We’re kicking off Cybersecurity Awareness month with a bang! A $250k BEC attack hits Boulder County CO, BlackCat delivers ransomware to a New Jersey defense contractor, a berry big data breach at an agricultural giant & four easy ways to help your clients reduce non-malicious insider risk.
NJVC: Defense Contractor
Risk to Business: 1.806 = Severe
The BlackCat ransomware group has claimed responsibility for an attack on IT services provider NJVC. The company primarily serves the U.S. defense and intelligence community. The group has threatened to begin leaking NJVCs data in stages. However, it’s had difficulty following through on that threat – BackCat’s dark web leak site experienced technical difficulties shortly after the threat was made, and by September 30 they had removed NJVC from their hit list. No word on what if any ransom was paid or what data may have been compromised.
How It Could Affect Your Customers’ Business: Attacks like this against defense contractors are very dangerous and could impact national security.
Fast Company: News Publication
Risk to Business: 2.713 = Moderate
Apple News was forced to disable business news publication Fast Company after hackers compromised the business magazines’ content management system and used it to send racist and inappropriately sexual push notifications to Apple News users. Other news outlets that carried Fast Company’s content like INC. Magazine shut down their websites briefly to prevent suffering the same fate. Reports say that Fast Company’s website was defaced with foul language last Sunday after a hacker going by the nickname “postpixel”, claimed they were able to crack the default password used across multiple accounts, including that of an administrator. The hacker also claims to have had access to other content delivery streams and internal systems. Customer records were not impacted. The publication’s site remains down as the incident is handled.
How It Could Affect Your Customers’ Business: this publication is tied to the websites of other publications creating a cascade of danger for everyone involved
Physician’s Business Office
Physician’s Business Office: Medical Practice Management
Risk to Business: 1.601 = Severe
West Virginia-based healthcare business services provider Physician’s Business Office has notified 196,573 patients that their personal data and protected health information was likely stolen during a hack of its network in April 2022. Although HIPAA provisions call for affected patients to be informed within 60 days of the incident, the company didn’t meet that deadline, saying that it was working “to collect current mailing addresses for all potentially impacted individuals.” Providers were informed in late July 2022.
Risk to Individual: 1.624 = Severe
The stolen data could include patient names, Social Security numbers, dates of birth, driver’s licenses, treatments, diagnoses, contact details, disability codes, prescription information, and health insurance account details. Patients will receive free credit monitoring and identity theft protection services.
How It Could Affect Your Customers’ Business: An incident like this is going to cost a fortune to fix and incur a boatload of noncompliance fines.
Reiter Affiliated Companies
Reiter Affiliated Companies: Berry Producer
Risk to Business: 1.624 = Severe
Reiter Affiliated Companies, the world’s largest fresh multi-berry producer, has disclosed the theft of personal and health information of 93,000 people. The data appears to be tied to the health and welfare plans of Reiter Affiliated Health and Southern Pacific Farming. The attack appears to have occurred in late June but was not discovered until early July. The company sent data breach notifications to the parties involved in early September 2022.
Risk to Individual: 1.733 = Severe
The stolen data was tied to plan enrollment rosters, which contained member names, identifying information, contacts, SSNs and dates of birth.
How it Could Affect Your Customers’ Business: This type of data will be very profitable for the bad guys who are always on the hunt for more.
Boulder County, CO
Exploit: Business Email Compromise
Boulder County, CO: Regional Government
Risk to Business: 1.116 = Extreme
Officials in Boulder County, Colorado have disclosed that the county was recently the victim of a successful business email compromise attack. Hackers obtained access to one of its vendors through a cyberattack and used the company to send spear-phishing emails to country employees. Ultimately, the county ended up sending $238,000 to the bad actors. The county is working with federal law enforcement in the ongoing incident investigation.
How it Could Affect Your Customers’ Business: Governments are common targets for BEC schemes and government agencies must be alert for schemes like this one.
Canada – Yukon Department of Education
Exploit: Employee Error
Yukon Department of Education: Local Education Authority
Risk to Business: 2.702 = Moderate
The personal data of more than 500 students was exposed inadvertently by an employee of the Yukon Department of Education. Reports say that a department employee included the email address of someone who was not authorized to view the information when forwarding a spreadsheet containing the data of students who applied to a post-secondary grant program to colleagues. The recipient claims to have never opened the message. The incident took place in late August 2022 but affected students and their parents were not informed until mid-September. The district says that it is working with the Department of Education to ensure it has met its obligations under the Access to Information and Protection of Privacy Act. No information is available about the exact nature of the data exposed.
How it Could Affect Your Customers’ Business: Employee mistakes like sending the wrong file are the most likely way that a company will suffer a data breach.
Asia & Pacific
Hong Kong – Shangri-La Hotels
Shangri-La Hotels: Hospitality Company
Risk to Business: 1.816 = Severe
The Shangri-La hotel group has said that a database containing the personal information of customers at eight of its Asian properties between May and July has been accesses by bad actors. The company disclosed that hotels in Hong Kong, Singapore, Chiang Mai, Taipei and Tokyo were involved in the incident. The incident took place between May and July, a period during which a Shangri-La hotel in Singapore hosted Asia’s top security summit. The company said it had not yet been able to determine what data had been stolen.
Risk to Business: 1.718 = Severe
Customer data has been exposed including home addresses, drivers’ licenses, passport numbers. names, addresses, phone numbers, email addresses and individuals’ preferred pronouns. The company says that no financial or commercial account data was accessed.
How it Could Affect Your Customers’ Business: Hotels are a prime place for bad actors to snatch data because they have a wide variety of customer information.
You can read the rest of the ID Agent post here for additional information