Krispy Kreme breach, data theft claimed by Play ransomware gang
- The Play ransomware gang has claimed responsibility for a cyberattack on Krispy Kreme that occurred in November 2024, leading to disruptions in the company’s online ordering system.
- Krispy Kreme reported unauthorized activity on its IT systems on November 29 and subsequently hired external cybersecurity experts to assess the breach’s impact and scope.
- The company acknowledged operational disruptions, particularly affecting online orders, and assured customers that in-store purchases remained unaffected.
- In an SEC filing dated December 11, Krispy Kreme detailed the incident but has not provided further specifics.
- The Play ransomware group alleges that they stole sensitive data, including personal and financial information, and threatened to publish this data soon.
- The Play ransomware operation has been active since June 2022, employing double-extortion tactics to pressure victims into paying ransoms to prevent data leaks.
Ascension: Health data of 5.6 million stolen in ransomware attack
- Ascension Health, one of the largest private healthcare systems in the U.S., has reported a significant data breach affecting over 5.6 million patients and employees due to a ransomware attack linked to the Black Basta group.
- The breach, which occurred on May 8, 2024, involved unauthorized access to sensitive personal and health information, including medical records, payment details, insurance information, and government IDs.
- Following the attack, Ascension is notifying the affected individuals via postal mail and is offering 24 months of free identity theft protection services.
- The healthcare system’s investigation revealed that the breach was initiated by an employee who accidentally downloaded a malicious file.
- This incident disrupted Ascension’s MyChart electronic health records system and necessitated a temporary shutdown of certain operations, forcing staff to revert to paper records for patient care.
BeyondTrust says hackers breached Remote Support SaaS instances
- BeyondTrust, a cybersecurity company specializing in Privileged Access Management, reported a cyberattack that occurred in early December 2024, affecting its Remote Support SaaS instances. The breach was detected on December 2, when the company noticed “anomalous behavior” within its network. An investigation revealed that hackers had compromised an API key for Remote Support SaaS, enabling them to reset passwords for local application accounts.
- Following the discovery, BeyondTrust revoked the compromised API key and notified affected customers while suspending the impacted instances. They also provided alternative Remote Support SaaS instances to those customers. It remains unclear whether the attackers exploited these instances to breach downstream customers.
- During the investigation, BeyondTrust identified two vulnerabilities: CVE-2024-12356, a critical command injection flaw allowing unauthenticated attackers to execute operating system commands, and CVE-2024-12686, a medium-severity vulnerability that permits admin users to inject commands and upload malicious files.
Telecom Namibia Hit by Massive Cyberattack: Over 400,000 Files Leaked
- Telecom Namibia experienced a significant cyberattack on December 11, 2024, resulting in the leak of over 400,000 customer files.
- The attack was attributed to the ransomware group Hunters International, which exfiltrated approximately 3GB of data, including sensitive personal information such as identification details and banking information.
- Following the breach, the attackers threatened to release the stolen data unless their ransom demands were met, leading to the public circulation of hundreds of sensitive records after the ransom deadline passed.In response, Telecom Namibia’s CEO, Stanley Shanapinda, assured the public of the company’s commitment to addressing the situation responsibly and highlighted ongoing efforts to enhance cybersecurity measures.
- The Communications Regulatory Authority of Namibia (Cran)expressed serious concerns regarding the incident, emphasizing the need for improved cybersecurity practices in the country.
Texas Tech Fumbles Medical Data in Massive Breach
- Texas Tech University Health Sciences Center recently experienced a significant data breach, where cyber attackers accessed sensitive patient information.
- The breach involved the theft of a substantial amount of medical data, prompting the institution to initiate its incident response protocols.
- The university is now working to mitigate the impact of this breach and protect the affected individuals’ data.