杭州江阴科强工业胶带有限公司 https://securityaffairs.com/category/data-breach Read, think, share … Security is everyone's responsibility Sun, 06 Oct 2024 13:16:39 +0000 en-US hourly 1 29506073 杭州江阴科强工业胶带有限公司 https://securityaffairs.com/169427/malware/security-affairs-malware-newsletter-round-14.html Sun, 06 Oct 2024 13:16:37 +0000 https://securityaffairs.com/?p=169427

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

  

  

  

       

 

      

****      

  

Follow me on Twitter: and and Mastodon

(SecurityAffairs hacking, malware)

]]>
169427
杭州江阴科强工业胶带有限公司 https://securityaffairs.com/169139/cyber-crime/patelco-credit-union-data-breach.html Mon, 30 Sep 2024 19:57:28 +0000 https://securityaffairs.com/?p=169139

The ransomware attack on Patelco Credit Union this summer led to a data breach affecting over 1 million individuals, revealed the company.

 is a member-owned, not-for-profit credit union that serves Northern California, particularly the San Francisco Bay Area. Founded in 1936, it is one of the oldest and largest credit unions in the country. With more than $9 billion in assets, it is the 22nd-largest credit union in the country.

At the end of June, the American credit union Patelco Credit Union shut down several of its banking systems to contain a ransomware attack.

The credit union investigated the security breach and discovered that threat actors first gained access to its systems on May 23, 2024, and exfiltrated a database containing personal information.

The company initially to the Maine Attorney General’s Office that the security breach impacted 726,000 customers and employees. The company offered impacted individuals two years of free identity protection services. 

Patelco Credit Union now provides an update on the incident and that the data breach impacted 1,009,472 people following the July ransomware attack.

“Following the investigation and a thorough review of the data involved, we confirmed on August 14, 2024, that the accessed databases contained your personal information. Although the investigation identified unauthorized access to some of our databases, the specific data that was accessed has not been determined.” reads the sent to the impacted individuals. “Accordingly, we are notifying individuals whose information was in those databases. The information in the accessed databases included first and last name with Social Security number, Driver’s License number, date of birth, and/or email address. Not every data element was present for every individual.”

Patelco did not reveal the ransomware group that breached its systems, however the RansomHub group added Patelco Credit Union to its Tor leak site in August.

“We conducted negotiations for up to 2 weeks, and unfortunately we were unable to reach an agreement.
The company’s management doesn’t care about the privacy of customers at all. We auction the sensitive data extracted from their network,We will update the data sample in the next few days” wrote the ransomware gang on its leak site.

Follow me on Twitter:  and  and Mastodon

(SecurityAffairs – hacking, ransomware)

]]>
169139
杭州江阴科强工业胶带有限公司 https://securityaffairs.com/169125/data-breach/community-clinic-of-maui-lockbit-ransomware.html Mon, 30 Sep 2024 13:45:31 +0000 https://securityaffairs.com/?p=169125

Community Clinic of Maui experienced a data breach impacting over 120,000 people following a LockBit ransomware attack.

In May, the Community Clinic of Maui that impacted thousands of patients following a cyber attack. In June, the  gang took credit for the attack.

The Community Clinic of Maui, also known as Mālama I Ke Ola Health Center, is a nonprofit healthcare organization dedicated to serving the Maui community. The clinic provides a range of services including primary care, dental care, and mental health support. The clinic operates with a mission to deliver culturally sensitive healthcare, emphasizing education, prevention, and advocacy regardless of patients’ ability to pay.

The cyber attack impacted the systems at the health center in Wailuku for more than two weeks.

Mālama investigated the security breach with external cybersecurity professionals, and on August 7, 2024, the experts determined that personal data may ‘have been subject to unauthorized access and acquisition between May 4, 2024 and May 7, 2024.’

The Community Clinic of Maui now discloses a following the LockBit ransomware attack.

