Tag Archive for: impacted

Almost 37K impacted by Iowa utility ransomware attack

/in


Iowa-based water, electricity, and internet service provider Muscatine Power and Water had data from 36,995 of the town’s over 50,000 residents compromised following a ransomware attack in late January, which no threat operation has since claimed, reports The Record, a news site by cybersecurity firm Recorded Future.

Attackers infiltrated Muscatine Power and Water’s corporate network environment and obtained access to individuals’ names and Social Security numbers, as well as their customer proprietary network information associated with their telephone service subscriptions, said the utility in breach notification letters. While there has been no evidence suggesting any identity theft stemming from the incident, impacted individuals are being given free credit monitoring services for a year. Such a development comes weeks after the utility disclosed that the attack resulted not only in an eight-hour-long interruption of internet services but also a days-long disruption of business services even though no critical controls systems were affected.

Source…

Water services giant Veolia says ransomware attack impacted its North American backend systems – TEISS

/in



Water services giant Veolia says ransomware attack impacted its North American backend systems  TEISS

Source…

185,000 Individuals Impacted by MOVEit Hack at Car Parts Giant AutoZone 

/in


Car parts giant AutoZone, which has over 7,000 stores across the Americas, is informing nearly 185,000 individuals that their personal information was compromised as a result of the massive MOVEit hacking campaign.

AutoZone revealed that cybercriminals have stolen information, including social security numbers, after exploiting a vulnerability in the MOVEit Transfer managed file transfer application. However, the company is not aware of instances where the exposed information has been used for fraud.

Nevertheless, impacted customers are being offered free credit monitoring and identity protection services. 

In response to the breach, the MOVEit application was temporarily disabled by AutoZone, the vulnerability was patched, and the affected system was rebuilt.

AutoZone pointed out that it is one of the more than two thousand organizations impacted by the MOVEit hack. However, the company determined that the exploitation of the MOVEit vulnerability resulted in data exfiltration only on August 15, more than two months after news of widespread exploitation broke.

Starting in late May and possibly earlier, the Cl0p ransomware group exploited a MOVEit software vulnerability tracked as CVE-2023-34362 to steal data from many organizations that had been using the application to transfer files. 

According to cybersecurity firm Emsisoft, the number of impacted organizations — both directly and indirectly — reached 2,620 as of November 21, with more than 77 million individuals being affected.

The list of victims includes hundreds of US schools, the state of Maine, the US Department of Energy, and energy giants Siemens Energy, Schneider Electric, and Shell

Related: SEC Investigating Progress Software Over MOVEit Hack

Advertisement. Scroll to continue reading.

Related: 10 Million Likely Impacted by Data Breach at French Unemployment Agency

Related: Live Exploitation Underscores Urgency to Patch Critical WS-FTP Server Flaw

Source…

900 US Schools Impacted by MOVEit Hack at National Student Clearinghouse

/in


The National Student Clearinghouse, an educational nonprofit that provides reporting, verification, and research services to colleges and universities in North America, has revealed that nearly 900 schools are impacted by the MOVEit hack.

A ransomware group gained access to information belonging to thousands of organizations and millions of individuals earlier this year by exploiting a zero-day vulnerability in the MOVEit managed file transfer software.

According to cybersecurity firm Emsisoft, which has been keeping track of the organizations that were directly and indirectly impacted by the MOVEit hack, the total number of victims reached 2,053 on September 22. The total number of impacted individuals exceeds 57 million.  

One of the impacted organizations in the National Student Clearinghouse, which last week informed the California attorney general’s office that nearly 900 colleges and universities that use its services are impacted by the MOVEit hack.

The National Student Clearinghouse informed Maine’s attorney general in late August that more than 51,000 individuals are affected by the incident.

In data breach notifications sent out to impacted individuals, the organization said its MOVEit server was hacked in late May, but it only determined on June 20 that certain files storing information from the student record database had been stolen. 

The National Student Clearinghouse said the compromised information includes name, date of birth, contact information, social security number, student ID number, and school-related records, including degree and enrollment records and course-level data. “The data that was affected by this issue varies by individual,” the organization clarified.

Advertisement. Scroll to continue reading.

A significant number of major organizations were hit by the MOVEit attack, including the US Department of Energy, Norton parent company Gen Digital, as well as energy giants Siemens Energy, Schneider Electric, and Shell

Some organizations exposed the personal information of millions of individuals, including French governmental unemployment agency Pole Emploi (10 million), the Colorado Department of Health Care Policy and Financing (4…

Source…