What happened this week? MOVEit continues to snowball, a cyberattack causes a huge MLS outage, and ransomware hits a copper mine.
The latest Hacks, Attacks and Breaches cybersecurity news update is here to give you what you need to stay informed, each week.
Read the top cybersecurity stories this week to keep up with hacking, computer security, ransomware and other cybersecurity threats. Here’s what’s in store this for 08/09/23 – 08/15/23. If you missed last’s week’s news, read Hacks, Attacks and Breaches: Big Medical Attacks
The Colorado Department of Health Care Policy & Financing (HCPF)
Exploit: Supply Chain Attack
(HCPF): Government Agency
Risk to Business: Severe
The Colorado Department of Health Care Policy & Financing (HCPF), a state government agency that manages the Health First Colorado (Medicaid) and Child Health Plan Plus programs, is alerting more than four million individuals of a data breach that impacted their personal and health information. HCPF said that the data exposure occurred through their contractor IBM thanks to the MOVEit vulnerability. Bad actors likely exfiltrated files that contained certain Health First Colorado and CHP+ members’ information, including, full names, Social Security numbers, Medicaid ID numbers, Medicare ID numbers, dates of birth, home address, contact information, income information, demographic data clinical data (diagnosis, lab results, treatment, medication) and health insurance information.
How it Could Affect Your Customers’ Business: Companies face unexpected danger every day from zero-day exploits and need to be prepared for trouble.
Freeport-McMoRan Inc.
Exploit: Supply Chain Attack
Freeport-McMoRan Inc: Copper Mine Operator
Risk to Business: Moderate
Freeport-McMoRan Inc., the world’s top publicly traded copper miner, has experienced a ransomware attack that has taken down the company’s information systems. The attack hit last Tuesday, causing the initial shutdown of IT systems. The Phoenix-based company is not expecting a significant impact on production unless the outage is sustained. The mining firm said it is investigating the incident with third-party experts and law enforcement.
How it Could Affect Your Customers’ Business: Supply chain cyberattacks are escalating, and the risk they bring to businesses needs to be top-of-mind for IT professionals.
Rapattoni
Exploit: Hacking
Rapattoni: Real Estate Technology Provider
Risk to Business: Severe
Home buyers and real estate professionals have experienced frustrations in the past week after a cyberattack nailed Rapattoni, a software and services provider that is best known for providing access to the nationwide Multiple Listing Services (MLS) to regional real estate groups. The California-based company said in a statement that its production network was hit by a cyberattack and it is working to get systems restored as soon as possible. MLS systems have been down since last Wednesday for many real estate agencies. The incident is under investigation.
How it Could Affect Your Customers’ Business: A successful cyberattack on a service provider can have a big impact on many other businesses.
The Indiana Family and Social Services Administration
Exploit: Supply Chain Attack
The Indiana Family and Social Services Administration: Government Agency
Risk to Business: Severe
The Indiana Family and Social Services Administration has announced that it has experienced a data breach, exposing data belonging to more than 700,000 Indiana Medicaid members. The breach came as a result of the MOVEit-related attack at government services company Maximus. The names, addresses, case numbers and Medicaid numbers of 744,000 people were snatched by bad actors in the incident.
How it Could Affect Your Customers’ Business: Supply chain attacks are escalating, and just one attack on a supplier can be a big problem that brings big bills for any organization.
Alberta Dental Service Corporation
Exploit: Hacking
Alberta Dental Service Corporation: Government Services Provider
Risk to Business: Severe
More than 1.4 million people in Alberta had their data exposed as the result of a cyberattack on government health service provider Alberta Dental Services Corporation. The dental services corporation administers low-income health benefit programs such as Assured Income for the Severely Handicapped and the Dental Assistance for Seniors Program. The company admitted that a bad actor gained access to part of its information technology infrastructure. The hackers were able to obtain the personal information of people enrolled in provincial government health benefit programs including patient names, addresses and banking information. Corporate information of some healthcare providers appears to be affected. An investigation is ongoing.
How it Could Affect Your Customers’ Business: Governments of every size and government agencies have been high on cybercriminal hit lists.
United Kingdom – The Electoral Commission
Exploit: Hacking
The Electoral Commission: Government Agency
Risk to Business: Moderate
The UK’s Electoral Commission has disclosed a data breach after the names and addresses of 40 million registered voters were left exposed and accessible as far back as 2021. The attack was discovered last October and reported to the Information Commissioner’s Office (ICO), as well as the National Crime Agency, but the public wasn’t informed. Bad actors gained access to the names and addresses of all voters registered between 2014 and 2022. The attackers were also able to access full copies of the electoral registers that were held by the commission for research purposes and to enable permissibility checks on political donations.
How it Could Affect Your Customers’ Business: Voting and election data is highly sensitive, and organizations that handle it must implement strong security.
United Kingdom – Cumbria Police
Exploit: Human Error
Cumbria Police: Law Enforcement Agency
Risk to Business: Moderate
Cumbria Police have admitted that they’ve experienced a data breach caused by human error. Police officials said that they became aware of a data breach on March 6, 2023. In this incident, information about the pay and allowances of every police officer and data about police staff roles was mistakenly uploaded to the department’s website and left unsecured. The leak affected 1,304 police officers, 756 staff members and 52 police community support officers.
How it Could Affect Your Customers’ Business: Security awareness training is the best way to prevent incidents like this caused by human error.
Northern Ireland – Police Service of Northern Ireland (PSNI)
Exploit: Human Error
Police Service of Northern Ireland (PSNI): Law Enforcement Agency
Risk to Business: Extreme
The Police Service of Northern Ireland (PSNI) has admitted that it accidentally shared sensitive data about all 10,000 serving police officers. The data was mistakenly provided in response to a Freedom of Information (FOI) request. The exposed data includes the surname, the first initial, the rank or grade, the location and the department of all 10,000 serving police officers. The data was leaked in a spreadsheet that was published online this week. It remained accessible for more than two hours before being taken down.
How it Could Affect Your Customers’ Business: The exposure of this data about police officers could be dangerous in such a volatile environment.
