Week in Breach
The National Rifle Association (NRA)
https://www.nbcnews.com/tech/security/cybercriminals-claim-hacked-nra-rcna3929
Exploit: Ransomware
National Rifle Association: Gun Rights Activist Group
Risk to Business: 1.417= Severe
Guess who’s back? Cybersecurity researchers believe that the notorious Evil Corp has rebranded itself as Grief, the group that has claimed responsibility for a probable ransomware attack at The National Rifle Association (NRA). Grief posted 13 files to its news website last Wednesday after they claimed to have hacked the NRA. The gang is threatening to release more of the files if they’re not paid, but no ransom demand was specified. NBC News reported that the files it saw were related to grants. The samples provided by the gang include blank grant proposal forms, a list of recent grant recipients, an email to a recent grant winner earlier this month, a W-9 form and the minutes from a September 24th NRA teleconference meeting.
Individual Impact: No consumer PII or financial data loss was disclosed in this breach as of press time.
Customers Impacted: Unknown
How It Could Affect Your Customers’ Business: Ransomware can be used to steal and publicize sensitive information that a company doesn’t want exposed.
ID Agent to the Rescue: Learn more about how ransomware is evolving, what we predict that you’ll see next and how to protect your clients in Ransomware Exposed. GET THIS EBOOK>>
PracticeMax
https://www.govinfosecurity.com/phi-stolen-in-practice-management-firms-ransomware-attack-a-17813
Exploit: Ransomware
PracticeMax: Medical Practice Management Services
Risk to Business: 1.822=Severe
A ransomware attack on medical practice management services firm PracticeMax may have exposed Protected Health Information. The company notified members of Village Health that they may have been impacted by a cyberattack in April and May of 2021. VillageHealth is a care coordination program for patients with chronic conditions run by DaVita Inc. and offered through health plans including Anthem and Humana. PracticeMax indicates the breach affected more than 4,400 of its members in legal filings, but a company statement warns that they cannot say for sure that any data was actually accessed or stolen.
Individual Risk: 1.703=Severe
In breach notification letters being sent on behalf of DaVita, Humana and Anthem, PracticeMax says the incident affected PHI including members’ first and last name, date of birth, address, phone number, Social Security Number, member ID number and clinical data pertaining to services received through the VillageHealth program.
Customers Impacted: Unknown
How It Could Affect Your Customers’ Business Service providers that handle a lot of valuable data have been favored targets of ransomware groups looking to profit in the booming data markets.
ID Agent to the Rescue: Building cyber resilience helps insulate organizations from trouble like this. Learn more about why cyber resilience is the ticket to a safer future for your clients. GET THIS EBOOK>>
United States – Schreiber Foods
Exploit: Ransomware
Schreiber Foods: Dairy Processor
Risk to Business: 1.442=Extreme
Wisconsin-based dairy powerhouse Schreiber Foods said its plants and distribution centers are back up and running after a ransomware attack ground operations to a halt over the weekend. The company announced that a “cyber event” had disrupted operations at its processing and distribution centers after critical systems were knocked or taken offline. Schreiber uses a variety of digital systems and computers to manage milk processing, so this event impacted the entire dairy supply chain in the US. This is the latest incident in a string of massive production-impacting cyberattacks against agricultural sector targets. The company is the largest milk processor in Wisconsin, and it has reportedly been hit with a $2.5 million ransom demand.
Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.
Customers Impacted: Unknown
How It Could Affect Your Customers’ Business In September, the FBI released a notice warning companies in the food and agriculture sectors to watch out for ransomware attacks aiming to disrupt supply chains.
Canada – Toronto Transit Commission (TTC)
https://www.cbc.ca/news/canada/toronto/ttc-ransomware-attack-1.6231349
Exploit: Hacking
Toronto Transit Commission (TTC): Government Entity
Risk to Business: 1.615= Severe
The Toronto Transit Commission was the victim of a ransomware attack that it says began last Thursday night and expanded on Friday. Officials were quick to assure the public that the attack has not caused any significant disruption to transit service and the public and employees are not at risk. They specified that transit vehicles are continuing to service their routes, but apps and computer displays of route information are being affected. There’s no word on when those functions will be restored.
Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business Cyberattacks on infrastructure targets are common, and that means that organizations that run and serve them need to step up their security game.
United Kingdom – Graff
Exploit: Ransomware
Graff: Jeweler
Risk to Business: 1.512= Severe
The Conti ransomware gang made headlines again with a successful ransomware attack against high-society jeweler Graff. The company counts clients like Donald Trump, David Beckham, Oprah Winfrey and other major-league clientele. Graff operates at the top end of the diamond jewelry market, with more than 60 retail stores worldwide. Reports say that the Conti group has already posted 69,000 confidential documents on its dark web leak site including client lists, contact data and other proprietary information. Ransom demands are reported to be in the millions of pounds.
Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business Firms like Graff not only have records on deep-pocketed clients, they also have records on transactions that those clients may want to have kept quiet.
ID Agent to the Rescue Over 80% of organizations felt the sting of cybercrime in 2020. See what cybercriminals are shopping for to better predict what will happen next in The Global Year in Breach 2021. READ IT>>
Poland – C.R.E.A.M. Finance
https://securityaffairs.co/wordpress/123861/cyber-crime/cream-finance-cyber-heist-130m.html
Exploit: Cryptojacking (Misconfiguration)
C.R.E.A.M. Finance: Decentralized Lending Platform
Risk to Business: 1.595 = Extreme
For the third time this year, cybercriminals have hit lending platform C.R.E.A.M. Finance, stealing cryptocurrency. This time, thieves made off with $130 million worth of cryptocurrency assets. According to the experts, the attackers have likely exploited a vulnerability in the platform’s flash loan feature, then transferred the stolen funds to a wallet under their control before splitting them through other wallets. This is the third successful heist from the platform this year. Crooks jacked $29 million in August 2021 and $37 million in February 2021.
Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.
Customers Impacted: Unknown