The Week in Breach


The City of Wheat Ridge, CO

https://www.denverpost.com/2022/09/22/wheat-ridge-ransomware-fremont-county-cyber-attack/

Exploit: Ransomware

The City of Wheat Ridge, CO: Municipal Government

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.175 = Severe

A Colorado city is putting its IT systems back in order after a successful cyberattack by the BlackCat group. Local media report that following the attack, Wheat Ridge had to shut down its phones and email servers to assess the damage the cybercriminals had done to its network. That, in turn, prompted the city to close down City Hall to the public for more than a week. The cybercriminals demanded $5 million in Monero as the ransom, but the city declined to pay, opting to restore from backups. The city government has been able to return to normal business, and the attack is under investigation by the U.S. Federal Bureau of Investigation.

How It Could Affect Your Customers’ Business: Ransomware attacks against governments and municipalities have been proliferating.

 


Rockstar Games

https://www.hackread.com/uber-hacker-rockstar-games-hacked-gta-6-data/

Exploit: Hacking

Rockstar Games: Video Game Developer

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.136 = Severe

Rockstar Games confirmed on Monday that a hacker broke into its systems and stole confidential internal data, including footage and source code from the previously unannounced next installment of its popular Grand Theft Auto series. The New York-based company appears to have been breached through a stolen employee Slack account. The hacker that claimed responsibility, “teapotuberhacker”, also says that they’re behind a murky hacking incident at Uber last week. The cybercriminal shared a link to footage and clips purportedly from Grand Theft Auto 6 on a Grand Theft Auto fan forum. The company has confirmed that the game is in development and that the attack occurred.

 


New York Racing Association

https://www.bleepingcomputer.com/news/security/hive-ransomware-claims-attack-on-new-york-racing-association/

Exploit: Ransomware

New York Racing Association: Professional Group

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.703 = Moderate

The Hive ransomware operation has claimed responsibility for an attack on the New York Racing Association (NYRA). The NYRA operates the three major thoroughbred horse racing tracks in New York, the Aqueduct Racetrack, the Belmont Park (home of the Triple Crown event the Belmont Stakes) and the historic Saratoga Race Course. The attack took place in late August 2022 and breach notices were filed with authorities last week. Press reports say that the hackers have also published a link to freely download a ZIP archive containing all of the files they allegedly stole from NYRA’s systems.

cybersecurity news represented by a gauge indicating moderate risk

Risk to Individual: 2.624 = Major

Member data that may have been exposed includes Social Security numbers (SSNs), driver’s license identification numbers, health records and health insurance information.

 


American Airlines

https://www.bleepingcomputer.com/news/security/american-airlines-learned-it-was-breached-from-phishing-targets/

Exploit: Business Email Compromise

American Airlines: Airline

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.639 = Moderate

American Airlines has filed a breach notice declaring that it has had a data breach that may have impacted personal data for about 1700 customers and employees. Bleeping Computer detailed the incident saying that the American Airlines Cyber Security Response Team found out the attack from the targets of a phishing campaign that was using an employee’s hacked Microsoft 365 account to send phishing messages. Reportedly, the attacker accessed multiple employees’ accounts via phishing and used them to send more phishing emails to additional targets that have not been named.

cybersecurity news represented by a gauge indicating moderate risk

Risk to Individual: 2.714 = Moderate

Employee or customer personal information exposed in the attack may have included employees’ and customers’ names, dates of birth, mailing addresses, phone numbers, email addresses, driver’s license numbers, passport numbers or certain medical information.

 


 


UK – Revolut

https://www.cshub.com/attacks/news/revolut-data-breach-exposes-information-for-more-than-50000-customers

Exploit: Social Engineering

Revolut: Digital Bank

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.102 = Extreme

Revolut, a London-based digital banking application that provides banking, investing, currency transfer and other money management services to some 16 million users globally, has experienced a data breach. The FinTech startup confirmed that the personal information of an unspecified number of users (reports point to 50K customers) was accessed illegally after what the company is terming “a social engineering attack” in early September. The company said that impacted customers have been informed via email and relevant authorities have been informed. No information was available on the exact nature of the exposed data at press time.

 


Portugal – TAP Air Portugal

https://abcnews.go.com/Business/wireStory/cyberattack-steals-passenger-data-portuguese-airline-90312760

Exploit: Ransomware

TAP Air Portugal: Airline

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.637 = Severe

The Ragnar Locker ransomware group has claimed responsibility for a ransomware attack that hit TAP Air Portugal, the country’s state-owned flagship airline. The incident began a month ago but was just confirmed by the airline. Ragnar Locker has been advertising the stolen data on its dark website since early September. No ransom amount has been reported, and the group has posted a portion of the stolen data already. Portugal’s President Marcelo Rebelo de Sousa, MPs, government staff and high-ranking military officers are among the passengers whose data has been stolen.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.902 = Severe

Exposed customer data includes names, addresses, email addresses, phone numbers, corporate IDs, travel information, nationality, gender and other personal information.

 


 



Australia – Optus

https://www.reuters.com/technology/australias-optus-says-up-10-mln-customers-caught-cyber-attack-2022-09-23/

Exploit: Ransomware

Optus: Telecom

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.102 = Extreme

Australia’s second-largest telecom Optus has been hit by a ransomware attack. One of the largest data breaches in Australian history, the incident impacts an estimated 10 million customers or about one-third of Australia’s population. A bad actor using the moniker “optusdata” claimed to be the force behind the attack and initially posted a ransom demand of $1.5 million as well as the personal data of about 10k people on a dark web forum. They’ve since withdrawn that post. Some news articles have pointed at an API interface configuration error as the access point for the bad guys, but that has not been confirmed. The incident is under investigation.

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.236 = Extreme

Customer data has been exposed including home addresses, drivers’ licenses, passport numbers. names, addresses, phone numbers, email addresses and individuals’ preferred pronouns. The company says that no financial or commercial account data was accessed.



1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident