October 6, 2022

Monthly Breach Report: October 2022 Edition

PKWARE
Monthly Breach Report: October 2022 Edition

Data breaches aren’t just for big corporations—they affect companies and organizations of all shapes, sizes, and sectors, and they can cost millions in damages. With the cost of a data breach at an all-time high, it’s more important than ever to secure data and train employees to be a first line of defense, a lesson the following organizations may need to take to heart after the recent month.

Clop Ransomware Groups Strikes Another Industrial Network

The infamous ransomware group Cl0p (known as “Clop”)  recently hacked into a UK water supplier’s industrial control system and posted screenshots of the system’s dashboard to boast of their crime online. The network controls the water company’s Supervisory Control and Data Acquisition (SCADA) system, which in turn controls the region’s water flow to homes and businesses. SCADA systems are widely used to monitor and control industrial systems such as water, oil, gas, and electric grid supply and distribution networks. Successful attack on these real-time controls can have serious consequences on water and energy supplies.

The Malware Hunter Team posted the screenshots on their Twitter account (@MalwareHunterTeam), but noted that screenshots don’t necessarily prove that Clop ever actually had control of the SCADA system. When asked about the hack by Vice magazine, the hackers responded in an email:

“We do not harm people and treat critical infrastructure with respect. “We didn’t really go into it because we didn’t want to harm anyone.”

Clop is internationally notorious for targeting the industrial sector for ransom demands, according to BleepingComputer, which reports that 45 percent of Clop ransomware attacks are on industrial organizations.

Sources

Tulsa Tech Student Records Hacked

Hackers recently stole the personal data of Tulsa Tech students who were enrolled between 1986 and 1999. The Oklahoma-based school notified the affected students that their names and Social Security numbers were compromised by a data breach on the school’s network. As of press time, school officials have not disclosed the identity of the hackers or if there was a ransom request. The school is offering victims free credit monitoring for one year.

Breaches of student data systems are a massive problem across the US, reports CompariTech: “Since 2005, K–12 school districts and colleges/universities across the US have experienced over 1,850 data breaches, affecting more than 28.6 million records.”

The Blackbaud ransomware attack in 2020 is one of the most infamous crimes committed on educational institutions. Blackbaud provides software programs to educational and non-profit institutions. The company downplayed a “months-long” breach affecting millions of people and dozens of companies. The organization paid a ransom to the cybercriminals who carried out the attack and then was sued by the victims, according to a Reuters report.

Sources

Samsung Reports Second Security Breach This Year

In August, the South Korean multinational electronics giant Samsung reported a data breach that occurred sometime in July. This is the second time this year the company has been hacked. Company officials reported that the following US customer information was compromised:

  • customer names
  • contact and demographic information
  • dates of birth
  • product registration details

The company emphasized no Social Security or credit card numbers were leaked, but also warned that the stolen information could be used for social engineering attempts. Officials noted customers should be wary of links and attachments that appear to come from Samsung. AI reports that the recent hack only occurred on the company’s servers and did not involve any consumer devices or app controls.

Samsung was the victim of another hack earlier this year in March when the Lapsus$ ransomware gang stole source code for the Galaxy smartphone.

Sources

Anonymous Strikes at Russia, Causing a Major Traffic Jam in Moscow

“Anonymous” has once again hacked into a Russian network as part of a series of attacks to protest the Russian war in Ukraine. This time, Anonymous hacked into the Russian ride-hailing app service, Yandex Taxi, which owned by one of Russia’s largest IT companies. The culprits breached the app and ordered all available taxis to one location in Moscow, causing a major three-hour traffic jam. Anonymous proclaimed credit for the incident in an announcement on their Twitter account, @YourAnonTV. The Tweet included video of dozens of taxis stalled in traffic on one of Moscow’s busiest thoroughfares. Anonymous also announced the hack was in cooperation with the IT Army of Ukraine, a group of volunteer threat actors from around the world focused on hacking Russian organizations.

The event is one of the first known hacks used to create a traffic jam, reports Engadget. Yandex officials stated to media outlets that they were able to quickly cancel the taxi requests, but not in time to prevent the traffic jam. They have since reconfigured the app’s algorithms to prevent similar future attacks.

Sources

IRS Mistakenly Publishes Private Taxpayer Information

In September, the Internal Revenue Service (IRS) announced that it accidentally published 120,000 taxpayers’ personal information on its website. The compromised data included information from the individuals’ Form 990-T, the Return of Organization Exempt from Income Tax, according to Yahoo! News. The document relates to individual retirement accounts which generate business income. Compromised data did not include Social Security numbers but did reveal names, contact information, and financial information about income within retirement accounts.

The IRS notified the Treasury Department of the mishap and sent a detailed account to Congress, according to The Wall Street Journal.  Many charities and non-profits also file Form 990-T, and this information is available to the public. The IRS blamed a human error in coding for electronic filing of Form 990-T. Nonpublic data was included with public data and could be found by searching on the website, according to Mashable. The IRS individually contacted all affected individuals. Like many federal agencies, the IRS continues to operate using outmoded technology which has led to the leak of private taxpayer data being released.

Sources

Don’t let your organization’s private data become a breach headline. PKWARE’s purpose-built data discovery and protection solutions help businesses locate data wherever it lives and moves, and applies automatic policy-driven protection. See how it works with a free customized demo.

Share on social media
  • Top Cybersecurity Predictions for 2025

    Jason Dobbs November 18, 2024
  • Blog Data Breach Report Oct 2024

    PKWARE November 14, 2024
  • Data Breach Report: September 2024 Edition

    PKWARE October 9, 2024
  • Data Breach Report: August 2024 Edition

    PKWARE September 6, 2024
  • Top Cybersecurity Predictions for 2025
    Jason Dobbs November 18, 2024
  • Blog Data Breach Report Oct 2024
    PKWARE November 14, 2024
  • Data Breach Report: September 2024 Edition
    PKWARE October 9, 2024