Malware
US Nuclear Lab Data Breach: 45,000 People Impacted by Shocking Cyber Attack
The US Department of Energy’s Pacific Northwest National Laboratory (PNNL) has experienced a data breach affecting 45,000 individuals. Personal information, including names and social security numbers, was exposed, but no classified information was accessed. PNNL is offering free identity theft protection services to those impacted by the incident.
Did you know that the personal information of more than 45,000 individuals was stolen in a recent cyber attack? Just last month, the Idaho National Laboratory (INL) confirmed that attackers breached its cloud-based Oracle HCM HR management platform and made off with a treasure trove of sensitive data.
Who is INL and why does this matter?
As one of the 17 U.S. Department of Energy’s (DOE’s) national laboratories, INL employs over 6,100 researchers and support staff involved in vital national security and nuclear research. So, you can imagine that any security breach affecting this prestigious research lab is a cause for concern.
On November 20, INL acknowledged the “cybersecurity data breach” that impacted its off-site Oracle HCM system just one day earlier. As we speak, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are conducting a joint investigation to determine the full impact of this breach.
How many people were affected?
According to breach notification letters filed with the Maine Attorney General’s Office, the attackers managed to exfiltrate the data of 45,047 current and former employees (including postdocs, graduate fellows, and interns), as well as their dependents and spouses. However, the breach did not affect employees hired after June 1, 2023.
The laboratory is still investigating the full impact of the incident, but they have confirmed that multiple forms of sensitive personally identifiable information (PII) were affected, including names, social security numbers, salary information, and banking details.
Thankfully, INL’s own network and other networks or databases used by employees, lab customers, or contractors were not impacted. The breach only affected the cloud-based Oracle HCM test environment that resides off-site. INL stated, “A well-known hacking organization has taken responsibility via social media, but a full investigation must be completed to confirm this information.”
Who’s behind the attack?
While INL hasn’t officially attributed the attack to a specific group, the hacktivist group SiegedSec claimed responsibility for the attack on November 20 and leaked stolen human resources data on a hacking forum.
Interestingly, SiegedSec made no attempt to negotiate or demand a ransom from INL. Instead, they directly published the stolen data online, just as they had done previously with data allegedly stolen from NATO and Atlassian.
The group provided evidence of their access to INL’s systems by sharing a custom announcement they made using INL’s system to notify everyone on the campus, along with screenshots of internal INL tools. SiegedSec claims the leaked data includes a wide range of sensitive information, such as full names, dates of birth, email addresses, phone numbers, Social Security Numbers (SSN), physical addresses, and employment information.
What can you do to protect yourself?
This latest breach serves as a stark reminder of the importance of cybersecurity in today’s digital age. To keep your personal information safe, it’s essential to stay informed and vigilant. Make sure you’re using strong, unique passwords for each of your online accounts, enabling multi-factor authentication when possible, and keeping your devices updated with the latest security patches.
And if you’re worried about cybersecurity or think your business could benefit from expert advice, don’t hesitate to contact us. We’re here to help you navigate the ever-evolving world of cybersecurity and keep your valuable data protected. So, keep coming back to learn more and stay ahead of the game!
Malware
Massive Ohio Lottery Ransomware Attack: Shocking Impact on Over 538,000 Individuals
The Ohio Lottery experienced a ransomware attack, compromising the personal information of over 538,000 individuals. The cybercriminals behind the attack demanded a ransom of 50 bitcoin, which the Lottery refused to pay. The affected data includes names, addresses, social security numbers, and birth dates of past winners and employees.
Imagine waking up on Christmas Eve to find out that your personal information has been compromised in a cyberattack. That’s precisely what happened to over 538,000 individuals when the Ohio Lottery experienced a data breach on December 24, 2023.
In a filing with the Office of Maine’s Attorney General, it was revealed that the attackers gained access to names, Social Security numbers, and other personal identifiers. Thankfully, the Ohio Lottery assured that the gaming network was not affected by the incident.
Even though no evidence of fraud using the stolen information was found, the Ohio Lottery provided free credit monitoring and identity theft protection services to all potentially impacted individuals, just to be on the safe side.
DragonForce Ransomware Gang Claims Responsibility
While the Ohio Lottery didn’t disclose the nature of the incident, the DragonForce ransomware gang claimed responsibility for the attack a few days later. The group stated that they encrypted devices and stole documents belonging to both customers and employees of the Ohio Lottery.
On December 27, the ransomware group mentioned on their dark web leak site that they had stolen over 3 million records. After negotiations failed, the gang leaked four .bak archives and multiple CSV files on January 22, allegedly taken from the Ohio Lottery’s systems.
According to DragonForce, the 94 GB of leaked data contains 1.5 million records with Ohio Lottery clients’ names, Social Security numbers, and dates of birth.
DragonForce ransomware seems to be a relatively new operation, having exposed its first victim in December 2023. However, their tactics, negotiation style, and data leak site suggest that they are an experienced extortion group. With nearly four dozen victims listed on their leak site and law enforcement disrupting many ransomware operations recently, it’s possible that this group is a rebrand of a previously known gang.
DragonForce ransomware also claimed responsibility for a cyberattack that impacted Japanese probiotic beverage manufacturer Yakult’s IT systems in Australia and New Zealand in mid-December. Yakult disclosed the attack after the ransomware gang leaked what it claimed to be 95 GB of data stolen from the company’s compromised servers.
Don’t Let This Happen to You
Cyberattacks are becoming more and more sophisticated, and the stakes are higher than ever. With personal information at risk, it’s crucial to stay informed and take proactive steps to protect yourself and your data.
We’re here to help. Our IT Services can assist you in staying up-to-date with the latest cybersecurity threats, providing guidance on how to safeguard your information and helping you navigate the ever-changing digital landscape.
Contact us today to learn more about how we can help you stay secure in this increasingly interconnected world. And don’t forget to keep coming back for the latest cybersecurity news and updates.
Malware
Dell Sounds Alarm on Massive Data Breach: 49 Million Customers Potentially Impacted
Dell has warned 49 million customers of a potential data breach as unauthorized individuals attempted to extract customer data from its network. The company has reset all affected users’ passwords and is urging them to stay vigilant for any suspicious activity.
Did you know that Dell recently experienced a data breach? A threat actor claimed to have stolen information for approximately 49 million customers. As a result, Dell started sending out data breach notifications to customers, informing them that a Dell portal containing customer information related to purchases was breached.
Now, you might be wondering, what kind of information was accessed during this breach? Well, according to Dell, the following information was compromised:
- Name
- Physical address
- Dell hardware and order information, including service tag, item description, date of order, and related warranty information
Fortunately, the stolen information does not include financial or payment information, email addresses, or telephone numbers. Dell is currently working with law enforcement and a third-party forensics firm to investigate the incident.
How did this happen?
As reported by Daily Dark Web, a threat actor named Menelik tried to sell a Dell database on the Breach Forums hacking forum on April 28th. The threat actor claimed to have stolen data from Dell for “49 million customers and other information systems purchased from Dell between 2017-2024.” While we haven’t been able to confirm if this is the same data that Dell disclosed, it matches the information listed in the data breach notification.
The post on Breach Forums has since been deleted, which could indicate that another threat actor purchased the database.
What does this mean for Dell customers?
Although Dell doesn’t believe there is significant risk to its customers given the type of information involved, the stolen information could potentially be used in targeted attacks against Dell customers. Without email addresses, threat actors might resort to targeting specific people with physical mailings containing phishing links or media (DVDs/thumb drives) to install malware on targets’ devices.
Think this sounds far-fetched? Well, similar attacks have happened in the past. For instance, tampered Ledger hardware wallets were physically mailed, which then stole cryptocurrency, or gifts with USB drives were sent that installed malware.
Since the database is no longer being sold, there’s a good chance a threat actor is trying to monetize it in some way through attacks. So, what can you do to protect yourself?
Stay vigilant and be cautious
Be wary of any physical mailings or emails you receive that claim to be from Dell, asking you to install software, change passwords, or perform some other potentially risky action. If you receive any suspicious communication, contact Dell directly to confirm its legitimacy.
Remember, knowledge is power, and staying informed about cybersecurity threats is essential to protecting yourself and your information. Don’t hesitate to contact us for more information and resources on cybersecurity, and keep coming back to learn more.
