At a glance.
- CNA confirms customer data exposed in ransomware attack.
- Mint Mobile customer numbers ported in cyberattack.
- Bank's customer data exposed.
CNA confirms ransomware attack exposed customer data.
Security Week reports that US commercial insurance provider CNA, who suffered a ransomware attack in March, has confirmed the attackers gained access to personal customer data. In a letter sent to customers, CNA disclosed that threat group Phoenix Locker infiltrated their systems for just over two weeks, during which they copied “a limited amount of information” before deploying the ransomware to encrypt CNA’s networks. “However, CNA was able to quickly recover that information and there was no indication that the data was viewed, retained or shared,” the letter reads. Sources say the hackers encrypted over 15,000 devices, including the computers of remote workers logged into the company's VPN. It’s estimated that CNA paid around $4 million in order to regain control of the information. Bleeping Computer adds that according to a filing with Maine's Attorney General, 75,349 individuals were impacted by the breach, and that the compromised files contained Social Security numbers and other sensitive info. It’s worth noting that Phoenix Locker is believed to be a new ransomware family developed by the Evil Corp threat group after sanctions deterred WastedLocker ransomware victims from meeting their ransom demands.
Chris Clements, VP of Solutions Architecture at Cerberus Sentinel notes that secondary extortion is now the new criminal normal:
"Ransomware operators are no longer content with simply encrypting systems and calling it a day. It’s commonplace now for a breach to involve exfiltration of any and all data cybercriminals can get their hands on whether to hold as a secondary extortion or to sell to the highest bidder on the dark web. A solid backup and restore strategy alone is no longer sufficient for ensuring that an organization will survive a compromise unscathed. Once data has been stolen there is no guarantee that it won’t be resold or even dumped for free by threat actors. There’s a temptation to dunk on companies in the security or cyber insurance market that get hit by cybercriminals, but the reality is that doing security well is extremely hard and the vast majority of organizations are only a mistake or two away from suffering the same. True resiliency to cyber-attacks like these must come from adopting an organization wide culture of security that focuses efforts both on prevention and detection of computer threats. Culture must start at the top with the understanding of the risks and commensurate commitment to the effort required to ensure that everything possible is being done to protect both the organizations and its customers."
Customer numbers ported in Mint Mobile breach.
This weekend, US cell phone carrier Mint Mobile notified its customers that hackers had not only accessed subscriber account information, but also ported phone numbers to another carrier, Bleeping Computer reports. Because the ported numbers could allow the perpetrator to launch additional attacks or gain access to 2-factor authentication codes, Mint Mobile is urging customers to "protect other accounts that use your phone number for validation purposes and to reset account passwords." Based on the information compromised, which includes call history, addresses, emails, and passwords, experts speculate the attacker hacked into user accounts or breached a Mint Mobile customer management application.
David Stewart, CEO of Approov, notes the lesson that data taken from one place can be used elsewhere:
"It's not clear exactly how this leak occurred but the takeaway is yet another reminder that data exfiltrated from one enterprise can easily be used to access data in another enterprise through scripting attacks such as credential stuffing. In other words, all companies should be implementing independent multi-factor login approaches just in case they are attacked via data extracted from another source."
Saryu Nayyar, CEO of Gurucul, sees a risk of identity theft:
“Mint Mobile, a regional mobile communications firm, has announced that 'a small number of users' have experienced an unauthorized transfer of their user data to another carrier. This seems to be a part of an attack aimed at gaining access over these accounts for identity purposes.
“Both Mint Mobile and its users should be monitoring accounts to ensure that both phone connections, and other accounts using phone numbers as authorization or validation, remain free of interference. By monitoring who is accessing these accounts and where and when they are being accessed, legitimate account holders can determine if their accounts are being used for illegitimate purposes, and if their data is being used to access other personal and financial data.”
North Carolina bank hit by data breach.
In April, an intruder gained access to customer data at Bank of Oak Ridge, based in the US state of North Carolina, wfmynews2.com reports. "We learned that an unauthorized actor accessed the system and may have viewed historical data containing certain customer data," stated the bank’s Marketing and Communications Manager, Skylar Mearing. The disruption in services at the time of the breach resulted in all five of the bank’s branches closing for two days while they restored their computer operations. The type of data exposed and the number of customers impacted have not been disclosed, but the bank has notified federal authorities and an investigation is underway.