CYBER SECURITY NEWS – WEEK OF MAY 22, 2023
Suzuki Motorcycle India plant shut for a week due to cyber-attack
- According to several people in the know, production has been stalled since May 10, and it is estimated to have incurred a production of loss of over 20,000 vehicles in this timeframe.
- As part of its measures to address the situation at hand, a few days ago, Suzuki Motorcycle informed its ecosystem that due to an “unprecedented business requirement”, it has postponed its annual supplier conference, which was scheduled to be held next week.
- In an email response, a Suzuki Motorcycle India spokesperson said, “We are aware of the incident and have promptly reported the same to the concerned Government department. The matter is currently under investigation, and for security purposes, we are unable to provide further details at this point in time.”
- The spokesperson did not specify the source of the attack or when the production will resume again, though sources told us that the plant should resume operations in the coming days.
Sysco says cyberattack potentially leaked 125,000 Social Security numbers
- A cyberattack on Sysco, one of the world’s largest food distributors, gave hackers access to the sensitive personal information of more than 125,000 current and former employees.
- In documents filed with state regulators in Maine, the company said an incident in January leaked troves of sensitive employee information.
- The Houston-based company did not say whether it was a ransomware attack or what group was involved, but noted in the letters that the threat actor “claimed to have acquired certain data.”
Lacroix closes three factories after cyberattack
- Global electronics manufacturer Lacroix has suffered a cyberattack resulting in the temporary closure of over a third of its sites worldwide. The company says the breach has been contained, but the affected sites are likely to be closed for a week.
- Local infrastructure has been encrypted in the hack, says the company, and an investigation into the incident is currently underway.
- During the closure, the company will be implementing backups and conducting analysis to identify any exfiltrated data.
Yum Brands faces class action suits from employees after ransomware attack
- The Taco Bell and KFC operator is facing litigation after some personal data of company employees was stolen in the attack.
- The attack forced the Louisville, Kentucky-based fast food operator, to close nearly 300 restaurants in the U.K. for a single day in January.
- The attack took place on Jan. 13, according to a copy of the consumer disclosure letter filed with California regulators. The company immediately locked down systems, notified federal law enforcement and brought in digital forensics and response experts to probe the attack.
- There was no evidence the stolen personal data has been used in any fraudulent activity, according to the disclosure letter.
Luxottica confirms 2021 data breach after info of 70M leaks online
- Luxottica has confirmed one of its partners suffered a data breach in 2021 that exposed the personal information of 70 million customers after a database was posted this month for free on hacking forums.
- In November 2022, a member of the now-defunct “Breached” hacker forum attempted to sell what he claimed to be a 2021 database containing 300 million records of personal information related to Luxottica customers in the United States and Canada.
- According to the seller, the database contained customers’ personal information, such as email addresses, first and last names, addresses, and date of birth.
Philadelphia Inquirer operations disrupted after cyberattack
- The Philadelphia Inquirer daily newspaper is working on restoring systems impacted by what was described as a cyberattack that hit its network over the weekend.
- The attack also disrupted operations, with newspaper circulation halting while Inquirer.com is only slightly affected, with publishing and updating stories being impacted by intermittent delays.
- The news organization detected the attack after the content management system went down on Saturday morning, days after it was alerted of “anomalous activity” by Cynet Systems, a cybersecurity company that manages the Inquirer’s network security.