“The personal information that was potentially impacted included first and last names with one or more of the following identifiers: Social Security Number, Date Of Birth, Driver’s License Number / State Id Number, Passport Number, Financial Account Number, Routing Number, Bank Name, Credit / Debit Card Number, Card CVV Expiration Date, Pin/Security Code, Login Information, Medical Diagnosis, Clinical Information, Medical Treatment/Procedure Information, Treatment Type, Treatment Location, Treatment Cost Information, Doctor’s Name, Medical Record Number, Patient Account Number, Prescription Information and/ or Biometric Data. Mālama has no evidence that any personal information has been or will be misused for identity theft as a direct result of this incident.” reads the published by Malama.

Starting on September 26, 2024, Mālama notified affected individuals and offered complimentary credit monitoring to those whose Social Security numbers were potentially exposed.

“On May 7, 2024, Malama experienced a cybersecurity incident that impacted connectivity to our network.” reads the shared with the Maine Attorney General. “Upon learning of this issue, we immediately commenced a prompt and thorough investigation. We also notified law enforcement. As part of our investigation, we have been working very closely with external cybersecurity professionals experienced in handling these types of incidents. After an extensive forensic investigation and comprehensive document review, on August 7, 2024, we determined your personal data may have been subject to unauthorized access and acquisition between May 4, 2024 and May 7, 2024.”

The Community Clinic of Maui is unaware of any misuse of the compromised data.

In July, the Lockbit ransomware gang the Fairfield Memorial Hospital in Illinois. Unfortunately, the ransomware group claimed the hack of other hospitals in the same period. The extortion group also claimed the hack of the Merryman House Domestic Crisis Center, and the Florida Department of Health.

Healthcare infrastructure in the US continues to be under attack, in February the  . The security incident severely impacted normal operations also causing the delay of medical care.

Lurie Children’s Hospital is one of the top pediatric hospitals in the United States.

In early November 2023, the Cogdell Memorial Hospital (Scurry County Hospital District)  it was experiencing a computer network incident that prevented the hospital from accessing some of its systems and severely limiting the operability of its phone system. The hospital immediately removed network connectivity and continued to provide most routine services.

The facility operates as a Critical Access Hospital and a Rural Health Clinic serving rural West Texas.

In November 2023, the Lorenz extortion group .

Cyber attacks against hospitals are very dangerous, and despite major ransomware gangs imposing restrictions on their affiliates to avoid targeting them, many incidents have recently made headlines.

Follow me on Twitter:  and  and Mastodon

(SecurityAffairs – hacking, Lockbit ransomware)

]]>
169125
杭州江阴科强工业胶带有限公司 https://securityaffairs.com/168912/deep-web/3000-congressional-staffers-data-leaked-dark-web.html Thu, 26 Sep 2024 05:03:30 +0000 https://securityaffairs.com/?p=168912

The personal information of over 3,000 congressional staffers was leaked on the dark web following a major cyberattack on the U.S. Capitol.

The personal information of approximately 3,191 congressional staffers has been leaked on the , according to . The leaked data includes passwords, IP addresses, and social media information.

The Washington Times first reported that the researchers found over 1,800 passwords used by staffers in Congress available on the dark web.

Almost 1 in 5 congressional staffers had personal information exposed on the dark web. Nearly 300 staffers had their data compromised across more than 10 different incidents.

Congressional staffers’ data originated from various sources, including social media, dating apps, and adult websites. The experts reported the case of a single staffer who had 31 passwords exposed.Bad habits are the root cause of the leaks, staffers used their official email addresses to sign up for third-party services that were later compromised.

“Many of these leaks likely occurred because staffers used their official email addresses to sign up for various services, including high-risk sites such as dating and adult websites, which were later compromised in data breaches,” . “This situation highlights a critical security lapse, where sensitive work-related emails became entangled with less secure, third-party platforms.”

Proton announced the release of additional findings in the coming weeks to prevent any interference during the shortcoming Presidential election.

“The volume of exposed accounts among U.S. political staffers is alarming, and the potential consequences of compromised accounts could be severe.” said Proton’s head of account security Eamonn Maguire. “Vigilance and strict security measures are essential to safeguard personal and national security.”

