UK Breach News – What’s Happened This Week

Cyber security news: keeping you up to date with the latest cyber breaches from around the UK.

Labsec-Blog-DataBreach-SevereLabsec-Blog-DataBreach-Severe

National Health Service

Source: https://www.infosecurity-magazine.com/news/nhs-error-exposes-data-hundreds/

Exploit: Insider Threat

National Health Service: National Healthcare System

Risk to Business: Severe

An employee error at NHS Highland earlier this month led to the personal information of over 200 patients with diabetes becoming exposed after a spreadsheet was accidentally shared via email with NHS staffers who weren’t authorised to access it.

Individual Risk: The spreadsheet of data was limited to just patients treated at the one location. Information on the spreadsheet included names, dates of births, contact information, and hospital identification numbers for the 284 patients.

Customers Impacted: 284

How it Could Affect Your Business:Human error will always be a factor in cybersecurity. But adding extra locks on sensitive information can prevent incidents like this one.

Labsec to the Rescue: It's essential that your data is protected with the correct permissions. A gap analysis will look at your processes to identify where you can put extra measures in place.


Labsec-Blog-DataBreach-SevereLabsec-Blog-DataBreach-Severe

Sandcliffe Motor Group

Source: https://www.am-online.com/news/dealer-news/2020/11/09/sandicliffe-customer-data-breach-could-affect-thousands

Exploit: Ransomware

Sandcliffe Motor Group: Automobile Retailer

Risk to Business: Severe

A ransomware attack has exposed the information of employees and customers of Sandcliffe Motor Group. The chain of 10 dealerships around the UK has traced the source to an employee clicking a link in a phishing email.

Individual Risk: The company says that bank account details and medical histories may be included in the information that was stolen. Clients and employees should be aware of the possibility that their personally identifiable or financial data has been compromised and to be alert to spear phishing and identity theft attempts.

Customers Impacted: Unknown

How it Could Affect Your Business:Phishing never goes away, and it’s always the fastest, easiest way for cybercriminals to strike.

Labsec to the Rescue: As the main delivery source of Ransomware you need to make sure that employees are thoroughly trained on Phishing emails and how to identify them.


Labsec-Blog-DataBreach-SevereLabsec-Blog-DataBreach-Severe

Flagship Group

Source: https://www.theregister.com/2020/11/06/revil_sodinokibi_ransomware_gang_flagship_group_housing/

Exploit: Ransomware

Flagship Group: Rental Housing Facilitator

Risk to Business: Severe

Social housing platform Flagship Group has been targeted by ransomware – REvil ransomware to be exact. The company announced that one of their data centres was infected by the ransomware, “compromising some personal staff and customer data”. Operations were not impacted. Investigations are underway as recovery continues.

Individual Risk: Clients and employees should be aware of the possibility that their personally identifiable or financial data was compromised and be alert to spear phishing and identity theft attempts.

Customers Impacted: Unknown

How it Could Affect Your Business:Ransomware can steal data, but it can also halt your business activity. Even a partially successful attack that doesn’t exfiltrate data or infect the entire network is damaging.

Labsec to the Rescue: Phising attacks went up by more than 600% in 2020. As the main delivery source of Ransomware you need to make sure that employees are thoroughly trained on Phishing emails and how to identify them.


Labsec-Blog-DataBreach-ModerateLabsec-Blog-DataBreach-Moderate

Foxtons

Source: https://propertyindustryeye.com/foxtons-hit-by-cyber-attack/

Exploit: Malware

Foxtons: Property Management

Risk to Business: Moderate

UK estate agency Foxtons was hit with a malware attack that impacted agency services, including a temporary shutdown of its MyFoxtons customer portal. The company describes the incident as a limited malware incident that infected a small part of the business but did not cause the loss of any data about its clients.

Individual Risk: No individual information has been reported as compromised in this incident.

Customers Impacted: Unknown

How it Could Affect Your Business:Ransomware can steal data, but it can also halt your business activity. Even a partially successful attack that doesn’t exfiltrate data or infect the entire network is damaging.

Labsec to the Rescue: Phising attacks went up by more than 600% in 2020. As the main delivery source of Ransomware you need to make sure that employees are thoroughly trained on Phishing emails and how to identify them.


Labsec-Blog-DataBreach-ExtremeLabsec-Blog-DataBreach-Extreme

Hackney Borough Council

Source: https://www.zdnet.com/article/serious-cyberattack-hits-london-council/

Exploit: Ransomware

Hackney Borough Council: Municipal Government

Risk to Business: Extreme

A devastating cyberattack shut down operations at websites for the Hackney Borough Council, bringing everything from bill payments to services for the elderly and vulnerable to a halt briefly. Many functions have been restored, but some business is still impacted. The incident has also been reported to the Information Commissioner’s Office (ICO). Experts from theNational Cyber Security Centre (NCSC), the National Crime Agency (NCA), external security experts, and the Ministry of Housing, Communities and Local Government are also assisting with investigation and recovery. The incident shows hallmarks of ransomware.

Individual Risk: No personal or financial data is reported as stolen or compromised in this incident

Customers Impacted: Unknown

How it Could Affect Your Business:Attacks on municipalities and municipal service providers have become rarer but more damaging, especially from nation-state hackers and other highly organized cybercrime gangs.

Labsec to the Rescue: Ransomware is often a result of a Phishing attack. Make sure that employees are thoroughly trained on Phishing emails and how to identify them.


Labsec-Blog-DataBreach-SevereLabsec-Blog-DataBreach-Severe

Ardonagh Group

Source: https://www.theregister.com/2020/10/06/ardonagh_group_ransomware/

Exploit: Ransomware

Ardonagh Group: Insurance Broker

Risk to Business: Severe

Insurance broker Ardonaugh fell victim to a ransomware attack causing it to suspend 200 internal accounts, including accounts with admin privileges, as the infection progressed. Recovery operations are underway and they’re working with third-party forensic and IT experts to manage the situation.

Individual Risk: Severe

Customers Impacted: Unknown

How it Could Affect Your Business:Phishing-based email threats are a danger for any company, and they’re only increasing as cybercriminals take advantage of a wealth of cheap data and software for conducting these attacks on the Dark Web.

Labsec to the Rescue: Make sure that employees are thoroughly trained on Phishing emails and how to identify them.


Labsec-Blog-DataBreach-SevereLabsec-Blog-DataBreach-Severe

Wisepay

Source: https://news.yahoo.com/wisepay-school-payments-hit-cyber-155028223.html

Exploit: Skimming

Wisepay: Student Payment Account Provider

Risk to Business: Severe

Wisepay, used by parents to pay for their children’s school expenses, uncovered that the system had been breached by cybercriminal credit card skimming. The attacker was able to harvest payment details between October 2 and 5 via a spoof page. Attempted payments to about 300 schools have been affected by the scam.

Individual Risk: Severe

Customers Impacted: Unknown

How it Could Affect Your Business:Payment skimming is a fast and easy way for cybercriminals to make a quick profit, but disastrous for the merchants and services that are hit with skimming attacks, damaging customer confidence and exposing systems access weaknesses.

Labsec to the Rescue: Users are advised to install multifactor authentication to prevent details being accessed by cyber criminals.


Labsec-Blog-DataBreach-SevereLabsec-Blog-DataBreach-Severe

International Maritime Organization

Source: https://www.infosecurity-magazine.com/news/un-shipping-agency-offline/

Exploit: Ransomware

UN IMO: Shipping Safety Regulatory Authority

Risk to Business: Severe

UN IMO was targetted in a ransomware attack last week, taking several key systems offline. In an announcement, UN IMO reported that its Global Integrated Shipping Information Systems (GISIS) database, document repository IMODOCS, and its Virtual Publications service had been affected by the attack. Restoration and recovery is underway, and most systems have been restored.

Individual Risk: No personal information was reported as impacted in this incident.

Customers Impacted: Unknown

How it Could Affect Your Business:The number one way for ransomware to penetrate your business is through a phishing email. Increasing security awareness training including phishing resistance training is essential for preventing cybercrime like ransomware from impacting your organisation.

Labsec to the Rescue: Make sure that employees are thoroughly trained on Phishing emails and how to identify them.


Labsec-Blog-DataBreach-ModerateLabsec-Blog-DataBreach-Moderate

Microsoft - Bing

Source: https://www.zdnet.com/article/microsoft-secures-backend-server-that-leaked-bing-data/

Exploit: Unsecured Database

Microsoft: Technology Company

Risk to Business: Moderate

In a rare security blunder, Microsoft failed to secure a backend server for Bing. The server is estimated to have leaked more than 6.5TB of log files containing 13 billion records originating from the Bing search engine. The leak included the server exposed technical details, such as search queries, details about the user’s system (device, OS, browser, etc.), geo-location details (where available), and various tokens, hashes, and coupon codes.

