Monthly Breach Report: April 2021 Edition
March was a big month for breaches and impacted some of the world’s largest companies and agencies.
Massive Microsoft Vulnerability Rapidly Exposes Data of Tens of Thousands of Organizations
A China-based espionage group began exploiting flaws in Microsoft Exchange Server email software, setting the stage for hundreds of thousands of victim organizations worldwide with tools that provide attackers total remote control over affected systems. Exchange Online was not impacted.
From early January through early March, at least 30,000 organizations were hacked by attackers exploiting four zero-day vulnerabilities, siphoning email communications from internet-facing systems running Exchange. The criminal work rapidly spread to what cybersecurity experts estimated could potentially become hundreds of thousands of vulnerable accounts.
Microsoft Exchange Server is an email inbox, calendar, and collaboration solution. Users range from enterprise giants and government agencies to small and medium-sized businesses worldwide. All of these organizations hold individuals’ sensitive and private personal data. When used in an attack chain, the vulnerabilities can result in server hijacking, backdoors, data theft, and potentially further malware deployment.
Exploits of the flaws have been traced back to Hafnium, a China state-sponsored advanced persistent threat group using VPNs in the US to mask their locations.
Microsoft released patches and directed customers to take rapid action. The speed and full uptake of patches will determine the ultimate damage and number of accounts affected.
Sources:
Personal Data of Hundreds of Thousands of Passengers Stolen from Global Airline IT Provider
SITA provides IT services to about 90 percent of all airlines operating in the world. Hackers gained access to hundreds of thousands of passengers’ personal sensitive data such as names, tier status, and membership numbers. According to a statement by SITA, ”This was a highly sophisticated attack. SITA acted swiftly and initiated targeted containment measures. The matter remains under continued investigation by SITA’s Security Incident Response Team with the support of leading external experts in cyber-security.”
The hacked SITA PSS Servers holding massive stolen personal passenger data are located in Atlanta, GA. While data is still being gathered, initial findings are that 2.1 million passengers have been impacted. Top-flight One World and Star Alliance airlines are scrambling to communicate with passengers and advising on firewall, endpoint security, and identity theft protection services.
Sources:
12 Billion Records with Sensitive Data in ESG Management and Data Analytics Firm Exposed
UK Data Analytics company, Polecat, exposed an Elasticsearch server that wasn’t protected with any authentication measures or any form of encryption and was attacked as early as October 2020. Communication from Polecat was released at the start of March 2021 that 30 TB of data was wiped, including business records dating back to 2007. The wiped data contained employee usernames and passwords, more than 6.5 billion tweets, over a billion posts from a myriad of websites and blogs, and social media records.
The server also exposed some well-protected usernames and hashed passwords belonging to Polecat’s employees. “. . . [T]he company is aware of the security measures required to protect its data and that the server exposure was likely a result of human error,” researchers noted. Cyber experts added that anyone could have accessed records stored on the unprotected server.
Sources:
A Fast Way to Lose Your Privacy
The personal data of more than 440,000 online shoppers and parcel recipients was stolen in a cyber-attack on Irish delivery firm Fastway Couriers. A third party notified Fastway in early March that about a month’s worth of records had been stolen. Affected data included names, addresses, email addresses, and phone numbers.
Fastway CEO released a statement saying, “It is distressing that our IT system was compromised by a malicious hack as we are exceptionally careful in every aspect of our data protection obligations. I deeply regret that people’s personal data has been compromised and I apologise to our clients and their customers.”
Sources:
Another Unhealthy Data Breach
Healthcare data breaches of Elara Caring and Woodside Provider Services impacting more than 300,000 patients were conducted from Q4 2020 through Q1 2021. Netgain Technology hosts their IT network and computer systems. Netgain notified Elara and Woodcreek that its systems had been compromised by a security incident, which led to unauthorized access to some systems.
A phishing email was sent to employees which enabled a hacker to gain access to several employee accounts. Protected health information (PHI) may have been leaked during this data breach. As many as 100,400 patients had sensitive data exposed.
Elara and Woodcreek implemented further security measures, launched an investigation, notified law enforcement, undertook a company-wide password reset on all emails, and communicated the breach along with two years’ paid Experian services.
Sources:
Phony IRS Email Scam Hits Student and Staff Inboxes
The IRS began warning at the end of March that a scam had been reported against college students and staff. “The phony emails look real, often displaying the IRS logo and a subject line that reads ‘Tax Refund Payment’ or ‘Recalculation of your tax refund payment.’” Recipients are then prompted to click a link to a site and submit a form with their personal information in order to claim their supposed refund, including Social Security number, annual gross income, and electronic filing PIN.
“Do not open the link. Instead, it should be reported immediately to the appropriate authorities,” warned the IRS. The IRS also provided instructions how to safely report any fraudulent offers.
Sources:
Don’t let your private data be next month’s big headline. Find out how PK Protect can safeguard both your data and your organization. Get a free demo now.