In(secure) digest: lost accounts, compensations for mega leaks and “quick as the wind” leaks

01.12.2022

The time has come to reveal what hackers and insiders did in November. This time we’ve gathered data on serious incidents: attacks on large companies, phishing, forgetful employees, whose actions led to the loss of clients’ data.

Phishing in all its glory

Situation: Gateway medical center patients’ confidential data leaked because of a successful phishing attack.

Case study: In April 2022 the medical center experts detected a cyber attack. The result of this incident was that intruders illicitly gained access to two employees’ accounts. The company specialists conducted an investigation and hired a third-party group of cyber experts. It turned out that the hackers had access to employees’ accounts from February to May 2022. The investigation also revealed that the intruders had access to patients’ data via employees’ accounts.

According to the Gateway information, as a result of the hack the following patients’ data was compromised: 

• Names
• Social security numbers
• Driver’s license numbers
• Health benefit enrollment information
• Health insurance information
• Medical history
• Patient account numbers
• Dates of service

Only on the 31st of October 2022 Gateway Surgery Center notified the affected clients.

The recovery was successful, however, negative remained

Situation: Hackers attacked Canadian meat giant Maple Leaf Foods.

Case study: The meat giant Maple Leaf Foods officials confirmed that the company experienced a cyberattack. Despite the incident happened on a weekend, company’s officials immediately involved cyber security experts in the investigation process and mitigated the incident’s consequences. After the cyber attack the company’s systems remained partly inoperative. The Canadian manufacturer’s representatives claimed that specialists did everything possible to recover the affected systems, however, further fails in their work process are expected. The manufacturer does not disclose the attack’s peculiarities, but specialists believe that cyber criminals used a ransomware software to conduct the attack.

A similar incident happened to the Canadian supermarket chain Sobeys. On the 7th of November the company notified about the data leak which happened because of a cyber attack. Some Sobeys’ systems were damaged, however, specialists managed to recover them by the 11th of November. Despite Sobey’s officials do not disclose the attack’s peculiarities, cyber experts believe that the reason behind the supermarket network systems’ failure is the attack, conducted with the help of a ransomware software.

The insider was not on time

Situation: An American consulting company Booz Allen Hamilton disclosed a data leak, which happened because of insider’s actions.

Case study: According to the company officials’ statement, data on company’s employees was disclosed as the result of the incident. It turned out that one former employee downloaded a copy of company’s report, which was kept inappropriately on an internal website. It should be noticed, that the report contained data on the right of admission to the USA government. Highly probable that this data was the insider’s primary target. The compromised data also contained:

• Employees’ names
• Social security numbers
• Gender
• Race
• Ethnicity
• Dates of birth

The company officials claimed that the former employee didn’t misuse the stolen data. The affected employees were notified about the data leak, and they were provided two years free-of-charge credit monitoring.

Data leaked despite the measures taken

Situation: Because of an employee’s mistake hackers gained access to Whoosh scooter rental service client database.

Case study: On the 2nd of November Whoosh service representatives notified that the company experts spotted hackers’ activity in the company’s networks and prevented clients’ personal data leak. The service also initiated an internal investigation and contacted law enforcement authorities. However, on the 12th of November an unknown person uploaded database to a forum on the darknet for sale. The seller claimed that the database contained information on 7 million Whoosh users. The seller set the $4.000 price for purchasing the database. As the result of the incident such data as names, mobile phone numbers, email addresses, first and last bank card numbers was exposed. The intruders managed to obtain file with promo codes for free rides on Whoosh scooters.

A large healthcare data leak

Situation: Hackers published private and medical data on 500 clients of Australian health care company Medibank.

Case study: In October Medibank Private experienced a cyberattack, because of which IT specialists had to switch off some systems. Medibank representatives then claimed that the systems were not affected because of the incident and all the users’ data was not illicitly obtained. 

Lately unknown people got in touch with the company representatives and claimed that they had managed to steal 200 Tb of confidential data. The intruders provided company officials with an example of the company’s recordings, which were illicitly obtained from ahm and international student systems. Then Medibank representatives stated that the intruders actually managed to access clients’ data with the help of a ransomware software. According to the Medibank officials’ statement, all the Medibank private data and personal data of all foreign students was compromised. Overall, cyber criminals obtained data on 9.7 million company’s clients.

Hackers demanded a ransom and notified corporation executives that otherwise the stolen data would be published within 24 hours. However, Medibank managers decided not to stimulate cybercriminals. The executive director apologized for the incident. 

Who saw the black cat?

Situation: Hackers attacked French home goods chain Conforama.

Case study: Conforama was attacked by the BlackCat hacking group. The incident became known after intruders claimed they managed to steal 1 Tb of data. On their website hackers wrote that Conforama poorly deals with their clients’ data protection.

It is known that intruders told company representatives to contact them in 48 hours, in other case, they promised to publish the stolen data. Hackers claimed that they would misuse company clients’ financial data and leak all internal marketing and analytical documents to Conforama market competitors. 

It was not forgotten, it was just appropriately hidden 

Situation: Data on international pharmaceutical company AstraZeneca’s clients was exposed because of a developer’s mistake. 

Case study:  It turned out that in 2021 a developer forgot credentials for AstraZeneca’s server on GitHub. These credentials allowed to access Salesforce test cloud environment, which contained data on some AstraZeneca patients. The leak revealed information about patients who received medicine discounts.

TechCrunch experts notified AstraZeneca executives about the forgotten credentials on GitHub, and in a few hours the access to the repository, containing data was denied.

The pharmaceutical company representative stated that protection of clients’ data is among company’s most significant priorities. He also claimed that some data was exposed because of a user mistake. However, he didn’t explain why patients’ data was kept in the test environment and did not tell if intruders managed to obtain data.
 

ransomware Third party Human factor