Cyber Security News Roundup – 20th March 2023

It's the beginning of a new week, and that means a round up of some of the cyber security and data protection news headlines over the last 7 days! To learn more about each story, click the headings.

LA housing authority discloses data breach after ransomware attack 13/03

The Housing Authority of the City of Los Angeles (HACLA),  a US state-chartered agency that provides affordable housing to low-income individuals and families, is warning of a "data security event" after being targeted by the infamous ransomware operation LockBit. The HACLA first noticed that its systems had been encryted on the 31^st December 2022, forcing IT staff to shut down the organisation’s servers. Examined server logs suggest that the hackers managed to access a variety of sensitive information including full names, contact details, social security and passport numbers, and financial and medical information. After uploading samples of stolen files the LockBit gang threatened to publish all the leaked data, indicating that ransom demands were rejected, but the download link to the stolen data set no longer works and it has not been redistributed to any further hacking forums. (Bleeping Computer)

Hacker selling data allegedly stolen in US Marshals Service hack 15/03

A threat actor is selling what they claim to be 350 gigabytes of leaked data from the US Marshall Service to a Russian speaking hacking forum. Up for sale for $150,000, the files include aerial photos of high-security locations, copies of identification documents, wiretapping and surveillance details, and information on convicts, gang leaders and cartels. The threat actor also claims that many of the files are listed as “TOP SECRET” and that some include witness protection details. Last month the USMS stated that they were investigating a “data exfiltration event” following the ransomware attack on the 17^th February. (Bleeping Computer)

Latitude cyberattack leads to data theft at two service providers 16/03

Latitude Financial Services, one of Australia’s largest personal loans providers and the largest non-bank consumer credit lender, has suffered a cyber attack that has forced the company to shut down internal and customer facing systems as well as seeing data leaked. According to the ‘Cyber Indicent’ notification the company network was breached with a hacker initially stealing an employee’s login credentials, before using those credentials to login to two of the company’s service providers and access the data. Around 103,000 thousand ID documents, of which 97% were driving licences, were stolen from the first service provider while 225,000 customer records were stolen from the second. (Bleeping Computer)

LockBit ransomware attacks Essendant 17/03

Following the recent multi day outage at office supplies wholesaler Essendant, the LockBit ransomware operation has now claimed responsibility. The attack disrupted access to their customer support and caused widespread harm to Essendant’s operations, forcing them to cancel orders. On the 14^th of March, 8 days after the initial attack, Essendant appeared on LockBit’s leaks page with a threat of publishing the data on the 18^th of March. LockBit, arguably the world’s most dangerous ransomware operation, show time and time again that they follow through with their threats to dump compromised data if ransom demands are not met. (Malware Bytes)

NBA alerts fans of a data breach exposing personal information 17/03

The NBA is notifying fans of a data breach that successfully targeted personal information held by a third-party newsletter service. Customers have been notified that the NBA’s company systems were not breached and that that affected fans’ credentials weren’t impacted however some fans’ personal information was stolen. The NBA is now working with the third party provider to investigate and understand the incident, whilst it is also working with cybersecurity specialists to understand the scope of the attack. (Bleeping Computer)

Attempted cyber attacks occur every second, and as we can see from the recent headlines, constantly change in nature. It's vital that your organisation is as protected as possible from all forms of cyber crime, so Contact Celerity to find out how we could protect your business!