As we prepare to leave 2019 behind and enter the new year, it’s important to remember that 2020 is an election year. But no matter what side of the political aisle you’re on, protecting the integrity of our nation’s elections should be a matter of prime importance. Therefore, it becomes critical to protect against foreign attempts to undermine the American democratic system.
That’s why it’s troubling to find out that a Russian-owned company already launched a “clumsy cyberattack” on Ohio’s elections website. The Nov. 5 attack started when hackers attempted to insert malicious code onto the site, seemingly in an attempt to probe for vulnerabilities. Even though the scheme was not successful, these types of attacks threaten to undermine public confidence and discourage voter turnout.
However, there’s still plenty of time to worry about 2020. For now, let’s look back at the last month’s most prominent cyber attack news stories.
CYBER ATTACK NEWS ROUNDUP (Nov. 26-Dec. 31, 2019)
A Dec. 16 ransomware attack shut down digital communications in the city of Galt. Emails and telephones got knocked out, although emergency communications services remained in operation. Galt officials say that they have not yet received a ransom demand. Meanwhile, the city will work with the California Department of Justice and the FBI on the investigation.
In early November, T-Mobile US Inc. discovered an attack that allowed a hacker to access personal information contained in prepaid accounts. The attack affected “less than 1.5%” of T-Mobile customers, but considering that they have over 84 million customers, it’s still a considerable amount. Meanwhile, potentially compromised PII includes names, addresses, phone numbers and account numbers.
DiBella’s Subs, a sandwich chain with locations in several states, recently notified customers of a data breach that occurred over a year ago. The breach affects customers who visited DiBella’s locations between March 22, 2018, and Dec. 28, 2018. The breached information includes names, payment card numbers, expiration dates and CVV numbers. Over 300,000 payment cards could potentially be affected by the incident.
New York City-based Catch Hospitality Group had its point-of-sale (POS) systems breached by malware that attempted to siphon out payment card data. The company, which operates Catch NYC, Catch Roof and Catch Steak, launched an investigation after detecting unauthorized activity on the POS systems.
Choice Cancer Care Treatment Center recently informed affected patients about a May cyberattack against the Irving, Texas-based company. It exposed patient data that include names, medical or health information, and a limited number of driver’s license numbers, Social Security numbers, payment card numbers and passport numbers. The attack occurred through a compromised employee email account. Meanwhile, Choice plans to conduct additional security awareness training in response.
Four popular restaurant chains got targeted in a cyberattack that resulted in stolen payment card information. The information was taken from restaurant chains Krystal, Moe’s, McAlister’s Deli and Schlotzsky’s, with roughly half of the combined 1,750-plus locations getting breached. Most of the affected restaurants operate in the central and eastern states, especially Florida, Georgia, South Carolina, North Carolina and Alabama.
A patient who had their data exposed in the Solara data breach earlier this year filed a class-action lawsuit against the Chula Vista, CA-based medical supplies company. Solara employee email accounts got breached for several months between April and June. Exposed PII included names, dates of birth, Social Security numbers and more. Meanwhile, the suit accuses Solara of insufficient security and slowness in notifying affected customers.
Michaele G. King pled guilty in Westmoreland County to two felony counts of unlawful use of a computer and disruption of service. When King was a senior at Franklin Regional High School in Pennsylvania, she purchased and intentionally downloaded a virus onto the school’s computer system. The attack spread and disrupted servers at over a dozen local school districts and government offices.
The database and ticketing system of The Shakespeare Theatre in Madison, New Jersey, was hit with a ransomware attack. Due to the theatre’s inability to track tickets or process credit cards, the attack forced a cancellation of a performance of A Christmas Carol. Although personal and financial information did not get compromised, the theatre’s patron database got wiped out.
Albany, New York-based human services agency Equinox suffered a breach due to unauthorized access to employee emails containing protected health information. An investigation revealed that two employee email accounts got hacked in the attack. Exposed PII includes names, addresses, dates of birth and Social Security numbers, as well as medical information about diagnoses, medication and health insurance. Free credit monitoring will go to anyone impacted by the breach.
