At a glance.
- Data breach at Pôle emploi.
- US school districts continue to suffer cyberattacks.
- Rhysida ransomware group offers stolen medical data for sale.
- Third-party data leak compromises data of London Metropolitan Police Force.
Data breach at Pôle emploi.
France's government unemployment registration and financial aid agency Pôle emploi has disclosed a data breach that compromised the data of 10 million people. According to a press release, job seekers who registered in February 2022 and former users of the agency’s job center are among the impacted individuals. The estimate of 10 million victims comes from French news outlet Le Parisien; Pôle emploi has not released any numbers. The compromised data include full names and social security numbers, but fortunately email addresses, phone numbers, passwords, and banking info were not impacted. Bleeping Computer notes that security firm Emsisoft has added Pôle emploi on its MOVEit page, indicating that the source of the breach was likely the mass-hack of the popular file transfer app. However, the Cl0p ransomware gang, the hackers behind the MOVEit attacks, has yet to list Pôle emploi on their victim site. Cl0p recently said it would not expose data stolen from government agencies, so it’s possible this is the reason for the omission.
US school districts continue to suffer cyberattacks.
On the heels of the White House’s first cybersecurity summit on ransomware attacks targeting US schools, two US school districts disclosed cyberattacks last week. On Friday Tucson Unified School District (TUSD), located in the state of Arizona, said the info of approximately 29,000 people may have been compromised in a breach discovered last January. Dr. Gabriel Trujillo, TUSD Superintendent, stated, “Obviously, our primary focus now is to ensure that everyone who could be impacted by this incident is supported as much as possible through resources and information contained in the notices being mailed to them.”
The Tucson Sentinel reports that over a million digital files and documents were potentially accessed during the breach, and the victims were largely TUSD employees and their dependents. On Saturday, Prince George's County Public Schools (PGCPS), located in the state of Maryland, also announced they’d suffered a ransomware attack. Superintendent Millard House II stated, "While we now know that this may include identification details, we do not yet know the full extent of information relating to you, or to others, that may be affected." WJLA explains that the attack was just detected on Monday, and it’s estimated that 4,500 user accounts, the majority of which were staff accounts, were compromised.
Cybercriminals have increasingly targeted schools and universities, ripe targets with their high ratio of personal data to cybersecurity resources. “They're a treasure trove of personal identifiable information as well as data," CEO of Keeper Security Darren Guccione told WJAR. Guccione offered several tips for families to protect their data, including being wary of suspicious emails or text messages parents or children receive. “Don't click on links at all,” Guccione said. “There's really no reason to do it.” He also recommends engaging school districts about their data protection policies. “They themselves have to be vigilant,” Guccione said. “That starts with the mindset, and then architecting and executing a cyber security plan.”
Rhysida ransomware group offers stolen medical data for sale.
US healthcare company Prospect Medical Holdings experienced a ransomware attack earlier this month that is still impacting operations, and Cybersecurity Dive reports that the Rhysida ransomware group claimed responsibility. In a post on the dark web, Rhysida claims to have stolen 500,000 Social Security numbers, passport data of clients and employees, patient medical files, and financial and legal documents, and has posted the data for sale for 50 bitcoin (nearly $1.3 million). A Prospect spokesperson stated that an investigation is underway but did not share many details. “If the investigation determines that any protected health or personal information is involved, we will provide the appropriate notifications in accordance with applicable laws,” they explained. Ransomware-as-a-service group Rhysida first appeared in mid-May and is lacking the advanced techniques used by more established threat actors, but it has nonetheless already targeted organizations in several sectors including education, government, and manufacturing.
Third-party data leak compromises data of London Metropolitan Police Force.
The London Metropolitan Police Force, the largest police force in the UK, has confirmed that the breach of a third-party supplier over the weekend has exposed the sensitive data of all 47,000 police force employees. The vendor maintained a database containing employee names, photographs, ranks, identification numbers, vetting levels, and payroll details, and Hackread reports that even data belonging to high-ranking officials and officers involved in top-secret operations have been exposed. Media outlets have indicated that the supplier produced staff passes and warrant cards, but the company’s identity has not been revealed. The Sun adds that, coincidentally, the warrant cards in question had recently been replaced in an effort to improve security that cost the force over £467,000. A source explains, “The cards were supposed to make all buildings and sites impregnable…Questions must be asked why such a sensitive task was given to an external firm with clearly vulnerable IT systems.” Alloa and Hillfoots Advertiser explains that while experts find the breach worrying, it’s not surprising, given that hackers often prey on third-party vendors. Jake Moore, global cyber security adviser for software firm ESET, stated, “The Met Police are extremely good at keeping their own data secure, but they do use third parties. As they have to use these parties, if they aren’t up to date with their own security then that becomes a weakness that could be targeted.”
Kevin Curran, cybersecurity professor at Ulster University, said questions should be asked about whether the Metropolitan Police Force has employed adequate data classification methods, and whether a lack of cybersecurity resources could be to blame. “It’s a publicly-funded organisation so there’s only a finite amount of resources you have,” Curran stated, “but we do have best practices and guidelines in the industry on how to protect the systems, so maybe it comes down to someone conducting an external audit in the aftermath to see whether or not they are following these practices.” Teiss notes that this is the second recent police data breach in recent weeks, as in July the Police Service of Northern Ireland inadvertently disclosed the private data of 10,000 officers.