More Signal. Less Noise.
Medical records leaked, in the Netherlands and Pittsburgh. Foxtons breach update. UK Mensa inadvertently overshares. Game developer hit with ransomware.
Special Section
Summary
By the CyberWire staff
At a glance.
- COVID-19 patient data leaks in the Netherlands.
- University of Pittsburgh Medical Center breached.
- Foxtons breach looking worse.
- What were those Mensa members thinking? Oh...here's some of it.
- Game development studio hit with ransomware.
Netherlands COVID-19 data leaked.
Municipal Health Services (GGD), the agency that oversees COVID-19 testing and vaccination in the Netherlands, experienced a data leak that exposed sensitive virus patient data, ComputerWeekly.com reports. The breach is the result of overly relaxed employee access privileges to two of GGD’s databases. Cybercriminals bribed GGD employees for access, and as a result, the addresses, telephone numbers, email addresses, and citizen service numbers of tens of thousands of individuals were compromised. The system’s security issues have been public knowledge for months; even health minister Hugo de Jonge stated in December that vulnerabilities were apparent and must be remedied. In response to the breach, the GGD is fast-tracking a transition to a more secure system and is instituting tighter access monitoring procedures.
Pittsburgh hospital data breach.
Cyberattacks on US hospitals continue. Becker’s Hospital Review reports that University of Pittsburgh Medical Center (UPMC), located in the US state of Pennsylvania, was the victim of a data breach that impacted more than 36,000 patients. The healthcare provider’s billing and legal services provider, Charles J. Hilton & Associates discovered last year that cybercriminals had illegally accessed their employee email accounts, and they notified UPMC in December that the hospital’s data had been among the data exposed. The compromised patient information included financial data and medical records.
Foxtons breach may be worse than anticipated.
Last October, the CyberWire discussed a recent malware attack on British real estate agency Foxtons. Foxtons disclosed the breach to the Information Commissioner’s Office (ICO), but chose not to inform its clients, as the agency claimed that no customer data had been compromised. However, Infosecurity Magazine reports, a customer has now come forward who says he discovered Foxtons customer data published on a dark web blog run by infamous ransomware group Egregor. The hackers claim that the posted data is only 1% of what they possess, and that the rest is being sold privately. The implication is that customer data was, in fact, stolen from Foxtons in what was evidently a ransomware attack. As Property Industry Eye notes, if Foxtons was previously aware that their clients were impacted, the company could be found negligent, as the General Data Protection Regulation requires that an organization not only report a breach to the ICO, but also that they contact any potentially impacted customers.
Hackers outsmart Mensa geniuses.
As the CyberWire noted earlier this month, Mensa UK experienced a data breach that led to the resignation of two of its board members, one of whom voiced his concerns that Mensa’s cybersecurity practices were insufficient. Now, Computing explains, the hackers have published 35MB of data on the dark web, including more than 700 messages from Mensa’s online member forum. Some of the conversations contain personally identifiable information like phone numbers and email addresses, while others include disparaging remarks about Mensa members. "From my examination of them, some contain strongly-held opinions about other Mensa members that I suspect the senders would not appreciate being made public,” stated cybersecurity analyst Graham Cluley.
Game developers sustain a ransomware attack.
CD PROJEKT RED, the shop that designed Cyberpunk 2077 and The Witcher, disclosed a ransomware attack that the studio says does not appear to have exposed players' personal data.
Chris Clements, VP of Solutions Architecture at Cerberus Sentinel, commented by email on the way in which a high profile in the news (and CD PROJEKT RED achieved one over problems with its widely anticipated Cyberpunk 2077 game) attracts hostile attention in cyberspace:
"High profile organizations like CD Project Red are targets of disproportionate attacks both due to their notoriety and the fact that their presence in the news gives attackers more ammunition to craft compelling phishing lures for social engineering attacks. In this case, it does appear that CD Project Red has handled the situation particularly well by proactively coming forward to announce the breach and to control the news narrative. It’s encouraging that they have reported that no customer data was accessed during the breach, however, if the attackers were able to exfiltrate source code for the popular Cyberpunk 2077 and Witcher games it could lead to more targeted exploit development aimed at a widespread player base. The decision to refuse to pay the attacker’s ransom demand is the right one here. With intact backups, CDPR should be able make a complete recovery, and if game code were stolen, there is no way to verify that the cybercriminals would not try to sell it anyway."
