At a glance.
- COVID-19 patient data leaks in the Netherlands.
- University of Pittsburgh Medical Center breached.
- Foxtons breach looking worse.
- What were those Mensa members thinking? Oh...here's some of it.
- Game development studio hit with ransomware.
Netherlands COVID-19 data leaked.
Municipal Health Services (GGD), the agency that oversees COVID-19 testing and vaccination in the Netherlands, experienced a data leak that exposed sensitive virus patient data, ComputerWeekly.com reports. The breach is the result of overly relaxed employee access privileges to two of GGD’s databases. Cybercriminals bribed GGD employees for access, and as a result, the addresses, telephone numbers, email addresses, and citizen service numbers of tens of thousands of individuals were compromised. The system’s security issues have been public knowledge for months; even health minister Hugo de Jonge stated in December that vulnerabilities were apparent and must be remedied. In response to the breach, the GGD is fast-tracking a transition to a more secure system and is instituting tighter access monitoring procedures.
Pittsburgh hospital data breach.
Cyberattacks on US hospitals continue. Becker’s Hospital Review reports that University of Pittsburgh Medical Center (UPMC), located in the US state of Pennsylvania, was the victim of a data breach that impacted more than 36,000 patients. The healthcare provider’s billing and legal services provider, Charles J. Hilton & Associates discovered last year that cybercriminals had illegally accessed their employee email accounts, and they notified UPMC in December that the hospital’s data had been among the data exposed. The compromised patient information included financial data and medical records.
Foxtons breach may be worse than anticipated.
Last October, the CyberWire discussed a recent malware attack on British real estate agency Foxtons. Foxtons disclosed the breach to the Information Commissioner’s Office (ICO), but chose not to inform its clients, as the agency claimed that no customer data had been compromised. However, Infosecurity Magazine reports, a customer has now come forward who says he discovered Foxtons customer data published on a dark web blog run by infamous ransomware group Egregor. The hackers claim that the posted data is only 1% of what they possess, and that the rest is being sold privately. The implication is that customer data was, in fact, stolen from Foxtons in what was evidently a ransomware attack. As Property Industry Eye notes, if Foxtons was previously aware that their clients were impacted, the company could be found negligent, as the General Data Protection Regulation requires that an organization not only report a breach to the ICO, but also that they contact any potentially impacted customers.
Hackers outsmart Mensa geniuses.
As the CyberWire noted earlier this month, Mensa UK experienced a data breach that led to the resignation of two of its board members, one of whom voiced his concerns that Mensa’s cybersecurity practices were insufficient. Now, Computing explains, the hackers have published 35MB of data on the dark web, including more than 700 messages from Mensa’s online member forum. Some of the conversations contain personally identifiable information like phone numbers and email addresses, while others include disparaging remarks about Mensa members. "From my examination of them, some contain strongly-held opinions about other Mensa members that I suspect the senders would not appreciate being made public,” stated cybersecurity analyst Graham Cluley.
Game developers sustain a ransomware attack.
CD PROJEKT RED, the shop that designed Cyberpunk 2077 and The Witcher, disclosed a ransomware attack that the studio says does not appear to have exposed players' personal data.
Chris Clements, VP of Solutions Architecture at Cerberus Sentinel, commented by email on the way in which a high profile in the news (and CD PROJEKT RED achieved one over problems with its widely anticipated Cyberpunk 2077 game) attracts hostile attention in cyberspace:
"High profile organizations like CD Project Red are targets of disproportionate attacks both due to their notoriety and the fact that their presence in the news gives attackers more ammunition to craft compelling phishing lures for social engineering attacks. In this case, it does appear that CD Project Red has handled the situation particularly well by proactively coming forward to announce the breach and to control the news narrative. It’s encouraging that they have reported that no customer data was accessed during the breach, however, if the attackers were able to exfiltrate source code for the popular Cyberpunk 2077 and Witcher games it could lead to more targeted exploit development aimed at a widespread player base. The decision to refuse to pay the attacker’s ransom demand is the right one here. With intact backups, CDPR should be able make a complete recovery, and if game code were stolen, there is no way to verify that the cybercriminals would not try to sell it anyway."
Javvad Malik, Security Awareness Advocate at KnowBe4 observed that it's about the data, and the best ways of monetizing that data:
"We've seen ransomware evolve, not only is it enough for criminals to encrypt data, but they will spend time within the victims' organization, stealing valuable data, working out which data is worth encrypting, and how much they should set the ransom at.
"In many cases, these criminals go undetected in victim organizations for many months at a time.
"So, it's important that organizations have the right controls in place to prevent these attacks from being successful in the first place and have some form of monitoring and threat detection in place to see when they have been breached and to respond quickly.
"The ransom demands are interesting because the criminals know that the organization can likely recover from backups. In this case, the ransomware itself isn't the issue - it's more of a statement to signal that they have breached the organization. The fact that the ransom note was addressed to them shows it was a targeted attack.
"While ransomware itself can cause issues and not everything may be backed up. The real demand for payment is in exchange for the criminals not leaking the information they've stolen. However, the issue with this approach is that even if the victim pays the money, there is no way to guarantee the criminals will actually delete the data."