Monthly Breach Report: December 2022 Edition

The rate and cost of data breaches is continually increasing. In fact, since 2001, the victim count has increased from six victims per hour to 97. That’s a 1517 percent increase in 20 years. The 2020 pandemic year drastically impacted the number of hourly victims from 53 in 2019 up 69 percent to 90 victims an hour. This increasing threat is driving organizations worldwide to take cybersecurity seriously. Because if they don’t, they run the risk of being in a headline like some of these below.

Print Label Giant Reports Breach of Employee PII

Ohio-based Multi-Color Corporation (MCC), one of the world’s largest suppliers of labels, notified its 10,000 employees that their sensitive HR data had been compromised in a security breach. The breach, which occurred at the end of September, included such sensitive information as:

• personnel files and information on enrollment in our benefits programs
• personal information of spouses, partners, and dependents who are enrolled in the benefits programs
• former employees may also have had their information compromised

The company noted that the crime did not affect its numerous customers and suppliers worldwide. Although MCC has not stated the nature of the breach, its notice to employees suggests that the incident may have been a ransomware attack: “MCC immediately deployed security measures to address the threat and retained an external incident response team to accelerate our recovery efforts.” The Federal Bureau of Investigation as well as similar officials in its international operations have been notified and are assisting in recovery of the stolen information, according to SecurityWeek. MCC assured employees that there is no indication the data has been misused.

Sources

• Cision PR Newswire
• MCC Data Security Notice
• SecurityWeek

Experian and Pacific Gas and Electric Customer SSNs Exposed

Precise ID, a popular knowledge-based verification (KBV) tool used by many major corporations, could be used to discover partial Social Security Numbers (SSNs), according to a report by the New Jersey Cybersecurity & Communications Integration Cell. The tool is used by companies such as Experian, Pacific Gas and Electric, along with a host of healthcare and state health agencies.

A cybersecurity researcher known as “Lucky225” reported the breach to Precise ID after discovering the problem while logging in to their Pacific Gas and Electric Company account. Lucky225 then identified the same issue with other Precise ID customers and notified the security research online magazine CyberScoop of the issue. The news outlet reports that the breach allows bad actors to access partial SSNs, providing a “gateway for attackers to take over other services and devices.”

This Precise ID issue revealed the last 4 digits of consumer SSNs. This information can be used for a number of crimes, reports CyberScoop, including SIM swapping: “The technique . . . allows cybercriminals to bypass two-factor authentication and gain access to everything from a target’s Twitter account to their bitcoin wallets.”

Lucky225 told CyberScoop that the tool only required a name and current or former address in order to populate the answers to  ID authentication questions. In some cases, the tool requested “an alternate ID or account number but did not check if that number was authentic.” Both Lucky225 and CyberScoop reported they contacted Experian about the issue but received no response.

Sources

• CyberScoop
• New Jersey Cybersecurity & Communications Integration Cell
• TechTarget

AstraZeneca “User Error” Exposes Sensitive Patient Data

British-Swedish multinational pharmaceutical giant AstraZeneca has reported that a developer left internal server credentials exposed to the public for over a year. The credentials, which the developer left on the code-sharing site GitHub, allowed access to sensitive patient data, reports TechCrunch. The information then provided access to the Salesforce cloud environment, which AstraZeneca used to provide medication discounts to patients. After notifying the company of the problem, TechCrunch reported “the GitHub repository containing the credentials was inaccessible hours later.” AstraZeneca blamed the issue on “user error,” but did not report whether any data was accessed or stolen.

Credential exposure on sites like GitHub is an increasingly common issue. Major corporations like Microsoft have recently experienced “accidental source code and credential leakages,” reports Vice. And top drug makers like Merck, Pfizer, and Novartis, have had thousands of breaches in the last four years due to “user error,” reports FiercePharma. These “leakages” expose highly sensitive information such as credit card and banking information, passwords, email addresses, and phone numbers.

Sources

• FiercePharma
• TechCrunch
• Vice

Lockbit Demands $50 Million from German Car Parts Manufacturer

The infamous ransomware gang LockBit recently announced it had stolen 40 gigabytes of sensitive information from Continental, a major car parts manufacturer based in Germany. Lockbit announced the attack through its dark web website and offered the stolen information for $50 million. Continental claims that the attack was thwarted and that business operations were not affected.

As proof of the success of their attack, Lockbit posted messages by company executives that suggest ransomware negotiations were unsuccessful. SecurityWeek reports that the hackers have also created a webpage that displays three buttons: “One of them can be used to extend within 24 hours the time until files are published, which costs $100. Two other buttons can be used to ‘destroy all information’ or ‘download data at any moment’—both of these options have a $50 million price tag.”

The LockBit gang began its criminal activity in September 2019 and has since “grown into one of the most active, feature-rich Ransomware-as-a-Service operations at this time,” reports BleepingComputer. The Federal Bureau of Investigation reports that the gang has exported over $100 million since its inception.

Sources

• Avertium
• BleepingComputer
• EndGadget
• SecurityWeek

New Ransomware Gang Steals Passenger and Employee Information from AirAsia

Security researcher Soufiane Tahiri recently announced that the ransomware group Daixin Team had stolen more than five million records from AirAsia, a Malaysian-based airline. Tahiri reported the crime on Twitter and shared screenshots of AirAsia’s information that the Daixin Team posted on the dark web, reports TechMonitor. The information included two spreadsheets revealing the personal information of both passengers and staff, including:

• date and country of birth
• employment and hiring dates
• secret questions and answers used to secure accounts

The ransomware group announced on its website that it did not lock up any files related to equipment or flight data that would be life-threatening. The group has, however, locked AirAsia out of all of its staff and passenger records. As of press time, the exact ransom amount demanded has not been disclosed.

The Cybersecurity and Infrastructure Security Agency (CISA) reports that the Daixin Team is a relatively new group, launching ransomware operations in June of 2022. The cybercriminals are “actively targeting US businesses, predominantly in the Healthcare and Public Health (HPH) Sector, with ransomware and data extortion operations.” The group typically gains access to a company’s network through its virtual private network (VPN) servers, exploiting unpatched vulnerabilities or using previously compromised credentials gained through phishing.

Sources

• Cybersecurity and Infrastructure Security Agency
• The Hacker News
• TechMonitor 

Help keep your data safe and your business out of the data breach and cybersecurity headlines with the help of PKWARE. Request a demo now to find out how.