Cyber Security Hub takes a look at the top cyber attacks, data breaches and cyber security incidents across the globe that happened in August, 2023.
Contents:
- Hot Topic hit by wave of cyber attacks.
- Italian banks hit with DDoS attacks.
- US hospital network hit with ransomware attack.
- UK Electoral Commission suffers years-long cyber attack.
- Police Service of Northern Ireland suffers ‘critical’ data breaches.
- Alberta Dental Service Corporation data breach impacts 1.5 million customers.
- Norfolk and Suffolk police admit to data breach impacting 1,230 people.
- Discord.io exposes personal data of more than 760,000 users.
- Data of 2.6 million Duolingo users posted on the dark web.
- Roblox developers targeted with malware.
- PurFood data breach exposes personal information of 1.2 million customers.
Hot Topic hit by wave of cyber attacks
On August 1, Hot Topic announced that it had been hit by a wave of credential-stuffing attacks from February to June 2023.
According to the retailer, “suspicious login activity” on its rewards platform led to the cyber attacks being discovered. An investigation revealed that the cyber attacks took place between February 7 and June 21, 2023, and may have allowed the malicious actors responsible to access sensitive customer information.
The hackers used stolen credentials to gain unauthorized access to Hot Topic’s Rewards platform multiple times. This allowed them access to customer information, including customer names, mailing addresses, dates of birth, phone numbers and order history. Partial payment card information (the last four digits of the payment card) may have also been accessed if victims had their payment card details saved to their account.
Following an investigation into the data breach, Hot Topic found that legitimate credentials were used in the attack, but that these credentials were obtained from an “unknown third-party source”, not Hot Topic itself.
Learn more about the investigation into the cyber attack here.
Italian banks hit with DDoS attacks
On August 1, a number of banks across Italy were taken offline due to targeted distributed denial of service (DDoS) attacks.
The Agenzia per la Cybersicurezza Nazionale (ACN) said at least five banks across the country had been targeted by the cyber attacks. According to the ACN, it “identified the reactivation of distributed denial of service (DDoS) attack campaigns by pro-Russian...groups against national institutional subjects”. The ACN said that Russian hacking gang, NoName, was responsible for the attacks.
The ACN said that it had provided assistance to all those impacted by the DDoS attacks launched by NoName.
Discover which banks were targeted by DDoS attacks here.
US hospital network hit with ransomware attack
A major US hospital network, Prospect Medical Holdings, has been the victim of a ransomware-based cyber attack.
The cyber attack caused outages across the company’s network beginning on August 3. This caused issues at Prospect Medical Holdings’ hospitals across the US, leading to some hospitals having to stop operations and divert patients to other facilities. The attack affected 16 hospitals in California, Connecticut, Pennsylvania and Rhode Island, in addition to 166 outpatient centers and clinics.
The Federal Bureau of Investigation (FBI) launched an investigation into the cyber attack, which was confirmed to be ransomware-related.
Discover more about the ransomware attack here.
UK Electoral Commission suffers years-long cyber attack
UK election watchdog, The Electoral Commission (TEC), revealed on August 8 that it had been the victim of a “complex” cyber attack which potentially exposed the data of more than 40 million voters.
News of the cyber attack was published in an FAQ on the commission’s website, where TEC explained that the cyber attack was discovered in October 2022 after suspicious activity was detected on its systems.
Malicious actors were able to access TEC’s file sharing and email systems, meaning the names, addresses, email addresses, and any other personal data sent to The Electoral Commission via email or held on the electoral registers for all those registered to vote in the UK between 2014 to 2022, as well as the names of those registered to vote overseas was “most likely accessible” during the cyber attack.
The watchdog explained that it had worked with the National Cyber Security Center (NCSC) as well as external cyber security experts in order to secure its systems following the cyber security incident.
Learn how TEC responded to the cyber attack here.
Police Service of Northern Ireland suffers ‘critical’ data breaches
The Police Service of Northern Ireland (PSNI) suffered a “critical incident” on August 8, after the personally identifying information of all of its employees was published online.
The “monumental” data breach occurred when data was mistakenly posted online following a Freedom of Information (FoI) request. A database, which included the surname, initials, rank/grade, role and location of more than 10,000 serving officers and staff of the PSNI was published to a “legitimate FoI site”. The data was accessible for around three hours before it was taken down.
In a statement regarding the data breach, PSNI senior information risk owner, assistant chief constable Chris Todd said that the cyber security incident was “unacceptable” and was ultimately down to “human error”.
Todd also said that the PSNI had issued updated personal security advice to its officers and staff as well as establishing an emergency threat assessment group to investigate the welfare concerns of all PSNI employees.
