The Week in Breach
The City of Wheat Ridge, CO
https://www.denverpost.com/2022/09/22/wheat-ridge-ransomware-fremont-county-cyber-attack/
Exploit: Ransomware
The City of Wheat Ridge, CO: Municipal Government
Risk to Business: 2.175 = Severe
A Colorado city is putting its IT systems back in order after a successful cyberattack by the BlackCat group. Local media report that following the attack, Wheat Ridge had to shut down its phones and email servers to assess the damage the cybercriminals had done to its network. That, in turn, prompted the city to close down City Hall to the public for more than a week. The cybercriminals demanded $5 million in Monero as the ransom, but the city declined to pay, opting to restore from backups. The city government has been able to return to normal business, and the attack is under investigation by the U.S. Federal Bureau of Investigation.
How It Could Affect Your Customers’ Business: Ransomware attacks against governments and municipalities have been proliferating.
Rockstar Games
https://www.hackread.com/uber-hacker-rockstar-games-hacked-gta-6-data/
Exploit: Hacking
Rockstar Games: Video Game Developer
Risk to Business: 2.136 = Severe
Rockstar Games confirmed on Monday that a hacker broke into its systems and stole confidential internal data, including footage and source code from the previously unannounced next installment of its popular Grand Theft Auto series. The New York-based company appears to have been breached through a stolen employee Slack account. The hacker that claimed responsibility, “teapotuberhacker”, also says that they’re behind a murky hacking incident at Uber last week. The cybercriminal shared a link to footage and clips purportedly from Grand Theft Auto 6 on a Grand Theft Auto fan forum. The company has confirmed that the game is in development and that the attack occurred.
New York Racing Association
Exploit: Ransomware
New York Racing Association: Professional Group
Risk to Business: 2.703 = Moderate
The Hive ransomware operation has claimed responsibility for an attack on the New York Racing Association (NYRA). The NYRA operates the three major thoroughbred horse racing tracks in New York, the Aqueduct Racetrack, the Belmont Park (home of the Triple Crown event the Belmont Stakes) and the historic Saratoga Race Course. The attack took place in late August 2022 and breach notices were filed with authorities last week. Press reports say that the hackers have also published a link to freely download a ZIP archive containing all of the files they allegedly stole from NYRA’s systems.
Risk to Individual: 2.624 = Major
Member data that may have been exposed includes Social Security numbers (SSNs), driver’s license identification numbers, health records and health insurance information.
American Airlines
Exploit: Business Email Compromise
American Airlines: Airline
Risk to Business: 2.639 = Moderate
American Airlines has filed a breach notice declaring that it has had a data breach that may have impacted personal data for about 1700 customers and employees. Bleeping Computer detailed the incident saying that the American Airlines Cyber Security Response Team found out the attack from the targets of a phishing campaign that was using an employee’s hacked Microsoft 365 account to send phishing messages. Reportedly, the attacker accessed multiple employees’ accounts via phishing and used them to send more phishing emails to additional targets that have not been named.
Risk to Individual: 2.714 = Moderate
Employee or customer personal information exposed in the attack may have included employees’ and customers’ names, dates of birth, mailing addresses, phone numbers, email addresses, driver’s license numbers, passport numbers or certain medical information.
UK – Revolut
Exploit: Social Engineering
Revolut: Digital Bank
Risk to Business: 1.102 = Extreme
Revolut, a London-based digital banking application that provides banking, investing, currency transfer and other money management services to some 16 million users globally, has experienced a data breach. The FinTech startup confirmed that the personal information of an unspecified number of users (reports point to 50K customers) was accessed illegally after what the company is terming “a social engineering attack” in early September. The company said that impacted customers have been informed via email and relevant authorities have been informed. No information was available on the exact nature of the exposed data at press time.
Portugal – TAP Air Portugal
Exploit: Ransomware
TAP Air Portugal: Airline
Risk to Business: 1.637 = Severe
The Ragnar Locker ransomware group has claimed responsibility for a ransomware attack that hit TAP Air Portugal, the country’s state-owned flagship airline. The incident began a month ago but was just confirmed by the airline. Ragnar Locker has been advertising the stolen data on its dark website since early September. No ransom amount has been reported, and the group has posted a portion of the stolen data already. Portugal’s President Marcelo Rebelo de Sousa, MPs, government staff and high-ranking military officers are among the passengers whose data has been stolen.
Individual Risk: 1.902 = Severe
Exposed customer data includes names, addresses, email addresses, phone numbers, corporate IDs, travel information, nationality, gender and other personal information.
Australia – Optus
Exploit: Ransomware
Optus: Telecom
Risk to Business: 1.102 = Extreme
Australia’s second-largest telecom Optus has been hit by a ransomware attack. One of the largest data breaches in Australian history, the incident impacts an estimated 10 million customers or about one-third of Australia’s population. A bad actor using the moniker “optusdata” claimed to be the force behind the attack and initially posted a ransom demand of $1.5 million as well as the personal data of about 10k people on a dark web forum. They’ve since withdrawn that post. Some news articles have pointed at an API interface configuration error as the access point for the bad guys, but that has not been confirmed. The incident is under investigation.
Risk to Business: 1.236 = Extreme
Customer data has been exposed including home addresses, drivers’ licenses, passport numbers. names, addresses, phone numbers, email addresses and individuals’ preferred pronouns. The company says that no financial or commercial account data was accessed.
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident