Cyber Security News Roundup – 3rd July 2023

It's a new week, and that means a round up of some of the cyber security and data protection news headlines over the last 7 days! To learn more about each story, click the headings.

Siemens Energy confirms data breach after MOVEit data-theft attack

27/6

Global energy technology company Siemens has become the latest company to confirm that it has had data stolen in the recent series of Clop ransomware attacks. Clop listed Siemens on their leaks site on the 27th June, a move that the group usually makes to apply pressure to victims - the listing was followed by confirmation from a Siemens spokesperson that the organisation has been breached by attacks targeting the CVE-2023-34362 vulnerability in the MOVEit file transfer service. Siemens have stated that no critical data was stolen, and that business operations were not affected by the breach after the company took immediate action. (Bleeping Computer)

Eight in ten UK health orgs have had a security breach since 2021

27/6

New research from SOTI has revealed that 79% of UK healthcare providers have experienced at least one data breach since 2021, growing 22% year on year; these findings indicate that little is being done to address to issue of data security in the industry. The research also highlighted the growing security challenge resulting from devices, with almost half of respondents reporting an increase in the mix of devices at their organisation. A further 33% reported an increase in the use of personal devices to access company networks - failure to appropriately manage and monitor these devices poses a significant risk to data security. (Digital Health)

Apple supplier TSMC hit by data breach, ransomware group demanding $70 million payment

30/6

Taiwan Semiconductor Manufacturing Company Limited (TSMC), a computer chip maker and Apple partner, has confirmed that it has been impacted by a data breach on one of its third party suppliers. The incident has not affected business operations or customer information, and TSMC has terminated data exchange with the breached supplier, Kinmax Technology, in accordance with their security protocols. In a letter to their partners, which also include HPE, Cisco, Microsoft, Citrix, and VMware, Kinmax Technology explained that they first noticed the breach on the 29th of June, when their internal specific testing environment was attacked. The notorious ransomware operation LockBit has claimed responsibility, and is reportedly demanding a $70 million ransom in order to not leak the stolen data. (9to5Mac)

Over a million NHS users have data leaked following ransomware attack

30/6

The recent ransomware attack on the University of Manchester has exposed the data of 1.1 million NHS users, from 200 different hospitals. As much as 250Gb of information was accessed by criminals during the breach, with the data including the NHS numbers and part of postcodes for major trauma patients across the UK - the university had been keeping this information for research purposes. As the database was launched in 2012, it is expected that the leaked data contained over a decade of information; NHS chiefs have now been warned of the risk that NHS data will be made available in the public domain. Information about the criminals behind the breach is currently scarce, with the University publicly stating that the incident was not linked to the MOVEit breaches. (Tech Radar)

Attempted cyber attacks occur every second, and as we can see from the recent headlines, constantly change in nature. It's vital that your organisation is as protected as possible from all forms of cyber crime, so Contact Celerity to find out how we could protect your business!