This week: A massive breach at a Canadian finance company, AudienceView’s breach gave cybercriminals the ticket to financial data from events at half a dozen colleges, why the booming dark web economy is so dangerous and the five worst email-based scams.
Western Digital
Exploit: Hacking
Western Digital: Computer Hardware Manufacturer
Risk to Business: 1.702 = Severe
Western Digital, a California-based provider of data storage hardware, has announced that it was hit by a cyberattack last Monday. In the March 26, 2023, incident, bad actors gained access to a number of the company’s systems, forcing the company to take some services and systems offline. In a statement, the company acknowledged that My Cloud, My Cloud Home, My Cloud Home Duo, My Cloud OS5, SanDisk ibi, SanDisk Ixp and Wireless Charger products were impacted. Reports say that cloud, proxy, web, authentication, emails and push notification services are experiencing outages.
How It Could Affect Your Customers’ Business: Manufacturers like this are sitting ducks as cybercriminals ramp up efforts against the supply chain.
Forint to the Rescue: Learn more about how our Security Suite can help Service Providers protect their clients from expensive and damaging cyberattacks and other information security trouble. GET IT>>
NCB Management Services
Exploit: Hacking
NCB Management Services: Debt Buyer
Risk to Business: 1.873 = Severe
Accounts receivable management company and debt buyer NCB Management Services has started informing consumers that their personal information was likely compromised in a data breach. The incident is expected to impact roughly 500,000 individuals. NCB said that hackers compromised some of NCB’s systems on February 1, 2023, giving them access to information from closed Bank of America credit card accounts. Included in this breach were names, addresses, phone numbers, email addresses, birth dates, driver’s license numbers, Social Security numbers and employment information for account holders. Financial data such as pay amounts, credit card numbers, routing numbers, account numbers and balances, and account statuses was also snatched.
How It Could Affect Your Customers’ Business: Finance has been the top sector hit by cybercriminals for the last few years as the economy contracts
Forint to the Rescue: Develop an effective, efficient incident response plan with the tips in our blog 'The 6 Phases of Incident Response'. VIEW THE BLOG>>
Also, download our Cyber Incident Response Service Documentation for further information on how Forint can support your preparedness and response activities.
Lumen Technologies
Exploit: Ransomware
Lumen Technologies: Communications and Network Services
Risk to Business: 1.311 = Extreme
Lumen Technologies has announced that it is dealing with not one but two cyber incidents. According to a filing with the U.S. Securities and Exchange Commission (SEC), Lumen discovered that a number of their servers that support a segmented hosting service had been infected with ransomware. The Louisiana-based company acknowledged that the ransomware is impacting a small number of its enterprise customers, disrupting call center operations. The company also said that in a separate incident, it had discovered that bad actors had gained access to another part of the company’s IT systems, installed a different type of malware and stole data. The firm is evaluating whether any personally identifiable information (PII) or other sensitive information was stolen.
How It Could Affect Your Customers’ Business: This dose of double trouble will be a powerful blow to the company’s reputation as well as its finances.
Forint to the Rescue: Contact us to see how security awareness training can help businesses combat security risks from phishing to employee mistakes.
Cornell University
Exploit: Supply Chain Attack
Cornell University: Institution of Higher Learning
Risk to Business: 1.819 = Severe
Cornell University has released a security alert warning that purchase data for ticketholders at some of its recent events has been stolen as the result of a platform breach at one of its vendors, AudienceView. The school cautioned that people who had purchased tickets for shows and events organized by the Cornell Concert Series, Cornell Athletics, Cornell Tickets and the Schwartz Center for the Performing Arts may have had financial data stolen. In some cases, students reported that money had already been snatched from their bank accounts. Other colleges and universities including Ithaca College, Virginia Tech University, SUNY Oswego, Colorado State University, Loyola University Chicago and McMaster University in Canada have also been impacted by the AudienceView breach. The ticketing platform company said that the breach was caused by malware discovered in its systems and that it is working with Mandiant to investigate the incident.
How It Could Affect Your Customers’ Business: This is a valuable score of fast-selling credit card and financial data that means big profits for the bad guys.
Forint to the Rescue: Dark web data and other dark web-related risks are big threats to businesses. Ask how Forint can manage and monitor Dark Web data for your organisation.
