United States – Molson Coors
https://edition.cnn.com/2021/03/11/tech/molson-coors-cybersecurity-hack/index.html
Exploit: Hacking
Molson Coors: Brewing Conglomerate
Risk to Business: 1.727 = Severe
Molson Coors told regulators that they’ve experienced a serious cybersecurity incident. The hack has taken its systems offline, delaying and disrupting parts of Molson Coors’ operations, including its production and shipments.
Individual Impact: No sensitive personal or financial information was announced as impacted in this incident, but the investigation is ongoing.
Customers Impacted: Unknown
How it Could Affect You: Hacking that disrupts production is a big problem, and reassessing cybersecurity training is a good idea after a serious incident like this.
United States – Premier Diagnostics
https://www.infosecurity-magazine.com/news/utah-company-unsecured-server/
Exploit: Unsecured Database
Premier Diagnostics: Medical Testing
Risk to Business: 1.872 = Severe
Utah medical testing company Premier Diagnostics has exposed the sensitive information of more than 50,000 customers by storing personally-identifying information on an unsecured server. The breach at Premier Diagnostics was discovered by researchers and contains sensitive customer data including scans of passports, health insurance ID cards, and driver’s licenses. Patients affected are from Utah, Nevada and Colorado.
Individual Risk: 1.612 = Severe
Patients should be aware of this information being used for identity theft and spear phishing.
Customers Impacted: 50,000
How it Could Affect You: Sensitive PII requires stong protection, esopecially in the medical sector, because failure to keep it safe incurs huge fines.
United States – University of Texas at El Paso
https://www.infosecurity-magazine.com/news/hackers-target-texas-university/
Exploit: Hacking
University of Texas at El Paso: Institution of Higher Learning
Risk to Business: 2.212 = Severe
The computer network of the University of Texas at El Paso had to be shut down as technicians discovered a significant cyberattack in progress. Email and the server hosting the university’s website were affected by the incident, forcing faculty and students to communicate via Blackboard. The cyber-attack has also led to the closure of the university’s walk-up COVID-19 testing sites.
Individual Impact: No sensitive personal or financial information was announced as impacted in this incident, but the investigation is ongoing.
Customers Impacted: Unknown
How it Could Affect You: Hackers can disrupt large parts of an operation fast, leaving businesses scrambling to get back to work and causing lost revenue.
United States -Cochise Eye & Laser
https://www.infosecurity-magazine.com/news/ransomware-attack-on-arizona/
Exploit: Ransomware
Cochise Eye and Laser: Optometry
Risk to Business: 1.727 = Severe
A ransomware incident at an optometrist located in Sierra Vista, Arizona, has affected up to 100,000 patients. In a recent breach notice, Cochise Eye and Laser informed regulators that the practice has been hit by ransomware, encrypting the office’s patient scheduling and billing software.
Individual Risk: 1.603 = Severe
Patient data stored in the billing software included names, dates of birth, addresses, phone numbers, and in some cases Social Security numbers. There is no evidence that data was exfiltrated, but customers of this practice sjould be ready for potential identity thefy or phishing.
Customers Impacted: Unknown
How it Could Affect You: This is a tremendous problem for businesses of every size, and even without confirmation that data was stolen the practice will be dinged with a substantial fine.
Canada – Canada Revenue Agency (CRA)
Exploit: Hacking
Canada Revenue Agency (CRA): National Taxation Authority
Risk to Business: 1.102 = Extreme
The CRA has locked down 800,000 online taxpayer accounts following an internal investigation that found user logins and other sensitive information may have been hacked. The agency noted that it could take until March 22 for the issues to be resolved.
Individual Impact: No sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing.
Customers Impacted: 800,000
How it Could Affect You: Reports say that this hack was likely discovered by dark web monitoring, preventing a potential cybersecurity disaster.
United Kingdom – West Ham Football Club
https://www.infosecurity-magazine.com/news/west-ham-supporters-personal/
Exploit: Unsecured Database
West Ham Football Club: Professional Sports Team
Risk to Business: 2.775 = Moderate
English Premier League football club West Ham United appears to have accidentally leaked personal data of supporters on its official website. Cybersecurity experts believe it is likely the problem was caused by an internal error.
Individual Risk: 2.802 = Moderate
Details of fan account profiles including full names, dates of birth, telephone numbers, address and email address were displayed when supporters attempted to log into the club’s ticketing website.
Customers Impacted: Unknown
How it Could Affect You: Human error is the top cause of cybersecurity incidents. Improve security awareness training for everyone in the organization to reduce it.
Scotland – University of the Highland and Islands (UHI)
https://www.theregister.com/2021/03/08/uni_highlands_islands_cyber_incident/
Exploit: Ransomware
University of the Highland and Islands (UHI): Institution of Higher Learning
Risk to Business: 1.603 = Severe
The University of the Highlands and Islands (UHI) in Scotland has been hit with a suspected ransomware attack that has shut down its campuses. All 13 locations across were impacted as well as its Brightspace virtual learning environment.
Individual Impact: No sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing.
Customers Impacted: Unknown
How it Could Affect You: Ransomware is almost always part of a phishing attack. Brush up on the latest phishing lures to spot and stop phishing in our eBook Phish Files. GET THIS BOOK>>
Spain – State Public Employment Service (SEPE)
https://www.cyberscoop.com/spain-ransomware-employment-agency-sepe/
Exploit: Ransomware
State Public Employment Service (SEPE): Government Agency
Risk to Business: 2.020= Severe
The cyberattack on Spain’s State Public Employment Service (SEPE) affected the agency’s offices around the country, forcing employees to use pen and paper to take appointments. The suspected ransomware attack disrupted operations at the authortity for unemployment assistance snarling progress for for hundreds of thousands of unemployed Spainiards. The incident is under investigation.
Individual Impact: No sensitive personal or financial information was declared as compromised immediately but the investigation is ongoing and more details may emerge.
Customers Impacted: Unknown
How it Could Affect You: Ransomware doesn’t discriminate, and even a narrow impact can have big consequences for operations, causing delays and dissatisfaction for clients.
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.
No comments:
Post a Comment