It is currently unknown who has accessed the data and whether or not the data has been copied. An investigation into the data breach was launched and the Information Commissioner’s Office (ICO) was alerted.
On August 9, it was also revealed that the PSNI is investigating a secondary data breach that it suffered following the theft of a spreadsheet containing the names of more than 200 serving officers and staff, as well as a police-issue radio and laptop, from a private vehicle on July 6.
Learn more about the PSNI data breaches here.
Alberta Dental Service Corporation data breach impacts 1.5 million customers
Canda-based dental benefits administrator Alberta Dental Service Corporation (ADSC) announced in August that it had recently suffered a malware-based cyber attack which exposed the data of more than 1.5 million customers.
The cyber security incident was initially discovered on July 9 following a malicious actor gaining access to ADSC’s systems. The hacker then deployed malware, encrypting some of the company’s data and systems, meaning ADSC employees were unable to access them.
A forensic investigation into the cyber attack revealed that the malicious actor has access to ADSC’s systems between May 7 and July 9. During this time, the hacker copied data from ADSC’s systems before deploying the malware.
Learn what data was accessed during the cyber attack here.
Norfolk and Suffolk police admit to data breach impacting 1,230 people
Two UK police forces admitted on August 15 to a data breach caused by a "technical error" that saw the personally identifying information of victims, witnesses and suspects mistakenly posted online following Freedom of Information (FOI) requests.
Norfolk and Suffolk police revealed that the data of 1,230 people, including the sensitive data of those who were victims and witnesses of or suspects in cases including assaults, sexual offences, thefts, hate crimes and domestic abuse incidents was posted on the internet following FOI requests.
The data was released via FOI requests for crime statistics between April 2021 and March 2022.
Learn more about the data released in the breach here.
Discord.io exposes personal data of more than 760,000 users
Discord.io, a custom invite service for the instant messaging service Discord, suffered a data breach that exposed the personal data of more than 760,000 users.
The cyber attack was discovered on August 14, after a database containing the personal information of Discord.io users was put up for sale on the dark web.
The hacker who uploaded the data, who used the alias ‘Akhirah', shared four user records from the database as proof of the data’s authenticity. Discord.io also confirmed that the data was legitimate.
In response to the breach, Discord.io shut down all its operations and services and launched an investigation into the breach. This investigation revealed that the hacker gained access to Discord.io’s database via a vulnerability in the website’s code, allowing Akhirah to download Discord.io’s entire database and put it up for sale.
Discover what data was leaked to the dark web here.
Data of 2.6 million Duolingo users posted on the dark web
The scraped data of more than 2.6 million users of the language learning app Duolingo, was posted to a dark web hacking forum on August 22.
The malicious actor offered US$1,500 for all the data and claimed to have gained access to it by scraping an exposed application interface (API). They also offered a sample of the data from 1,000 accounts, confirming its legitimacy.
A Duolingo spokesperson said of the cyber security incident: “No data breach or hack has occurred. We take data privacy and security seriously and are continuing to investigate this matter to determine if there’s any further action needed to protect our learners.”
The exposed API used to scrape the data has been public knowledge since March 2023. It allows anyone to retrieve the public information of any Duolingo profile by inputting their username into it.
Learn more about data scraping here.
Roblox developers targeted with malware
An unknown malicious actor has seeded dozens of open-source software packages with malware referred to as ‘LunaGrabber’, beginning on August 1, 2023. Developers for online gaming platform Roblox have been tricked into clicking on the malware-ridden software packages as they are disguised as commonly used pieces of software on open-source software library, npm.
The malware packages were discovered on August 22. Lucija Valentić, a software threat researcher at ReversingLabs, a cyber security company that discovered the malware, explained that “the malicious packages imitated the legitimate package noblox.js, a Node.js Roblox application programming interface (API) wrapper used to write scripts that interact with the Roblox gaming platform”.
Valentić also confirmed that “developers who write scripts to run on the Roblox gaming platform” were the intended targets of the malware campaign.
Explore more cyber attacks against Roblox here.
PurFood data breach exposes personal information of 1.2 million customers
American meal delivery service PurFoods, revealed in August that it had suffered a data breach that exposed the financial and medical data of more than 1.2 million customers.
PurFood’s systems were breached on January 16 of this year, although the cyber attack was not discovered until July 10. A data breach notice filed regarding the breach also revealed that the breach was caused by a malicious actor hacking into the company’s system and was discovered when PurFoods found that certain files in its network had been encrypted.
The data stolen in the breach included the names or other personal identifiers such as the social security or health insurance member identification numbers of 1,237,681 PurFood customers, as well as their “financial account number or credit/debit card number (in combination with security code, access code, password or PIN for the account)”. It was also suspected that the malicious actor may have gained access to customers’ medical information.