25 Jan
Here’s your weekly #databreach news roundup:
Bank Indonesia (BI), RR Donnelly, Red Cross, Moncler, and Clarins.
Bank Indonesia (BI)
Bank Indonesia (BI), the central bank of the Republic of Indonesia, has confirmed today that a ransomware attack hit its networks last month.@serghei #databreachhttps://t.co/ilYP7gbc4y
— DevaOnBreaches (@DevaOnBreaches) January 22, 2022
Bank Indonesia (BI), the central bank of the Republic of Indonesia, has confirmed today that a ransomware attack hit its networks last month.
A Bank Indonesia spokesperson also told BleepingComputer the attack took place last month and that the bank’s operations are not disrupted after the incident.
“We would like to inform you that the ransomware harassment has occurred last month. However, Bank Indonesia has conducted comprehensive evaluation for the disruption,” BleepingComputer was told.
“We convince that our operational activities are not disrupted, stay in control, and keep on support public economic services.”
During the incident, the attackers stole “non-critical data” belonging to Bank Indonesia employees before deploying ransomware payloads on over a dozen systems on the bank’s network, as CNN Indonesia reported.
RR Donnelly
RR Donnelly has confirmed that threat actors stole data in a December cyberattack, confirmed by BleepingComputer to be a Conti ransomware attack. #databreach @LawrenceAbramshttps://t.co/mbMFGrz0ge
— DevaOnBreaches (@DevaOnBreaches) January 20, 2022
On December 27th, RRD filed a Form 8-K with the SEC disclosing that they suffered a “systems intrusion in its technical environment” that led to the shut down of their network to prevent the attack’s spread.
The shut down of IT systems led to disruptions for customers, with some unable to receive printed documents required for vendor payments, disbursement checks, and motor vehicle documentation.
While RRD initially said they were not aware of any client data stolen during the attack, on January 15th, the Conti ransomware gang claimed responsibility and began leaking 2.5GB of data allegedly stolen from RRD.
However, a source told BleepingComputer that Conti soon removed the data from public view after RRD began further negotiations to prevent the release of data.
Yesterday, RRD released an additional 8-K filing confirming that data was stolen during the attack. The company also stated they are taking all appropriate measures to protect its and clients’ information.
“At this time, however, the Company has become aware that certain of its corporate data was accessed and exfiltrated, the nature of which is being actively examined. Based on information known to date, the Company believes the access and exfiltration was in connection with the previously disclosed systems intrusion and not a new incident,” reads the new SEC filing.
Red Cross
The International Committee of the Red Cross (ICRC) said it was hit with a cyberattack this week that compromised the personal data of "more than 515,000 highly vulnerable people." #databreach @jgreigj https://t.co/iw615Ejl2I
— DevaOnBreaches (@DevaOnBreaches) January 20, 2022
The International Committee of the Red Cross (ICRC) said it was hit with a cyberattack this week that compromised the personal data of “more than 515,000 highly vulnerable people.”
In a release on Wednesday evening, the organization said it discovered a “sophisticated cybersecurity attack” this week that targeted servers hosting the information of people who have been separated from their families due to conflict, migration, and disaster as well as missing persons, their families, and people in detention.
According to the statement, the data accessed came from at least 60 Red Cross and Red Crescent National Societies located around the world. The hackers targeted a Swiss company that the ICRC hires to store its data.
The ICRC told ZDNet that it was not a ransomware attack, but in their statement, they said they were forced to shut down the systems underpinning a program called “Restoring Family Links.” The program helps reunite family members separated by conflict, disaster, or migration.
“An attack on the data of people who are missing makes the anguish and suffering for families even more difficult to endure. We are all appalled and perplexed that this humanitarian information would be targeted and compromised,” said Robert Mardini, ICRC’s director-general.
Moncler
Italian luxury fashion giant Moncler confirmed that they suffered a #databreach after files were stolen by the AlphV/BlackCat ransomware operation in December and published today on the dark web. @billtoulas https://t.co/wahksC4L0D
— DevaOnBreaches (@DevaOnBreaches) January 19, 2022
talian luxury fashion giant Moncler confirmed that they suffered a data breach after files were stolen by the AlphV/BlackCat ransomware operation in December and published today on the dark web.
The attack unfolded in the final week of 2021 when the luxury fashion brand announced an interruption in its IT services but assured that the attack would result in nothing more than a temporary outage.
Ten days after that, the company released an update on the situation, reactivating its logistic systems and prioritizing e-commerce shipments that had been delayed in shipping.
Today, in a statement shared with Bleeping Computer, Moncler confirmed that some data related to its employees, former employees, suppliers, consultants, business partners, and customers was leaked today by the AlphaV (BlackCat) ransomware operation.
Moncler states that they rejected the prospect of paying a ransom demand as it goes against its founding principles, leading to the publishing of the stolen data.
“With regard to information linked to customers, the company informs that no data relating to credit cards or other means of payment have been exfiltrated, as the company does not store such data on its systems.” explains the statement shared with BleepingComputer.
Clarins
Clarins has released a statement concerning a data security incident that may affect its Singaporean customers, according to a report published by The Singapore Times. #databreach https://t.co/5D2N6wCWx3
— DevaOnBreaches (@DevaOnBreaches) January 18, 2022
THE WHAT? Clarins has released a statement concerning a data security incident that may affect its Singaporean customers, according to a report published by The Singapore Time.
THE DETAILS The French cosmetics brand has been affected by a critical vulnerability in Log4j software, which it uses to manage a database of its Singaporean customers.
Personal information, including names, addresses, telephone numbers and data on the Clarins loyalty program could have been viewed but passwords, credit card information and payments processed appeared to be secure.