At a glance.
- Update on the University of Minnesota breach.
- Pareto Phone data dumped by LockBit.
- English council suffers ransomware attack.
- FTX discloses breach.
Update on the University of Minnesota breach.
As we saw earlier this week, a hacker claims to have accessed a database belonging to US college the University of Minnesota containing approximately seven million Social Security numbers. Security Week reports that the school has confirmed the data breach, explaining it launched an investigation after learning of the hacker’s claims on July 21. “The preliminary assessment is that the data at issue is from 2021 and earlier,” the university stated. Indeed, the hacker claims the database contains data from as far back as 1989, which explains the high number of Social Security numbers included. The school spokesperson went on to say, “Our investigation is continuing, but our security professionals have not detected any system malware (including ‘ransomware’), encrypted files, or fraudulent emails related to the incident. There have been no known disruptions to current University operations as a result of this data security incident.”
While the university did not specify how the breach occurred or what type of data were exposed, they said they would notify impacted individuals if it’s discovered that personal data were exposed. “To the extent any sensitive personal data was accessed, the University will notify affected individuals and provide resources to help protect against misuse of their information, as required by federal and state law, University policies, and in accordance with our obligations to the University community,” the university stated.
Pareto Phone data dumped by LockBit.
We noted earlier this week that Australian telemarketing firm Pareto Phone suffered a data breach that exposed the data of thousands of donors to Australian charities. Cybersecurity Connect reports that the LockBit threat group has dumped 150 gigabytes of data allegedly stolen in the attack, In addition to the donor info, the exposed data include Excel and Word documents, images, internal company data, and info on the charities Pareto serves. Perhaps most alarmingly, the exposed data also includes criminal checks that the company ran on prospective employees, highly sensitive data gathered by the Australian Criminal Intelligence Commission that some experts would say the company shouldn't have retained at all. Employee data was also exposed in human resources files containing info on staff counseling and other sensitive matters. As for the charity info, the database includes payroll reports, leave details, and tax details for organizations like Black Dog Institute, Life Flight New Zealand, Paralympics Australia, Legacy, and Medecins sans Frontieres.
iTnews notes that Amnesty International Australia (AIA) is the largest charity exposed, but that could change as the list of impacted organizations continues to grow. AIA says it was first made aware of the incident in April and initially suspended its business with Pareto but resumed it once the company assured them no donor data had been exposed. “At that time, Pareto Phone assured Amnesty and its other charity partners that there was no evidence to suggest that donor data had been downloaded or taken,” AIA said. It was only after Pareto Phone conducted further investigation that it became clear that some donor information might have been exposed, and AIA responded by once again suspending its work with the firm.
The exposed files date back to 2007, which raises questions about Pareto’s data retention policies and has experts scrutinizing Australia’s current privacy policies. Sarah Sloan, head of government affairs and public policy ANZ at Palo Alto, stated, “The leak of the personal information of Australian donors is an unfortunate outcome for everyday Australians and the charities supporting those most in need, demonstrating how low cyber criminals are willing to stoop in search of a payday. On the back of high-profile cyber attacks such as these, it is important we review and assess the effectiveness of our national cyber security policies, legislation, and cyber advisories.” She went on to say that the government’s ongoing review of the Privacy Act could set higher expectations for what’s expected from companies that handle personal data.
English council suffers ransomware attack.
St Helens Borough Council, located in northwest England, has disclosed it was targeted by what appears to be a ransomware attack. The council’s website says it is “currently investigating a potential cyber incident” and “working with specialist cyber security teams to maintain access to online services.” A spokesperson told the Record that the incident was first detected on Monday and that internal systems are affected “due to the actions we have put in place to prevent any further impact, and whilst a full investigation is undertaken.” The council oversees an area that includes about 180,000 residents, but it’s unclear if any resident data were stolen. Nonetheless, the council is warning residents to “be vigilant with any emails received from St Helens Borough Council” and says it’s working with specialists to resolve the incident. It’s worth noting that this incident is the latest in a wave of ransomware attacks targeting English councils. Redcar and Cleveland Council, Hackney Council, and Gloucester City Council also suffered attacks in recent weeks that led to disrupted services and communications.
FTX discloses breach.
Bankrupt crypto exchange FTX has disclosed the exposure of what Coin Telegraph describes as "limited, non-sensitive customer data of specific claimants" at its bankruptcy case claims agent, Kroll. FTX is quoted as saying that “The incident occurred at Kroll, and Kroll is notifying affected individuals directly with measures that customers can take to protect themselves. FTX account passwords were not maintained by Kroll, and FTX’s own systems were not affected.”
Roger Grimes, data-driven defense evangelist at KnowBe4, thinks the parties involved are behaving with exemplary responsibility. "I applaud both FTX and Kroll in how they are responding to this breach. Kroll is one of the worldwide leaders in data investigations so I'm confident they can figure out how it happened, notify customers of what was accessed, and offer proactive protection of those who suffered confidential data breaches," he said. “It is a little surprising to see the breached information supposedly being used to phish victims already. That's either very quick work or the breach happened a while ago. Either way, if confirmed, it shows the importance of trying to prevent data breaches."