Skip to main content

TL;DR

In #HacksAttacksBreaches this week – Ransomware snarls operations at two tech companies, a bank in Indonesia gets caught trying to gloss over a ransomware attack, a big breach at a medical debt collector and more. Here are the highlights:

  • The CCC – primarily handling medical debt – reports data breach that exposed personal information of 286,699 individuals, including names, addresses, and Social Security numbers.
  • LockBit ransomware group exposes 15 million Bank Syariah Indonesia customers’ data.
  • Data breach at Uintah Basin Healthcare exposes 100,000 patients’ data including clinical information and test results.

Here’s the latest installment of the Hacks, Attacks and Breaches cybersecurity news update.

The Logically team provides top cyber security stories every week to keep you up to date on the latest news headlines on cybersecurity, hacking, computer security, ransomware and other cybersecurity threats. Here’s what’s in store this for 05/18/23 – 05/24/23. If you missed last’s week’s news, read Hacks, Attacks and Breaches: Hitting Critical Sectors.

Credit Control Corporation
Exploit
: Hacking
Credit Control Corporation: Debt Collector

Risk to Business: Extreme

Credit Control Corporation (CCC), a Virginia-based debt collection company that primarily handles medical debt, has admitted that it suffered a data breach in March 2023 that resulted in the exposure of personal information for 286,699 people. The company told the Maine Attorney General’s Office that an unauthorized party gained access to its network between March 2 and March 7, 2023, and illegally copied some files. The unauthorized party stole data including consumers’ names, addresses, and Social Security numbers as well as data related to the individual’s accounts with CCC business partners, such as account numbers, account balances and dates of service. CCC says it is working with law enforcement to resolve the investigation.

How it Could Affect Your Customers’ Business: This will be an expensive nightmare for CCC to endure with the combination of medical and financial data stolen.

ScanSource
Exploit:
Ransomware
ScanSource: Technology Company

Risk to Business: Severe

U.S.-based SaaS connectivity and network communications provider ScanSource says that it has been the victim of a ransomware attack that has impacted its systems, business operations and customer-facing portals. ScanSource confirmed that the attack hit on May 14, taking down customer portals and websites. The company warns that there will be delays in the provision of services to customers in North America and Brazil. ScanSource also said that it has enlisted the help of a third-party forensics firm and law enforcement in its investigation. No group had claimed responsibility at press time.

How it Could Affect Your Customers’ Business: Technology companies are often service providers, making them attractive targets that can offer both profit and access to other businesses.

The Illinois Department of Healthcare and Family Services (HFS)
Exploit
: Hacking
The Illinois Department of Healthcare and Family Services (HFS): Regional Government Agency

Risk to Business: Moderate
The Illinois Department of Healthcare and Family Services (HFS) has disclosed that it has experienced a data breach that has exposed data for residents. HFS said that the data breach occurred in the State of Illinois Application for Benefits Eligibility (ABE) system’s Manage My Case (MMC) portal, a system also used by the Illinois Department of Human Services (IDHS). The ABE system is used to determine the eligibility of applicants for medical and poverty relief programs including Medicaid, the Supplemental Nutrition Assistance Program (SNAP) and Temporary Assistance for Needy Families (TANF). The agency said that the exposed data includes names, social security numbers, recipient identification numbers, addresses, phone numbers and income information for program applicants.

How it Could Affect Your Customers’ Business: Hackers favor government agencies and systems because they tend to hold a wide variety of data in large quantities.

Uintah Basin Healthcare
Exploit
: Hacking
Uintah Basin Healthcare: Health System

Risk to Business: Severe
Utah’s Uintah Basin Healthcare has disclosed that a data breach has led to the exposure of data for some 100,000 patients who have been treated within the system in the last 10 years. Uintah Basin Healthcare began notifying patients last week that it experienced unusual activity on its network in November 2022 that resulted in data exposure for 103,974 patients treated between March 2012 and November 2022. The rural health system said that the stolen data includes clinical information, diagnoses, medications and test results.

How it Could Affect Your Customers’ Business: This will be a punishingly expensive problem for this small rural health system to handle.

France – La Malle Postale
Exploit
: Misconfiguration
La Malle Postale: Transportation Service

Risk to Business: Moderate
A data leak on La Malle Postale’s system has exposed the personal data of an estimated 90K of their clients. A research team reported uncovering a publicly accessible database with more than 4GB of personal data belonging to the company’s clients, including more than 13,000 SMS messages sent between the company and its customers. The leaked personal data included the names, emails and phone numbers of nearly 90K customers along with lightly secured passwords and employee credentials. The company appears to have since secured the data.

How it Could Affect Your Customers’ Business: Failure to properly secure data can be just as costly to handle as having data stolen.

France – Lacroix
Exploit
: Ransomware
Lacroix: Electronics Manufacturer

Risk to Business: Moderate
French electronics manufacturer Lacroix said that it has experienced a cyber-attack on its operations at sites in France, Germany and Tunisia. The company said that it was forced to temporarily shut down several online systems to contain the attack and assess the damage. Lacroix said that it is implementing backups and conducting analysis to identify any exfiltrated data. Based on reports of the attack encrypting some local infrastructure at Lacroix’s sites along with data exfiltration, experts say this is likely a ransomware attack. Lacroix is expected to resume full operations at the shut down sites this week and the company said that it does not anticipate any significant impact on the overall performance projected for the group in 2023.

How it Could Affect Your Customers’ Business: Manufacturers are prime targets for ransomware because of the time-sensitive nature of their business.

Latvia – airBaltic
Exploit
: Internal Error
airBaltic: Airline

Risk to Business: Severe
Latvia’s airBaltic has begun informing customers that they may have had personal data exposed after an internal error led to some customers being sent other customers’ flight information erroneously. The airline said that only “a small number” of customers had data exposed. That exposed information may have included the passengers’ full names, birth dates, itinerary and email addresses. airBaltic was quick to reassure customers that no financial or payment data was involved. However, the PNR/reservation number for the impacted passengers was exposed and that could allow the recipient to make changes to the itinerary. The airline said that it will change the number for any customer who requests it.

How it Could Affect Your Customers’ Business: A mistake like this doesn’t look good to customers who are concerned about the security of their personal data.

Indonesia – Bank Syariah Indonesia
Exploit
: Ransomware
Bank Syariah Indonesia: Bank

Risk to Business: Extreme
The LockBit ransomware group has published 1.5TB of data that it claims to have snatched from Indonesia’s largest Islamic bank, Bank Syariah Indonesia. The published records include the personal and financial information of about 15 million of the state-owned bank’s customers and employees. Up until now, the bank had claimed that widespread service outages in the last few weeks were the result of maintenance, but it was forced to admit that the problems were actually the result of a cyberattack. Bank Indonesia, the country’s central bank, said last Thursday that it had helped Bank Syariah Indonesia restore its real-time gross settlement, national clearing system and Bank Indonesia Fast Payment services. ATMs and bank branch services became available last week. Screenshots of ransom negotiations released by LockBit show that the bank dangled the possibility that it would pay the gang $10 million to recover its stolen data, but LockBit demanded $20 million before the negotiations broke off.

How it Could Affect Your Customers’ Business: The financial services sector has been the hardest hit by ransomware gangs in the last few years.