TL;DR
In #HacksAttacksBreaches this week – Cl0p exploited a zero-day flaw in MoveIt to steal payroll data from British Airways, Boots and more UK companies, and Toyota has a second data security incident within weeks of their last breach. Here are the highlights:
- Regional government of the island of Martinique hit by ransomware attack, orchestrated by the Rhysida group
- As the second significant exploit involving file transfer protocol (FTP) in 2023, employees of major UK companies potentially affected in this zero-day exploit on Zellis.
- State and federal agencies are assisting in a cyberattack investigation involving stolen personal information for 58,000 voters in Florida.
The latest Hacks, Attacks and Breaches cybersecurity news update is here to give you what you need to stay informed, each week.
Read the top cybersecurity stories this week to keep up with hacking, computer security, ransomware and other cybersecurity threats. Here’s what’s in store this for 05/31/23 – 06/06/23. If you missed last’s week’s news, read Hacks, Attacks and Breaches: BlackByte Snatches Data for $400 Million.
Enzo Biochem
Exploit: Ransomware
Enzo Biochem: Biotechnology Company
Risk to Business: Severe
New York-based biotechnology company Enzo Biochem has disclosed that a ransomware attack in April 2023 has led to sensitive data exposure for millions of patients. Enzo Biochem produces DNA-based tests to detect viral and bacterial diseases, including COVID-19 and cancer. In an SEC filing, the company said that sensitive data including the clinical test information of 2,470,000 individuals and approximately 600,000 Social Security numbers was snatched by the unnamed ransomware group. An investigation is ongoing and no details about any ransom demand were available at press time.
How it Could Affect Your Customers’ Business: Phishing is the number one source for data loss and the most likely way for a company to encounter ransomware.
Hillsborough County Supervisor of Elections
Exploit: Hacking
Hillsborough County Supervisor of Elections: Local Government Agency
Risk to Business: Severe
The Hillsborough County Supervisor of Elections in Florida is informing an estimated 58,000 voters that their personal information may have been stolen in a recent cyberattack. A spokesperson for the agency said that a bad actor illegally accessed and copied files containing voters’ personal identification information, including Social Security and driver’s license numbers. officials were quick to reassure voters that the county’s voter registration system and the ballot tabulation system were not accessed. State and federal agencies are assisting in the investigation.
How it Could Affect Your Customers’ Business: This is a worrisome data loss incident at an agency that handles highly sensitive data like voting data.
iSpace
Exploit: Hacking
iSpace: Staffing & Business Services Company
Risk to Business: Moderate
California staffing company iSpace has filed a data breach notification in Montana. The filing says that iSpace detected suspicious activity within its computer system on February 5, 2023. An investigation revealed that some files containing sensitive consumer information were accessed and copied by an unauthorized individual between January 30, 2023, and February 5, 2023. The stolen data includes an individual’s name, Social Security number, date of birth, diagnosis information, health insurance group/policy number, health insurance information, subscriber number and prescription information.
How it Could Affect Your Customers’ Business: Data like this is still protected health information, and the rules surrounding that don’t just apply to medical centers and insurers.
Idaho Falls Community Hospital
Exploit: Ransomware
Idaho Falls Community Hospital: Medical Center
Risk to Business: Extreme
A cyberattack at Idaho Falls Community Hospital left medical staff scrambling and forced some ambulances to divert to other medical centers. The attack, which took place last Monday, also impacted nearby Mountain View Hospital, urgent care center Mountain View Redicare and several smaller clinics. Idaho Falls was forced to divert ambulances for several days, and staffers had to resort to pencil and paper charting. The hospital would not comment on whether or not the attack was ransomware or how long they expected it to take to restore normal operations.
How it Could Affect Your Customers’ Business: Hospitals will continue to be prime targets for ransomware attacks because the nature of their business is time sensitive.
Martinique – The Government of Martinique
Exploit: Ransomware
The Government of Martinique: Regional Government
Risk to Business: Severe
A newer ransomware group, Rhysida, has claimed responsibility for a ransomware attack on the government of the island of Martinique. The group claims to have stolen a variety of data and posted a sample of the stolen data on the dark web. Rhysida offered no further information on the size of the data leak or its contents. In a notice on its website, the government said that the attack took place on May 16, 2023, and “heavily disrupted the activities of the community and directly impacted users and partners.” The attack disrupted education at Martinique’s schools at every level and caused difficulty in the payment of social benefits. No specifics were available about any ransom demand at press time.
How it Could Affect Your Customers’ Business: Governments and government agencies of every size around the world have been experiencing elevated ransomware risk.
Zellis
Exploit: Ransomware
Zellis: Payroll Company
Risk to Business: Extreme
Employees of several major UK companies including British Airways, Boots and the BBC are being informed that their personal information may have been exposed in a ransomware attack on payroll company Zelis. Bad actors were able to leverage a zero-day exploit in popular file transfer system MOVEit made by Progress Software. The Cl0p ransomware group has claimed responsibility for the attack. Zelis has not disclosed which of its clients were impacted by the attack, but some have already come forward. British Airways disclosed that employee data including National insurance numbers, salaries, contact details, sort codes and bank account numbers. Boots said that its staff had been informed that their data may have been compromised including names, surnames, employee numbers, dates of birth, email addresses, the first lines of home addresses, and national insurance numbers. Details from this incident were still emerging at press time.
How it Could Affect Your Customers’ Business: This is the second zero-day exploit involving a file transfer protocol that has wreaked havoc in 2023.
Switzerland – Xplain
Exploit: Ransomware
Xplain: IT Services Company
Risk to Business: Moderate
The Play ransomware gang is behind a ransomware attack that has snarled operations for some of Switzerland’s government. The attack on Xplain, an IT company that supplies homeland security solutions, left several Swiss government arms in the lurch including the Swiss army, government agencies the Federal Office for Customs and Border Security (FOCBS) and the Federal Office of Police (Fedpol) as well as several local police forces. Some stolen data has already been released. Xplain said that they have not communicated with the gang and do not intend to pay any ransom. The company stressed that it offers its customers online applications and does not store the applications and data itself.
How it Could Affect Your Customers’ Business: Service providers like this are good sources of valuable data for bad actors.
Japan – Toyota
Exploit: Misconfiguration
Toyota: Car Company
Risk to Business: Moderate
Toyota has discovered another misconfiguration incident, following the incident from two weeks ago. In this case, the company said that data pertaining to 260,000 car owners has been exposed due to the flub. exposed data includes in-vehicle device identifiers and mapping data that’s displayed on the car navigation system of customers in Japan. More detailed data including customer names, postal and email addresses, a Toyota-issued customer identifying number and the vehicle’s registration and identifying numbers may have been exposed for an unspecified number of customers in Asia and Oceania.
How it Could Affect Your Customers’ Business: Two security flubs like this in as many weeks is worrisome and could turn off customers.