At a glance.
- Kiwi law firm client data exposed to fraud.
- Rhode Island state workers impacted in third-party MOVEit data breach.
- Trends in higher ed cyberattacks.
Kiwi law firm client data exposed to fraud.
Mahony Horner Lawyers, a law firm located in Wellington, New Zealand, suffered a recent cyberattack and is warning clients their leaked data could be used for fraud. In an email update sent earlier this week, the firm stated, it’s still working to determine exactly what data were copied by the intruders. “It is taking some time for us to analyse the information and identify high-risk data so we can make personal contact on an individual basis,” the email reads. “If you have given us a copy of your driver’s licence or passport within the last three years then unfortunately it is likely the copy we held has been included in the data taken by the unauthorised third party.” One impacted client told the NZ Herald that confidential info about legal matters have been exposed, and he’s “pissed off” the firm didn’t encrypt this sensitive data. “I’m pretty upset. I got the list through of what these people had taken. It’s your entire narratives and files with your account,” he stated. The firm has confirmed that driver’s licenses and passports are among the exposed data and has offered to cover license replacement costs. The firm’s principal, Elspeth Horner, says clients should contact the Department of Internal Affairs to have an alert placed on their passport.
Rhode Island state workers impacted in third-party MOVEit data breach.
Officials in the US state of Rhode Island have confirmed that the mass-hack of the popular MOVEit file transfer application led to the exposure of the personal data of nearly 14,000 state workers and retirees, Providence Business News reports. PBI Research Services announced last month the company had been impacted by the attack on MOVEit, which PBI used to securely transfer encrypted files. PBI is a contractor for Teachers Insurance and Annuity Association of America (TIAA), which provides financial services for Rhode Island’s (and many other states’) defined contribution retirement plans. While TIAA servers were not directly compromised, data shared with PBI is at risk, and state officials found that the data of beneficiaries enrolled in the state’s 401(a) Defined Contribution Retirement Plan, 457(b) Deferred Compensation Plan, and the FICA Alternative Retirement Income Security Program were exposed by the breach. Michelle Moreno-Silva, a spokesperson for Rhode Island General Treasurer James Diossa, stated Tuesday, “From the moment our office was notified about the data breach, we have been in constant communication with TIAA and are closely monitoring the situation of the security breach. Treasurer Diossa is prioritizing protecting all pensioners, and that includes their private information.”
Trends in higher ed cyberattacks.
Higher education institutions are attractive targets for hackers because they must collect a large volume of personal data and often lack the cybersecurity resources to protect it. Cyber threats have only increased after the pandemic, which forced many schools to increase their reliance on digitization, and although some institutions have implemented advanced protections, hackers are finding ways to circumvent them. A recent report from the cybersecurity company SonicWall indicates that over the past few years cybercriminals have adapted to new security measures, and not only are ransomware attacks on the rise, but more traditional malware attacks also increased between 2021 and 2022. Phishing operations targeting colleges and universities have also become more sophisticated in an effort to entrap an increased number of unwitting victims. These attacks also come with increased costs, both to the schools and the students who are impacted, and recent reports show data breaches cost each student an average of $250. Suraj Mohandas, Vice President of Strategy and mobile device management software company Jamf, told GovTech, “As more staff and students utilize IT tools, the target radius has increased over the years … One key vulnerability is the weakness of university systems, as outdated technology makes it easy for hackers to break through. Increased sophistication is also evident in SQL (structured query language) attacks through a higher education or school website, providing an entry point through online forms used to support users, but exploited by hackers.” But what can be done? Leslie DeCato, interim senior director of information security at California State University’s Chancellor’s Office, says regular vulnerability testing, updated cybersecurity plans, and implementing multifactor authentication are all essential steps. “Developing an incident response plan, fostering collaboration and providing continuous cybersecurity education are also crucial,” DeCato adds. “Prioritizing these measures helps protect sensitive data, intellectual property and the institution’s reputation.”