This Week in Breach – Carnival can’t sail out of a ransomware attack

Make sure to add us or contact us for the latest news

by Kevin Lancaster

New This Week in Cybersecurity News: This week: Carnival can’t sail out of a ransomware attack, Instacart has a second security stumble, rising breach penalties include legal troubles for a former Uber executive, and meet Graphus: a fresh automated phishing defense solution that’s the perfect addition to our digital risk protection platform.


Dark Web ID’s Top Threats


  • Top Source Hits: ID Theft Forum
  • Top Compromise Type: Domain
  • Top Industry: Education & Research
  • Top Employee Count: 500+

New This Week in Cybersecurity News – United States


United States –  Cooke County, Texas

https://www.govtech.com/security/Texas-County-Notified-Thousands-of-Residents-of-Data-Breach.html?&web_view=true

Exploit: Ransomware

Cooke County, TX: Municipal Government 

cybersecurity news represented by agauge showing severe risk New This Week in Cybersecurity News

Risk to Business: 1.972 = Severe

Attackers claimed to have used REvil ransomware on July 4 in a ransomware attack on the Cooke County Sheriff’s Office (CCSO). In the resulting in a data breach, cybercriminals snatching personal identification information from an internal database. The compromised data came from either CCSO reports or cases going back several years. The gang posted their typical announcement about the hack showing data folders with filenames that appeared to reflect archived case files as well as current cases, including a threat that the files would be uploaded in seven days.

cybersecurity news represented by agauge showing severe risk & New Breach NewsNew This Week in Cybersecurity News

Individual Risk: 2.201 = Severe

While no financial information was reported as stolen, PII was involved in the breach – not to mention potentially damaging or embarrassing legal records.

Customers Impacted: 2,000+

How it Could Affect Your Business: Ransomware is most commonly delivered via a phishing email, although cybercriminals are expanding their use of phishing through messaging and SMS text.

United States – University of Utah

https://www.zdnet.com/article/university-of-utah-pays-457000-to-ransomware-gang/?&web_view=true

Exploit: Ransomware

University of Utah: Institution of Higher Learning

cybersecurity & breach news represented by a gauge showing severe risk & New Breach News New This Week in Cybersecurity News

Risk to Business: 2.077 = Severe

Netwalker ransomware appears to be the culprit in a data breach at the University of Utah. The school reportedly paid a ransomware gang $457,059 in order to avoid having student information released online. The hack occurred on July 19, and the cybercriminals gained access to the network of the university’s College of Social and Behavioral Science [CSBS].

cybersecurity news represented by agauge showing severe risk & New Breach News New This Week in Cybersecurity News

Individual Risk: 2.224 = Severe

Even when a ransom is paid, there’s never proof that the gang really did destroy the stolen data, instead of copying it or selling it. Students should be aware of this data being used in spear phishing attempts.

Customers Impacted: Unknown

How it Could Affect Your Business Ransomware is a persistent and pernicious threat to any business. Paying the criminals doesn’t guarantee the safety of stolen data – but blocking the initial attack does.

United States – Instacart

https://www.zdnet.com/article/instacart-discloses-security-incident-caused-by-two-contractors/?&web_view=true

Exploit: Unauthorized Access to Data

Instacart: Grocery Shopping and Delivery Service

cybersecurity news represented by agauge showing severe risk & New Breach News New This Week in Cybersecurity News

Risk to Business: 1.775 = Severe

In a statement posted to its website, Instacart has announced that it has suffered another data breach, less than a month after a breach that was widely reported in the media containing user account data. This time, two employees at a third-party service provider accessed accounts that they shouldn’t have, exposing customer information again.

cybersecurity news represented by a gauge indicating moderate risk New This Week in Cybersecurity News

Individual Risk: 2.821 = Moderate

Instacart’s forensic investigation did not find any evidence the two support agents had downloaded or digitally copied data from its systems. The company’s contract with the third-party vendor has been terminated, and impacted accounts have been notified via email.

Customers Impacted: 2,180

How it Could Affect Your Business: Although the pandemic will continue to drive their business as people who are unable to shop in person flock to the service, in other circumstances this would assuredly cause customer dissatisfaction, especially after the information for 278,531 Instacart accounts turned up in a Dark Web marketplace after the first one.

 

United States – Freepik

https://www.zdnet.com/article/free-photos-graphics-site-freepik-discloses-data-breach-impacting-8-3m-users/?&web_view=true

Exploit: Unauthorized Database Access (Hacking)

Freepik: Photo and Graphic Library

cybersecurity news represented by agauge showing severe risk & New Breach News New This Week in Cybersecurity News

Risk to Business: 1.903 = Severe

Photo and graphics giant Freepik the security breach occurred after hackers were able to exploit an SQL vulnerability to gain access to one of its databases storing user data. The unidentified cybercriminals gained access to usernames and passwords for the oldest accounts registered on the Freepik and Flaticon websites, impacting millions of users.

cybersecurity news represented by a gauge indicating moderate risk New This Week in Cybersecurity News

Individual Risk: 2.782 = Moderate

Potentially affected users have been notified via email the company reports that impact varies per account. Not all users had passwords associated with their accounts. The company estimates that number at 4.5 million users who used federated logins (Google, Facebook, or Twitter) to log into their accounts. For the remaining 3.77M users the attacker got their email address and a hash of their password. For 3.55M of those users, the method to hash the password was bcrypt. For 229K users, the method was salted MD5. Since the attack, all users have been updated to bcrypt.

Customers Impacted: 8.3 million

How it Could Affect Your Business: It pays to guard old data too by updating storage security and access security. Many of the oldest databases and accounts involved in this incident had never had their security updated and it had long since become obsolete, making it easier for hackers to break in and steal.

United States – Carnival Corporation

https://www.zdnet.com/article/worlds-largest-cruise-line-operator-discloses-ransomware-attack/?&web_view=true

Exploit: Ransomware

Carnival Corporation: Cruise Line

cybersecurity news represented by agauge showing severe risk & New Breach News New This Week in Cybersecurity News

Risk to Business: 1.903 = Severe

Carnival has released a statement noting that on August 15 attackers “accessed and encrypted a portion of one brand’s information technology systems,” and that the intruders also downloaded files from the company’s network. preliminary assessment of the incident, Carnival said it expects that the attackers gained access to some guest and employees’ personal data, but it is still investigating the incident. This is Carnival’s second breach this year after another breach was disclosed in March.

cybersecurity news represented by agauge showing severe risk New This Week in Cybersecurity News

Individual Risk: 2.312 = Severe

The investigation into exactly what data and what kind of data was stolen is ongoing. Carnival expects that both passenger and employee data has been impacted, but has offered no specifics. Anyone who has traveled on a Carnival cruise and staffers should be wary of phishing and identity theft attempts.

Customers Impacted: Unknown

How it Could Affect Your Business: Protection from ransomware starts with protection from phishing – including adding automated phishing protection and phishing resistance training to your security stack.

The Week in Breach Cybersecurity and New Breach News Risk Levels


1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach Cybersecurity and New Breach News are calculated using a formula that considers a wide range of factors related to the assessed breach.