At a glance.
- Burton Snowboards suffers gnarly cyber-wipeout.
- California school district updates its breach notification.
- Casepoint investigating BlackCat's breach claims.
Burton Snowboards suffers gnarly cyber-wipeout.
Popular US snowboard maker Burton Snowboards has disclosed it suffered a data breach in February in which some customer data was potentially accessed or stolen. The breach led to a system outage that forced Burton to cancel its online ordering process, recommending customers resort to visiting a Burton store in-person or use its online rental program. In its customer notification letter, Burton stated that a subsequent investigation revealed that an unknown actor had accessed or exfiltrated a number of files that may have included customer names, Social Security numbers, and financial account info. As Bleeping Computer notes, this would seem to contradict Burton's privacy policy, which states that "at no point during the order process or post order process are credit card details or bank account numbers saved or held by Burton.com." The passwords of impacted customer accounts have been reset, and Burton says it has notified the relevant state and federal regulators, as well as law enforcement.
Erich Kron, security awareness advocate at KnowBe4, noted the disruption to sales the ransomware attack caused. “Clearly ransomware is not just a threat to organizations in the technical industry. In this case, the disruption not only caused them to stop online sales but also exposed some significant and sensitive information from customers, including financial information and Social Security numbers. While many organizations focus on financial information that may be lost, compared to something like a credit card number, the exposure of Social Security numbers along with names and addresses is a recipe for identity theft and poses a much more significant problem. The victims may be offered complimentary access to identity theft and resolution services, however this is only for a limited time and the information that has been exposed will be at risk for that person for the foreseeable future.
“Because ransomware targets organizations across all industries regardless of their size, and because most ransomware attacks start with simple phishing emails, organizations should consider their security controls meant to protect against social engineering. In addition to email filters, organizations should look closely at how they are educating employees about how to identify and report potential phishing attacks. Coupling high-quality training and education with simulated social engineering attacks is a very cost-effective and proven way to help protect against ransomware and other cyberattacks that organizations regularly face.”
California school district updates its breach notification.
As we previously noted, the San Diego Unified School District (SDUSD), located in the US state of California, suffered a data breach last October, and officials are now saying the incident was larger in scope than originally estimated. As the San Diego Union-Tribune recounts, last month the district sent out notification letters to families informing them that the breach had exposed student medical data. On Friday, the district’s executive director of risk services Dennis Monahan announced that a subsequent investigation concluded in April revealed that current and former employees’ sensitive personal data, including Social Security numbers, direct deposit account information, medical information, were also compromised. “SDUSD takes this incident very seriously and sincerely regrets any concern this may cause,” Monahan stated, adding that the district had implemented additional security protections to prevent future breaches.
Casepoint investigating BlackCat’s breach claims.
Infamous ransomware group BlackCat/AlphV is claiming to have hacked Casepoint, a legal document platform used by several arms of the US government. Casepoint provides services to the Securities and Exchange Commission (SEC), the Department of Defense (DoD), the Department of Veterans Affairs, the Department of Agriculture, and even private sector heavyweights like Marriott. Last week BlackCat added Casepoint to its list of victims on its leak site, stating they’d stolen 2TB of data and posting several sensitive documents allegedly tied to the Federal Bureau of Investigation. Casepoint’s vice president of marketing James Lasson initially told the Record there was no evidence a breach had occurred. “We have not heard anything from the cyber group for a ransom,” Lasson stated. "We have not seen any unusual activity on our networks that would suggest out of the ordinary data movement off our systems. We are working with the FBI to determine the appropriate next steps.” He added that the “SEC, DOD and other government clients are on a different network than our commercial clients.”
However, there must be some cause for concern because on Tuesday a company spokesperson said Casepoint had activated its incident response protocols and hired a forensic firm to investigate. “We are early on in our investigation and are committed to keeping our clients informed as we learn more,” the spokesperson said. It’s unclear whether the documents posted by BlackCat have been verified for authenticity.