Malware
800K Users Compromised: The Alarming 2023 MOVEit Cyberattack Unleashed
Learn how the University System of Georgia suffered a massive data breach in 2023, exposing the personal information of over 800,000 individuals. Discover the role of the Moveit attack and its impact on cybersecurity in the education sector. Stay informed on the latest data protection measures to keep your information safe.
Imagine waking up one day to find out your personal information, including your Social Security number and bank account details, has been stolen by cybercriminals. This is what happened to 800,000 individuals when the University System of Georgia (USG) fell victim to the notorious Clop ransomware gang in 2023.
USG, a state government agency responsible for operating 26 public colleges and universities in Georgia, was among the first to be compromised in a massive worldwide data theft campaign conducted by the Clop gang. They exploited a zero-day vulnerability in the Progress Software MOVEit Secure File Transfer solution, impacting thousands of organizations around the globe.
How the breach unfolded
With the help of the FBI and CISA, USG eventually determined that sensitive files had been stolen from its systems. Almost a year later, they began notifying the impacted individuals, revealing that the cybercriminals accessed the following information:
- Full or partial (last four digits) of Social Security Number
- Date of Birth
- Bank account number(s)
- Federal income tax documents with Tax ID number
Considering the type of information exposed and the fact that the number of impacted individuals is larger than the number of students under USG, it’s likely that prior students, academic staff, contractors, and other personnel were also affected.
USG submitted a sample of the data breach notice to the Office of the Maine Attorney General, stating that the data breach impacts 800,000 people. Interestingly, the entry on Maine’s portal also lists driver’s license numbers or identification card numbers as exposed data types, although these are not mentioned in the notice.
What’s being done to help the victims?
To help those affected, USG is now offering 12 months of identity protection and fraud detection services through Experian. Impacted individuals have until July 31, 2024, to enroll in these services.
Unfortunately, the MOVEit attacks by Clop were one of the most successful and prolific extortion operations in recent history. Over a year after the attacks took place, organizations are still discovering, confirming, and disclosing breaches, extending the aftermath of the cyber-attacks.
Emsisoft’s dedicated counter of MOVEit victims lists 2,771 impacted organizations and nearly 95 million individuals whose personal data now resides in Clop’s servers. Some of that data was published on Clop’s extortion portal on the dark web, some were sold to other cybercrime groups, and some remain to be monetized in the future.
What can you do to protect yourself?
This data breach serves as a stark reminder of the importance of cybersecurity and vigilance in our increasingly digital world. Organizations and individuals must prioritize cybersecurity measures, such as using strong, unique passwords, enabling multi-factor authentication, and regularly updating software and systems.
For more information on how to protect yourself and your organization from cyber threats, don’t hesitate to contact us. Our team at IT Services is dedicated to helping you stay safe in this ever-evolving digital landscape. Keep checking back for more insights and advice on cybersecurity!
Massive Ohio Lottery Ransomware Attack: Shocking Impact on Over 538,000 Individuals
Dell Sounds Alarm on Massive Data Breach: 49 Million Customers Potentially Impacted
800K Users Compromised: The Alarming 2023 MOVEit Cyberattack Unleashed
Flagstar Bank’s Latest Data Breach: 800,000 Customers Impacted, Marking the Third Incident of 2021
Blackbaud: Taking Responsibility with a Landmark $49.5 Million Settlement for Devastating Ransomware Data Breach
Top Data Protection Officer Certification Courses Reviewed
-
Malware7 months agoFlagstar Bank’s Latest Data Breach: 800,000 Customers Impacted, Marking the Third Incident of 2021
-
Malware8 months ago
Blackbaud: Taking Responsibility with a Landmark $49.5 Million Settlement for Devastating Ransomware Data Breach
-
Data Protection Regulations6 months ago
Top Data Protection Officer Certification Courses Reviewed
-
Security Audits and Assessments6 months ago
Mastering Healthcare Data Security: 5 Essential Audit Tips
-
Data Protection Regulations6 months ago
Top 11 Data Protection Training Programs for Compliance
-
Security Audits and Assessments6 months ago
HIPAA Security Risk Assessment: Essential Steps Checklist
-
Data Protection Regulations6 months ago
9 Best Insights: CCPA’s Influence on Data Security
-
Data Protection Regulations6 months ago
Navigating Data Protection Laws for Nonprofits
