In this Cyber Weekly, a variety of organizations get hacked. Also, as we know, many breaches could be avoided. Here are 5 cyber attacks that could have been avoided if the proper email security was in place.
Thanks to all 15,763 subscribers. It really takes a community to fight against cyberattacks. Help us with our mission of helping 100,000 organizations become cyber-resilient by sharing this newsletter with your network!
In this week's Cyber Weekly:
Gateway Casino (based in Ontario Canada) was hit with a ransomware attack last week that led them to shutting down operations for the entire weekend. Details of the attack are still unknown, but it doesn’t seem that personal information was stolen. Chief Executive Officer at the Canadian Gaming Association, Paul Burns, revealed his dismay over the incident saying that the timing of this attack wasn’t good after the pandemic. Casinos have seen interrupted play for years and they were excited for a full year of no interruptions since 2019. Here is what their numbers looked like:
“In its 2021-2022 fiscal year financial report, OLG reported profits to the province of $1.6 billion up 335 per cent from its fiscal 2020-21 of $359 million. In 2022 and this year, it projects profits to the province will rise to $2.3 billion.” (lfpress)
My thoughts: I wouldn’t be surprised if the hackers ask for a ransom – look at those PROFITS. However, there was no mention of a ransom demand. On another note, what a great PR move. They did not give us any information about the attack or how they are handling it. They put out a thought-piece and distracted us with large numbers. That’s a strategy I haven’t seen before.
Yellow Pages Group, a Canadian directory publisher was hit by a cyber attack. Black Hasta leaked personal information on a forum from the company. Although the company largely deals with public information, the following company information was found on the forum:
Black Hasta claimed responsibility for the Capita cyber attack this month and the Sobeys attack last year. There is speculation that the group is rebranded Conti ransomware group. This is based on their negotiation tactics. (bleepingcomputer)
My thoughts: Traditionally known for their massive printed phone books, Yellow Pages Group has undergone a tremendous turnaround over the last 15 years rebranding themselves to keep up with the digital evolution. Despite not being a major “digital” player, the biggest hacker group found them and a weakness in their environment. Reminder: Your business will get attacked, it’s just a matter of time.
Parker Hannifin, a manufacturing company, failed to properly protect the data of their current and former employees. A breach in March 2022 exposed employee information including social security numbers, health insurance information and more. The company has not admitted to any wrong-doing but agreed to pay $1.75 million to resolve the data breach class action lawsuit. Employees can claim up to $5000 of damages. (topclassactions)
My thoughts: With a lot of cases emerging and juris prudence creating precedence, there are going to be a lot more lawsuits that will come forth. Companies will need to expect it as part of their costs.
1.5 million American Bar Association Members were hacked last month. The account usernames and passwords were stolen.
“Information in member profiles—which generally can include members’ names, addresses, contacts, bar admissions, education, demographics, and credit card data—wasn’t stolen or accessed, an ABA spokesperson said.”
Hackers accessed the association’s old website dated pre-2018. As a result, members should update their passwords if they haven’t since then. (Bloomberglaw)
My thoughts: Even the most respected organizations get breached. Hackers don’t discriminate. They will attack any organization if it’s possible. My biggest question is; Can the lawyers sue the association for damages?
Assurance IT is on a mission to help 100,000 companies become cyber resilient through our services and free content. We focus on helping mid-sized organizations with data protection and data privacy. Our primary services include: endpoint management, cloud backup, DRaaS, and Microsoft 365 backup. Help us accomplish this mission by sharing this newsletter to your network!
Access monthly conversations with IT & Tech Leaders about the hottest cyber security topics in the industry.