07 Nov
Here’s your weekly #databreach news roundup:
Okta, ServiceNow, NASCO, and Ace Hardware.
Okta
Okta is warning nearly 5,000 current and former employees that their personal information was exposed after a third-party vendor was breached. #databreach @billtoulas @BleepinComputer https://t.co/GUQFM89xEK
— DevaOnBreaches (@DevaOnBreaches) November 3, 2023
- What happened?
- Okta, a provider of identity management solutions, has informed nearly 5,000 current and former employees about a data breach that resulted from a third-party vendor, Rightway Healthcare, being compromised.
- Who is Rightway Healthcare?
- Rightway Healthcare is a vendor that manages healthcare coverage for Okta employees and their families.
- Details of the breach:
- On September 23, 2023, Rightway suffered a network intrusion that allowed unauthorized access to an eligibility census file. This file was used for insurance and benefits plans and included personal information.
- What information was compromised?
- The accessed file contained full names, Social Security Numbers (SSNs), and medical insurance plan numbers of Okta’s employees and their dependents.
- When did Okta find out?
- Okta was notified about the breach on October 12, 2023, after which they started an investigation to understand the breach’s scope.
- How many people were affected?
- The breach impacted a total of 4,961 individuals associated with Okta.
- Potential risks:
- Besides the obvious identity theft risks associated with the exposure of SSNs and health plan numbers, the leak of full names could enable attackers to guess corporate email addresses and potentially target accounts for hijacking.
- Steps taken by Okta:
- Okta has offered two years of credit monitoring, identity theft protection, and fraud protection services through Experian to those affected.
- Response from Okta:
- Okta clarified that the compromised data was from the period of April 2019 through 2020, emphasizing that Okta’s services remain secure and that no customer data was affected by this incident.
ServiceNow
ServiceNow announced on its support site that misconfigurations within the platform could result in "unintended access" to sensitive data.
— DevaOnBreaches (@DevaOnBreaches) October 31, 2023
For organizations that use ServiceNow, this security exposure is a critical concern that could have resulted in major data leakage of…
- What happened?
- ServiceNow, a cloud platform for business automation, announced that its platform had misconfigurations that could allow “unintended access” to sensitive data.
- Potential Impact:
- The misconfiguration in ServiceNow could have led to significant data leaks of sensitive corporate information across organizations that utilize the platform.
- ServiceNow’s Actions:
- ServiceNow has addressed the issue with a fix to prevent this potential data exposure.
- About ServiceNow:
- It’s a comprehensive cloud solution that automates various business processes and is crucial for IT service, operations, business management, customer service, HR, and security operations.
- Source of Misconfiguration:
- An interface widget called Simple List, used to display data from tables on dashboards, had a default configuration that allowed unauthenticated users to access the data remotely. This data could include IT ticket contents, internal knowledge bases, and employee details.
- Duration of the Issue:
- These misconfigurations have been present since Access Control Lists were introduced in 2015, but no incidents had been reported before the recent disclosure.
- Wider Implications:
- This issue was one among many potential misconfigurations in ServiceNow that could affect access control and data security.
- Role of SSPM:
- SaaS Security Posture Management (SSPM) solutions help organizations identify and manage such misconfigurations and ensure compliance.
- Understanding the Misconfigurations:
- The issue was due to default public access settings within ServiceNow’s ACL widget, Simple List, which aggregates data into tables.
- Remedying the problem required adjustments in multiple application areas and careful consideration to avoid disrupting existing workflows.
- Recommendation:
- Despite the fix by ServiceNow, organizations are advised to review their settings to confirm the closure of any exposures.
NASCO
NASCO filed a notice of #databreach with the Attorney General of Massachusetts after discovering that a vulnerability within MOVEit, a secure file-transfer application used by the company, resulted in an unauthorized party being able to access certain information in the company’s…
— DevaOnBreaches (@DevaOnBreaches) October 31, 2023
- What happened?
- NASCO, a company that works with health plans, reported a data breach resulting from a vulnerability in MOVEit, a file-transfer application they use. This breach led to unauthorized access to sensitive consumer information.
- How was the breach discovered?
- The vulnerability in MOVEit was announced by its creator, Progress Software, on May 31, 2023. However, NASCO wasn’t aware that their data might have been affected until July 12, 2023.
- What was the response?
- Once NASCO became aware of the vulnerability, they secured their systems, including shutting down their MOVEit server. They then conducted an investigation to understand the extent of the breach.
- Extent of the Breach:
- NASCO’s investigation revealed that on May 30, 2023, an unauthorized party accessed their MOVEit server containing confidential health plan member information. NASCO clarified that the breach did not affect their own systems but was limited to the MOVEit server.
- Types of Data Exposed:
- The exact types of sensitive consumer data exposed have not been specified in the summary provided.
- Notification to Affected Parties:
- In October 2023, NASCO began sending out notification letters to the individuals whose information was compromised, detailing the nature of the data exposed.
- Current Status:
- NASCO has notified the necessary authorities and those affected by the breach, and individuals should have received information on the specific data pertaining to them that was impacted.
Ace Hardware
- What happened?
- Ace Hardware, a cooperative of hardware store retailers, confirmed a cyberattack that disrupted their ordering systems and impacted 196 servers.
- Size and Scope of Ace Hardware:
- The cooperative operates over 5,700 stores in various countries, has 12,500 employees, and generates more than $9 billion in annual revenue.
- Initial Reports of the Incident:
- The cyberattack was first mentioned on Reddit, where a notice to retailers about the incident was shared.
- Systems Affected:
- Key operating systems were hit, including Ace’s warehouse management systems, retailer mobile assistant, invoicing, rewards program, and customer service phone lines.
- Impact on Operations:
- Scheduled deliveries have been disrupted, and retailers have been advised not to place further orders as the system cannot process them currently.
- Company’s Response:
- Ace Hardware has enlisted IT experts to assist with restoring the affected systems. However, due to the evolving nature of the situation, they have not provided specific details on the recovery process.
- Ongoing Situation:
- An update indicated that the outage is ongoing without a definite end time. Retailers have been advised to continue operating stores, as point-of-sale systems and credit card processing were not affected by the cyberattack.