December 14, 2022

The Week in Breach News: 12/07/22 – 12/13/22


This week: Hackers hit Sequoia One, a Chinese nation-state attack on Amnesty International, another breach at Telstra, learn about Managed SOC and read nine must-see cybersecurity predictions for 2023. 


United States


Sequoia

https://www.wired.com/story/sequoia-hr-data-breach/

Exploit: Hacking

Sequoia: Payroll & Benefits Management Company

Risk to Business: 2.176 = Severe

California-based major business services company Sequoia, known for their Sequoia One payroll services, has disclosed that they’d detected unauthorized access to one of the company’s cloud storage repositories containing an array of sensitive and personal data. The company says it occurred between September 22 and October 6. The company noted that investigators from Dell SecureWorks did not find evidence of malware in its network and did not find any compromised computers or servers in Sequoia’s infrastructure.

Risk to Business: 2.131 = Severe

Sequoia’s breached cloud system stored an array of sensitive personal data, including names, addresses, dates of birth, gender, marital status, employment status, Social Security numbers, work email addresses, wage data related to benefits, and member IDs as well as any other ID cards, Covid-19 test results, and vaccine cards that individuals uploaded to the employment system. 

How It Could Affect Your Customers’ Business: Business services companies, especially those that store large amounts of sensitive data, are tempting targets for cybercriminals


Acuity Brands 

https://www.securityweek.com/lighting-giant-acuity-brands-discloses-two-data-breaches

Exploit: Hacking

Acuity Brands: Lighting & Building Services 

Risk to Business: 1.227 = Extreme

Acuity Brands has disclosed that it has had not just one but two previously unannounced data breaches in the last few years. The company says that it became aware of unauthorized access to its systems that resulted in data theft in early December 2021. While undertaking that investigation, Acuity also discovered that they’d had a separate, unrelated breach in October 2020, which also involved attempts to copy files from compromised systems. SecurityWeek said that they’ve found evidence that the 2021 attack may have been carried out by the notorious now-defunct Conti ransomware group. Acuity said that it had initially customers and partners about the breach in December 2021, and that this new notification is a follow-up for impacted employees. Employee data was accessed in both incidents. The company is likely facing a class-action lawsuit related to the incident in California.  

Individual Risk: 1.207 = Extreme

In this incident, immigrants’ names, case status, detention locations, and other information was published on a page where ICE regularly publishes detention statistics.

How It Could Affect Your Customers’ Business: A cascade of damage can follow in the wake of a data breach, like expensive legal trouble. 


The Metropolitan Opera 

https://www.nytimes.com/2022/12/07/arts/met-opera-cyberattack-website.html/

Exploit: Hacking

The Metropolitan Opera: Arts Organization

Risk to Business: 1.981 = Severe

The Metropolitan Opera in New York City experienced a cyberattack that disrupted its ability to sell tickets. The company’s website and box office were affected. The New York Times reported an outage of 30 hours. However, that didn’t stop the show, with performances continuing as scheduled. There has been no announcement that this was a nation-state cyberattack, but the newspaper noted that The Met has been outspoken in its support for Ukraine throughout the Russia-Ukraine conflict, including parting ways with a leading Russian singer and hosting a benefit for Ukraine relief.  

How It Could Affect Your Customers’ Business: Bad actors love to hit businesses that are impacted by a time crunch in the hope of scoring a big payday.


The California Department of Finance 

https://www.cyberscoop.com/lockbit-ransomware-california-department-of-finance/

Exploit: Ransomware

The California Department of Finance: Government Agency

Risk to Business: 1.981 = Severe

The LockBit 2.0 ransomware group says that it has snatched 76 gigabytes of data from the California Department of Finance. The agency has been added to the group’s leak site with a deadline of December 24 to pay the unspecified ransom. The group claims that it has stolen a wide variety of data including databases, confidential data, financial documents and court records, providing seven screenshots of the data as proof. The California Governor’s Office of Emergency Services did confirm that the California Cybersecurity Integration Center (Cal-CSIC) is actively investigating a cybersecurity incident at the agency but did not offer any further comment.  

How It Could Affect Your Customers’ Business: Government agencies are ripe ransomware targets because they maintain huge stores of often sensitive data.


Canada


Amnesty International  

https://www.securityweek.com/amnesty-international-canada-says-it-was-hacked-beijing

Exploit: Nation-State Cyberattack

Amnesty International: Non-Profit Organization

Risk to Business: 2.107 = Severe

The Canadian arm of the human rights organization Amnesty International said that it was recently the victim of a cyberattack sponsored by China. The organization said that it first detected the security breach on October 5. Officials said that said the searches that attackers made in their systems were specifically and solely related to China and Hong Kong, as well as a few prominent Chinese activists. Amnesty International disclosed that the hack left the organization offline for nearly three weeks.  

How it Could Affect Your Customers’ Business: Nation-state cyberattacks are hitting organizations that you may not expect these days.


United Kingdom & European Union


France – Intersport

https://techmonitor.ai/technology/cybersecurity/intersport-cyberattack

Exploit: Ransomware 

Intersport: Retailer 

Risk to Business: 1.882 = Severe

French sports equipment company Intersport has fallen victim to a ransomware attack by the Hive cybercrime group. The group allegedly snatched data about Intersport’s customers in the Hauts-de-France region were primarily impacted, but some clients in other areas, including the central Île-de-France, were also at risk. Intersport has more than 700 outlets. Allegedly, the company was given an unusual same-day deadline to pay the extortionists.  

How it Could Affect Your Customers’ Business: Tis the season for retailers to get hit by cyberattacks and cybercriminals snatch up valuable data.


Belgium – The City of Antwerp 

https://www.bleepingcomputer.com/news/security/antwerps-city-services-down-after-hackers-attack-digital-partner/

Exploit: Ransomware 

The City of Antwerp: Municipal Government

Risk to Business: 1.904 = Severe

The city of Antwerp, Belgium, suffered a disruption to many public services after bad actors obtained access to its network through a cyberattack on its digital provider Digipolis. Phone and email systems were widely disrupted at city agencies. Schools, daycares, senior care, health services and other city services were impacted. The city’s police also experienced outages. Antwerp’s mayor said that the impact could last until the end of December. the Play ransomware group has claimed responsibility for the attack.

How it Could Affect Your Customers’ Business: Bad actors have been having a field day hitting small and large local government entities worldwide.


Australia & New Zealand


Australia – Telstra 

https://www.bankinfosecurity.com/australian-telecom-firm-leaks-data-130000-customers-a-20681

Exploit: Misconfiguration

Telstra: Telecommunications Company

Risk to Business: 2.103 = Severe

Another breach at telecom Telstra has left the information of over 130,000 customers whose details were supposed to be unlisted exposed. The company pointed to a “misalignment of databases” as the cause behind the incident, which made the name, address and phone numbers of customers who had requested to be unlisted available via Directory Assistance or the White Pages. Telstra says that it has partnered with IDCARE to develop a response plan and offer affected individuals support. Telstra also suffered a security breach in October that exposed the personal data of an estimated 30,000 past and present Telstra employees days after the massive Optus incident.

How it Could Affect Your Customers’ Business: One breach is bad enough, but two blunders so close together is going to be very disheartening to consumers.


You can read the rest of the ID Agent post here for additional information

IT Services

Your Cybersecurity Questions, Answered .

If you’re like a lot of our customers, you have some big questions about cybersecurity almost every day.
We Can Help
© Copyright 2020 - Advantex - All Rights Reserved | Sitemap
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram