breach notification – Page 4

Philadelphia-area health system says it ‘isolated’ a malware attack

Posted on June 19, 2020 by Sean Lyngaas

A “malware attack” has hit computer systems at Crozer-Keystone Health System, a large health care provider in the Philadelphia suburbs, a spokesman for the organization said Friday. “After quickly identifying a recent malware attack, the Crozer-Keystone information technology team took immediate action and began remediating impacted systems,” Crozer-Keystone’s Rich Leonowitz said in an email statement. Crozer-Keystone owns four hospitals and four outpatient centers in and around Delaware County, Pennsylvania, according to its website. It was not immediately clear how, if at all, the cybersecurity incident impacted those facilities. Leonowitz declined to answer questions on the matter. “Having isolated the intrusion, we took necessary systems offline to prevent further risk,” Leonowitz’s statement continued. “We completed this work in collaboration with cybersecurity professionals across our health care system and are currently conducting a full investigation of the issue.” A set of hackers behind the NetWalker ransomware claimed responsibility for the attack. On their victim-shaming website, […]

The post Philadelphia-area health system says it ‘isolated’ a malware attack appeared first on CyberScoop.

Continue reading Philadelphia-area health system says it ‘isolated’ a malware attack→

Computer network ‘disruption’ forces Honda to cancel some production

Posted on June 9, 2020 by Sean Lyngaas

A “disruption” to Japanese carmaker Honda’s computer network forced the company to cancel some production operations on Monday, according to a company spokesperson. The incident occurred Sunday and Honda’s IT personnel are still responding to the situation, Honda spokesman Chris Abbruzzese told CyberScoop. He declined to answer questions on the cause of the incident or where it was affecting the company geographically. But another statement from Honda to the BBC said the incident has “also [had] an impact on production systems outside of Japan.” Cybersecurity researchers said that malicious software samples associated with the incident suggested a ransomware attack had occurred. Vitali Kremez, a strategic adviser to cybersecurity company SentinelOne, said he suspected a strain of ransomware known as Snake or EKANS was the cause of the incident. The ransomware appears to have been coded to check that it was on Honda’s networks before executing, Kremez said. EKANS ransomware emerged last […]

The post Computer network ‘disruption’ forces Honda to cancel some production appeared first on CyberScoop.

Continue reading Computer network ‘disruption’ forces Honda to cancel some production→

Ransomware crooks attack Conduent, another large IT provider

Posted on June 5, 2020 by Sean Lyngaas

A ransomware attack disrupted IT services company Conduent’s work with its clients last week, another example of digital extortionists targeting key technology suppliers. Conduent, which reported $4.5 billion in revenue last year and provides IT services in sectors such as health care and banking, had its European operations temporarily hampered, spokesman Sean Collins said. The incident occurred on May 29. Most systems were functioning nine hours later on that same day, and all have since been restored, he said. It was unclear which Conduent clients were affected by the disruption. Collins did not respond to a question on which clients were affected. The notorious set of hackers behind the Maze ransomware variant claimed responsibility. Like a lot of crooks involved in ransomware, the Russian-speaking Maze affiliates are not one group, but several distinct teams that specialize in writing code or breaching networks. If confirmed, it would be at least the second […]

The post Ransomware crooks attack Conduent, another large IT provider appeared first on CyberScoop.

Continue reading Ransomware crooks attack Conduent, another large IT provider→

Japanese IT services firm reveals hack affecting up to 621 customers

Posted on May 28, 2020 by Sean Lyngaas

Hackers earlier this month breached the computer systems of Japanese data-management company NTT Communications in an incident that could affect 621 clients, the company said Thursday. NTT Communications, which powers data centers in more than 20 countries or regions, said the unidentified hackers had breached the company’s Active Directory server, a repository of network data, and used it as the focal point of their attack. Four days after the breach began, NTT officials realized that data may be leaving their network. In a rare level of detail for a breach disclosure, the company said it had identified external websites the attackers were using to communicate with their malware and shut off those access points. Between cloud computing and other IT services, NTT Communications has a wealth of data for hackers to aim at. It is one of several subsidiaries of NTT Group, a Fortune 100 tech giant with more than 303,000 employees. NTT officials are in […]

The post Japanese IT services firm reveals hack affecting up to 621 customers appeared first on CyberScoop.

Continue reading Japanese IT services firm reveals hack affecting up to 621 customers→

Cyberattack hits internal IT systems of key player in British power market

Posted on May 14, 2020 by Sean Lyngaas

Elexon, a company that facilitates transactions on the British electricity market, said Thursday that a cyberattack had hit its internal computers, cutting off email access for employees. The company grappled with the digital attack throughout Thursday, tweeting that it had identified the “root cause” of the incident. “The attack is to our internal IT systems and Elexon’s laptops only,” the company said. It was unclear who was responsible for the cyberattack. The attack didn’t affect the external IT systems that the company uses to track trading between producers and suppliers of electricity, Elexon said. The company manages transactions worth some $2 billion a year, resolving the difference between what electricity generators and suppliers say they will produce or use and what they actually do. A spokesperson for National Grid ESO — Britain’s national electricity system operator — said the organization was investigating the incident, calling it a “cyber intrusion on Elexon’s internal […]

The post Cyberattack hits internal IT systems of key player in British power market appeared first on CyberScoop.

