Malware
Siemens Energy Exposes Shocking Data Theft by MOVEit Attack
Siemens Energy has confirmed a data breach after a cyber attack on the file transfer system Moveit. The company has notified affected customers and is working to investigate the incident. It is unclear how many customers have been affected or what information was accessed during the breach. Siemens Energy has advised customers to monitor their accounts for any suspicious activity.
Siemens Energy Confirms Data Breach in Clop Ransomware Attack
Siemens Energy, a Munich-based energy technology company, has confirmed that data was stolen during the recent Clop ransomware data-theft attacks using a zero-day vulnerability in the MOVEit Transfer platform. The company designs, develops, and manufactures a wide range of industrial products, including industrial control systems (ICS), state-of-the-art power, heat generation units, renewable energy systems, on and off-site energy delivery systems, and flexible power transmission solutions. Siemens Energy also provides a wide range of cybersecurity consulting services for the oil and gas industry, including incident response plans, vulnerability assessment, and patch management.
Clop Ransomware Attack and Data Theft
As part of Clop’s extortion strategy, they first begin listing a company’s name on their data leak site to apply pressure, followed by the eventual leaking of data. Today, Clop listed Siemens Energy on their data leak site, indicating that data was stolen during a breach on the company. While no data has been leaked at this time, a Siemens Energy spokesperson confirmed that they were breached in the recent Clop data-theft attacks utilizing a MOVEit Transfer zero-day vulnerability tracked as CVE-2023-34362. However, Siemens Energy says that no critical data was stolen, and business operations were not impacted. “Regarding the global data security incident, Siemens Energy is among the targets,” confirmed Siemens Energy to us. “Based on the current analysis no critical data has been compromised and our operations have not been affected. We took immediate action when we learned about the incident.”
Schneider Electric Investigating
Along with Siemens Energy, Clop claims to have stolen data from MOVEit Transfer systems of another industry giant, Schneider Electric. The French multinational company, with an annual revenue of over $37 billion, specializes in digital automation and energy management, and its products are used in a broad range of vital industries worldwide. “On May 30th, 2023, Schneider Electric became aware of vulnerabilities impacting Progress MOVEit Transfer software. We promptly deployed available mitigations to secure data and infrastructure and have continued to monitor the situation closely,” mentions the firm’s statement to us. “Subsequently, on June 26th, 2023, Schneider Electric was made aware of a claim mentioning that we have been the victim of a cyber-attack relative to MOVEit vulnerabilities.” “Our cybersecurity team is currently investigating this claim as well.”
How Did the IBM MOVEit Data Breach Impact Missouri’s Health Information?
The ibm moveit data breach exposes raised concerns about the impact on Missouri’s health information. The breach compromised sensitive patient data, leading to potential privacy breaches and security vulnerabilities. The incident highlights the need for enhanced security measures and increased cybersecurity awareness within the healthcare sector to safeguard patients’ personal information.
How Was the Data Theft in the IBM MOVEit Breach Discovered?
In the case of the colorado data breach: 4 million records compromised, the discovery of the data theft in the IBM MOVEit breach came through rigorous monitoring protocols. Suspicious activities were flagged, leading to a thorough investigation which ultimately uncovered the unauthorized access and extraction of sensitive data. Vigilance and advanced security measures played a crucial role in identifying the breach and mitigating its impact.
Impact of Clop’s MOVEit Attacks
The impact of Clop’s MOVEit attacks is still unfolding, as new victims are being disclosed on the gang’s website, and data published daily. The attacks have impacted companies, federal government agencies, and local state agencies, leading to widespread data breaches that have exposed the sensitive data of millions of people. Yesterday, The New York City Department of Education (NYC DOE) admitted that Clop stole documents containing the sensitive personal information of up to 45,000 students. Other victims that already disclosed data breaches related to the MOVEit Transfer attacks include the U.S. state of Missouri, the U.S. state of Illinois, Zellis (along with its customers BBC, Boots, Aer Lingus, and Ireland’s HSE), Ofcam, the government of Nova Scotia, the American Board of Internal Medicine, and Extreme Networks.
Malware
Dell Sounds Alarm on Massive Data Breach: 49 Million Customers Potentially Impacted
Dell has warned 49 million customers of a potential data breach as unauthorized individuals attempted to extract customer data from its network. The company has reset all affected users’ passwords and is urging them to stay vigilant for any suspicious activity.