Individual Risk: No individual data is believed to have been impacted.

Customers Impacted: Unknown

How it Could Affect Your Business: Security failures are embarrassing and may lead your company’s customers to take their business elsewhere because if you’re forgetting the basics, how are you handling the more serious stuff?

Labsec to the Rescue: Make sure that employees are being thorough with even the most basic security best practices. To make sure your processes are perfected and you are covering all bases get a security gap analysis done.


Labsec-Blog-DataBreach-SevereLabsec-Blog-DataBreach-Severe

Public Health - Wales

Source: https://ciso.economictimes.indiatimes.com/news/wales-says-personal-data-of-18000-covid-patients-accidentally-published/78117931

Exploit: Accidental Data Exposure

Public Health Wales: Government Agency

Risk to Business: Severe

Personal data of 18,105 residents of Wales who tested positive for COVID-19 was uploaded by mistake to a public server and spent 20 hours online in August. The agency says that for the majority of cases, 16,179 people, the information consisted of initials, dates of birth, geographical area, and sex. For 1,926 people living in nursing homes and supported housing, the information also included the names of the homes.

Individual Risk: While no financial information was exposed, the data that was exposed could open victims up to spear phishing or blackmail attempts.

Customers Impacted: Unknown

How it Could Affect Your Business: Human error is the number one cause of data breaches. Staff training will raise awareness of the scams and help to avoid staff making errors.

Labsec to the Rescue: Labsec offer a phishing campaign package to help train your staff. see more info here https://labsec.co.uk/simulated-phishing-campaign/


Labsec-Blog-DataBreach-SevereLabsec-Blog-DataBreach-Severe

Virtual Mail Room


Source: https://www.infosecurity-magazine.com/news/northumbria-uni-campus-closed/?&web_view=true

Exploit: Unsecured Database

Risk to Business: Severe

Over 50,000 letters and financial statements sent by banks and councils were left exposed in an unsecured database in an incident by Virtual Mail Room. A database of letters sent by local authorities reveals the names and addresses of 2,300 people living in Croydon as well as Eastbourne, Reigate, North Tyneside, Ashford, North East Derbyshire and West Lindsey. Also exposed were letters to 6,500 customers of Aldermore Bank, 250 Metro Bank customers, and royalty statements for the publishing firm Pearson. The names, email addresses, and telephone numbers of staff with access to Virtual Mail Room’s systems were also visible.

Individual Risk: Severe

The data exposed included personal financial information and sensitive data. This kind of information can be used for cybercrime including impersonation scams, identity theft, and spear phishing.

Customers Impacted: 20,000+

How it Could Affect Your Business: This mistake highlights the risk of third-party exposure that many businesses face from service providers or work that’s farmed out. Not only can your data be stolen through carelessness with cybersecurity practices, but your customers’ can also be stolen too, reflecting poorly on you.

Labsec to the Rescue: Reduce the chance of third-party risks damaging your business with our comprehensive digital risk protection solutions.


Labsec-Blog-DataBreach-SevereLabsec-Blog-DataBreach-Severe

Northumbria University

Source: https://www.infosecurity-magazine.com/news/northumbria-uni-campus-closed/?&web_view=true

Exploit: Ransomware

Risk to Business: Severe

Northumbria University has been hit by a suspected ransomware attack which forced it to reschedule exams and close its entire campus. The college announced that it is undertaking a restoration and recovery operation, but that students would not have access to the student portal, blackboard and potentially other university platforms for some time during a particularly important part of the educational year.

Individual Risk: No information has been released about the type of data that may have been impacted.

Customers Impacted: 26,675 students

How it Could Affect Your Business: Ransomware typically comes calling as part of a phishing attack. Adding strong protection from phishing attacks and improving phishing resistance training for every user can lower ransomware risks.

Labsec to the Rescue: Graphus and BullPhish ID are a 1-2 punch in the fight against ransomware and cybercrime. Graphus features seamless integration with O365 and G Suite. BullPhish ID trains staffers to be aware of today’s constantly changing phishing threats, including COVID-19 threats.


Contact Us