The company has already contacted all affected congressional staffers and notified them.

In June, another joint investigation conducted by Proton and Constella Intelligence revealed that personal information of hundreds of British and EU politicians is available on dark web marketplaces.

According to the research, the email addresses and other sensitive information of 918 British MPs, European Parliament members, and French deputies and senators are available in the dark web marketplaces. 40% of 2,280 official government email addresses from the British, European, and French Parliaments were exposed, including passwords, birth dates, and other details.

Most leaked data email addresses belong to British MPs (68%), followed by EU MEPs (44%).

Follow me on Twitter:  and  and Mastodon

(SecurityAffairs – hacking, U.S. Capitol)

]]>
168912
杭州江阴科强工业胶带有限公司 https://securityaffairs.com/168480/data-breach/qilin-attack-on-synnovis-impacted-900000-patients.html Tue, 17 Sep 2024 07:02:22 +0000 https://securityaffairs.com/?p=168480

The personal information of a million individuals was published online following a ransomware attack that in June disrupted NHS hospitals in London.

In June, a has severely impacted the operations at several major NHS hospitals in London. The attack forced the impacted hospitals to cancel some healthcare procedures, in some cases, patients were redirected to other hospitals.

Synnovis is a pathology partnership between Guy’s and St Thomas’ NHS Foundation Trust and King’s College Hospitals NHS Trust, and SYNLAB, Europe’s largest provider of medical testing and diagnostics.

In a post published on its website, Synnovis disclosed it was the victim of a ransomware attack.

CaseMatrix researchers told Recorded Future News that personal information of a million individuals was published online following the June ransomware attack.

“People with symptoms of sensitive medical conditions, including cancer and sexually transmitted infections, are among almost a million individuals who had their personal information published online following a ransomware attack that disrupted NHS hospitals in London earlier this year, according to an analysis shared with Recorded Future News.” Recorded Future News.

CaseMatrix is the only firm that assessed the number of individuals impacted by the security breach. The company reported that over 900,000 individuals were impacted by the security breach.

NHS England and Synnovis have not provided official counts or details on the compromised data.

On June, the gang published the stolen data on its Tor leak site.

CaseMatrix reported that the dataset released by Qilin contained 1.29 million entities, including duplicates. The company also acknowledged a 2-3% error rate.

Leaked data includes sensitive information, including patients’ histology tests and clinical analysis results.

The leaked data includes patient names, dates of birth, NHS numbers, and in some cases, personal contact details. It also includes pathology and histology forms, which often describe symptoms of intimate and private medical conditions shared between medical departments and institutions.

“We are not in a position to comment on or confirm the validity or accuracy of analysis carried out by other parties, nor can we verify whether the data examined by these parties is in fact related to this incident.” reads a statement published by Synnovis.

In August, Synnovis obtained a from the English High Court against the Qilin ransomware group, Telegram, and a leak site to prevent the publication of stolen data. However, such injunctions are hard to enforce due to defendants often being in unreachable jurisdictions, they allow the victims to notify platforms like Telegram and ISPs to remove the stolen data.

In this case, following this injunction, Telegram blocked the channel used by Qilin ransomware gang to leak the data stolen from the victims.

Synnovis said the action aimed to reassure patients and employees and limit the misuse of the stolen information.

Follow me on Twitter:  and  and Mastodon

(SecurityAffairs – hacking, ransomware) 

]]>
168480
杭州江阴科强工业胶带有限公司 https://securityaffairs.com/168412/cyber-crime/port-of-seattle-rhysida-ransomware.html Sun, 15 Sep 2024 15:00:00 +0000 https://securityaffairs.com/?p=168412

Port of Seattle confirmed on Friday that the Rhysida ransomware group was behind the cyberattack that hit the agency in August.

In August, a cyber attack hit the Port of Seattle, which also operates the Seattle-Tacoma International Airport, websites and phone systems were impacted.

Media reported that the Port of Seattle, which also operates the Seattle-Tacoma International Airport, suffered a cyber attack that impacted the websites, email and phone services. According to The Seattle Times, the cyber attack disrupted travel plans.

