CYBER SECURITY NEWS – WEEK OF JULY 31, 2023
8 million people hit by data breach at US govt contractor Maximus
- U.S. government services contractor Maximus has disclosed a data breach warning that hackers stole the personal data of 8 to 11 million people during the recent MOVEit Transfer data-theft attacks.
- In an 8-K form filed with the Securities and Exchange Commission (SEC), Maximum disclosed that the data was stolen using a suffered a zero-day flaw in the MOVEit file transfer application (CVE-2023-34362). The Clop ransomware gang widely exploited this flaw to breach hundreds of high-profile companies worldwide.
- However, this limited access was enough to compromise a large number of individuals to whom the firm is now sending data breach notifications.
- “Based on the review of impacted files to date, believes those files contain personal information, including social security numbers, protected health information and/or other personal information, of at least 8 to 11 million individuals to whom the company anticipates providing notice of the incident,” reads the SEC 8-K filing.
Swiss visa appointments cancelled in UK due to ‘IT incident’
- TLScontact, the Swiss government’s chosen IT provider for facilitating visa applicants for citizens of third countries, has blamed an ‘IT incident’ at its London, Manchester, and Edinburgh centers for appointment cancellations.
- Over the past few decades, rather than allocating in-house staff, embassies of many countries have opted to procure services of an external vendor, such as TLScontact, for facilitating visa application submissions and scheduling biometric appointments for applicants.
- Consequently, in addition to collecting and holding on to physical documents, such as passports and visa application forms, outsourcing agencies like TLScontact possess highly sensitive information on applicants.
SEC now requires companies to disclose cyberattacks in 4 days
- The U.S. Securities and Exchange Commission has adopted new rules requiring publicly traded companies to disclose cyberattacks within four business days after determining they’re material incidents.
- According to the Wall Street watchdog, material incidents are those that a public company’s shareholders would consider important “in making an investment decision.”
- The SEC also adopted new regulations mandating foreign private issuers to provide equivalent disclosures following cybersecurity breaches.
- Listed companies must now include details about the cyberattack (including the incident’s nature, scope, and timing) in periodic report filings, specifically on 8-K forms.
China’s Wuhan Earthquake Center suffers cyber-attack
- The Wuhan Earthquake Monitoring Center in China has been hit by a cyber-incident perpetuated by a hacker group with an “overseas government background.”
- In its statement on Wednesday July 26, the Bureau said the public safety center immediately sealed off affected equipment and reported the attack to the authorities, according to the Global Times.
- The newspaper claimed that “preliminary evidence suggests that the government-backed cyber-attack on the center came from the US.” It said that a Trojan horse program originating from abroad had been discovered at the Wuhan Earthquake Monitoring Center, as confirmed by the Jianghan sub-bureau – a public security bureau.
Law firm hack affects victims of an earlier breach again
- A global law firm is notifying nearly 153,000 individuals of a hacking incident that compromised several client files. The files contained sensitive personal information and affects vision care patients who had been victims of a breach three years ago.
- Orrick, Herrington & Sutcliffe on July 20 reported the data breach to several state regulators, including the attorneys general of Maine and California, as well as a HIPAA breach to the U.S. Department of Health and Human Services.
- Among the affected individuals was an Orrick client tied to a vision benefits plan that had suffered its own health data breach several years ago. Orrick said it had provided legal counsel for a 2020 security event involving the manager of the vision benefits plan.
- While health data breaches have become common place, individuals being affected a second time in two separate but loosely related incidents is highly unusual, some experts say.
CardioComm takes systems offline following cyberattack
- Canadian heart monitoring and medical electrocardiogram solutions provider CardioComm announced it has taken systems offline following a cyberattack.
- The attack, the company says, impacted its production server environments and has an impact on its business operations. Visitors to the company’s website are informed that CardioComm services are currently offline.
- According to CardioComm, it has no evidence that customer health information was compromised in the attack, mainly because its software runs on each client’s systems