The new year means a fresh start for adversaries and us, and they have begun working on new targets. Following are this week’s top phishing news headlines to help you stay ahead of scammers and plan your anti-phishing protection measures.
Data Breach Hit Singaporean Department Store OG
A data breach recently hit the Singaporean department store OG, which compromised customers’ personal data. In its statement to members, OG specified only the members in the basic or gold tiers have been affected by the breach. OG has asked its service provider to secure the database to stop the attack vector from spreading, as part of its phishing prevention measures. It is also working with external cybersecurity experts and relevant authorities to investigate the breach and ensure customers’ safety.
The investigations revealed that the attackers compromised an OG database managed by an external membership portal service provider. While the notification did not mention how many members were affected by the breach, it does warn them to take necessary measures to protect themselves from phishing. The compromised member details include their names, contact numbers, email addresses, DOBs, mailing addresses and genders. Passwords and NRIC numbers may have also been stolen, but nothing substantiates that as of now. Fortunately, no financial details were leaked in the incident.
Ransomware Hits School Website Services Provider FinalSite
Popular school website services provider FinalSite was recently hit by a ransomware attack that disrupted access to thousands of schools across the globe. FinalSite is a SaaS provider that provides content management, hosting and website design solutions to K-12 school districts. Over 8,000 institutions across 115 countries avail FinalSite’s services, and this attack affected all their websites.
While FinalSite hasn’t announced that it’s a ransomware attack affecting its systems, it did mention that its Composer content management system was affected. This means that its Groups Manager, Constituent Manager, Groups Manager, Forms Manager, Registration Manager, Athletics Manager, Calendar Manager and Directory Elements may have been affected. FinalSite has not provided any time limit as to when its services will be restored. Consequently, schools are having to write to parents informing them of this indefinite website outage.
FinalSite apologized to all customers for the inconvenience caused and has launched an investigation into the breach. It has also hired third party cyber experts to evaluate the nature of the attack, which compelled it to bring down the websites of over 5000 school websites as a phishing protection measure.
Cyberattack Hits Saltzer Health
A cyberattack recently hit Intermountain Healthcare-owned Saltzer Health. Saltzer Health runs 12 urgent care facilities and clinics in Boise, Meridian, Caldwell, Nampa and Idaho and suspects that the adversaries’ unauthorized access of one of its employee accounts might have exposed some patient information. The organization is now informing patients that their personal information may have been compromised because of this breach.
The attackers are believed to have accessed Saltzer’s employee account sometime between 25th May and 1st June 2021. Investigations into the breach revealed that the email account didn’t contain much personal information. The details that could have been exploited include patients’ names, contact details, state identification numbers, Social Security numbers, driver’s license numbers and financial account details.
The compromised medical information include patients’ medical history, diagnosis, prescription medication information, treatment details, health insurance information and physician information. Saltzer Health claims to have taken necessary measures for protection against phishing attacks, including resetting the compromised email account’s password and closely monitoring its network.
Cyberattack Hits Element Solutions
A cyberattack recently hit the Florida-based speciality chemicals organization Element Solutions. Its products are widely used in manufacturing processes in sectors such as automotive systems, offshore energy, communication infrastructure, electronic circuitry, industrial surface finishing, and consumer packaging. With branches in over 50 countries and more than 4,400 employees, Element Solutions had annual revenue of around $1.85 billion in 2020.
Soon after detecting the attack, the organization implemented its data recovery protocols and business continuity plan. Element Solutions quickly implemented anti-phishing measures and informed the relevant law enforcement authorities. From the looks of it, the incident looks like a ransomware attack, but more information on the same remains to be unfolded.
Data Breach Hits Fertility Centers of Illinois
A data breach recently hit Fertility Centers of Illinois (FCI), an enterprise running multiple fertility centers across Northern Illinois. Consequently, around 79,943 of its current and former patients were affected. FCI has reported the breach to the Department of Health and Human Services’ Office for Civil Rights (OCR).
The attackers could access patients’ protected health information (PHI) and also access employees’ personal details. As part of its phishing attack prevention measures, FCI hired external forensic specialists to investigate the breach after suspecting suspicious activity in its network on 1st February 2021. This move kept attackers away from its electronic medical record system, and hence FCI’s administrative files and folders remain unexposed.
The FCI investigation revealed by 27th August 2021 that the impact remained limited to patient and employee information. The exposed patient information includes their names, passport numbers, social security numbers, payment card details, financial details, treatment information, bills, prescription details, medicare and health insurance details etc. The compromised employee details include their names, identification numbers, occupational-health information, retirement details, sickness certificates, medical benefits, entitlements etc. FCI is now trying to improve its anti-phishing solutions and implementing stricter security measures.
Large-Scale Data Breach That Hit Broward Health Disclosed
A large-scale data breach recently hit the Broward Health public health system, which affected 1,357,879 individuals. The Florida-based healthcare system has branches in over 30 locations with more than 60,000 admissions every year. Broward Health first traced the attack on 15th October 2021 and saw an unauthorized third party accessing the hospital’s private patient directory. Finally, Broward had reported the issue to the US Department of Justice and the FBI on 19th October 2021.
As part of its measures for protection against phishing, Broward Health hired a third-party cybersecurity expert to investigate the breach. The investigation revealed that patient information such as their names, addresses, DOB, contact numbers, bank details, social security numbers, insurance and medical details etc., were compromised. While the above data has been exposed, there is no evidence proving the misuse of any of this data. Broward Health clarified that the attack vector is a third-party medical provider that could access its system. The healthcare system has implemented MFA for all users and notified them of the breach via notifications. It is also providing two years of complimentary identity theft protection service to victims through Experian.
Threat Actors Steal 3M Records From FlexBooker
In the latest holiday season, attackers stole over three million user account details from a popular appointment scheduling service – FlexBooker. Now the adversaries are offering these stolen databases for sale on threat actor forums. The same attacker group has also claimed responsibility for attacks on rediCASE and Racing.com. These attacks reportedly happened during the Christmas Holidays and are attributed to a malicious actor group called Uawrongteam.
Uawrongteam states that the FlexBooker database contains a plethora of customer information that ranges from their driver’s license photos to the payment forms and charges. The database’s other significant details (which includes over 10 million entries) are their names, phone numbers, email addresses, hashed passwords, and password salts.
As part of its measures for protection from phishing, FlexBooker has sent data breach notifications to all affected customers, informing them of the breach of its Amazon cloud storage system. While attackers could not access any payment card information, the organization advises users to stay vigilant and look for suspicious activities in their financial accounts. However, FlexBooker recommended users remain vigilant and review account statements and credit reports for suspicious or fraudulent activity. Have I Been Pwned (HIBP) records show that over 3.7 million people lost their data in this FlexBooker breach.