Continue reading Cyberattack hits internal IT systems of key player in British power market→

Security incident knocks UK supercomputer service offline for days

Posted on May 14, 2020 by Sean Lyngaas

Britain’s main supercomputing service for academic research has been unavailable since Monday following a security incident that forced administrators to reset user passwords. The ARCHER computing service, which scientists use to model climate change, coronavirus, and other societal challenges, likely won’t be available until at least next week as U.K. government cyber officials continue to help the system recover. ARCHER — a set of powerful hardware and simulation software housed at the University of Edinburgh — recently made available to its users a tool for simulating the extent of the COVID-19 outbreak. Scientific data and know-how has been in the crosshairs of hackers during the COVID-19 pandemic as governments around the world race to understand and treat the disease. It was unclear who was responsible for the security incident. A spokesperson for the U.K.’s National Cyber Security Centre told CyberScoop the agency was aware of the incident and providing support for […]

The post Security incident knocks UK supercomputer service offline for days appeared first on CyberScoop.

Continue reading Security incident knocks UK supercomputer service offline for days→

IT services firm Cognizant hit with Maze ransomware

Posted on April 18, 2020 by Sean Lyngaas

Cognizant, a multibillion-dollar IT services company with clients in the banking and oil and gas industries, said Saturday its computer systems had been disrupted by Maze ransomware, a strain of malicious code that has been used in cyberattacks in the U.S. and Europe in recent months. “Our internal security teams, supplemented by leading cyber defense firms, are actively taking steps to contain this incident,” the New Jersey-based company said in a statement. “Cognizant has also engaged with the appropriate law enforcement authorities.” A Fortune 500 company with over a quarter of a million employees worldwide, Cognizant possesses a wealth of data that would make it a target of hackers. Cognizant’s software and consulting services are used by major pharmaceutical firms and restaurant chains, according to its website. Earlier this week, the company had notified clients of the incident and shared “indicators of compromise” — forensic data such as IP addresses […]

The post IT services firm Cognizant hit with Maze ransomware appeared first on CyberScoop.

Continue reading IT services firm Cognizant hit with Maze ransomware→

Hackers file fake tax returns in scheme to steal IRS refunds

Posted on April 13, 2020 by Sean Lyngaas

It may be open season for coronavirus scammers, but tax frauds aren’t letting up, either. Attackers tried obtaining large tax refunds by posing as clients of Weber and Company, the California-based accounting firm revealed last week. The scammers apparently accessed clients’ personal data — including, perhaps, Social Security numbers and bank account information — and used that to file fraudulent returns, Weber and Company said in a notification to California’s attorney general. The IRS and the FBI are investigating the matter, the company said. The number of attempted IRS scams tends to increase every year in March and April in the U.S., as legions of crooks try to steal Americans’ refunds. Earlier this month, the IRS said attackers exploiting the COVID-19 crisis could use stolen data to commit tax fraud. In 2016, the IRS said attackers had attempted to breach its online filing portal and steal Social Security numbers. For years, lawmakers have debated the proper response to incidents of this kind. It was not immediately clear […]

The post Hackers file fake tax returns in scheme to steal IRS refunds appeared first on CyberScoop.

Continue reading Hackers file fake tax returns in scheme to steal IRS refunds→

Small business owners applying for COVID-19 relief may have had PII exposed, agency says

Posted on April 5, 2020 by Sean Lyngaas

As the federal agency overseeing relief to small businesses during the coronavirus pandemic was preparing to ramp up its lending, some of the Small Business Administration’s loan applicants may have had their personally identifiable information exposed to others, an agency spokeswoman tells CyberScoop. “Personal identifiable information of a limited number of Economic Injury Disaster Loan applicants was potentially exposed to other applicants on [Small Business Administration’s] loan application site,” SBA spokeswoman Carol Wilkerson said in a statement Saturday. “We immediately disabled the impacted portion of the website, addressed the issue, and relaunched the application portal,” the statement continued. “SBA continues to process applications submitted via email, paper, and online.” The cause of the data exposure at SBA, and for how long it occurred, was not immediately clear. Wilkerson did not respond to questions on why the PII may have been exposed and what types of data were affected. An industry […]

The post Small business owners applying for COVID-19 relief may have had PII exposed, agency says appeared first on CyberScoop.

Continue reading Small business owners applying for COVID-19 relief may have had PII exposed, agency says→

Marriott discloses data breach affecting 5.2 million guests

Posted on March 31, 2020 by Sean Lyngaas

Marriott International on Tuesday revealed a data breach affecting an estimated 5.2 million hotel guests, the second significant security incident to hit the hospitality giant in the last 16 months. The breach exposed guests’ personal information such as names, addresses, employer, and loyalty account numbers, the company said in a statement. The login credentials of two Marriott employees were used to access guest information in activity that began in mid-January, the statement said. Marriott said it detected the compromise at the end of February and confirmed the credentials had been disabled. “[W]e currently have no reason to believe that the information involved included Marriott Bonvoy account passwords or PINs, payment card information, passport information, national IDs, or driver’s license numbers,” Marriott said. An investigation is ongoing. Hotel chains are a natural target for both criminals looking to sell guests’ personal information and spies looking to track government officials. In November […]

The post Marriott discloses data breach affecting 5.2 million guests appeared first on CyberScoop.

Continue reading Marriott discloses data breach affecting 5.2 million guests→