GlobalSign Blog

Cybersecurity News Round-Up: Week of August 16, 2021

Cybersecurity News Round-Up: Week of August 16, 2021

Welcome back to GlobalSign’s weekly news round-up.

The big hack of the week took place at T-Mobile, where cyber criminals stole the personal information of more than 40 million current and prospective customers. The personal data includes social security numbers, PINs, phone numbers, passwords and even financial information. According to the Wall Street Journal, “In online forums and private communications hackers are selling different sets of data linked to the breach, asking between $80,000 and 6 bitcoin ($270,000 at Wednesday’s exchange rates) for access to the information, said Gene Yoo, chief executive of Resecurity Inc., a cybersecurity company.” This is the company’s sixth major data breach since 2018.

Healthcare hacks are also back in the news (sigh…) A story in Ars Technica discusses how dozens of hospitals and clinics in West Virginia and Ohio have been forced to cancel surgeries and divert ambulances following a ransomware attack that has knocked out staff access to IT systems across virtually all of their operations. The facilities are owned by Memorial Health System, which on Sunday began experiencing a ransomware attack that hampered the three hospitals’ ability to operate normally. Some ransomware groups have pledged to spare hospitals, schools, and critical infrastructure from attacks, but as the recent string of attacks shows, critical health providers continue to get infected, either because of human error or because ransomware groups still consider them targets.

Another important story comes out of Brazil, where the government released a note stating the National Treasury was impacted by a ransomware attack last Friday, August 13th.  According to a statement from the Ministry of Economy, initial measures to contain the impact of the cyberattack were immediately taken. The first assessments so far have found there was no damage to the structuring systems of the National Treasury, such as the platforms relating to public debt administration. Another statement, released on Monday, noted that the attack did not affect "in any way" the operations of Tesouro Direto - a program that enables the purchase of Brazilian government bonds by individuals.

Also this week, a bug on Ford Motor Company's website allowed hackers to access sensitive systems and to obtain proprietary data, such as customer databases, employee records, internal tickets, etc. According to BleepingComputer, different payloads provided as URL arguments could enable attackers to run queries, retrieve database tables, OAuth access tokens, and perform administrative actions.

Finally, the Research Foundation for the State University of New York (SUNY) announced this week that it detected unauthorized access to its networks on July 14th. A total of more than 46,700 individuals are said to be impacted by the data breach, although it’s not stated whether these people are employees, donors, or others who might be linked to the organizations.

Those are some of this week’s top stories. Please stop by again next week for our latest in the world of cybersecurity news!

Top Global Security News

Axios (August 18, 2021) T-Mobile says hackers stole information on over 40 million people

"Personal data, including social security numbers, of more than 40 million former and prospective customers who applied for T-Mobile credit were exposed in a data breach, the company said Tuesday.

The big picture: About 7.8 million current T-Mobile postpaid customers were also affected. Some of the data accessed included names, date of birth, SSN, and driver’s license/ID information.

'Importantly, no phone numbers, account numbers, PINs, passwords, or financial information were compromised in any of these files of customers or prospective customers,' the company said. The breach, however, did expose, the names, phone numbers and account PINs of approximately 850,000 active T-Mobile prepaid customers, the company confirmed. Those PINs have been reset, T-Mobile said. 'The company didn’t disclose the extent to which the various victim groups overlapped,' the Wall Street Journal noted."

READ MORE

ZDNet (August 17, 2021) Brazilian National Treasury hit with ransomware attack

"The Brazilian government has released a note stating the National Treasury has been hit with a ransomware attack on Friday (13).

According to a statement from the Ministry of Economy, initial measures to contain the impact of the cyberattack were immediately taken. The first assessments so far have found there was no damage to the structuring systems of the National Treasury, such as the platforms relating to public debt administration.

The effects of the ransomware attack are being analyzed by security specialists from the National Treasury and the Digital Government Secretariat (DGS). The Federal Police has also been notified. The Ministry noted new information on the incident 'will be disclosed in a timely manner and with due transparency'.

A further statement released jointly with the Brazilian Stock Exchange today (16) noted that the attack did not affect "in any way" the operations of Tesouro Direto - a program that enables the purchase of Brazilian government bonds by individuals."

READ MORE

Ars Technica (August 16, 2021) Hospitals hamstrung by ransomware are turning away patients

"Dozens of hospitals and clinics in West Virginia and Ohio are canceling surgeries and diverting ambulances following a ransomware attack that has knocked out staff access to IT systems across virtually all of their operations.

The facilities are owned by Memorial Health System, which represents 64 clinics, including hospitals Marietta Memorial, Selby General, and Sistersville General in the Marietta-Parkersburg metropolitan area in West Virginia and Ohio. Early on Sunday, the chain experienced a ransomware attack that hampered the three hospitals’ ability to operate normally.

Beginning at midnight on Sunday, the three hospitals started diverting emergency patients to Camden Clark Medical Center. The facility is an hour's drive from Sistersville General, which has 25 beds. Camden Clark is about a 25-minute drive from the other two Memorial Health System hospitals hit by the breach. Another affected facility providing critical care includes a freestanding emergency room at Belpre Medical Campus in Belpre, Ohio."

READ MORE

Portswigger (August 16, 2021) Data breach at New York university potentially affects 47,000 citizens

"A data breach at a New York university has potentially exposed the personal information of nearly 47,000 individuals.

The Research Foundation for the State University of New York (SUNY) announced it detected unauthorized access to its networks earlier this year.

The incident was discovered on July 14, and reportedly involved Social Security numbers.
A total of more than 46,700 individuals are said to be impacted by the data breach, although it’s not stated whether these people are employees, donors, or others who might be linked to the organizations."

READ MORE

Bleeping Computer (August 15, 2021) Ford bug exposed customer and employee records from internal systems

"A bug on Ford Motor Company's website allowed for accessing sensitive systems and obtaining proprietary data, such as customer databases, employee records, internal tickets, etc.

The data exposure stemmed from a misconfigured instance of Pega Infinity customer engagement system running on Ford's servers.

As seen by BleepingComputer, different payloads provided as URL arguments could enable attackers to run queries, retrieve database tables, OAuth access tokens, and perform administrative actions."

READ MORE

Other Industry News

Critical Vulnerability Affects Millions of IoT Devices - Dark Reading

Researchers nab wannabe ransomware scammer trying to convince victims to help hack their employer – Cyberscoop 

More than 600K patients affected in UNM Health hack - Healthcare IT News

CISA Says BlackBerry Vulnerability to Impact Medical Device Security - HealthITSecurity

Phishing Costs Surge to $15m Annually for US Organizations - Infosecurity Magazine

Vulnerability potentially exposes the sensitive data of all users of Wodify fitness platform - SC Media

Colonial Pipeline says ransomware attack also led to personal information being stolen – CNN

Ransomware recovery can be costly, and not just because of the ransom - TechCrunch

Fight or flight: How one of the UK’s busiest airports defends against cyber-attacks - Portswigger (The Daily Swig)

Like what you’re reading? Head to the Subscriber form in the sidebar to get insightful GlobalSign content delivered directly to your inbox.

Share this Post