“A spokesperson for Alaska Airlines said staff was manually sorting over 7,000 bags, because “a majority” of checked bags missed their flights this weekend.” .

“We believe this was a cyberattack,” said Lance Lyttle, managing director of aviation for Sea-Tac Airport, at a news conference Sunday afternoon.”

“We are conducting a thorough investigation with assistance of outside experts We have contacted and are working closely with federal partners, including TSA and Customs and Border Protection,” .

Source 

The Port of Seattle first reported it was experiencing an internet and web systems outage. According a message posted on X, the problems impacted some systems at the airport.

Passengers were recommended to check with their airlines for the latest information for their flights.

In response to the incident, the Port isolated critical systems.

Port of Seattle confirmed on Friday that the was behind the cyberattack. The Rhysida ransomware group has been active since May 2023. The ransomware gang hit organizations in multiple industries, including the education, healthcare, manufacturing, information technology, and government sectors. The victims of the group are “targets of opportunity.”

“This incident was a “ransomware” attack by the criminal organization known as Rhysida. The efforts our team took to stop the attack on August 24, 2024, appear to have been successful. There has been no new unauthorized activity on Port systems since that day. We remain on heightened alert and are continuously monitoring our systems.” reads the published by the agency. “It remains safe to travel from Seattle-Tacoma International Airport and use the Port of Seattle’s maritime facilities.”

The Port confirmed that an unauthorized actor accessed and encrypted parts of their computer systems, disrupting key services like baggage handling, check-in kiosks, ticketing, Wi-Fi, and parking. The company also states that it has refused to pay the ransom, for this reason the ransomware group may publish stolen data.

“From day one, the Port prioritized safe, secure and efficient operations at our facilities. We are continuing to make progress on restoring our systems. The Port of Seattle has no intent of paying the perpetrators behind the cyberattack on our network,” said Steve Metruck, Executive Director of the Port of Seattle. “Paying the criminal organization would not reflect Port values or our pledge to be a good steward of taxpayer dollars. We continue working with our partners to not just restore our systems but build a more resilient Port for the future. Following our response efforts, we also commit to using this experience to strengthen our security and operations, as well as sharing information to help protect businesses, critical infrastructure and the public.”

The investigation is still ongoing and will notify impacted individuals.

The Port announced that it has been taking additional steps to enhance its existing controls and further secure the IT infrastructure. The agency is strengthening its identity management and authentication protocols, and enhancing the monitoring activities.

Follow me on Twitter:  and  and Mastodon

(SecurityAffairs – hacking, Port of Seattle)

]]>
168412
杭州江阴科强工业胶带有限公司 https://securityaffairs.com/168356/data-breach/lehigh-valley-health-network-settlement-data-breach.html Fri, 13 Sep 2024 14:08:38 +0000 https://securityaffairs.com/?p=168356

Lehigh Valley Health Network ’s (LVHN) hospital network has agreed to a $65 million settlement in a class action lawsuit related to a data breach.

Lehigh Valley Health Network (LVHN) is a large hospital and healthcare system based in Pennsylvania, USA. It operates numerous hospitals, health centers, and outpatient facilities across the region, including the Lehigh Valley area. The network also includes a children’s hospital, rehabilitation centers, and partnerships with academic institutions to support medical education and research.

Lehigh Valley Health Network (LVHN) has agreed to a $65 million settlement in a class action lawsuit related to a data breach that resulted in the publication of images of 600 nude cancer patients.

The healthcare network was the target a attack, the security breach was discovered on February 6. The company immediately launched an investigation to determine the cause and scope of the incident. The investigation determined that the breach occurred on January 8, 2023.

In a data breach notification published on its website, the company reported that affected information varied by individual but potentially included some combination of the following data elements:  names, addresses, phone numbers, medical record number, treatment and diagnosis information, including Current Procedural Terminology (CPT) codes, and health insurance information.  It also added that “the information for a limited number of individuals included clinical images of patients during treatment.”