Did you know that Dell recently experienced a data breach? A threat actor claimed to have stolen information for approximately 49 million customers. As a result, Dell started sending out data breach notifications to customers, informing them that a Dell portal containing customer information related to purchases was breached.
Now, you might be wondering, what kind of information was accessed during this breach? Well, according to Dell, the following information was compromised:
- Name
- Physical address
- Dell hardware and order information, including service tag, item description, date of order, and related warranty information
Fortunately, the stolen information does not include financial or payment information, email addresses, or telephone numbers. Dell is currently working with law enforcement and a third-party forensics firm to investigate the incident.
How did this happen?
As reported by Daily Dark Web, a threat actor named Menelik tried to sell a Dell database on the Breach Forums hacking forum on April 28th. The threat actor claimed to have stolen data from Dell for “49 million customers and other information systems purchased from Dell between 2017-2024.” While we haven’t been able to confirm if this is the same data that Dell disclosed, it matches the information listed in the data breach notification.
The post on Breach Forums has since been deleted, which could indicate that another threat actor purchased the database.
What does this mean for Dell customers?
Although Dell doesn’t believe there is significant risk to its customers given the type of information involved, the stolen information could potentially be used in targeted attacks against Dell customers. Without email addresses, threat actors might resort to targeting specific people with physical mailings containing phishing links or media (DVDs/thumb drives) to install malware on targets’ devices.
Think this sounds far-fetched? Well, similar attacks have happened in the past. For instance, tampered Ledger hardware wallets were physically mailed, which then stole cryptocurrency, or gifts with USB drives were sent that installed malware.
Since the database is no longer being sold, there’s a good chance a threat actor is trying to monetize it in some way through attacks. So, what can you do to protect yourself?
Stay vigilant and be cautious
Be wary of any physical mailings or emails you receive that claim to be from Dell, asking you to install software, change passwords, or perform some other potentially risky action. If you receive any suspicious communication, contact Dell directly to confirm its legitimacy.
Remember, knowledge is power, and staying informed about cybersecurity threats is essential to protecting yourself and your information. Don’t hesitate to contact us for more information and resources on cybersecurity, and keep coming back to learn more.
Malware
800K Users Compromised: The Alarming 2023 MOVEit Cyberattack Unleashed
Learn how the University System of Georgia suffered a massive data breach in 2023, exposing the personal information of over 800,000 individuals. Discover the role of the Moveit attack and its impact on cybersecurity in the education sector. Stay informed on the latest data protection measures to keep your information safe.
Imagine waking up one day to find out your personal information, including your Social Security number and bank account details, has been stolen by cybercriminals. This is what happened to 800,000 individuals when the University System of Georgia (USG) fell victim to the notorious Clop ransomware gang in 2023.
USG, a state government agency responsible for operating 26 public colleges and universities in Georgia, was among the first to be compromised in a massive worldwide data theft campaign conducted by the Clop gang. They exploited a zero-day vulnerability in the Progress Software MOVEit Secure File Transfer solution, impacting thousands of organizations around the globe.
How the breach unfolded
With the help of the FBI and CISA, USG eventually determined that sensitive files had been stolen from its systems. Almost a year later, they began notifying the impacted individuals, revealing that the cybercriminals accessed the following information:
- Full or partial (last four digits) of Social Security Number
- Date of Birth
- Bank account number(s)
- Federal income tax documents with Tax ID number
Considering the type of information exposed and the fact that the number of impacted individuals is larger than the number of students under USG, it’s likely that prior students, academic staff, contractors, and other personnel were also affected.
USG submitted a sample of the data breach notice to the Office of the Maine Attorney General, stating that the data breach impacts 800,000 people. Interestingly, the entry on Maine’s portal also lists driver’s license numbers or identification card numbers as exposed data types, although these are not mentioned in the notice.
What’s being done to help the victims?
To help those affected, USG is now offering 12 months of identity protection and fraud detection services through Experian. Impacted individuals have until July 31, 2024, to enroll in these services.
Unfortunately, the MOVEit attacks by Clop were one of the most successful and prolific extortion operations in recent history. Over a year after the attacks took place, organizations are still discovering, confirming, and disclosing breaches, extending the aftermath of the cyber-attacks.
Emsisoft’s dedicated counter of MOVEit victims lists 2,771 impacted organizations and nearly 95 million individuals whose personal data now resides in Clop’s servers. Some of that data was published on Clop’s extortion portal on the dark web, some were sold to other cybercrime groups, and some remain to be monetized in the future.
What can you do to protect yourself?
