At a glance.
- Data exposure reported at credit reporting firm.
- Australian DIY outlet sustains a data incident.
- Health insurance data exposure.
- Cyberattack hits a school district.
- Other US state and local agencies suffer ransomware attacks.
US credit reporting firm exposes trucking industry data.
Researchers at Website Planet have disclosed the discovery of an unsecured database of over 800,000 records related to US trucking and transportation companies. References within the database indicate it belongs to TransCredit, a credit reporting agency based in the state of Florida. The data include details about credit accounts, loans, repayment, and debt collections, including banking information, tax ID numbers, and Social Security numbers. Not only were the data not password-protected, but they were stored in plain text. While a leak of this nature can lead to the usual attack suspects like spear phishing or identify fraud, the transportation industry is especially susceptible to scams involving driver’s license suspension or fake repair invoices. TransCredit was informed of the breach and subsequently secured the data.
Trevor Morgan, product manager with data security specialists comforte AG, commented on the implications of unsecured data:
“As 2021 wound down, many of us in the cybersecurity industry made predictions about continued attacks against targets positioned within supply chains. The reasons for this are pretty straightforward: threat actors want to generate havoc, confusion, and pressure placed against the target of attack. Nothing puts pressure on an enterprise quite like a supply chain, with multiple suppliers and vendors pushing products along the line to ready consumers, who definitely feel the pain when the supply chain is disrupted. For any organization within a supply chain, then, the writing is on the wall. A data breach isn’t a matter of if but when.
"These predictions bring context to the report that Jeremiah Fowler and the Website Planet research team discovered an unprotected database filled with hundreds of thousands of records and what seemed to be ample sensitive information related to the trucking and transport industry. An organization called TransCredit, which creates 'trustworthiness' reports for the industry, purportedly was referenced multiple times within the dataset, along with account information, Tax IDs, and even potentially SSNs, which [were] stored in plaintext. Perhaps the lack of password protection was human oversight and error, which is still a major cause of data breaches, but the fact that such sensitive information was not guarded with data-centric security protection—with tokenization or format-preserving encryption applied directly to the data—is a huge risk to any organization, especially within supply chains.
"Enterprises should take away a very clear lesson: perform the proper due diligence with an audit of your defensive posture, and with an eye toward overlooked unprotected sensitive data. Where that data exists, consider tokenizing or encrypting it with format-preserving protection, either of which enables protected data to be handled within the organization without the need for de-protection. The alternative may hit your organization like a Mack truck.”
Australian hardware retailer suffers third-party data breach.
Patrons of Bunnings Warehouse, a popular Australian household hardware chain, have been potentially exposed in a third-party data breach, news.com.au reports. FlexBooker, a scheduling platform that supports Bunnings’ “drive and collect” shopping pick-up service, experienced a data breach in December that exposed the data of 3.7 million users. A customer notification message from Bunnings states, “We wanted to let you know that we have recently been made aware of a data security breach experienced by our third-party booking provider FlexBooker.” Fortunately, Bunnings noted, the drive and collect system did not store credit card information, passwords, or phone numbers.
Health insurance data exposed in cyberattack targeting MRIoA.
The Medical Review Institute of America (MRIoA), which provides clinical and utilization reviews for the medical community, has suffered a cyberattack that potentially exposed the personal data of 134,571 individuals. Infosecurity Magazine explains that the attack, which was detected in November, occurred when an intruder exploited a vulnerability in a SonicWall product in order to gain unauthorized access to the MRIoA. SonicWall says the vulnerability has since been patched. The exposed data include full name, gender, street address, phone number, email address, date of birth, and Social Security number, as well as clinical information like medical diagnosis, dates of service, lab test results, and prescription information. Health insurance data might have also been compromised.
MRIoA says it has “retrieved and subsequently confirmed the deletion” of the exfiltrated data. MRIoA clients who might have been impacted include insurance companies Horizon Blue Cross Blue Shield of New Jersey, five different branches of Blue Cross and Blue Shield, and the University of Arkansas Medical Benefit Plan. To prevent future incidents, MRIoA said it is improving its cybersecurity posture by increasing system monitoring, utilizing advanced threat hunting and detection software, implementing extra authentication, and installing new servers.
California school district discloses email account hack.
The Visalia Unified School District (VUSD), the largest district in the state of California’s Tulare County, experienced a breach that exposed the personal data of three thousand employees and 32,000 students. The Sun-Gazette Newspaper reports, VUSD first detected that a number of district-issued email accounts had been hacked in June 2021, but it’s likely the intruder had access from the beginning of the year. The subsequent investigation found that for most accounts, the account holder’s name and medical information was exposed, but for just ten not-so-lucky accounts, driver’s license numbers, financial account numbers, and health insurance info were also compromised. District public information officer Kim Batty said the district could not disclose how many accounts were impacted or if the attack involved ransomware.
Other state and local governments sustain ransomware attacks.
The State of Maryland has confirmed that a cyber incident that began on December 4th was indeed a ransomware attack against the state’s Department of Health. The Department’s IT staff noticed anomalous behavior in a server and reported it to responsible state authorities, who worked to contain and remediate the incident. The state is satisfied that the damage has been contained, but that it’s exercising caution in restoring services.
Bernalillo County, New Mexico, has been working to recover from last week’s ransomware attack, with many services still disrupted. The Verge reports that, among the affected institutions was the Metropolitan Detention Center, the Albuquerque jail, which has effectively been forced into a lockdown.
And KRQE reports that a cyberattack’s effects have spread to the Albuquerque public schools, which have had to close today. Details on this particular attack are still sparse, and, while officials hope to be able to reopen tomorrow, they’re still working to fix systems they regard as essential to both instruction and student safety.
Egress VP of Threat Intelligence, Jack Chapman, commented on the particular exposure to ransomware local and regional governments suffer:
“State and local governments are facing a tidal wave of ransomware. Just last week we saw threat actors target Bernallilo County, New Mexico, and now Maryland’s Department of Health has confirmed that it was targeted by ransomware last month.
"State government and healthcare organizations remain two of the most attractive targets for ransomware gangs and their affiliates - and to their eyes, the Department of Health is the best of both worlds! Hackers perceive these organizations to be more likely to pay a ransom to restore critical services for their citizens. Threat actors also know that during a pandemic, where resources are already under immense pressure, targeting healthcare organizations can maximize the chances of a ransom being paid.
"While it’s unclear what data the attackers have access to, we would advise the Department of Health and citizens to remain vigilant for follow-up attacks, including phishing, which could inflict further damage long after the initial attack is resolved.”