The investigation revealed that the ransomware gang had access to the personal data of at least 134,000 individuals, including cancer patients. LVHN refused to pay a ransom and the crooks published the nude images and other sensitive data on their dark web leak site.

In March 2023, a was filed. Now Plaintiffs’ lawyer Patrick Howard of the law firm Saltz, Mongeluzzi, & Bendesky a proposed $65 million settlement in the lawsuit related to the Lehigh Valley Health Network data breach.

“A record $65 million  has been reached between class-action attorneys at Saltz Mongeluzzi Bendesky and Lehigh Valley Health Network (LVHN) in a  filed in March, 2023, on behalf of nearly 135,000 patients and employees of the health system, more than 600 of whom had their personal medical-record photos hacked and posted on the internet, according to the Firm.” the law firm.

“The settlement in J. Doe v. Lehigh Valley Health Network, Lackawanna County Court of Common Pleas, No. 23-CV-1149, is believed to be the largest of its kind, on a per-patient basis, in a healthcare data breach-ransomware case.”

Individuals notified as part of the settlement class do not need to take any action to receive compensation. Each patient who participated to the class action will receive payments ranging from $50 to $70,000, with the highest amounts going to those whose hacked nude photos were published online.

Follow me on Twitter:  and  and Mastodon

(SecurityAffairs – hacking, data breach)

]]>
168356
杭州江阴科强工业胶带有限公司 https://securityaffairs.com/168332/data-breach/fortinet-disclosed-a-data-breach.html Thu, 12 Sep 2024 20:54:50 +0000 https://securityaffairs.com/?p=168332

Fortinet disclosed a data breach after a threat actor claimed the theft of 440GB of files from the company’s Microsoft Sharepoint server.

Today, Fortinet told that a threat actor gained unauthorized access to a third-party service it used.

“An individual gained unauthorized access to a limited number of files stored on Fortinet’s instance of a third-party cloud-based shared file drive, which included limited data related to a small number of Fortinet customers, and we have communicated directly with customers as appropriate,” a company spokesman told Cyber Daily.

A threat actor that goes online with the moniker ‘Fortibitch’ claimed the theft of 440GB of files from the company’s Microsoft Sharepoint server.

The threat actor taunted the company, doubting its capabilities even after the acquisition of firms specializing in cloud security and data loss prevention.

“Fortinet has recently acquired Next DLP. FYI, DLP is Data Loss Prevention. They’ve also acquired Lacework, a cloud security company. Guess what? Their Azure Sharepoint got leaked. 440 GB of data available on my S3 bucket.” reads the announcement published by Fortibitch on a cybercrime forum.

The company immediately excluded that the incident had impacted its operations.

“To-date there is no indication that this incident has resulted in malicious activity affecting any customers. Fortinet’s operations, products, and services have not been impacted.” the spokesman added.

Last month, the Australian Home Affairs department discovered the data breach involving Fortinet, although it occurred earlier. The incident impacted a limited number of files related to some Fortinet customers in the Asia-Pacific region, but there are currently no indications of malicious activity impacting those customers. Fortinet has been actively contributing to Australia’s cybersecurity landscape, recently submitting recommendations for the 2023–2030 Australian Cyber Security Strategy.

It is unclear if the Australian federal government or critical infrastructure was impacted due to the incident.

Fortinet has yet to disclose the number of impacted customers.

Follow me on Twitter:  and  and Mastodon

(SecurityAffairs – hacking, data breach) 

]]>
168332
杭州江阴科强工业胶带有限公司 https://securityaffairs.com/168229/data-breach/slim-cd-disclosed-a-data-breach.html Tue, 10 Sep 2024 06:17:28 +0000 https://securityaffairs.com/?p=168229

Payment gateway provider Slim CD disclosed a data breach, credit card and personal data of almost 1.7 million individuals were compromised.

The electronic payment gateway Slim CD disclosed a data breach following a cyberattack. Personal data and credit card details of 1,693,000 individuals were compromised.

