What happened this week? Tempur Sealy is losing sleep over a cyberattack and MOVEit continues to net big fish. Here are the #HacksAttacksBreaches highlights:
- Maximus, a service provider to several U.S. federal agencies including The Department of Health and Human Services (HHS) and the Centers for Medicare & Medicaid Services (CMS), has disclosed that it has been caught up in the MOVEit exploit net.
-
Rite Aid has revealed a data breach that impacts the personally identifiable information (PII) of an estimated 24,400 customers.
- No one’s sleeping easy at Tempur Sealy as the company contends with a cyberattack. The incident began on July 23 and the company said it was forced to shut down its IT systems and implement its business continuity plan.
The latest Hacks, Attacks and Breaches cybersecurity news update is here to give you what you need to stay informed, each week.
Read the top cybersecurity stories this week to keep up with hacking, computer security, ransomware and other cybersecurity threats. Here’s what’s in store this for 07/26/23 – 08/01/23. If you missed last’s week’s news, read Hacks, Attacks and Breaches: Medical Exploits Unleashed.
Maximus
Exploit: Hacking
Maximus: Government Services Company
Risk to Business: Extreme
Maximus, a service provider to several U.S. federal agencies including The Department of Health and Human Services (HHS) and the Centers for Medicare & Medicaid Services (CMS), has disclosed that it has been caught up in the MOVEit exploit net. In a filing with the U.S. Security and Exchange Commission (SEC), Maximus said that it discovered in May that its corporate network was affected by the MOVEit ransomware attack. The company determined that the attackers snatched files containing sensitive information including Social Security numbers belonging to between 8 million and 11 million individuals. The investigation into the incident is ongoing.
How it Could Affect Your Customers’ Business: This zero-day exploit has been a gold mine for Cl0p and new companies are added to the victim list every day.
Southern Association of Independent Schools, Inc (SAIS)
Exploit: Misconfiguration
Southern Association of Independent Schools, Inc (SAIS): Accreditation Non-Profit
Risk to Business: Severe
Website Planet reported the discovery of a large unsecured database belonging to the Southern Association of Independent Schools, Inc (SAIS) that contains highly sensitive information. Researchers discovered a variety of data inside including multiple types of student and teacher records, health information, teacher background checks and Social Security numbers, active shooter and lockdown notifications, maps of schools, financial budgets, school cybersecurity plans and much more. Incredibly, the treasure trove also contained third-party security reports that exposed weaknesses in school security, locations of cameras, access and entry points, and more. These documents could pose a potentially serious real-world security risk to the safety of students and teachers. Once informed SAIS took action to resolve the problem.
How it Could Affect Your Customers’ Business: Education has been a top sector for ransomware attacks because it’s both time-sensitive and a great source of data.
Rite Aid
Exploit: Hacking
Rite Aid: Pharmacy Chain
Risk to Business: Severe
Rite Aid has revealed a data breach that impacts the personally identifiable information (PII) of an estimated 24,400 customers. The trouble began on May 31, 2023, when a vendor partner alerted Rite Aid about a vulnerability in their software. Unfortunately, it was too late, and Rite Aid discovered that the vulnerability had already been exploited by bad actors. Customers’ exposed PII includes a patient’s first and last names, dates of birth, addresses, prescription data like medication names and fill dates, prescriber information, and in some cases, limited insurance data such as the plan name and cardholder ID.
How it Could Affect Your Customers’ Business: This breach will be very expensive for Rite Aid after investigation costs and regulatory penalties are added up.
Tempur Sealy
Exploit: Hacking
Tempur Sealy: Mattress Manufacturer
Risk to Business: Moderate
No one’s sleeping easy at Tempur Sealy as the company contends with a cyberattack. The incident began on July 23 and the company said it was forced to shut down its IT systems and implement its business continuity plan. In a filing to the U.S. Securities and Exchange Commission, Tempur Sealy said that the company’s operations had been hindered, but did not specify the extent. Although this looks like a ransomware attack, no ransomware group has claimed responsibility. The company said that it has contracted with an outside cybersecurity specialist in the investigation as well as law enforcement.
How it Could Affect Your Customers’ Business: Even one small cyberattack can be a big problem that brings big bills for any business.
Pacific Premier Bancorp
Exploit: Supply Chain Attack
Pacific Premier Bancorp: Bank
Risk to Business: Severe
California-based Pacific Premier Bancorp is the latest financial institution to become ensnared in the MOVEit exploit storm. In a filing with the U.S. Securities and Exchange Commission, the bank disclosed that customers’ sensitive data had been stolen in an attack on one of the bank’s vendors. The data snatched includes customers’ names, Social Security numbers, account numbers and other unspecified personally identifiable information. Impacted customers will be informed by mail. The bank did not specify how many customers had data exposed, saying that their investigation is ongoing.
How it Could Affect Your Customers’ Business: Supply chain risk is constantly growing for businesses as bad actors ramp up strategic attack pressure.
Canada – CardioComm
Exploit: Hacking
CardioComm: Medical Technology Company
Risk to Business: Severe
CardioComm a Canadian heart monitoring and medical electrocardiogram solutions provider announced that it has taken systems offline following a cyberattack. The company admitted that the attack has impacted its production server environments and will have an impact on its business operations. Visitors to the company’s website are informed that CardioComm services are currently offline. CardioComm said that it does not believe that customer health information was compromised in the attack, noting that it does not collect that data.
How it Could Affect Your Customers’ Business: Even if they don’t steal any data, the bad guys can cause trouble with disruptive cyberattacks.
Canada – Yamaha Canada Music
Exploit: Ransomware
Yamaha Canada Music: Musical Instrument Company
Risk to Business: Severe
Canadian musical instrument maker Yamaha Canada Music has disclosed that it has been the victim of a ransomware attack. In an interesting twist, just like some of last week’s attacks, this one also features more than one ransomware group claiming responsibility, this time BlackByte and Akira. BlackByte included Yamaha Canada on its list of victims on June 14 before the company was added by Akira ransomware on its leak site on July 21. The company admitted that the personal data of some of its employees had been compromised but did not offer specifics. The incident is under investigation.
How it Could Affect Your Customers’ Business: Employee data is just as useful and profitable for bad actors as consumer data.
Scotland – University o Western Scotland (UWS)
Exploit: Ransomware
University of Western Scotland (UWS): Institution of Higher Learning
Risk to Business: Moderate
Data purportedly stolen from the University of Western Scotland (UWS) has made its way to the dark web courtesy of the up-and-coming Rhysida ransomware gang. The group is demanding over $450k to not expose any more data or sell the lot in the next few days. UWS’ trouble began in early July when the cyberattack caused a brief period of downtime across some of UWS’s key systems, including its public-facing website. The attackers claim that the data they have includes the personal details of staff members, including financial and National Insurance data, and a number of internal university documents. The university is working with Police Scotland and the National Cyber Security Centre (NCSC) in the investigation.
How it Could Affect Your Customers’ Business: The sum requested is outrageous, but fledgling ransomware groups often do things like that to make a name for themselves.
