At a glance.
- Update: CNA breach linked to ransomware attack.
- FatFace pays Conti.
- More healthcare data breaches.
- Dogs and cats have identities, too.
CNA’s breach linked to ransomware attack.
As the CyberWire noted last week, CNA Financial disclosed that it had experienced a cyberattack that forced the US insurance giant to disconnect its systems from its network. At the time, CNA did not disclose what type of attack it had suffered, but Graham Cluely explains that the ransomware has been identified as Phoenix CryptoLocker, possibly deployed by threat group Evil Corp. The hackers encrypted data on more than 15,000 of CNA’s corporate network devices, as well as machines connected remotely through the VPN. Ironically, one of the services CNA sells is cyberinsurance, lending credence to the assertion that threat actors will infiltrate cyberinsurance providers in order to gain access to their customer list.
FatFace negotiates ransom with attackers.
We explained last week that British clothing retailer FatFace had sent out a data breach disclosure with the unusual request that customers keep the incident "strictly private and confidential." Bleeping Computer now confirms that the breach was the result of a ransomware attack stemming from a successful phishing attempt, and that Fat Face engaged in ransom negotiations with the Conti threat group. Conti initially demanded $8.5 million, their spokesperson stating they had evidence that Fat Face’s cyberinsurance would cover that amount. According to BankInfo Security, FatFace argued that its revenue was down 75% due to the COVID-19 pandemic in an attempt to lower the hackers’ demands. In the end, Fat Face paid $2 million in exchange for a decryption key and Conti’s promise it would not publish the 200GB of exfiltrated data. True to their word, Conti has not yet posted any of the data on its leak site, and even offered Fat Face advice on protecting their systems in the future.
Healthcare data breaches continue.
In the ongoing wave of attacks on healthcare institutions, two more recent breaches have been disclosed. The News-Press reports that 85,688 patient and employee records belonging to Florida mental health services provider SalusCare were potentially compromised. Earlier this month the organization suffered a malware attack, likely the result of a phishing scam, that allowed the Ukraine-based attackers to download the company’s entire database to an Amazon cloud-based storage account. According to SalusCare, the files included “extremely personal and sensitive records of patients’ psychiatric and addiction counseling and treatment.” Amazon has since closed down the account, but it’s unclear how many of the files were accessed before it was locked down. A U.S. District Court judge has granted SalusCare access to Amazon’s log files to aid in the investigation.
An email data breach at Cancer Treatment Centers of America (CTCA) at Midwestern Regional Medical Center exposed the data of 104,808 patients, Becker’s Health IT reports. The email account contained patient names, medical data, and health insurance information. CTCA stated that they are beefing up their security measures to prevent future breaches, and advised impacted patients to monitor their benefit statements for any unusual activity.
Fido’s data potentially slips through Petlog’s doggy door.
The recent actions of Petlog, the UK’s largest database for microchipped pets, have customers concerned the pet tracking service might have experienced a data breach. The BBC reports that Petlog directed all users to create new accounts, but has not yet disclosed why. Meanwhile, several users have stated that when they attempted to log into their accounts, they were given access to a different pet owner’s information. One pet owner told the BBC, "Probably thousands of pets with microchips inserted are no longer registered, leaving owners unable to be reunited with stolen or lost pets and are completely unaware of this." In an official statement, Petlog insisted that the issues were all bark and no bite: “We reassure all customers that their pets are safely on our microchip database.” They claimed that any problems users were encountering were the result of a verification process connected to recent updates, and that the mixup would not disrupt their reunification services if a pet were to go missing. However, Newcastle University professor Lilian Edwards believes the incident could be a violation of the General Data Protection Regulation (GDPR): "It sounds like a massive database issue and [it] obviously contained personal data, so it is a breach and they should have notified the Information Commissioner's Office [ICO] within three days." The ICO has not yet received a report, and Petlog insists that no GDPR violation has occurred.
(There's a good doggy.)