September 21, 2022

The Week in Breach News: 09/14/22 – 09/20/22


This week take a look at the events that led to a big IRS data breach and trouble at Bell Canada, explore our case studies and read up on talking to clients about protecting their businesses from BEC.


United States


U.S. Internal Revenue Service (IRS)

https://news.yahoo.com/irs-inadvertently-publishes-120-000-234841222.html

Exploit: Human Error

U.S. Internal Revenue Service: Federal Government Agency

Risk to Business: 2.026 = Severe

The U.S. Internal Revenue Service on Friday acknowledged that thanks to an employee error, the agency accidentally published confidential information about 120,000 taxpayers on its website. The compromised data came from Form 990-T filings. This form is required for people with individual retirement accounts who earn certain types of business income within retirement plans. While the forms for individuals are supposed to be confidential, charities that generate certain types of income are also required to file Form 990-T, and those are intended to be public. An employee mistakenly uploaded private taxpayers’ data to the agency’s website along with the public charity data.

Risk to Individual: 2.406 = Severe

Exposed taxpayer data includes names, contact information, and financial information about IRA income The exposed data did not include Social Security numbers, full individual income information, detailed financial account data, or other information that could impact a taxpayer’s credit.

How It Could Affect Your Customers’ Business: Human error is the top cause of cybersecurity trouble, but training helps reduce the risk of a data disaster related to employee mistakes. 


U-Haul International

https://www.bleepingcomputer.com/news/security/u-haul-discloses-data-breach-exposing-customer-driver-licenses/

Exploit: Credential Compromise

U-Haul International: Moving & Storage Company

Risk to Business: 2.779 = Moderate

 U-Haul International disclosed a data breach related to its customer contract search tool. U-Haul says that attackers accessed some customers’ rental contracts between November 5, 2021, and April 5, 2022, after compromising two passwords. U-Haul’s email and customer-facing websites were not impacted.

Risk to Individual: 2.626 = Moderate

Hackers gained access to customers’ names and driver’s license information, but U-Haul says that no credit card information was accessed or acquired during the incident.

How It Could Affect Your Customers’ Business: Cybercriminals have been concentrating their fire on suppliers and service providers, elevating risk for them.


The North Face

https://www.bleepingcomputer.com/news/security/200-000-north-face-accounts-hacked-in-credential-stuffing-attack/

Exploit: Credential Stuffing

The North Face: Clothing Brand 

Risk to Business: 1.677 = Severe

California-based outdoor clothing company The North Face disclosed that it has had a data breach after a successful credential stuffing attack exposed the information of an estimated 200,00 customers. The company said that the attack on its website began in late July 2022 and was finally stopped in August 2022. Investigators determined that bad actors had accessed shoppers’ information shortly thereafter. 

Risk to Individual: 1.636 = Severe

Exposed data includes a customer’s full name, purchase history, billing address, shipping address, telephone number, account creation date, gender and XPLR Pass reward records.

How It Could Affect Your Customers’ Business: Educational institutions have been high on cybercriminal priority lists, and the time pressure here made this attack an attractive prospect for the bad guys.


Canada


Bell Technical Solutions (BTS)

https://www.bleepingcomputer.com/news/security/hive-ransomware-claims-cyberattack-on-bell-canada-subsidiary/

Exploit: Ransomware 

Bell Technical Solutions: Telecommunications Services

Risk to Business: 2.712 = Moderate

The Hive ransomware group has claimed responsibility for a ransomware strike on Bell Technical Solutions (BTS), a subsidiary of Bell Canada. BTS provides installation services for the telecom. Hive just published a claim on its dark web leak site saying that it encrypted BTS systems almost a month ago. BTS’ website is currently inaccessible. Parent company Bell Canada published a cybersecurity alert following the incident on its own website

Risk to Individual: 2.834 = Moderate

The Hive ransomware group has claimed responsibility for a ransomware strike on Bell Technical Solutions (BTS), a subsidiary of Bell Canada. BTS provides installation services for the telecom. Hive just published a claim on its dark web leak site saying that it encrypted BTS systems almost a month ago. BTS’ website is currently inaccessible. Parent company Bell Canada published a cybersecurity alert following the incident on its own website

How it Could Affect Your Customers’ Business: Critical infrastructure targets like utilities have been squarely in cybercriminal sights as ransomware targets.


South America


Argentina – Buenos Aires Legislature

https://therecord.media/buenos-aires-legislature-announces-ransomware-attack/

Exploit: Ransomware

Buenos Aires Legislature: Municipal Government Body

Risk to Business: 1.219 = Extreme

Legislators in Argentina’s capital Buenos Aires were left unable to access information systems or wifi in the legislature’s facility after a successful ransomware attack last week. The incident was discovered on September 11, 2022, and persisted into the week. Officials say they took measures to contain the attack immediately and they’re working quickly to restore all operations.  No ransomware group has claimed responsibility for this attack. 

How it Could Affect Your Customers’ Business: Government agencies have been popular ransomware targets over the last few years. 


United Kingdom & European Union


France – Damart

https://www.bleepingcomputer.com/news/security/damart-clothing-store-hit-by-hive-ransomware-2-million-demanded/

Exploit: Ransomware

Damart: Clothing Retailer

Risk to Business: 1.863 = Severe

Clothing store Damart has been taken down by ransomware in an attack by the Hive cybercrime gang. The company, with more than 130 stores worldwide, has had a variety of systems encrypted and operations, including sales and customer service, have been disrupted since August 15. The threat actors haven’t posted the victim on their extortion site, but reports say that they’re demanding a $2 million ransom. Damart (through parent company Damartex) says that it has not negotiated with the cybercriminals and it has informed the French national police of the incident.

How it Could Affect Your Customers’ Business: This breach is bound to have expensive consequences for Damart once regulators get through with them


United Kingdom – Eurocell

https://securityaffairs.co/wordpress/135480/data-breach/nato-docs-stolen-from-portugal.html

Exploit: Hacking

Eurocell: PVC Manufacturing

Risk to Business: 2.122 = Severe

Derbyshire-based PVC manufacturer and building products distributor Eurocell has begun informing former employees that their information may have been stolen in a data breach after bad actors obtained access to the company’s systems. An estimated 2000 current employees and an unknown number of former employees may have been affected.

Risk to Business: 2.236 = Severe

Among the data compromised are employment terms and conditions, PII like names, dates of birth and next of kin, financial information including bank account, NI and tax reference numbers, right to work documents, health and wellbeing documents, learning and development records and disciplinary and grievance forms.  

How it Could Affect Your Customers’ Business: This kind of data is valuable and sought-after because bad actors can parlay it into easy money. 


You can read the rest of the ID Agent post here for additional information

IT Services

Your Cybersecurity Questions, Answered .

If you’re like a lot of our customers, you have some big questions about cybersecurity almost every day.
We Can Help
© Copyright 2020 - Advantex - All Rights Reserved | Sitemap