August 11, 2021

Monthly Breach Report: August 2021 Edition

PKWARE

In July 2021 major data breaches revealing individuals’ personal data continued and were reported. Breaches targeted industries known to harbor rich personal data troves across global geographies.

Personal Data Vulnerabilities Can Affect Anyone

Saudi Aramco, a $230 billion annual revenue corporation, suffered a data loss through a third-party contractor of at least 1 TB vulnerable data now being offered on the dark web for sale. The network and servers were reportedly attacked. A sampling of redacted employee and customer PII along with blueprints of refineries and internal analysis reports, letters, pricing agreements, and network layouts were posted along with the offer for sale priced from $5 million to $50 million depending on scope and exclusivity of the buyer. US officials reportedly blamed this leak on Iran, noting recent US-Israeli cooperation may have spurred a leak of this nature.

Up to 1,500 companies were affected by a Kaseya ransomware attack reported in early July. US-based Kaseya offers provides software tools to IT-outsourcing MSPs, which typically complete small and medium business back-office work. The infiltration paralyzed businesses across the globe on five continents. Kayesa has been working with HMS, the White House, and the FBI about the breach.

UK’s National Lottery Community Fund reported a longstanding data breach in late July exposing sensitive personal data—including names, physical addresses, email addresses, landline and mobile numbers, dates of birth, bank account details, and applicant organizations’ addresses and websites—of grant holders and applicants.

Personal information of volunteers and ticket holders of the Japan Olympics 2020 was compromised in July 2021—following earlier breaches weeks earlier in May and June this year. Sensitive and personal data, such as names, addresses and bank account numbers are reported as compromised. Data was gathered via credential theft where phishing directed users to enter the required information to pay for events that are not happening. “The fake phishing pages are conduits for Tokyo Olympics 2020 account holders to input their personal logins, exposing their credentials to fraudsters,“ a Kapersky security expert confirmed.

Guess?, Inc. was targeted in ransomware. The nature of the heist was highly sophisticated and strategic. “The significant amount and very personal types of data being collected by the organization, including passport numbers, Social Security numbers, driver’s license numbers, financial account and/or credit/debit card numbers with security codes, passwords, or PIN numbers, is an extremely valuable dataset for cybercriminals if they want to steal identities,” according to Eric Kron at KnowBe4. The specific set of employees and contractors whose persona data was compromised were all notified and further steps to enhance security systems were taken.

Sources

Governments Reveal Personal Data Vulnerabilities

New England municipalities using a product by PeopleGIS that was storing information in misconfigured and similarly named Amazon S3 buckets experienced significant breaches with personal data readily accessible. Total data was over 1000 GB and more than 1.6 million files. Vulnerability for those individuals includes identity theft, potential fraud and scams on elderly regarding their property, and ransoming the data back to the municipalities.

NSO Group, an Israeli military-grade spyware company, deployed Pegasus through licensed use only by governments and police forces to track criminals—and a list of world leaders with their personal phone numbers and private data was leaked. The list is believed to reveal persons of interest by government clients of NSO. It includes individuals subsequently targeted for surveillance.

Once Pegasus infiltrates a person’s iPhone, for instance, it navigates and tracks every movement, call, and conversation, collecting specific information and incidental contacts. Over a dozen heads of state, and possibly hundreds of activists, journalists, and attorneys’ phones showed traces of Pegasus infection or attempts to infect, according to Amnesty International’s Security Lab.

Poland’s Parliament members’ email accounts were hacked in a far reaching cyber-attack, with victims spread across a myriad of opposing parties. When it was noted that personal accounts were also involved, loud criticism followed about conducting official business on personal accounts and devices. Evidence is pointing to links with Russian secret services as part of a campaign known as Ghostwriter. The Russian government and the Kremlin have repeatedly denied carrying out or tolerating cyber-attacks.

Iran’s Transport Ministry confirmed it had been attacked shortly after chaos took over train stations nationwide due to a cyberattack targeting the national railway company’s computer systems scrambling posted arrival and departure times. The Portal page had to be taken offline. Ransomware is reportedly the culprit and various departments are on alert for ongoing cyber-attacks.

Florida residents filing unemployment in 2021 have been notified vast amounts of their personal data may have been fraudulently exposed in a July data breach. The State of Florida breach affected CONNECT, the reemployment service system. Attackers may have also accessed PINs used to access CONNECT accounts. Nearly 58,000 individuals’ personally identifiable information was exposed.

Just over the state border, Mobile County, Alabama employees have learned their private data was leaked. The county worked with a third-party forensics specialist to determine the extent of the leak. Systems were held off line until the specialists determined what was put at risk. Names, dates of birth, Social Security numbers, direct deposit banking information, and health insurance contact information were all exposed. Threat actors went on to release and upload portions of at least 95 BG of exfiltrated data while the county was unable to stop them by meeting their demands.

Sources

Does Insurance Assure Customers?

Over 2 million BRI Life customers in Indonesia had their data hacked out of employees’ computers and put out for sale. Samples shared by the criminals included taxpayer information, personal identification, and bank account details.

AJG in the US was hit by ransomware last fall yet didn’t notify customer until July. Impacted personal data included: Social Security Number or tax identification number, driver’s license, passport or other government identification number, date of birth, username and password, employee identification number, financial account or credit card information, electronic signature, medical treatment, claim, diagnosis, medication or other medical information, health insurance information, medical record or account number, and biometric information.

CNA commercial insurer provides an extensive array of insurance products—including cyber insurance policies—to individuals and businesses across the US, Canada, Europe, and Asia. Personal information including names and Social Security Numbers of over 75,000 customers was stolen by a hacker, and customers were informed in July.

Servers at QSure Insurance in South Africa were breached and personal information including banking details, account holder name, bank account numbers and bank branch codes was compromised.

Sources

Is Infrastructure Secure?

Northern Trains rail ticket machines by Flowbird in the UK were attacked by ransomware criminals, possibly in a supply-chain attack meant to stop operations and extort payment.

Ransomware that cybersecurity experts have linked to a series of high-profile data breaches likely carried out by crime gangs from Eastern Europe and Russia levied an attack on South African port company Transnet. The attack caused the company to declare force majeure at container terminals and switch to manual processing of cargo.

Sources

Keep your organization’s sensitive and personal data out of the hands of cyber criminals—and out of headlines! The PK Protect suite of data security and protection solutions allows you to build a custom stack of cybersecurity designed to meet the needs of the enterprise, from on-premises and cloud data stores to endpoint and mobile devices.

Find out how PK Protect can work for you with this free demo.

Share on social media
  • Data Retention: Aligning Data Protection Strategies with Compliance Requirements
    Ben Meyers March 13, 2024
  • Data Breach Report: March 2024
    PKWARE March 8, 2024
  • PCI DSS 4.0 Compliance: Safeguarding the Future of Payment Security
    PKWARE February 22, 2024
  • Data Breach Report: February 2024
    PKWARE February 15, 2024