We're always looking for ways to improve the CyberWire network to give you an intelligence-driven news experience that saves you time and keeps you in the know on the latest developments in cybersecurity. Help us continue to grow and meet your needs by sharing your feedback in our 2023 Audience Survey. Give us ten minutes of your time, and you'll have a chance to win a $100 Amazon gift card. (And also our sincere gratitude). Take the survey here.
US-based private research school Mercer University has disclosed it suffered an April cyberattack, and the Akira ransomware group has taken responsibility. Cybernews reports that the hackers accessed the personal data of over 93,000 people, and the compromised data includes Social Security numbers and other identifying information. “On April 30th, 2023, we discovered that some of these files may have included at least one record that contained your name, in combination with your Social Security number and/or driver’s license number,” the university stated in its notification letter to victims. Akira added Mercer to its list of attacks on its leak site on the dark web and stated that Mercer refused to meet the gang’s ransom demands.
JDSupra reports that Fresh Del Monte Produce, a leading international purveyor of fruits and vegetables based out of the US state of Florida, suffered a data breach in January. The company first detected an intrusion had upset the apple cart on January 13, and immediately took its systems offline in order to limit the attackers’ access. The subsequent investigation was completed in April and revealed that the bad apples had accessed certain files containing confidential employee and consumer data including names, Social Security numbers, driver’s license numbers, passport numbers, financial account information, and protected health information. Del Monte sent notification letters to victims on May 16, but it remains to be seen whether worries about misuse of the exposed data will bear fruit.
The ripple effects of the vulnerability discovered in Fortra’s GoAnywhere managed file transfer service are still being discovered. The Canadian division of Franklin Templeton, a financial services company based out of the US state of California, has disclosed it was impacted by a third-party breach at InvestorCom that was a result of the GoAnywhere bug. As JDSupra explains, InvestorCom provides Franklin Templeton with document delivery services and learned its systems had been breached on March 22. After InvestorCom notified the company of the incident, Franklin Templeton conducted an investigation in which it confirmed that none of its own systems had been infiltrated, but that some data it had shared with InvestorCom had been exposed. The compromised data include customer names, street addresses, and account numbers. Victims were notified of the breach on May 23.
On Monday we'll be observing Memorial Day, and so won't be publishing on this US Federal holiday. We'll be back as usual on Tuesday. In the meantime, join us in remembering those who've sacrificed their lives in the service of their country.
Barracuda Warns of Zero-Day Exploited to Breach Email Security Gateway Appliances (The Hacker News) Alert: Hackers are exploiting a new zero-day vulnerability to breach Barracuda's Email Security Gateway appliances.
12 vulnerabilities newly associated with ransomware (Help Net Security) In Q1 2023, 12 new ransomware-associated vulnerabilities were trending on the internet leaving products vulnerable to ransomware attacks.
Mercer University breach exposed nearly 100k people (Cybernews) Mercer University, a US-based private research school, was hit by the Akira ransomware gang, with criminals accessing the personal data of over 93,000 people.
Fresh Del Monte Produce Notifies Employees of Recent Data Breach (JD Supra) On May 16, 2023, Fresh Del Monte Produce, Inc. filed a notice of data breach with the Attorney General of Massachusetts after learning that...
Franklin Templeton Investments Announces Data Breach Following Cyberattack at Third-Party Vendor (JD Supra) On May 23, 2023, Franklin Templeton Investments Corporation (“Franklin Templeton Canada”) filed a notice of data breach with the Attorney General of...
UK data protection regulator receiving ‘large number of reports’ about Capita (Record) Under British data protection laws, the outsourcing company could face a fine of up to 4% of its global turnover if it is found to have failed to have met its data protection duties by the Information Commissioner’s Office (ICO).
