At a glance.
- Affirm says customer data was breached during Evolve attack.
- LockBit claims attack on Croatian hospital.
- Patelco Credit Union sustains ransomware attack.
- Traeger patches smart grill vulnerabilities.
Affirm says customer data was breached during Evolve attack.
Financial technology company Affirm has disclosed that some of its customer data was breached during a LockBit attack against Evolve Bank, the Register reports. Affirm said in an SEC filing, "Because the Company shares the Personal Information of Affirm Card users with Evolve to facilitate the issuance and servicing of Affirm Cards, the Company believes that the Personal Information of Affirm Card users was compromised as part of Evolve’s cybersecurity incident. However, the Company’s information systems were not compromised, nor was the ability for Affirm Card holders to continue using their Affirm Card. This incident has not impacted any other part of the Company’s business or operations."
Evolve has shared additional information on the incident, stating that the attack began when an employee clicked on a malicious link. The company added, "There is no evidence that the criminals accessed any customer funds, but it appears they did access and download customer information from our databases and a file share during periods in February and May. The threat actor also encrypted some data within our environment. However, we have backups available and experienced limited data loss and impact on our operations. We refused to pay the ransom demanded by the threat actor. As a result, they leaked the data they downloaded. They also mistakenly attributed the source of the data to the Federal Reserve Bank."
LockBit claims attack on Croatian hospital.
The LockBit ransomware gang has claimed responsibility for an attack against the University Hospital Centre in Zagreb, Croatia's largest hospital, on the night of June 24th, the Record reports. The attack forced the hospital to revert to manual processes. LockBit claims to have stolen a wide range of patients' personal and health information, and has set a ransom deadline for July 18th.
Patelco Credit Union sustains ransomware attack.
Patelco Credit Union sustained a ransomware attack that caused it to shut down several of its customer-facing banking systems, BleepingComputer reports. The credit union stated, "On June 29, 2024, Patelco Credit Union experienced a ransomware attack. Our priority is the safe and secure restoration of our banking systems. We continue to work alongside leading third-party cybersecurity experts in support of this effort. We have also been cooperating with regulators and law enforcement."
Patelco added, "To our valued members – please know that if you incur a late payment fee because of this outage, rest assured we will reimburse you for those fees. If any of our members have concerns about late payments impacting their credit score, we will write letters on your behalf. We will also waive any Patelco overdraft, late payment, or ATM fees until we are back up and running."
Traeger patches smart grill vulnerabilities.
Bishop Fox has disclosed two vulnerabilities impacting Traeger WiFi-connected grills. The vulnerabilities affect the Traeger Grill D2 Wi-Fi Controller, an embedded device that allows users to control their grills via a mobile device. The researchers explain, "Specifically, the API responsible for grill registration lacked sufficient authorization controls to prevent users from registering other users’ existing grills if an attacker obtained the grills’ 48-bit identifiers. Consequently, an attacker could leverage this finding to control another user’s grill and carry out sensitive operations such as changing the temperature during a cooking cycle."
Traeger has already pushed automatic firmware updates to patch the flaws.