w49-2022

Here’s your weekly #databreach news roundup:​​​​​

Amnesty International Canada, Rackspace, CloudSEK, Sequoia, VEVOR, Acuity Brands, CommonSpirit Health, and Telstra.

Amnesty International Canada

Amnesty International Canada

Amnesty International’s Canadian branch has disclosed a security breach detected in early October and linked to a threat group likely sponsored by China.

The international human rights non-governmental organization (NGO) says it first detected the breach on October 5, when it spotted suspicious activity on its IT infrastructure. 

After detecting the attack, the NGO hired the services of cybersecurity firm Secureworks to investigate the attack and secure its systems.

“The investigation’s preliminary results indicate that a digital security breach was perpetrated using tools and techniques associated with specific advanced persistent threat groups (APTs),” Amnesty International Canada said.

“Forensic experts with leading international cyber-security firm Secureworks later established that ‘a threat group sponsored or tasked by the Chinese state’ was likely behind the attack.”

Rackspace

Rackspace

Some of Rackspace’s hosted Microsoft Exchange services have been taken down by what the company has described as a “security incident”.

The company’s most recent incident report at the time of writing, time-stamped 01:57 Eastern Time on December 3rd, offers the following information.

“On Friday, Dec 2, 2022, we became aware of an issue impacting our Hosted Exchange environment. We proactively powered down and disconnected the Hosted Exchange environment while we triaged to understand the extent and the severity of the impact. After further analysis, we have determined that this is a security incident.”

The incident is further described as “isolated to a portion of our Hosted Exchange platform”

CloudSEK

CloudSEK

Indian cybersecurity firm CloudSEK says a threat actor gained access to its Confluence server using stolen credentials for one of its employees’ Jira accounts.

While some internal information, including screenshots of product dashboards and three customers’ names and purchase orders, was exfiltrated from its Confluence wiki, CloudSEK says the attackers didn’t compromise its databases. 

“We are investigating a targeted cyber attack on CloudSEK. An employee’s Jira password was compromised to get access to our confluence pages,” the company’s CEO and founder, Rahul Sasi, said on Tuesday.

Instead, using the stolen Jira credentials, the threat actor could access training and internal documents, Confluence pages, and open-source automation scripts attached to Jira.

Sequoia

Sequoia

The human resources, payroll, and benefits management company Sequoia said in disclosures to customers at the beginning of the month that it detected unauthorized access to a cloud storage repository that contained an array of sensitive and personal data related to the company’s Sequoia One customers. 

Sequoia notified both its corporate customers and the individual people whose data may have been impacted by the breach, which the company says occurred between September 22 and October 6. The company is offering victims three years of free Experian identity protection services.

VEVOR

VEVOR

The cyber security researchers at Website Planet published a report on discovering an unprotected database containing a trove of data. The exposed server, which belonged to a global online retailer, was identified twice between April to July 2022.

According to Fowler, the database had several references to Vevor, an online retailer based in California. However, Crunchbase claims that although the company is registered in the US, its website suggests it is based in China, boasting more than ten million customers across 200 countries/regions.

Acuity Brands

Acuity Brands

On December 6, 2022, Acuity Brands reported a data breach with the Attorney General of Main after learning of a data security incident resulting in sensitive employee information being accessed and copied by an unauthorized party. According to Acuity, the breach resulted in the names, Social Security numbers, driver’s license numbers and financial account information belonging to employees being compromised. Recently, Acuity sent out data breach letters to all affected parties, informing them of the incident and what they can do to protect themselves from identity theft and other frauds.

CommonSpirit Health

CommonSpirit Health

CommonSpirit Health has confirmed that threat actors accessed the personal data for 623,774 patients during an October ransomware attack.

This figure was published today on the U.S. Department of Health breach portal, where healthcare organizations are legally obligated to report data breaches impacting over 500 individuals.

At the start of October, the Illinois-based non-profit health system first informed the public of a cyberattack that took down its IT systems.

CommonSpirit Health is the second largest health system in the United States, operating 140 hospitals and over 1,000 care sites across 21 states, so any disruption in its operation has widespread impact potential.

On December 1, 2022, the organization published the latest results of its internal investigation on the security incident, admitting that the ransomware actors had accessed patient data for the first time.

Telstra

Telstra

Personal information of more than 130,000 Telstra customers has been exposed in the latest large-scale privacy breach to strike big Australian companies.

Telstra said a “misalignment of databases” rather than hacking was responsible for the breach, which saw customer details wrongly made available on the online White Pages and via directory assistance.