July 21, 2022

The Week in Breach News: 07/13/22 – 07/19/22

It’s game over for security at Bandai Namco, human error causes a breach at a UK college, Lending Tree admits they’ve been breached and the best format for delivering security awareness training.

United States

Narragansett Bay Commission


Exploit: Ransomware

Narragansett Bay Commission: Utility Company


Risk to Business: 2.783 = Moderate

The Narragansett Bay Commission has been hit with a ransomware attack. The utility runs sewer systems in parts of the Providence and Blackstone Valley areas in Rhode Island.  A spokesperson for the company said that the company experiences the encryption of data on some computers and systems in its network. However, service was not interrupted, and the utility does not store customer payment data. No word on what data was stolen or if the Narragansett Bay Commission paid a ransom.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Customers’ Business: Hotels are a prime target for cybercriminals because they often have stores of valuable financial and personal data on guests.

Lending Tree


Exploit: Hacking

Lending Tree: Financial & Mortgage Services


Risk to Business: 1.672 = Severe

Mortgage giant Lending Tree, LLC recently confirmed that the company has experienced a data breach after cybercriminals discovered a code vulnerability on its website. According to a notice filed by the company, on June 3, 2022, Lending Tree discovered a code vulnerability on the company’s website that likely resulted in bad actors gaining access to sensitive personal information for customers. Lending Tree believes that the vulnerability was in place since mid-February 2022.


Individual Risk: 1.703 = Severe

Exposed information varies depending on the individual, but may include client names, Social Security numbers, dates of birth and street addresses.

How It Could Affect Your Customers’ Business The financial sector was at the top of the cybercriminal hit list in 2021 and that hasn’t changed in 2022. 

Family Practice Center


Exploit: Hacking

Family Practice Center: Medical Clinic Operator


Risk to Business: 1.701 = Severe

Pennsylvania-based medical clinic chain Family Practice Center has experienced a data breach. The company filed a notice with the U.S. Department of Health and Human Services saying that on October 11, 2021, it was the target of a cyberattack that attempted to shut down its computer systems. This may have led to an unauthorized party gaining access to sensitive data about 83,969 patients.  


Individual Risk: 1.641 = Severe

The breached information includes a patient’s name, Social Security number, address, medical insurance information and health/ treatment information.

How It Could Affect Your Customers’ Business: Medical facilities of all kinds should be strengthening security in response to non-stop threats in the sector. 

United Kingdom & European Union

United Kingdom – Morgan Hunt


Exploit: Supply Chain Risk

Morgan Hunt: Recruiting Firm


Risk to Business: 1.776 = Severe

British recruitment agency Morgan Hunt confirmed that it has experienced a data breach that resulted in intruders snatching personal data for some of the freelancers on its books. The recruiter pointed the finger at a third party service provider as the source of the problem. Impacted freelancers were sent a letter informing them of the incident.


Individual Risk: 1.741 = Severe

The information accessed included contractors’ names, contact details, identity documents, proof of address documents (including any bank or building society statement provided), National Insurance number, and date of birth.

How it Could Affect Your Customers’ Business: Cybercriminals are hungry for fresh stores of data, making service providers very attractive targets

United Kingdom – City College Norwich


Exploit: Human Error

City College Norwich: Institution of Higher Learning 


Risk to Business: 2.304 = Severe

City College of Norwich is in hot water after an employee mistakenly sent the wrong information to a student’s family. A parent tipped off officials after they were sent an expected attachment in an email exchange with one of the college’s customer service team when she received an unanticipated attachment, a spreadsheet titled “P2E links for scheduled applicants”. That spreadsheet contained the personal data of hundreds of people associated with the college. The incident is under investigation.  


Individual Risk: 2.215 = Severe

The spreadsheet included names, telephone numbers, postal and email addresses and other identifying details of students and applicants. 

How it Could Affect Your Customers’ Business Humans will make mistakes, but training can help reduce the chance that employees make security errors like this one. 

Asia & Pacific

Japan – Bandai Namco


Exploit: Ransomware

Bandai Namco: Videogame & Toy Maker


Risk to Business: 1.929 = Severe

The ransomware group Black Cat is claiming responsibility for a ransomware attack that hit Japanese entertainment company Bandai Namco. The video gaming giant confirmed that the group’s companies in Asian regions, excluding Japan, were breached by a third party on July 3, 2022. Bandai Namco appeared on the cybercriminal operation’s dark web site immediately afterward. The company said that in a statement “It is a possibility that customer information related to the Toys and Hobby Business in Asian regions (excluding Japan) was included in the servers and PCs, and we are currently identifying the status about [the] existence of leakage, scope of the damage, and investigating the cause.” 

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Customers’ Business Ransomware attacks on all sorts of businesses have soared in the last 12 months as cybercriminals search for new revenue streams. 

Australia & New Zealand

Australia – Deakin University 


Exploit: Credential Compromise

Deakin University: Institution of Higher Learning


Risk to Business: 2.017 = Severe

Deakin University in Melbourne has experienced a data security incident. The username and password of a single staff member at Deakin University was hacked and then used to unlock private details of 46,980 past and current students. The hackers then used that data to send phishing messages to students. In the messages, the cybercriminals sent out two links, both of which took the student to a malicious form that phished for information including credit card details. The breach will be reported to the Office of the Victorian Information Commissioner (OVIC). 


Risk to Business: 2.213 = Severe

Altogether, bad actors obtained the contact details of 46,980 past and current Deakin students. The haul included student names, IDs, mobile numbers, email addresses and even recent university results.

How it Could Affect Your Customers’ Business Just one compromised credential can open organizations up to a world of hurt and an expensive security nightmare. 

You can read the rest of the ID Agent post here for additional information

IT Services

Your Cybersecurity Questions, Answered .

If you’re like a lot of our customers, you have some big questions about cybersecurity almost every day.
We Can Help
© Copyright 2020 - Advantex - All Rights Reserved | Sitemap