Javvad Malik, Security Awareness Advocate at KnowBe4 observed that it's about the data, and the best ways of monetizing that data:
"We've seen ransomware evolve, not only is it enough for criminals to encrypt data, but they will spend time within the victims' organization, stealing valuable data, working out which data is worth encrypting, and how much they should set the ransom at.
"In many cases, these criminals go undetected in victim organizations for many months at a time.
"So, it's important that organizations have the right controls in place to prevent these attacks from being successful in the first place and have some form of monitoring and threat detection in place to see when they have been breached and to respond quickly.
"The ransom demands are interesting because the criminals know that the organization can likely recover from backups. In this case, the ransomware itself isn't the issue - it's more of a statement to signal that they have breached the organization. The fact that the ransom note was addressed to them shows it was a targeted attack.
"While ransomware itself can cause issues and not everything may be backed up. The real demand for payment is in exchange for the criminals not leaking the information they've stolen. However, the issue with this approach is that even if the victim pays the money, there is no way to guarantee the criminals will actually delete the data."
Selected Reading
Data breaches are increasing people’s exposure to cyber crime (News Powered by Cision) 7 out of 10 parents using online services breached by attackers experience cyber crime, according
Mobile Health Apps Systematically Expose PII and PHI Through APIs, New Findings from Knight Ink and Approov Show (BusinessWire) Mobile Health Apps Systematically Expose PII and PHI Through APIs, New Findings from Knight Ink and Approov Show #Approov #Cybersecurity #APIsecurity
Billions of Passwords Offered for $2 in Cyber-Underground (Threatpost) About 3.27 billion stolen account logins have been posted to the RaidForums English-language cybercrime community in a 'COMB' collection.
SitePoint discloses data breach after stolen info used in attacks (BleepingComputer) The SitePoint web professional community has disclosed a data breach after their user database was sold and eventually leaked for free on a hacker forum.
Barcode Scanner app on Google Play infects 10 million users with one update (Malwarebytes Labs) In a single update, a popular barcode scanner app that had been on Google Play for years turned into malware.
Web Developer Hub SitePoint Discloses Data Breach (SecurityWeek) Web development resources provider SitePoint has notified users of a data breach that resulted in some of their information being stolen.
Data of thousands of Dutch citizens leaked from government Covid-19 systems (ComputerWeekly.com) Weak access controls and outdated systems blamed for leaking of the personal details of thousands of Dutch citizens tested for Covid-19.
Security breach may have exposed 36,000 UPMC patients' info (Becker's Hospital Review) UPMC began notifying patients Feb. 5 that their protected health information may have been exposed through a data breach at the Pittsburgh-based health system's billing and legal services provider last year.
Hackers leak thousands of incidents in Austin surveillance, Statesman reports (KVUE) The list was leaked by a hacker group last summer in the wake of protests against police brutality.
Tokyo Gas discloses data breach impacting anime-style dating simulation game (The Daily Swig) Developed by Japan’s largest gas utility, ‘Furo Koi’ was created to offer bathing advice to users
Medical cannabis company Cann Group loses $3.6 million in cyber attack (SmartCompany) Medicinal cannabis company Cann Group has been hit with a cyber attack, losing $3.6 million in transactions to an unknown third party.
Cyberpunk 2077 maker suffers ransomware attack (Computing) Attackers claim that they accessed source code for Cyberpunk 2077, Gwent, Witcher 3 and an 'unreleased version of Witcher 3'
Hackers behind British Mensa breach publish private messages of forum members on dark web (Computing) Some messages include email addresses and contact numbers of Mensa forum members