At a glance.
- Palermo attack appears to be ransomware, not DDoS.
- US student data found on an unprotected server.
- Illuminate student data breach impacts Los Angeles schools.
- Two US companies disclose recent data breaches.
Palermo attack appears to be ransomware, not DDoS.
Southern Italy municipality Palermo experienced a cyberattack last Friday that resulted in the shutdown of all of the city’s services, public websites, and online portals. As requesting municipal services via digital communications is no longer possible, residents have been forced to pull out their dusty fax machines in order to reach public offices. The attack has impacted everything from tourists’ recreational reservations to fines issued for traffic violations. Though Italy was recently threatened by pro-Russian hacktivist gang the Killnet group, known to target pro-Ukraine governments with DDoS attacks, Bleeping Computer notes that the Palermo attack appears to be the result of ransomware. Paolo Petralia Camassa, Palermo’s councilor for innovation explained that all systems were taken offline and isolated, a typical response to prevent the spread of ransomware.
US student data found on an unprotected server.
The researchers at SafetyDetectives discovered an improperly secured Elasticsearch server containing the personal data of over 30,000 students. The 5GB database, which contained more than one million records, was left connected to the internet without password authorization required for access. The data appears to belong to account holders of Transact Campus, which provides payment software to higher education institutions so students can conduct cashless transactions for tuition and other school fees. As Transact Campus works only with US schools, the majority of impacted students are American. SafetyDetectives reached out to Transact Campus, and after about a month they responded, “Apparently this was set up by a third party for a demo and was never taken down. We did confirm that the dataset was filled with a fake data set and not using any production data.” SafetyDetectives, however, found this to be untrue. “We use publicly available tools to perform random searches for the people exposed and see if they actually exist. We, of course, performed this process when we discovered this server and found out that the data seemed to belong to real people,” SafetyDetectives told SecurityWeek. It is unclear whether malicious threat actors might have accessed the data before it was secured, and an investigation is underway.
Illuminate student data breach impacts Los Angeles schools.
As we noted previously, the data breach of Illuminate, a California-based educational software company, compromised the data of over 820,000 students in the New York City Public School system, the largest school district in the US. K-12 Dive now reports that the cyberattack also impacted Los Angeles Unified School District (LAUSD) – the second largest US – as well as districts in at least six other states including Colorado, Connecticut, California, New York, Oklahoma, and Washington. The LAUSD breach occurred in December and January 2021 and was reported last month, though it’s still unclear exactly how many students were affected or what type of data were exposed. Illuminate’s products are used by 17 million students in 5,200 schools and districts across the country, so the full impact of the breach is still revealing itself. Doug Levin, national director of educational cybersecurity nonprofit K12 Security Information Exchange commented, “Every new incident that we learn about continues to raise tough questions for Illuminate Education about this incident and their security practices.”
Two US companies disclose recent data breaches.
JDSupra reports that US financial institution Texas Gulf Bank (TGB) has confirmed that an unauthorized party gained access to two employee email accounts on two separate occasions in January and February of last year. TGB officially filed notice of the data breach at the end of May and has begun notifying impacted parties. The compromised data includes the names and account numbers of over 12,000 TGB customers, as well as credit or debit card numbers.
Lower LLC, a fintech company based in the US state of Ohio, has confirmed it fell victim to a data breach last year when an intruder infiltrated the company’s computer network and removed files containing sensitive customer data. JDSupra explains that after first detecting an intrusion in December 2021, Lower enlisted the help of third-party forensic specialists who discovered that Lower’s systems had been compromised as early as September. The investigation revealed that customer names, Social Security numbers, dates of birth, driver’s license numbers, and financial account info had been accessed by the unauthorized party. Lower sent notification letters to impacted individuals on May 27.