(In)Secure Digest: The Case of Classic Phishing Attack, Scammers Among the Team and the Dangerous Vulnerability
30.11.2023

On 30 November, Data Protection Day is celebrated around the world. Every year the task of data protection becomes more and more critical both for businesses and users themselves. In this November digest we gathered interesting and illustrative incidents related to data leaks, fraud and hacks.

A phishing incident 

What happened: Hilb Group was hit by a phishing attack that resulted into leak of 80,000 customers’ personal and financial data. 

How it happened: On 2 November, Hilb Group Operating Company representatives reported that several employees fell victims of a phishing attack. As a result of the incident, attackers stole employee credentials and obtained internal data. An investigation that Hilb Group conducted with cyber security experts revealed that some customers' personal information (names and Social Security numbers) was exposed to a third party. According to the state attorney general's office, the intruders also obtained the insurance broker customers' financial data: 

  • Account numbers
  • Credit card numbers
  • Access codes
  • Accounts’ passwords and PINs.

Overall, more than 81,539 people were affected by the breach. The company offered 12 months of credit monitoring services to affected customers.

 

Hackers stand for justice? 

What happened: a hacker group filed a complaint against a victim who failed to disclose a leak. 

How it happened: the Alphv/BlackCat ransomware group members filed a complaint with the US Securities and Exchange Commission (SEC) against MeridianLink. The cybercriminals believe the California-based provider of digital solutions for financial institutions failed to disclose the cyberattack and data leak. The extortionists also claimed stealing a large trove of customers’ data and internal information from MeridianLink. The hackers threatened to expose  the data unless MeridianLink paid a ransom. To increase the chances of receiving the ransom, the extortionists told they had filed a complaint with the SEC. In the complaint, the attackers alleged that the company failed to report the security breach within four business days, as required by law. As a proof, the BlackCat published screenshots of the SEC filing on their website. 

It seems that this is the first case a ransomware group has filed a complaint with the SEC against its victim.  MeridianLink representatives claimed that their experts detected the suspicious activity and took the required actions the same day the incident took place. In addition, the company officials claimed, that no attributes of unauthorized access were detected and that the incident only caused minimal disruption to business operations.

 

Data on holiday

What happened: Singapore's Marina Bay Sands resort complex experienced a data incident, which resulted into leak of data on 665,000 customers. 

How it happened: on 20 October, the employees in charge detected suspicious activity in corporate internal systems. The investigation revealed that on 19 and on 20 October, unauthorized actors obtained Marina Bay Sands loyalty programme members’ details. The cybercriminals managed to steal such data as: 

  • Names
  • Email addresses
  • Phone numbers
  • Country of residence
  • Loyalty programme membership status information. 

The company representatives claimed that no evidence of customer data misuse had been detected. The officials also told that there was no compromise of accounts’ passwords or customers' financial data. 

The Marina Bay Sands executives didn’t report any additional details on how the cyberattack occurred and how the intruders gained access to customers’ data. But by the way, the leak at Marina Bay Sands came just weeks after MGM Resorts, one of the giants of the hotel business, faced a large-scale cyberattack. Losses, caused by the incident were estimated as of $110 million.

 

In part 

What happened: a medical clinic employee stole $715,000 from her employer.

How it happened: Carol Casilla worked as an accountant at a dermatological clinic from 2020 to 2023. During this time, the unscrupulous employee used to transfer company’s money to her personal cards and accounts. To make everything look plausible, the ex-accountant even set up her own company and transferred the employer’s money to her clinic’s accounts. During three years, Carol Casilla made hundreds of fraudulent transfers worth $715,000. 

The woman recently pleaded guilty to corporate fraud. Prosecutors asked for the maximum penalty of up to 20 years in prison.

 

One in a thousand

What happened: AutoZone, the largest auto parts retailer, experienced a hacker attack.

How it happened: Attackers exploited a vulnerability in the MOVEit Transfer file-sharing service to steal AutoZone's internal information. After company experts detected the incident, the MOVEit application was temporarily disabled and then reconfigured. 

The company representatives reported that the attackers gained access to the personal information of nearly 185,000 customers. AutoZone is among 2,500 organizations affected by the MOVEit hack. The Cl0p ransomware group had been exploiting a vulnerability in MOVEit starting from late May (and possibly even earlier). AutoZone officials reported they were not yet aware of any fraudulent activities involving usage of stolen data. The auto parts supplier offered free credit monitoring services to customers whose data was compromised as a result of the hack.

 

Family contracting 

What happened: an employee of E.ON energy company stole almost £70,000 from her employer. 

How it happened: Gina Rani worked at E.ON as a customer service advisor. In March 2021, E.ON employees revealed, that the company was short of £69,844. Police enforcements launched an investigation which revealed that Gina Raney had taken advantage of her position to issue false refunds between 2016 and 2021. The former employee admitted processing refunds for the total sum of £69,844, of which she transferred £24,000 to her own account. The rest of the sum was sent by the woman to her friends and family mmbers, who were then supposed to return part of the transferred sum back to Rani. Gina Rani pleaded guilty of fraud. On 26 October, Rani appeared at Nottingham Crown Court and was sentenced to two years in prison. Members of Rani's family involved in the fraud scheme also pleaded guilty. Six of the seven participants were sentenced to prison terms. 
 

Accepting in paper format only

What happened: hackers attacked the Kansas courts' information systems. 

How it happened: in mid-October 2023, Kansas courts experienced a "security incident" that affected the functionality of the eFiling system, electronic payment system, and case management system used by the district and appellate courts. As a result, the Supreme Court decided to disconnect the appellate court clerks' offices and most of the district courts from the network. The courts continued to operate, but staff accepted documents and payments in paper format or by fax. 
The Kansas courts press office later released a statement, reporting that the information systems outage was temporary and caused by a cyberattack. The officials also told that the hackers who gained access to confidential information promised they would have published the data if the ransom wasn’t paid. Allegedly, the attackers gained access to court administration files, records of appeal cases and some other confidential data. Experts believe the incident was caused by the ransomware that caused systems failure.


To make sure your organization doesn't end up in the next edition of our digest, take care of your business' information security in advance. You can try our comprehensive protection against internal threats by clicking here, it's free for the first 30 days.


Subscribe to get helpful articles and white papers. We discuss industry trends and give advice on how to deal with data leaks and cyberincidents.