Monthly Breach Report: March 2023 Edition

In February alone, research identified 106 publicly disclosed incidents accounting for 29,582,356 breached records in one month. Added to the more than 277 million breached records in January, the running total for the year is already over 300 million pieces of compromised personal data. And the count just keeps rolling.

More and more organizations are experiencing devastating security breaches and are finding themselves unprepared for the eventuality of a data breach, despite how common breaches have become. Read on to learn more about some of the most recently targeted organizations.

BlackCat Targets Weaponry Firm

Ransomware group BlackCat hacked into Solar Industries India Limited, an industrial explosives manufacturer, and stole more than 2 TB of critical data. According to the hackers, low security meant that they had easy access to data affecting all products and classified documents, including full engineering specifications, weapons blueprints, warhead composition details, and internal product testing. In addition to critical product and partnership data, BlackCat also stole employee and customer PII data. The dark web post also claims stolen data includes “serious evidence of industrial spying in other countries (including friendly states).”

Confirmed in February, the attack itself took place on Republic Day of India (January 26). BlackCat, who built its reputation by targeting US Defense Contractor NJVC and other critical organizations over the last year, posted messages online inviting bids for the data. At the time of reporting, Solar Industries’ website was inaccessible, though it is unclear if this is related to the outstanding ransomware threat.

Sources

• iZOOlogic
• Cyware
• RedPacket Security
• Cybersecurity Insiders

Popular Background Check Services Breached

TruthFinder and Instant Checkmate, two popular subscription-based background check services both owned by PeopleConnect, confirmed a data breach that exposed the data of more than 20 million customers worldwide. The two stolen CSV files contained data from more than 11.9 million Instant Checkmate users, over 8.2 million US-based TruthFinder users, and over 4,000 TruthFinder International users. Data contained in the files included first and last names, email address, phone number, encrypted passwords, and expired/inactive password reset tokens. The company claims no user activity or payment data was included in the stolen lists.

According to parent company PeopleConnect, the list “was created several years ago and appears to include all customer accounts created between 2011 and 2019.” The published list originated inside the company. Thus far, investigations have not uncovered any evidence of malicious activity. The owner of the Breached forum where the data was posted also confirmed the data was exfiltrated from an exposed database backup found by a forum member.

Sources

• SC Media
• BleepingComputer
• Bitdefender
• Security Week

Cyberattackers Head to School

Schools were particularly targeted this quarter, cancelling classes for educators and students across the globe. Berkeley County Schools in West Virginia suffered a network outage during which students’ personal data may have been stolen in a cyber-attack. Classes were canceled for a day and the superintendent committed to notifying individuals immediately if their personal data was at all impacted.

Similarly, Munster Technological University students in Ireland learned that classes would be canceled at all four of its Cork campuses for two days after a significant IT breach. Several learning tools were affected, prompting the class cancelation to assess the impact, which turned out to involve ransomware group BlackCat. The university had planned to host a Cybersecurity for Business workshop the week following the breach.

While Mount Saint Mary College in New York claimed to have already detected and stopped a cyberattack in December 2022, it wasn’t until last month when Vice Society, the ransomware group responsible, shared details publicly that the college confirmed that they were hit by a ransomware attack.

Sources

• Daily Caller
• The Record – Munster Technological University
• Bank Info Security
• The Record – Mount Saint Mary College

Email Misstep Sends PII to the Wrong Inboxes

Human error made a big impact at Liverpool NHS hospital trust when a file of sensitive payroll information was mistakenly emailed to hundreds of NHS managers and 24 external accounts. According to the apology letter from trust chief executive, James Sumner, “[t]he spreadsheet file included a hidden tab which contained staff personal information. . . . The information in this hidden tab included names, addresses, DOBs, NI numbers, gender, ethnicity, salary, it did not include bank account details.”

Within an hour of the email being sent, NHS had deleted both the email and the data file from their systems. The organization is also taking action to ensure an error of this magnitude does not occur again. “If identifying personal information is sent out to the wrong recipients, the sender is in clear violation of GDPR laws and staff may have grounds for compensation,” said Hayes Connor law firm’s legal director, Christine Sabino.

Sources

• Infosecurity Group
• Liverpool Echo
• Digital Health
• Hayes Connor

Exposed Social Media Data Isn’t So Slick

A newer Indian social media app was found to have left an internal database of users’ personal information exposed to the public since early December 2022 due to misconfiguration. Launched in November 2022, Slick is a compliments-based app aimed at teenagers and college students that also allows students to talk with and about friends anonymously.

The exposed database contained full names, mobile numbers, birth dates, and profile photos for more than 153,000 Slick users, including minors who downloaded and installed the app. This was discovered by security researcher Anurag Sen of CloudDefense.ai. Together with the help of TechCrunch, Sen reported the incident to the social media startup. Shortly after, Slick secured the exposed database. While the exposure has been secured, it is currently unknown whether anyone else found the database in the meantime. The cybersecurity incident was also reported to India’s computer emergency response team, CERT-In.

Sources

• TechCrunch
• Bitdefender
• The Hindu Business Line

Keep your data out of the wrong hands and your company out of the headlines with help from PKWARE. Whether you need to secure data on endpoints, databases, or email, we’ve got a solution that will work for you. Request your free demo now to learn more.