See how Advanced Threat Management gives businesses an essential edge against cyberattacks. REQUEST MORE INFORMATION>>
TMX Finance
Exploit: Hacking
TMX Finance: Consumer Lender
Risk to Business: 1.423 = Extreme
TMX Finance, a lender based in Canada with operations in the U.S. and Canada, has disclosed a data breach that impacts customers of its subsidiaries TitleMax, TitleBucks, and InstaLoan. TMX said that the breach likely began in early December 2022 but that it did not detect the breach until February 13th, 2023. The personal data of 4,822,580 customers was potentially exposed in the incident. TMX says that the exposed customer data includes a client’s Full name, date of birth, passport number, driver’s license number, federal/state identification card number, tax identification number, U.S. Social Security number, financial account information, phone number, physical address and email address.
How it Could Affect Your Customers’ Business: This will be an expensive disaster for TMX after regulators in both countries wind their way through its subsidiaries.
Forint to the Rescue: Our Advanced Threat Management capability helps overtaxed security teams detect and address security issues without spending on additional equipment or expanding the payroll. LEARN MORE>>
United Kingdom
Capita
Exploit: Hacking
Capita: Business Services Provider
Risk to Business: 1.709 = Severe
London-based business services giant Capita has disclosed that it has been hit by a cyberattack that has caused disruption to some of its internal processes. The company said in a statement that the cyberattack, which took place last Friday primarily impacted access to internal Microsoft Office 365 applications and some online services for customers. The fallout lasted for about three days. Capita performs crucial operations for the NHS and the military in Britain. The company was still restoring online services for customers on Monday morning.
How it Could Affect Your Customers’ Business: Business services providers have been front and center in the rising tide of supply chain cyberattacks.
Forint to the Rescue: Discuss your biggest SMB security challenges and decision-maker attitudes toward security, training and more.
Italy
Toyota Italy
Exploit: Human Error
Toyota Italy: Car Company
Risk to Business: 2.836 = Moderate
Toyota Italy has acknowledged that it accidentally leaked sensitive data about its customers for at least the last 18 months. The data leak occurred through likely misconfiguration in its Salesforce Marketing Cloud and Mapbox APIs. The company exposed its credentials to the Salesforce Marketing Cloud, giving bad actors possible access to Toyota clients’ phone numbers and email addresses, customer tracking information and email, SMS and push-notification contents. The company also exposed application programming interface (API) tokens for Mapbox, a U.S. based mapmaker. Toyota Italy said that it has taken steps to close those gaps.
How it Could Affect Your Customers’ Business: Even a small misconfiguration or mistake with an API can be a huge, expensive disaster for a company
Forint to the Rescue: The Cybersecurity Risk Protection Checklist helps businesses make sure that they’re covering all of their security bases. GET CHECKLIST>>
How much is your data worth on the dark web? Find out in The IT Professionals Guide to the Dark Web! GET EBOOK>>
Australia and New Zealand
Crown Resorts
Exploit: Hacking
Crown Resorts: Casino Operator
Risk to Business: 2.733 = Moderate
Crown Resorts is the latest company to fall victim to the exploitation of GoAnywhere. By the Cl0p ransomware group. The company said last Monday that a ransomware group had contacted Crown Resorts, claiming to have gained access to some files through the GoAnywhere file transfer service zero-day exploit. Crown Resorts was quick to reassure the public that no customer data was compromised, and the company’s resort, casino and business operations have not been impacted. More than 100 companies have been hit by Cl0p in the GoAnywhere snafu.
How it Could Affect Your Customers’ Business: This might have been avoidable with fast patching once this exploit became public weeks ago.
Forint to the Rescue: Most ransomware attacks start with phishing. Ask how Forint can protect your businesses from phishing danger.
Meriton
Exploit: Hacking
Meriton: Hotel Operator
Risk to Business: 1.733 = Severe
Major Australian hotel and holiday home operator Meriton has disclosed that it has experienced a cyber indent that led to the exposure of personal data. More than 1800 guests and staff members employed by Meriton may potentially have had their data stolen when hackers struck the luxury developer on January 14, 2023. Guests staying in Meriton properties may have had their contact information exposed. Meriton employees were hit harder, with their bank accounts, tax file numbers and employment information, which includes particulars about salaries, disciplinary history and performance appraisals possibly accessed by hackers. The company said that the incident was reported to the Australian Cyber Security Centre and the Office of the Australian Information Commissioner.
How it Could Affect Your Customers’ Business: This breach hit two tracks of data for Meriton, doubling its chance of a big fine.
Forint to the Rescue: Learn how to achieve complete endpoint security in a flash without blowing up your budget with antivirus and EDR.
Guide to Risk Scores
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident
Comments