Monthly Breach Report: January 2023 Edition
As the world gears up for whatever 2023 may hold, statistics from 2022 give significant context to the current state of cybersecurity around the world. For example, as many as 236.1 million ransomware attacks were reported worldwide in just the first six months of 2022. And more than 75 percent of responders to a 2022 case study of the US, Canada, UK, Australia, and New Zealand say their organization has suffered at least one cyberattack in 2022. Check out some of the most recent victims below.
Swedish Municipalities Declare Crisis Situation after Cyberattack
In mid-December 2022, Swedish municipalities Borgholm and Mörbylånga were forced to declare a crisis situation after discovering a cyberattack on the joint IT system the two municipalities share. Together making up the island of Öland , which boasts a population of around 25,000, the municipalities disconnected the systems from the internet, leaving citizen services such as email and healthcare services unavailable. According to The Record, healthcare providers in the area have reverted to using pen and paper, which Borgholm municipal manager Jens Odevall says there are routines in place to do. The most affected entity of the cyberattack is the Bornholm Energi website, which provides various infrastructure services.
While no additional details about the attack—such as whether it was an extortion attempt or sabotage—are yet available, it does follow multiple other ransomware attacks that have recently targeted European municipalities, such as the Belgian city of Antwerp.
Sources
Restaurant CRM Serves Up Confirmation of Data Breach
SevenRooms—a restaurant customer relationship management (CRM) platform used by restaurant chains and hospitality service providers such as MGM Reports, Bloomin’ Brands, Mandarin Oriental, and Wolfgang Puck—confirmed a data breach in December 2022. The confirmation came after a threat actor posted data samples on the Breached hacking forum and said they had stolen a 427 GB backup database with thousands of customer information files. According to SevenRooms, the data theft was a result of unauthorized access to one of its vendor’s systems. “SevenRooms recently learned that a file transfer interface of a third-party vendor was accessed without authorization,” the spokesperson stated.
Samples of the stolen data that were posted online included API keys, payment reports, reservation lists, and promotional codes. However, SevenRooms stated that no credit card information, bank account data, Social Security numbers, or other highly sensitive information was stored on the compromised servers, and therefore was not exposed. The affected interface was immediately disabled and the organization has haired an independent cybersecurity company to help investigate the incident and prevent future breaches.
Sources
Uber Data Delivered to Hacking Forum in Third-Party Breach
Having already suffered a security incident in September when threat actors gained access to the internal network and company Slack server, Uber has fallen victim to another incident. This time, the ride-hailing and delivery provider had data stolen during a breach of Teqtivity, used by Uber for asset management and tracking services. Threat actors managed to access a Teqtivity AWS backup server and stole device information (serial number, make, model, technical specs) and user information (first name, last name, work email address, work location details) for companies using the Teqtivity platform.
Initial forum posts that led to the discovery of the data breach implicated the Lapsus$ group in the breach; however, new details indicate that Lapsus$ is not involved. Investigations continue by a third party forensics firm to uncover the true source of the breach. All data thus far is confirmed to have come from the Teqtivity systems, with no evidence of malicious access to the Uber International systems. Teqtivity maintains that it does not collect or retain any personal information such as home address, banking information, or government identification numbers. However, with the release of work email addresses, experts believe all Uber employees should be on high alert for phishing emails that impersonate Uber IT support.
Sources
The Metropolitan Opera Hits a Low Note with Cyberattack
The arts community has already struggled to recover from financial instability due to pandemic disruptions, and a cyberattack on the Metropolitan Opera only exacerbated the issue. The attack shut down the Met’s website and box office from December 7 – 15, 2022. Typically generating up to $200,000 in ticket sales daily, the Met was unable to sell tickets. Three days after the attack shut down ticketing, Lincoln Center stepped in to sell tickets for $50 each until service was restored to the Met’s box office on December 15. Ongoing investigations did reveal that ticketing customer data, including credit card information, was not stolen in the attack.
While some theorized that Russia was behind the attack due to the Met parting ways with Russian soprano Anna Netrebko after her failure to distance herself from President Vladimir Putin and the opera’s outspoken support of Ukraine, Met General Manager Peter Gelb is quoted as stating that the attack appears to be the work of an organized criminal gang. Non-profit groups such as the Metropolitan Opera are often targeted by hackers because they do not often have the budget, resources, or knowledge to stand up robust cybersecurity measures. Cyber insurance claims from nonprofit policy holders went up 57 percent in 2022.
Sources
Healthcare Bleeds Data in Multiple Attacks
Healthcare was hit excessively hard in 2022. San Gorgonio Memorial Hospital in California reported a data breach that included names, addresses, birth dates, Social Security numbers and medical care details. An unauthorized party had access to the facility’s computer network for nearly two weeks before the breach was detected. The hospital is using an undisclosed third-party forensic firm to investigate. Meanwhile, the staff resorted to handwritten notes for six days while the electronic records system was shut down.
Earlier in December, it was revealed that a breach at pediatric health IT vendor Connexin Software in August may have resulted in data compromise for more than 2.2 million patients across 120 pediatric physician practices in the United States. Compromised data included the pediatric patients’ Social Security numbers, health insurance information, billing, and claims data. This information may also impact data from parents and guardians of patients.
Finally, Safdarjung Hospital in New Delhi, India, experienced a cyberattack which shut down servers for a day in November. By contrast, the All India Institute of Medical Sciences (AIIMS) hospital experienced servers that were down for nearly two weeks, forcing doctors to track work manually. AIIMS scanned approximately 3,000 computers and updated antivirus protections. Two analysts were suspended for breach of data, though additional individuals are likely involved.
Sources
Large or small, for profit or non, no organization is exempt from the threat of cyberattack. Protect data wherever it lives and moves across your network and the networks of service providers and business partners with the help of PKWARE. Request your free demo here and we’ll show you how we get it done.
Ben Meyers March 13, 2024
