If you can call more than 5 million breached records “low”, February figures are actually below average for cybersecurity incidents. There were 83 data breaches or cyber incidents in February, accounting for 5,127,241 breached records.
As news broke of the Russia-Ukraine conflict, there was a flurry of related security incidents towards the end of the month. It began with Russia targeting banks and government departments worldwide, before Ukraine hit back by attacking the Moscow stock exchange. The EU has set a cyber rapid response team to support Ukraine, to in turn help Ukrainian cyber attack victims. Simultaneously, “hactivist” group Anonymous have become directly aggressive, launching large attacks on Russia to give Vladimir Putin “a sip of his own bitter medicine.”
Human error let criminals hack SEPA’s systems
The Scottish Environmental Protection Agency (SEPA) has this month revealed it suffered a major ransomware attack on Christmas Eve in 2020. It led to around 1.2GB of data, amounting to at least 4,000 files, being stolen. Police Scotland has been investigating and they have concluded that it was likely that an international organised crime group was responsible for the extortion attempt. The majority of SEPA’s data was either stolen or lost, including financial records. Auditor general Stephen Boyle stated that “SEPA had to recreate accounting records from bank and HMRC records. This made it difficult for the auditor to gain sufficient evidence to substantiate around £42m of its income from contracts.” Back ups were also lost or hacked. It is as yet unknown the full financial impact the attack has had on SEPA, but as of March 2021, the cyber incident is believed to have cost £1.2 million. All this damage has resulted from human error, clicking on a link from an email, which set off the chain of events.
Isle of Man company hit by cyber-attack
A kettle safety controls company was hit by a cyber attack of Russian origin at the end of February. Strix Group said its servers on the island and the UK were affected, but systems were restored a few days later. There was no impact on customer orders or sales. This is just one of many small cyber-attacks on the island at the end of the month. It is believed Russian supporters are behind all the attacks because the chief minister has publicly shared negative views about the Russian leader, and this was an opportunity for retaliation. Many companies on the Isle of Man have appointed cyber security experts to “monitor and support”, as well as make recommendations on processes and procedures against future attacks.
NHS patients’ private medical records leaked
Tens of thousands of NHS patients have had their private information leaked in a devastating data breach. The confidential files include hospital appointment letters for women who have suffered miscarriages, test results of cervical screening, and letters to parents of children needing urgent surgery at Alder Hey Children’s Hospital, Liverpool.
All this information was leaked in error by PSL Print Management, a Preston-based consultancy firm paid millions each year by the NHS. The documents also contained names, addresses, phone numbers and NHS numbers of patients. The information dates back as far as 2015 despite data protection laws stipulating that medical data be deleted as soon as it is no longer needed.
The breach came to light when a whistleblower who had raised concerns about PSL requested all the emails and text messages relating to his employment at the firm. PSL sent him a memory stick which appeared to contain the firm’s entire email server, and he noticed thousands of patient letters had been attached to emails between PSL staff and sub-contractors Datagraphic, a printing firm based in Rugby. The Information Commissioner’s Office has said it has launched an investigation into the incident. A data protection consultant Tim Turner exclaimed that this event ‘is genuinely shocking and the NHS should be declaring a major incident.’
San Francisco 49ers hit by Ransomware Attack
The San Francisco 49ers NFL team was hit by a big ransomware attack at the beginning of February, encrypting files on its corporate IT network. The team confirmed the attack after the operators of the BlackByte ransomware listed the team as one of their victims on a dark web ‘leak site.’ BlackByte typically uses this to shame victims and force them into paying their extortion demands. The club immediately began an investigation and took steps to contain the incident. It is believed that they were trying to steal documents that contained game tactics that were to be used at the Superbowl if they had gotten through. They notified the police and are still working with a third-party cybersecurity firm to investigate the attack.
