At a glance.
- Akira ransomware group hits US college.
- Hackers steal Del Monte's low-hanging fruit.
- Franklin Templeton reports third-party breach.
Akira ransomware group hits US college.
US-based private research school Mercer University has disclosed it suffered an April cyberattack, and the Akira ransomware group has taken responsibility. Cybernews reports that the hackers accessed the personal data of over 93,000 people, and the compromised data includes Social Security numbers and other identifying information. “On April 30th, 2023, we discovered that some of these files may have included at least one record that contained your name, in combination with your Social Security number and/or driver’s license number,” the university stated in its notification letter to victims. Akira added Mercer to its list of attacks on its leak site on the dark web and stated that Mercer refused to meet the gang’s ransom demands.
Hackers steal Del Monte’s low-hanging fruit.
JDSupra reports that Fresh Del Monte Produce, a leading international purveyor of fruits and vegetables based out of the US state of Florida, suffered a data breach in January. The company first detected an intrusion had upset the apple cart on January 13, and immediately took its systems offline in order to limit the attackers’ access. The subsequent investigation was completed in April and revealed that the bad apples had accessed certain files containing confidential employee and consumer data including names, Social Security numbers, driver’s license numbers, passport numbers, financial account information, and protected health information. Del Monte sent notification letters to victims on May 16, but it remains to be seen whether worries about misuse of the exposed data will bear fruit.
Franklin Templeton reports third-party breach.
The ripple effects of the vulnerability discovered in Fortra’s GoAnywhere managed file transfer service are still being discovered. The Canadian division of Franklin Templeton, a financial services company based out of the US state of California, has disclosed it was impacted by a third-party breach at InvestorCom that was a result of the GoAnywhere bug. As JDSupra explains, InvestorCom provides Franklin Templeton with document delivery services and learned its systems had been breached on March 22. After InvestorCom notified the company of the incident, Franklin Templeton conducted an investigation in which it confirmed that none of its own systems had been infiltrated, but that some data it had shared with InvestorCom had been exposed. The compromised data include customer names, street addresses, and account numbers. Victims were notified of the breach on May 23.