A breach of Central Square, a vendor used by the Cucamonga Valley Water District, allowed hackers to access a server used to process payments. Affected customers will receive notification letters from the district, as well as one year of free credit monitoring.
In a similar incident, the Waco Water Department in Texas reported a possible pay portal data breach. The Waco episode is an offshoot of the breach of Click2Gov, a third-party payment vendor. Hackers altered the code in a way that allowed them to copy payment card information during transactions. A criminal investigation is underway.
Meanwhile, in other water system security news, an audit by the New York State Comptroller’s Office found significant cybersecurity flaws in the water system serving the city of Middleton. The review found that the city did not provide adequate security training, and did not require monitoring of devices networked to the water system.
Just days after the deadly shooting at a naval base in Pensacola, an unrelated cyberattack shut down city communication systems. The attack affected the city network, including phones and emails at City Hall and other government buildings. Mayor Grover Robinson announced the city would pay for identity monitoring services for up to 60,000 people.
The attack was later confirmed to be a Maze ransomware attack. Maze attacks work by copying files to a hacker’s server while encrypting the data on the target’s server. Two weeks after the incident, the Maze Group hackers started posting stolen data online.
Journalists at Spokane NBC affiliate KHQ-TV were reading off paper scripts after a security breach targeted software used by multiple local newscasts across Washington and Montana. When the breach got discovered, workers shut down control room computers to prevent the spread of infection. No employee or advertiser data got compromised in the attack.
On the morning of Dec. 13, New Orleans IT employees detected a cyberattack against the city. Employees were immediately ordered to power down computers, unplug devices and disconnect from WiFi. City officials are currently working with Louisiana State Police, Louisiana National Guard, FBI and U.S. Secret Service on the recovery and investigation.
According to New Orleans Mayor LaToya Cantrell, the cost of recovery will exceed the city’s $3 million cyber insurance policy. Louisiana is still recovering from a recent cyberattack that closed some Office of Motor Vehicle offices in the state.
A cyberattack against Walla Walla University crashed online networks and phone lines in the middle of fall semester finals. Students could not use classroom computers or access the school network, and the attack also locked campus email accounts. The university expects some systems to remain down for the rest of the year.
Conway Medical Center is in the process of notifying clients about a phishing attack that potentially exposed their health information. Information technology workers discovered the breach in October, determining that a hacker accessed employee email accounts. The potentially exposed information includes names, addresses, dates of birth, Social Security numbers, phone numbers and more. However, there is no evidence to date that the data got misused.
Convenience store and gas station chain Wawa recently announced a data breach affecting payment card information. Wawa IT workers “discovered malware on Wawa payment processing servers” in early December. After a forensic investigation, Wawa found that the breach stretched back to March 4, 2019. Any Wawa customer who paid with a credit or debit card between March and December may have had their information stolen. The company will offer free identity protection and credit monitoring to any affected customers.
Just weeks after Wawa disclosed the breach, a “wave of lawsuits” flooded the company. At least six lawsuits, all seeking class-action status, got filed in federal court in Philadelphia. The lawsuits allege that Wawa did not provide adequate security to protect its system from cyberattacks.
Less than a week before Christmas, a cyber attack on RavnAir forced the airline to cancel numerous flights to Alaska. The attack compelled RavnAir to disconnect its Dash 8 aircraft from the maintenance system, leading to the cancellations. Over 260 passengers had their flights canceled as a result of the attack. RavnAir serves over 100 otherwise largely inaccessible communities in Alaska. RavnAir continued to cancel flights in the week after Christmas as the company struggled to restore its maintenance system.
More cyber security troubles for the social network, as over 267 million user phone numbers and names were left exposed in an online database. The database did not get protected by a password or any other security measure. Although the unguarded database only went up for two weeks, hackers quickly made the data available for download. Security researcher Bob Diachenko discovered the database, and he believes that the Vietnamese hackers carried out the theft.
Check back next month for an updated cyber attack news roundup. Meanwhile, if you’re concerned about the security of your business network, call Capital Network Solutions at (916) 366-6566. At CNS, we can prevent you from becoming the next headline by protecting your system, data, email, devices and more.