This week we’re checking in from DattoCon 2022 with news about upcoming innovations, a tale of NATO hacking, the new Comprehensive Guide to Business Email Compromise and making the dollars and cents case for security and compliance awareness training.
United States
Nelnet Servicing (Nelnet)
Exploit: Hacking
Nelnet Servicing (Nelnet): Student Loans Servicer
Risk to Business: 2.026 = Severe
A data breach of student loan servicer Nelnet Servicing (Nelnet) has affected over 2.5 million student loan borrowers throughout the United States. The breach affected borrowers whose student loans are serviced by the Oklahoma Student Loan Authority (OSLA) and Edfinancial Services (Edfinancial). The company disclosed that the PII of 2.5 million student loan borrowers was accessible by an unknown actor who gained access to the network in July 2022.
Risk to Business: 2.406 = Severe
The exposed data includes names, addresses, email addresses, phone numbers and Social Security numbers of borrowers who had loans serviced by the affected institutions.
How It Could Affect Your Customers’ Business: Service providers like this one are highly at risk for trouble thanks to the combination of valuable data and access to companies that they offer bad actors.
Baker & Taylor
Exploit: Ransomware
Baker & Taylor: Book Distributor
Risk to Business: 1.647 = Severe
North Carolina-based Atrium Health has announced a data breach impacting 7,000 patients. The healthcare provider says that an employee at Atrium Health at Home fell victim to a phishing attack, resulting in bad actors accessing that employee’s email and messaging account in April 2021. Atrium is mailing letters to the affected patients and hasn’t determined whether the unauthorized user accessed the protected health information in the accounts.
North Carolina-based Atrium Health has announced a data breach impacting 7,000 patients. The healthcare provider says that an employee at Atrium Health at Home fell victim to a phishing attack, resulting in bad actors accessing that employee’s email and messaging account in April 2021. Atrium is mailing letters to the affected patients and hasn’t determined whether the unauthorized user accessed the protected health information in the accounts.
How It Could Affect Your Customers’ Business: Unfortunately, this kind of exposure is becoming all too common as bad actors strike strategically against service providers.
Los Angeles Unified School District
https://techcrunch.com/2022/09/06/los-angeles-unified-school-district-ransomware/
Exploit: Ransomware
Los Angeles Unified School District: Regional Education Authority
Risk to Business: 1.427 = Extreme
A cyberattack against the Los Angeles Unified School District added complications to the start of the new school year. The ransomware attack hit on the Sunday before schools were scheduled to open for the new year. The district was able to overcome the digital shutdown to open schools on schedule the following Tuesday. However, the personal data of an estimated 400,000 students may have been accessed by cybercriminals. Federal, state and local authorities are investigating the incident. The Vice Society ransomware group has claimed responsibility for the attack, saying that they snatched more than 500GB of unspecified data.
How It Could Affect Your Customers’ Business: Educational institutions have been high on cybercriminal priority lists, and the time pressure here made this attack an attractive prospect for the bad guys.
Savannah College of Art and Design
https://therecord.media/ransomware-attack-on-leading-georgia-art-college-leads-to-data-leak/
Exploit: Ransomware
Savannah College of Art and Design: Institution of Higher Learning
Risk to Business: 2.712 = Moderate
Savannah College of Art and Design (SCAD) has revealed that a hacker gained access to SCAD’s information network systems, exposing data on an estimated 15,00 students. The school said that an unspecified “limited” number of files containing data about students and employees was accessed by bad actors. The AvosLocker ransomware group added SCAD to its leak site, but no ransom specifics have been released. AvosLocker may have taken at least 69,000 files that contained student information, personnel files and business data. No specifics have been released about what data was taken.
How it Could Affect Your Customers’ Business: Education has been a sector under siege, especially attractive to ransomware groups as the school year opens.
United Kingdom & European Union
United Kingdom – InterContinental Hotels Group (IHG)
https://www.infosecurity-magazine.com/news/holiday-inn-hotels-cyber-attack/
Exploit: BEC
InterContinental Hotels Group (IHG): Hotel Operator
Risk to Business: 1.809 = Severe
InterContinental Hotels Group (IHG) has confirmed that they’ve had a security incident impacting the Holiday Inn hotels chain. A cyberattack downed its booking systems and mobile apps. Although ITG did not reveal the nature of the attack in its public statement, tech experts point to ransomware. The incident is under investigation, and no information about what if any data was stolen or the group responsible was mentioned.
How it Could Affect Your Customers’ Business: Hospitality organizations rely heavily on their IT systems, and outages lead to disasters.
United Kingdom – Go-Ahead
https://cities-today.com/major-uk-bus-operator-hit-by-cyber-attack/
Exploit: Hacking
Go-Ahead: Bus Company
Risk to Business: 1.723 = Severe
Go-Ahead, a major UK public transport operator disclosed that it is a cyberattack after finding unauthorized activity within its IT systems. The company said that many of its IT systems have been affected by this cybersecurity incident, including the system used to allocate drivers to bus services, with minimal delays expected. Some restoration has taken place using backups, and the incident remains under investigation.
How it Could Affect Your Customers’ Business: Major transportation providers are juicy targets for bad actors because those services cannot afford disruptions, making them likely to pay ransoms.
Portugal – Armed Forces General Staff agency of Portugal (EMGFA)
https://securityaffairs.co/wordpress/135480/data-breach/nato-docs-stolen-from-portugal.html
Exploit: Hacking
Armed Forces General Staff agency of Portugal (EMGFA): Government Agency
Risk to Business: 1.361 = Extreme
Classified NATO documents belonging to the Armed Forces General Staff agency of Portugal (EMGFA) were spotted for sale on the dark web, leading the agency to discover that it had experienced a data breach. First spotted by US Information Services, hundreds of sensitive documents have apparently been snatched by bad actors. The documents were exfiltrated from systems in the EMGFA, in the secret military (CISMIL) and in the General Directorate of National Defense Resources. Investigators determined that security rules for the transmission of classified documents had been broken, and threat actors were able to access the Integrated System of Military Communications (SICOM) and receive and forward classified documents.
How it Could Affect Your Customers’ Business: This problem could have been prevented by simple adherence to security rules and compliance with security policies.
You can read the rest of the ID Agent post here for additional information
