We bring to your attention a sampling of recent media stories involving cyber risk & privacy liability. Among the stories we’re highlighting this month: Canon allegedly suffered a ransomware attack, ransomware gang publishes tens of GBs of internal data from LG and Xerox, Garmin reportedly paid a multi-million dollar ransom, and more.
Ransomware Corner
According to Bleeping Computer, which has a partial screenshot of what is alleged to be the ransom note, Canon was attacked during the morning of August 5 by the notorious Maze ransomware gang. A member of the cybercrime group told the publication that it had stolen 10 terabytes of “data, private databases, etc.” Click to read entire article.
Maze gang publishes internal data from LG and Xerox after failed extortion attempt. Click to read entire article.
Garmin has reportedly paid 10 million US dollars via a third-party company to get its systems up and running after the recent cyber attack. Click to read entire article.
“On or about June 5, 2020, Summit discovered that it was unable to access certain data and records stored on its server,” the notice reads. “Summit immediately launched an investigation, with the assistance of third-party forensic computer experts, to determine the nature and scope of the incident. It was determined that certain information was encrypted by ransomware.” Click to read entire article.
The City of Lafayette announced a malicious breach of its computer system that crippled the network last week. City officials opted to pay $45,000 “ransom” rather than risk further delay or damage to the municipality’s online operations. Click to read entire article.
The operators of the NetWalker ransomware are believed to have earned more than $25 million from ransom payments since March this year, security firm McAfee said today. Click to read entire article.
Cloud/Aggregation
Boston University and WBUR notified donors on Saturday that some of their personal information may have been compromised. Blackbaud, a company that provides fundraising technology, says its client data was stolen. It’s unclear how many organizations are affected by the data breach. Other media organizations are reporting that many nonprofits and higher education institutions are affected, and the BBC reports that at least 125 organizations in the United Kingdom have been affected. Click to read entire article.
A leaky bucket that contained data belonging to a large number of firms remained online for months. The server hosts 5.5 million totaling 343GB in size. Click to read entire article.
Financial Services
The U.S. Treasury Department has fined Capital One $80 million for careless network security practices that enabled a hack that accessed the personal information of 106 million of the bank’s credit card holders. Click to read entire article.
Morgan Stanley on July 10 wrote to clients disclosing “potential data security incidents” related to their personal information. The incidents occurred during multiple ITAD processes over the past four years, according to the letter. “In 2016, Morgan Stanley closed two data centers and decommissioned the computer equipment in both locations,” the company wrote. “As is customary, we contracted with a vendor to remove the data from the devices. We subsequently learned that certain devices believed to have been wiped of all information still contained some unencrypted data.” Click to read entire article.
Security researchers Brenda So and Trey Keown at New York-based security firm Red Balloon say their pair of vulnerabilities allowed them to trick a popular standalone retail ATM, commonly found in stores rather than at banks, into dispensing cash at their command. Click to read entire article.
Retail
Havenly, the online interior design and home decorating platform has disclosed a data breach after a data breach broker leaked 1.3 million user records for free on a popular hacking forum. Click to read entire article.
Mobile App
Zello, a popular push-to-talk app, has disclosed a data breach that could have potentially allowed malicious actors to gain access to users’ email addresses and hashed passwords. Zello boasts 140 million users worldwide, and facilitates real-time communications for frontline workers, transportation services and friends. Click to read entire article.
K-12 Education
The school district was hit with a Distributed Denial-of-Service (DDoS) attack; a malicious attempt to disrupt normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of internet traffic. Click to read entire article.
Healthcare
AIDS Foundation Chicago (AFC) emailed people who have a history with the organization to inform them that a cybercriminal had accessed and copied a file of AFC data in a ransomware attack. Click to read entire article.
On July 28th, 2020, Beaumont Health notified patients of a data breach that occurred between January 3rd and 29th of this year. According to Detroit Free Press, six employee email accounts were accessed after falling victim to a phishing scam. These accounts held private patient information, including names, dates of births, diagnosis, procedures, treatment locations, prescription information, and more. Click to read entire article.
Cyber Insurance
The cyber security insurance market was valued at USD 5.48 billion in 2018, and is expected to reach USD 20.72 billion by 2024, registering a CAGR of 24.30%, during the forecast period (2019-2024). Click to read entire article.
Global Threat Intel
A Russian hacker has published passwords of over 900 enterprise VPN servers on a hacking forum visited by several ransomware groups, putting them at risk. Click to read entire article.
Mexico
On July 28th, a reported 127,432 account users’ emails and iVoy passwords were exposed on an online forum. Click to read entire article.
Canada
Recently, the Nova Scotia Health Authority announced it sent letters to 211 patients whose medical records were snooped on by two employees at two hospitals in Kentville and New Glasgow. Click to read entire article.
EU/UK
The airline anticipates its fine will be written down by as much as 90pc from its initial £183m. Click to read entire article.
Interpol has warned that the coronavirus pandemic has led to an “alarming” rate of cyberattacks as criminals focus increasingly on larger organizations by targeting staff working from home. Click to read entire article.
The British Dental Association (BDA) has suffered a data breach causing fears that the bank account numbers of a number of UK dentists have been stolen. Click to read entire article.
Asia/Pacific
Recently, Telstra customers faced issues in connecting to the internet. It turns out that Telstra actually suffered a DoS attack. Click to read entire article.
According to Honi Soit, a database of 440,000 ProctorU user records was published by hacker group ShinyHunters over the past week along with hundreds of millions of other user records. ProctorU user data exposed includes usernames, unencrypted passwords, legal names, and full residential addresses. Click to read entire article.
The number of data breaches caused by ransomware rose to 33 in the first half of 2020 from 13 in the previous six-month period, according to the latest report from the Office of the Australian Information Commissioner. Click to read entire article.