Cyber attack brings down Vodafone Portugal
On the 8 February, Vodafone Portugal was hit by a cyber attack, taking a large chunk of customer data services offline. Even a few days after the attack, the company’s 4G and 5G mobile networks, along with fixed voice, television, SMS, and voice/digital answering services were still offline. All services were finally restored the following week.
It is still unknown how this incident occurred, and the company is working with authorities to investigate. There is no evidence to suggest customer data was compromised. Despite the presence of some rumours online, Vodafone Portugal has not attributed the ongoing incident to a ransomware attack. These rumours are due to several ransomware attacks on two of Portugal’s largest news media outlets in January. The Lapsus$ ransomware gang, which was behind the two attacks, has not taken credit so far for the Vodafone Portugal outage on any of its online accounts.
Georgia Residents Information Exposed
Voters in Georgia, USA, had their voters’ registration information leaked onto the internet, due to a data breach of the voting software company EasyVote Solutions. Public information about voters was posted to an online forum, but the breach didn’t involve Social Security numbers or driver’s license numbers. Voter registration information included names, addresses, race, and dates of birth. EasyVote Solutions provide a software that streamlines voter check-ins during early voting, in dozens of counties across Georgia. The software uses local voter registration to print out pre-filled election applications for voters when they arrive at the polls, instead of requiring voters to complete paperwork by hand. It is thought that voter information was obtained via an EasyVote online storage location, however it is unclear how many Georgian residents have been affected. EasyVote Solutions contacted the police and are working with a cybersecurity firm to increase their security to reduce the risk of this happening again.
Harbour Plaza Hotel customers warned over data leak
One of Hong Kong’s biggest hotels, Harbour Plaza Hotel, was hit by a big cyber attack last month. More than a million customers of the Harbour Plaza Hotel group are being advised to be on their guard for possible scams, after its booking database came under attack. It is thought that 1.2 million customers were involved, however they are still investigating exactly how much data has been stolen. Customers are being advised to check their payment cards to see if there are any unauthorised transactions, look for unusual email logins, change their relevant passwords, and activate two-factor authentication. The hotel is now working with a cyber security company to improve their security systems.
Puma hit by data breach after Kronos ransomware attack
Sportswear manufacturer Puma was hit by a data breach in February 2022, following the ransomware attack that hit Kronos, one of its North American workforce management service providers, in December 2021. The attackers stole personal information belonging to Puma employees and their dependents, from the Kronos Private Cloud (KPC) environment before encrypting the data. KPC is supposedly a secure storage system protected from attacks using firewalls, multi-factor authentication, and encrypted transmissions. It is estimated that almost half of Puma’s employees have been affected. Since the attack was discovered KPC has been conducting a comprehensive review of the impacted environment to determine whether any individual’s personal information was subject to unauthorised access. KPC has now improved their systems further to stop this from happening again.
Swissport ransomware attack leads to flight delays
Aviation company Swissport has announced they were a victim of a ransomware attack on the 4 February 2022. It meant that some flights were forced to delay, and other operations were disrupted. Neither the ransomware operator nor the type of ransomware used against the company is currently known, but the company reacted quickly to contain the attack, despite the disruption it caused. At the time, its support website returned an error and was inaccessible, but a day later the company assured travellers that the situation was under control and that affected systems were taken offline, waiting to be restored from backups. Swissport was able to continue to provide ground services without full IT system access, though delays were inevitable. The hack follows several widely reported cyber-attacks on critical infrastructure across Europe in the first week of February, including attacks on oil facilities in Germany, Belgium, and the Netherlands.
500,000 Australian addresses published in Covid data breach
More than 500,000 businesses, including defence sites, a missile maintenance unit, and domestic violence shelters were unintentionally made public in the first major breach for the New South Wales government through the Covid-19 QR system. Premier Dominic Perrottet said this should not have happened, but cyber security experts did warn the government that their QR system was vulnerable to attacks. It seems that they did not listen, nor strengthen the walls when they could have. All business were notified, and the government has now strengthened their QR system to make sure this will not happen again.