Another large attack on this country's companies & a very unlikely breach...
Go Back

Another large attack on this country's companies & a very unlikely breach...

In this week's Cyber Weekly:

  1. What's happening in Australia?
  2. Unlikely breach in Yukon
  3. E-commerce platform hacked
  4. Another health care facility hit with ransomware

Thanks to all 7935 subscribers. It really takes a community to fight against cyberattacks. By sharing these newsletters, we can reach more people and help others from becoming a statistic. Share this article in the top right corner of the page.

What’s happening in Australia?

This is the 5th attack on a large Australian company this year. This time it was Energy Australia. Apparently 323 residential and small business customers’ information was accessed by unauthorized parties. An initial investigation suggests the information were not transferred off premises. However, the personal identifiable information stolen includes customer names, addresses, email addresses, electricity and gas bills, phone numbers and the first six and last three digits of their credit cards are all included with those accounts. (theguardian)

My thoughts: As of the time this article is published, there aren’t any ransomware groups who have claimed responsibility for any of these breaches. I find that strange. I couldn’t help but think if there is more to it? Are hackers gathering data on as many Australians as possible from several different cyber breaches? And if so, why?

The Pawn Shop Breach in Yukon

Brian Zink was in a pawn shop in the Yukon territory when he noticed a basket of 5-6 USB sticks. He realized the information on them were from the department of Health and Social Services. The data included personal information of roughly 50 to 60 people including case file information ranging from budgets to personal contact information. It was determined that the USBs were previously abandoned by a former employee that should not have had access to the information. If the department identifies risk of significant harm, they are to warn those affected. (insurancebusinessmag)

My thoughts: Assurance IT partners with industry leaders which addresses this specific use case. If an enterprise wants to know who is plugging what into their computers, we then can determine if the device meets company policy. Let me know if that’s of interest to you as well.

Singapore’s Equivalent to Shopify was Hacked last week

E-commerce platform, Carousell, notified its users last week of a data breach that occurred on October 14, 2022. It seems like the information stolen included emails, phone numbers and date of birth. At this time, it was reported that no passwords were stolen. The company claims that identify theft is unlikely to occur. (channelnewsasia)

My thoughts: It seems as though the company isn’t putting enough emphasis on the danger of this stolen data. Stolen emails and phone numbers are still personal identifiable data and can lead to phishing scams and can lead to stolen identities. They did report the incident fairly quickly, but we don’t know how many people were impacted. Let’s remember that not all stories are reported equally and we have learned that often more details unfold as time goes on. This article seems to be making the company look good when in reality, I still have a lot of questions.

Another day, another healthcare facility breached

Recent breach in an Arizona healthcare facility exposed the data of over 70,000 people. The incident potentially involved names, medical record numbers, Medicare or Medicaid numbers, date of birth, Social Security numbers, driver's license numbers, clinical or diagnosis information, and health insurance member ID numbers.

The breach took place in January and their investigation concluded In July when they advised everyone what had happened.

Another healthcare facility in Pennsylvania was also breached and impacted the personal information of over 235,000 individuals.

“While we have a robust information security system in place, unfortunately, no system is perfect, and we recently identified and addressed a cybersecurity incident,” Keystone Health told patients.

My thoughts: It’s becoming obvious that medical facilities are large and somewhat easy targets. Medical providers often have legacy technology somewhere in their environment often leading to more risk. Also the fact that they will have so much PII data makes them great targets for hackers. Small effort for big rewards! At this point, millions of people have been affected by these types of attacks just this year. If we were to have a roundtable discussion on how to address this problem, where would we start the conversation?

Featured Posts
Cyber Talk

Access monthly conversations with IT & Tech Leaders about the hottest cyber security topics in the industry.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.