impacted by the AudienceView breach. The ticketing platform company said that the breach was caused by malware discovered in its systems and that it is working with Mandiant to investigate the incident.
How it Could Affect Your Customers’ Business: This is a valuable score of fast-selling credit card and financial data that means big profits for the bad guys.
TMX Finance: Consumer Lender
Risk to Small Business: TMX Finance, a lender based in Canada with operations in the U.S. and Canada, has disclosed a data breach that impacts customers of its subsidiaries TitleMax, TitleBucks, and InstaLoan. TMX said that the breach likely began in early December 2022 but that it did not detect the breach until February 13th, 2023. The personal data of 4,822,580 customers was potentially exposed in the incident. TMX says that the exposed customer data includes a client’s Full name, date of birth, passport number, driver’s license number, federal/state identification card number, tax identification number, U.S. Social Security number, financial account information, phone number, physical address and email address.
How it Could Affect Your Customers’ Business: This will be an expensive disaster for TMX after regulators in both countries wind their way through its subsidiaries.
UK – Capita
Capita: Business Services Provider
Risk to Small Business: London-based business services giant Capita has disclosed that it has been hit by a cyberattack that has caused disruption to some of its internal processes. The company said in a statement that the cyberattack, which took place last Friday primarily impacted access to internal Microsoft Office 365 applications and some online services for customers. The fallout lasted for about three days. Capita performs crucial operations for the NHS and the military in Britain. The company was still restoring online services for customers on Monday morning.
How it Could Affect Your Customers’ Business: Business services providers have been front and center in the rising tide of supply chain cyberattacks.
Italy – Toyota Italy
Exploit: Human Error
Toyota Italy: Car Company
Risk to Small Business: Toyota Italy has acknowledged that it accidentally leaked sensitive data about its customers for at least the last 18 months. The data leak occurred through likely misconfiguration in its Salesforce Marketing Cloud and Mapbox APIs. The company exposed its credentials to the Salesforce Marketing Cloud, giving bad actors possible access to Toyota clients’ phone numbers and email addresses, customer tracking information and email, SMS and push-notification contents. The company also exposed application programming interface (API) tokens for Mapbox, a U.S. based mapmaker. Toyota Italy said that it has taken steps to close those gaps.
How it Could Affect Your Customers’ Business: Even a small misconfiguration or mistake with an API can be a huge, expensive disaster for a company.
Crown Resorts: Casino Operator
Risk to Small Business: Crown Resorts is the latest company to fall victim to the exploitation of GoAnywhere. By the Cl0p ransomware group. The company said last Monday that a ransomware group had contacted Crown Resorts, claiming to have gained access to some files through the GoAnywhere file transfer service zero-day exploit. Crown Resorts was quick to reassure the public that no customer data was compromised, and the company’s resort, casino and business operations have not been impacted. More than 100 companies have been hit by Cl0p in the GoAnywhere snafu.
How it Could Affect Your Customers’ Business: This might have been avoidable with fast patching once this exploit became public weeks ago.
Meriton: Hotel Operator
Risk to Small Business: Major Australian hotel and holiday home operator Meriton has disclosed that it has experienced a cyber indent that led to the exposure of personal data. More than 1800 guests and staff members employed by Meriton may potentially have had their data stolen when hackers struck the luxury developer on January 14, 2023. Guests staying in Meriton properties may have had their contact information exposed. Meriton employees were hit harder, with their bank accounts, tax file numbers and employment information, which includes particulars about salaries, disciplinary history and performance appraisals possibly accessed by hackers. The company said that the incident was reported to the Australian Cyber Security Centre and the Office of the Australian Information Commissioner.
How it Could Affect Your Customers’ Business: This breach hit two tracks of data for Meriton, doubling its chance of a big fine.