Slim CD’s gateway system allows merchants to accept any kind of electronic payment with a single piece of software. The company processes payments for merchants in the US and Canada.

According to the sent to the impacted individuals, threat actors had access to its systems between August 17, 2023, and June 15, 2024.

The company notified federal law enforcement regarding the event and launched an investigation into the incident with the help of a third-party specialist.

“On or about June 15, 2024, Slim CD became aware of suspicious activity in its computer environment. Upon learning of the activity, Slim CD launched an investigation to determine the full nature and scope of the activity.” reads the data breach notification. The investigation identified unauthorized system access between August 17, 2023, and June 15, 2024. That access may have enabled an unauthorized actor to view or obtain certain credit card information between June 14, 2024, and June 15, 2024. Slim CD subsequently conducted a comprehensive review of the accessible credit card information to identify the potentially affected cardholders, and this review recently concluded.”

The data breach potentially compromised names, addresses, credit card numbers, and card expiration dates.

The investigation revealed that the threat actors had access to credit card information only between June 14th and 15th. Card verification numbers (CVV) were not exposed, however, threat actors can obtain them from cardholders through social engineering attacks.

Impacted individuals are recommended to remain vigilant for fraudulent attempts and report any suspicious activity to the card issuer.

“Additionally, Slim CD is providing impacted individuals with guidance on how to better protect against identity theft and fraud, including advising individuals to report any suspected incidents of identity theft or fraud to their credit card company and/or bank.” concludes the notification. “Slim CD is providing individuals with information on how to place a fraud alert and security freeze on one’s credit file, the contact details for the national consumer reporting agencies, information on how to obtain a free credit report, a reminder to remain vigilant for incidents of fraud and identity theft by reviewing account statements and monitoring free credit reports, and encouragement to contact the Federal Trade Commission, their state Attorney General, and law enforcement to report attempted or actual identity theft and fraud.”

The electronic payment gateway did not offer identity theft protection services to the impacted individuals.

Follow me on Twitter:  and  and Mastodon

(SecurityAffairs – hacking, data breach) 

]]>
168229
杭州江阴科强工业胶带有限公司 https://securityaffairs.com/168119/data-breach/car-rental-giant-avis-discloses-data-breach.html Fri, 06 Sep 2024 21:48:20 +0000 https://securityaffairs.com/?p=168119

Car rental giant Avis disclosed a data breach that impacted one of its business applications in August compromising customers’ personal information.

Car rental company Avis notified customers impacted in an Augus data breach. Threat actors breached one of its business applications and gained access to some of the customers’ personal information.

“We discovered on August 5, 2024, that an unauthorized third party gained access to one of our business applications. After becoming aware of the incident, we immediately took steps to end the unauthorized access, began an investigation with assistance from cybersecurity experts, and alerted the relevant authorities.” sent to the impacted individuals. “Based on our investigation, we determined that the unauthorized access occurred between August 3, 2024, and August 6, 2024.”

Once discovered the incident, Avis launched an investigation into the security breach with the help of cybersecurity experts. The company also worked to enhance the security of the impacted business application. As part of their response, the company has implemented additional protective measures across their systems.

“Since the incident occurred, we have worked with cybersecurity experts to develop a plan to enhance security protections for the impacted business application. In addition, we have taken steps to deploy and implement additional safeguards onto our systems, and are actively reviewing our security monitoring and controls to enhance and fortify the same.” continues the letter.

Threat actors had access to a company’s business application from August 3 until August 6, but the company discovered the data breach on August 14. The attackers stole customer data, including customer names and other sensitive information.

The car rental did not disclose technical details about the attack or the number of impacted customers.

AVIS recommends that impacted customers remain vigilant against threats of fraudulent activities and identity theft.

The company also recommends customers regularly monitor their account statements and credit history for any unauthorized transactions or activities and report any suspect activities to their credit reporting agencies.

AVIS offered impacted customers a free one-year membership to Equifax’s credit monitoring service.

Follow me on Twitter:  and  and Mastodon

(SecurityAffairs – hacking, data breach)

]]>
168119