Happy 3 day work week! Hope you all have some fun plans this week until then enjoy Webroot’s Cyber News Rundown:
MOVEit breach impacts the entire State of Maine
Officials for the State of Maine have recently confirmed that they were affected by the MOVEit file transfer breach earlier this year, and personal data for nearly 1.3 million Maine residents may have been compromised. Multiple government agencies were involved in this breach, including the Department of Health and Human Services and the Maine Department of Education, both of which stored highly sensitive information. The official response as to why the State of Maine waited almost 6 months to begin notifying residents of the breach was that the investigation was taking longer than expected.
LockBit ransomware targets prominent banking and law firms ICBC and Allen & Overy Hit By Ransomware - Infosecurity Magazine
In the last week, officials for the Industrial and Commercial Bank of China (ICBC) and the Allen & Overy law firm have revealed significant cyber-attacks on their systems, which have since been linked to the LockBit ransomware group. Data from Allen & Overy has been posted to the LockBit gang’s leak site, with a November 28th deadline to pay the demanded ransom, before the entirety of the stolen data is made public. Officials for ICBC have also confirmed a breach in their systems, though the bank has yet to make an appearance on LockBit’s leak site.
US mortgage provider suffers major data breach
Over the weekend, officials for the US mortgage provider, Mr. Cooper, published an announcement regarding a cyberattack at the end of October, which has forced several critical systems offline and halted the company’s ability to process mortgage payments. The attack also compromised a significant amount of customer data, though the exact number of affected individuals has yet to be revealed. All Mr. Cooper clients are encouraged to update their account credentials and are being assured that no late fees or penalties will be incurred due to this incident.
Data breach exposes 2.3 million Postmeds customers ** https://www.bleepingcomputer.com/news/security/pharmacy-provider-truepill-data-breach-hits-23-million-customers/ **
The company behind the pharmacy platform, Truepill, has recently begun contacting nearly 2.3 million customers who may have had their data compromised during a data breach at the end of August. The company itself, Postmeds, may also be facing legal troubles, as the exposed data was not encrypted and Postmeds waited almost 2 months to notify affected individuals. Additionally, some of the data breach victims have spotted unusual activity on their mobile payment apps and confirmed that their stolen data had been identified on dark web forums.
Cyberattack disrupts multiple Australian shipping ports ** Major Australian ports blocked after a cyber attack on DP World **
Over the weekend, the international logistics firm, DP World, identified a cyberattack on their internal network and were forced to take systems offline in multiple Australian ports, halting thousands of shipping containers from entering the country. Fortunately, the investigation has being going quickly, and officials for DP World believe that the port disruptions will only last a matter of days, instead of weeks.
Which article this week was most shocking to you?