This data breach serves as a stark reminder of the importance of cybersecurity and vigilance in our increasingly digital world. Organizations and individuals must prioritize cybersecurity measures, such as using strong, unique passwords, enabling multi-factor authentication, and regularly updating software and systems.
For more information on how to protect yourself and your organization from cyber threats, don’t hesitate to contact us. Our team at IT Services is dedicated to helping you stay safe in this ever-evolving digital landscape. Keep checking back for more insights and advice on cybersecurity!
Malware
DocGo Reveals Devastating Cyberattack: Hackers Breach and Steal Crucial Patient Health Data
Medical transportation company DocGo disclosed a cyberattack that led to unauthorized access of patients’ health data. The company has taken steps to enhance security measures and is working with cybersecurity experts to investigate the incident, emphasizing the importance of safeguarding sensitive information and preventing future breaches.
Imagine this: you’re at home, recovering from a recent surgery, when suddenly you receive a letter from your healthcare provider. They inform you that your personal health information has been compromised due to a cyberattack. This nightmare scenario recently became a reality for some patients of mobile medical care firm, DocGo.
DocGo’s Cybersecurity Breach: What Happened?
DocGo is a healthcare provider offering mobile health services, ambulance services, and remote monitoring for patients in 30 US states and across the United Kingdom. In a recent filing with the SEC, DocGo confirmed that it had suffered a cyberattack when threat actors breached its systems and stole patient health data.
Upon detecting unauthorized activity, DocGo promptly took steps to contain and respond to the incident. They launched an investigation with the assistance of leading third-party cybersecurity experts and notified relevant law enforcement.
The Aftermath: How DocGo Responded
Although DocGo did not share specifics about how they responded to the incident, organizations typically shut down their IT systems after detecting a breach to prevent the attack from spreading. As part of DocGo’s investigation, it was determined that the hackers stole protected health information from a “limited number of healthcare records” for the company’s US-based ambulance transportation business.
DocGo is now actively reaching out to individuals whose data was compromised in the attack. They stress that no other business units have been affected, and they have found no evidence of continued unauthorized access. Additionally, DocGo does not believe that the attack will have a material impact on the company’s operations and finances.
Who’s Responsible and What’s Next?
No threat actors have claimed responsibility for the breach. However, if it was a ransomware attack and a ransom is not paid, it’s likely that the stolen data will be used as leverage in the future to extort DocGo. We contacted DocGo to learn how many people were affected by the breach, but a reply was not immediately available.
Stay Informed, Stay Protected
This recent cyberattack on DocGo is a stark reminder of the importance of cybersecurity – not just for businesses, but for individuals as well. As personal information becomes more interconnected and accessible through technology, it’s crucial to stay informed about potential threats and take necessary precautions to safeguard your data.
If you want to learn more about cybersecurity and how to protect yourself and your information, don’t hesitate to contact our IT Services team for expert advice and assistance. And remember – knowledge is power. Keep coming back to stay informed and stay protected.
Dell Sounds Alarm on Massive Data Breach: 49 Million Customers Potentially Impacted
800K Users Compromised: The Alarming 2023 MOVEit Cyberattack Unleashed
DocGo Reveals Devastating Cyberattack: Hackers Breach and Steal Crucial Patient Health Data
Flagstar Bank’s Latest Data Breach: 800,000 Customers Impacted, Marking the Third Incident of 2021
Blackbaud: Taking Responsibility with a Landmark $49.5 Million Settlement for Devastating Ransomware Data Breach
Top Data Protection Officer Certification Courses Reviewed
-
Malware7 months agoFlagstar Bank’s Latest Data Breach: 800,000 Customers Impacted, Marking the Third Incident of 2021
-
Malware7 months ago
Blackbaud: Taking Responsibility with a Landmark $49.5 Million Settlement for Devastating Ransomware Data Breach
-
Data Protection Regulations6 months ago
Top Data Protection Officer Certification Courses Reviewed
-
Security Audits and Assessments6 months ago
Mastering Healthcare Data Security: 5 Essential Audit Tips
-
Data Protection Regulations6 months ago
Top 11 Data Protection Training Programs for Compliance
-
Security Audits and Assessments6 months ago
HIPAA Security Risk Assessment: Essential Steps Checklist
-
Data Protection Regulations6 months ago
9 Best Insights: CCPA’s Influence on Data Security
-
Data Protection Regulations6 months ago
Navigating Data Protection Laws for Nonprofits
