(In) Secure Post New Year Digest: a Surprise Email, an Accidental Leak, Work on Mistakes
01.02.2024

The time has come to reveal, what happened while we were on New Year's holidays. In this latest digest we discuss a selection of IS incidents that the media reported about in January. The set includes details on: mass leak of medical data; hijacking of social network accounts; vendors, promptly sharing confidential information with hackers.

Hey, it's the CEO

What happened: laptop manufacturer Framework notified users that their data was leaked in an incident at the side of the company's partner. 

How it happened: in early January, the attackers, on behalf of Framework’s CEO, sent an email to Keating Consulting’s employee, asking for financial details (Keating Consulting is Framework's accounting partner). The employee, who didn’t suspect the deception, sent the fraudsters a spreadsheet with full names, email addresses and balances, order details.

Framework representatives became aware of the incident about half an hour after the fraudsters obtained the sensitive data. The laptop manufacturer officials recommended Keating Consulting to enhance employees’ cyber literacy. 

Framework representatives warned customers about possibility of ongoing phishing attacks and advised them to contact tech support in case of receivement of a suspicious email on behalf of Framework.

Better late than never

What happened: medical lab ReproSource Fertility Diagnostics agreed to improve its data security practices and pay $1.25 million to customers, affected by the 2021 data leak. 

How it happened: in 2021, ReproSource Fertility Diagnostics lab suffered a ransomware attack. The attack enabled intruders to gain access to the confidential medical information on 335,000 of the lab's patients. ReproSource representatives reported that attackers gained access to the company's network on August 8, 2021, and on the morning of August 10, company experts detected the cyberattack and contained the incident in less than an hour.
 
According to the lab officials statement, the malicious actors gained access to the following information:

  • Names
  • Addresses
  • Phone numbers
  • Dates of birth
  • Patient billing and health information
  • CPT codes
  • Test results
  • Health insurance numbers. 

Some patients have experienced the compromise of passport numbers, driver's license numbers, bank account numbers, credit card numbers. 

In the class action lawsuit, the victims claimed they weren’t notified of the data breach until October 21, 2021. In addition, ReproSource failed to provide the victims with information about steps taken to protect customers' personal information after the incident. 

The lawsuit contained allegations of negligence and violations of data breach reporting, as well as several other claims, related to the incident.

In the public domain

What happened: The data of more than 250,000 people was exposed to the public as a result of healthcare provider Singing River hack.

How it happened: a Mississippi-based healthcare provider suffered a ransomware attack. The incident affected the state's medical system, thus, several hospitals went offline and their employees had to manually process patient requests for several days. According to the letter, that Singing River representatives had sent to the state attorney general, the attackers stayed in the company's systems for more than 48 hours and obtained data on 252,890 people. The investigation revealed, that as the result of the incident the following data was affected:

  • Names
  • Dates of birth
  • Addresses
  • Social security numbers and medical information. 

Singing River representatives told, that the affected customers would be provided with credit monitoring services.

Cryptohacking 

What happened: hackers hacked the U.S. Securities and Exchange Commission's (SEC) X account to promote cryptocurrency. 

How it happened: an unknown intruder hacked into the Commission's account and published a post on behalf of Chairman Gary Gensler about the approval of spot Bitcoin exchange-traded fund to trade in the US. The fake post went viral on media and social media, after which Bitcoin soared to nearly $48,000. The SEC was then able to regain access to the account and remove the post, and Bitcoin dropped to $45,000. In a Private X, the real Gary Gensler reported the compromise of the SEC account. 

The commission was one of the victims of malicious actors, hacking X accounts to distribute cryptocurrency advertisements. In January this year, accounts of the following companies were attacked: 

  • Netgear (Network equipment manufacturer)
  • Hyundai 
  • CertiK (IS company)
  • Mandiant.

On the list of the hacked

What happened: a subsidiary of Xerox suffered a data breach. 

How it happened: in late December 2023, the hacker group INC Ransom published news on its website. The group claimed gaining access to confidential data of Xerox Corporation's US division, Xerox Business Solutions (XBS). As proof of the cyberattack, INC Ransom members published screenshots of documents, allegedly stolen from XBS. 

Xerox representatives told, that the company’s cybersecurity department managed to counter the incident. The officials also claimed, that the attack had no impact on Xerox or XBS business processes. A preliminary investigation revealed that limited amount of personal information was exposed as a result of the cyberattack. Xerox officials didn’t specify, which data exactly was exposed.

Find if you can 

What happened: employees in charge of restaurant chain Subway are investigating an alleged information leak.

How it happened: in mid-January, hacker group LockBit members claimed, that they managed to hack Subway and steal hundreds of gigabytes of internal data. Supposedly, the attackers gained access to the following data:

  • Financial details
  • Employee payroll information
  • Royalty payments
  • Restaurant turnover data. 

Subway representatives hasn’t commented on the hacker group’s statement, but it’s known, that the internal investigation was initiated. LockBit members promised to give time to resolve issues with the defense, otherwise, they promised to sell the internal data to market competitors.


To make sure your organization doesn't end up in the next edition of our digest, take care of your business' information security in advance. You can try our comprehensive protection against internal threats by clicking here, it's free for the first 30 days.


Subscribe to get helpful articles and white papers. We discuss industry trends and give advice on how to deal with data leaks and cyberincidents.