Tag Archive for: Breaches

A Russian ransomware gang breaches the Energy Department and other federal agencies

/in


The Department of Energy and several other federal agencies were compromised in a Russian cyber-extortion gang’s global hack of a file-transfer program popular with corporations and governments, but the impact was not expected to be great, Homeland Security officials said Thursday.

But for others among what could be hundreds of victims from industry to higher education — including patrons of at least two state motor vehicle agencies — the hack was beginning to show some serious impacts.

Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, told reporters that unlike the meticulous, stealthy SolarWinds hacking campaign attributed to state-backed Russian intelligence agents that was months in the making, this campaign was short, relatively superficial and caught quickly.

“Based on discussions we have had with industry partners … these intrusions are not being leveraged to gain broader access, to gain persistence into targeted systems, or to steal specific high value information— in sum, as we understand it, this attack is largely an opportunistic one,” Easterly said.

“Although we are very concerned about this campaign and working on it with urgency, this is not a campaign like SolarWinds that presents a systemic risk to our national security or our nation’s networks,” she added.

A senior CISA official said neither the U.S. military nor intelligence community was affected. Energy Department spokesperson Chad Smith said two agency entities were compromised but did not provide more detail.

Known victims to date include Louisiana’s Office of Motor Vehicles, Oregon’s Department of Transportation, the Nova Scotia provincial government, British Airways, the British Broadcasting Company and the U.K. drugstore chain Boots. The exploited program, MOVEit, is widely used by businesses to securely share files. Security experts say that can include sensitive financial and insurance data.

Louisiana officials said Thursday that people with a driver’s license or vehicle registration in the state likely had their personal information exposed. That included their name, address, Social Security number and birthdate. They encouraged Louisiana residents to…

Source…

Capita hack: 90 organisations report data breaches to watchdog

/in



Around 90 organisations have reported breaches of personal data held by Capita, the outsourcing giant, according to an privacy watchdog. The company suffered a cyber attack in March this year and it …

Source…

Hackers, data breaches put more Mainers at risk in ‘ongoing chess game’

/in


May 15—As many as 35,086 Mainers may have lost personal information to computer hackers in a data breach reported Friday — and the incident was just one of hundreds that have struck the state in recent months.

PharMerica Corp., a Kentucky-based pharmacy services company, said the hackers stole names, Social Security numbers, insurance information and medication history from the records of 5.8 million people nationwide. In a May 12 letter, the company said it learned March 14 that an “unknown third party” had illicitly accessed the computerized data and that an investigation was underway.

The report came a day after revelations of another data breach, potentially affecting more than 11,000 Maine residents. Brightly Software, a North Carolina subsidiary of industrial conglomerate Siemens, said Thursday that hackers took the names, phone numbers and employer information of roughly 3 million people from a user database.

The theft occurred April 20, and Brightly discovered it April 28, according to the Office of the Maine Attorney General, which maintains a log of data breaches affecting Maine consumers.

Last month, 20,000 Mainers received a notice that hackers had accessed their Social Security numbers, Medicare member numbers and health plan subscriber numbers from the database of NationsBenefits, a health insurance administrator in Florida.

Sometime in early April, a data breach at California-based NextGen Healthcare exposed electronic health records of more than 1 million people, including 3,900 Mainers.

The data disasters affect what may appear to be unlikely targets.

In December, 785 Maine customers of carmaker Nissan were notified their information had been hacked. A ransomware attack and data breach in January hit almost 800 Maine employees and job applicants at Yum! Brands, which owns Taco Bell, KFC, Pizza Hut and other fast-food restaurants.

The list of such incidents gets longer each day: More than 300 data breaches affecting Maine residents have been recorded over the last six months by the attorney general’s office. During the same period in 2019-20, at the onset of the pandemic, there were 218 breaches.

Information security experts say cybercrime is not only on…

Source…

Data Breaches in the Ransomware Era: Lessons Learned

/in


Events
,
Fraud Management & Cybercrime
,
Ransomware

BH Consulting CEO Brian Honan on the Importance of Data Logging and Monitoring

Mathew J. Schwartz (euroinfosec) •
May 4, 2023    

Brian Honan, CEO, BH Consulting

The lack of proper monitoring and logging can make it difficult for companies to effectively address breaches. Many companies do not have logs turned on or do not properly configure them to track and record what is necessary. Without logs, the response to a breach can be significantly slower.

See Also: Live Webinar | Education Cybersecurity Best Practices: Devices, Ransomware, Budgets and Resources

Monitoring and logging also must consider privacy concerns because personal data could be contained in the logs, said Brian Honan, CEO of BH Consulting. He also stressed the need to comply with the General Data Protection Regulation.

“GDPR has brought data protection to the fore. It also has put more focus on cybersecurity as to how we protect that personal data,” Honan said.

In this video interview with Information Security Media Group at RSA Conference 2023, Honan also discusses:

  • The rise of artificial intelligence and its implications for privacy;

  • Potential consequences of data gathering;

  • Regulations and frameworks related to cybersecurity and personal data protection in the European Union and United States.

Honan is a recognized industry expert on information security, providing consulting services to clients in various industry segments. His work also includes advising various government security agencies…

Source…