Reports: breaches at Cox Communication and DDC. Data breach in South Australia. A case of human error.

Summary

By the CyberWire staff

At a glance.

Report: breach at Cox Communication.
Report: test subject breach at DDC.
Data breach in South Australia.
A case of human error.

Cox Communications intrusion likely a social engineering attack.

US digital cable provider and telecom Cox Communications has confirmed a threat actor gained access to customer data by impersonating a customer support agent. Cox learned of the incident in October, and though details are few, it’s likely the intruder used social engineering strategies to infiltrate Cox’s internal systems. The breach notification reads, “We immediately launched an internal investigation, took steps to secure the affected customer accounts, and notified law enforcement of the incident.” The potentially exposed data includes customer names, contact info, Cox account numbers, usernames, PIN codes, and security questions and answers. Bleeping Computer asked Cox for details regarding the number of impacted customers and how the breach took place, but did not receive a response.

DNA Diagnostics Center suffers test subject data breach.

The data breach of US paternity testing firm DNA Diagnostics Center (DDC ) has potentially exposed the data of more than 2.1 million individuals. CPO Magazine explains that the attacker compromised a database archive containing test subject data collected between 2004 and 2012, and potentially exfiltrated data from the database between May 24 to July 28. The compromised data includes full names, Social Security numbers, credit and debit card info, financial account numbers, and system passwords. On the bright side, no genetic data was stolen. DDC’s statement attempted to minimize the impact of the incident, noting that the breached system is no longer in use and that the data in question had been acquired from another entity. “DDC acquired certain assets from this national genetic testing organization in 2012 that included certain personal information, and therefore, impacts from this incident are not associated with DDC,” the testing firm stated.

South Australia government hit by third-party attack.

The ransomware attack of payroll software provider Frontier Software has compromised the data of tens of thousands of South Australia (SA) employees, possibly including political leaders like Premier Steven Marshall. ABC reports that Frontier, which has supplied payroll services to the SA government since 2001, was hit with ransomware last month, and the hackers have already published stolen data on the dark web. Treasurer Rob Lucas stated, "The highest of the high to the lowest of the low and all of the rest of us in between are potentially impacted, with the exception of teachers and the Department for Education.” (The education department, fortunately, doesn’t use Frontier’s services.) Government officials say their main focus is the welfare of employees, and that employee pay cycles should not be interrupted as a result of the attack. Still, the breach has some officials questioning the security of the SA government’s systems. Shadow Treasurer Stephen Mullighan commented "It is now clear the Marshall Liberal government can't be trusted to keep South Australians' data safe...The government has to explain why a security breach that happened four weeks ago is being revealed only now.”

School district breach caused by human error.

The accidental exposure of an Ohio school district’s student data has ended with the retirement of the staff member at fault, Fox 8 Cleveland WJW reports. A letter to parents explained that the staff member, intending to send each student’s transcripts to their parents, accidentally sent all families the entire senior class’s partial transcripts, including student names, contact info, grades, student ID numbers, and state test scores. The staff member was placed on immediate paid administrative leave and subsequently announced their retirement. Both the US Department of Education’s Federal Student Privacy Policy Office and the Ohio Department of Education were notified and have praised the district for its handling of the incident.

Selected Reading

Karakurt Rises from Its Lair (Accenture) New threat group Karakurt begins operations. Learn about this financially motivated group, how it operates and how to mitigate its attacks. Learn more.

ALPHV BlackCat - This year's most sophisticated ransomware (BleepingComputer) The new ALPHV ransomware operation, aka BlackCat, launched last month and could be the most sophisticated ransomware of the year, with a highly-customizable feature set allowing for attacks on a wide range of corporate environments.

A Brand Impersonation - Credential Phishing (Armorblox) This blog looks at a brand impersonation attack that steals victims’ Charles Schwab account credentials. The email has a social engineered payload, pretending to be a Charles Schwab security message, asking the user to log into their Charles Schwab account to read the message.

NSO spyware found on activists’ phones in Kazakhstan (Haaretz) Amnesty International’s Security Lab confirms phones were actually infected with NSO’s Pegasus software, just weeks after Apple alerted the victims to a ‘state-sponsored’ hack.

Kazakhstan: Four activists’ mobile devices infected with Pegasus Spyware (Amnesty International) Amnesty International’s Security Lab has confirmed that at least four Kazakhstani civil society activists have had their mobile devices infected with NSO Group’s Pegasus spyware. A forensic analysis shows that all four activists had been targeted and their devices infected from as early as June 2021, Amnesty International said today. “This case adds to an already mounting pile of evidence that NSO’s spyware […]

SnapHack: Watch out for those who can hack into anyone’s Snapchat! (WeLiveSecurity) This is how easy it may be for somebody to hijack your Snapchat account – all they need to do is peer over your shoulder.

Premier could be among thousands of SA government employees affected by cyber attack (ABC) The South Australian government says the personal details of up to 80,000 workers — including potentially the Premier — have been accessed in a cyber attack on an external payroll software provider.

Cox discloses data breach after hacker impersonates support agent (BleepingComputer) Cox Communications has disclosed a data breach after a hacker impersonated a support agent to gain access to customers' personal information.

DNA Testing Firm Data Breach Exposed Sensitive Information of More Than 2.1 Million People (CPO Magazine) DNA Diagnostics Center (DDC) filed a data breach notification with the Maine Attorney General’s office disclosing that hackers accessed sensitive details of more than 2.1 million people.

Bay Village High School staff member retiring after private records released for entire senior class (Fox 8 Cleveland WJW) The Bay Village City School District gave an update Thursday after private student records for the entire senior class were released last month.

Saudi activist sues 3 former U.S. officials over hacking (Washington Post) Loujain al-Hathloul, a prominent Saudi political activist who pushed to end a ban on women driving in her country, is suing three former U.S. intelligence and military officials she says helped hack her cellphone so a foreign government could spy on her before she was imprisoned and tortured.

Saudi human rights activist files lawsuit against former US intelligence operatives for hacking scandal (ZDNet) The Justice Department faced criticism in September for only fining the three former US intelligence operatives after they broke multiple US laws through their offensive hacking of protesters and journalists for the UAE.

Saudi Human Rights Activist, Represented by EFF, Sues Spyware Maker DarkMatter For Violating U.S. Anti-Hacking and International Human Rights Laws (Electronic Frontier Foundation) EFF filed a lawsuit today on behalf of prominent Saudi human rights activist Loujain AlHathloul against spying software maker DarkMatter Group and three of its former executives for illegally hacking her iPhone to secretly track her communications and whereabouts.

CDT report highlights 'big data policing' loopholes with data brokers (Protocol) CDT thinks Congress should plug data broker gaps allowing law enforcement to circumvent laws by buying data from commercial vendors.

Insurer's Data Breach Claims Get Trimmed Before Trial (Law360) A Missouri federal judge handed Warden Grier a partial win by throwing out a breach of fiduciary duty claim levied by Hiscox Insurance Co. over a data hack, though she allowed the insurer's other breach of contract and professional negligence claims to go to trial.