At a glance.
- First responders' data exposed in Suffolk County, NY.
- Clop gang hits UK police IT contractor.
- Accidental data exposure reported at children's rehab center.
- Hiker data compromised.
HR system breach leaks first responder data.
The personal data of thousands of first responders were potentially compromised in a ransomware attack on UKG, developer of the human resources system Kronos, used by New York state’s Suffolk County government. As WSHU reports, the impact of the breach is unclear because the county hadn’t yet fully implemented the Kronos system at the time of the attack, and UKG has been tight-lipped regarding details. It has been confirmed, however, that the contact information for nearly four thousand police officers, sheriff deputies, and emergency workers had been entered into the system. The UKG attack has impacted HR systems across the nation, resulting in delayed paychecks for some workers.
As if a speeding ticket weren’t costly enough.
Across the pond, sensitive data stored by Britain’s law enforcement agencies was exfiltrated by hackers in a recent security breach that was the result of a successful phishing operation. The Mail Online explains that the Clop threat group acquired the data when it infiltrated the systems of Dacoll, an IT firm with access to the police national computer (PNC). When Dacoll refused to meet Clop’s ransom demands, the cybergang spilled some of the data, which includes images of motorists caught speeding by the national Automatic Number Plate Recognition (ANPR) system, on the dark web. National security expert Philip Ingram said: “The damage caused by this kind of data leak is unfathomable as it brings into question the cybersecurity arrangements that exist between multiple public and private organisations to manage sensitive law enforcement data.”
Children’s rehab center accidentally exposes personal data.
Five Counties Children’s Centre, a rehabilitation center in Ontario, Canada that helps children strengthen their abilities and become active members of the community, experienced a “large” data breach, Kawartha 411 reports. Officials say the incident occurred when personal subject data related to upcoming appointments was inadvertently included in an email attachment. Fortunately the exposed information did not include dates of birth, phone numbers, or addresses, and the recipient of the email has assured the center that the data has been deleted. The individuals impacted are being notified.
Israeli hiker data compromised in Sharp Boys cyberattack.
The Jerusalem Post reports that the data of 100,000 users of popular Israeli hiking websites Tiyuli and Lametayel were published on the dark web by cybercriminal group the Sharp Boys. The stolen data includes email and street addresses, photos, and phone numbers, and the group says there’s more where that came from, as they claim to be in possession of the data of three million individuals. As of Saturday, both websites were shut down, and a message from the threat group offered up the data for sale, though no ransom demand was mentioned. It’s unclear if the attack has political motivations.