Industry News: ESG5

The Target:​ As one of the largest newspaper groups in the United States, Lee Enterprises publishes 77 daily newspapers and 350 weekly and specialty publications across 26 states.

The Take: The information that could have been subject to unauthorized access and/or acquisition includes first and last name, as well as Social Security number.

The Vector: The investigation determined that information may have been accessed or acquired without authorization on February 3, 2025.

This breach is a stark reminder of how strong authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.

Read more...

The Target:​ Camden, New Jersey-based Cooper Health System

The Take: The potentially affected information included individuals’ names, dates of birth, Social Security numbers, health insurance information, treatment information, medical record numbers and medical history information.

The Vector: During the investigation, Cooper discovered that certain data stored in its systems was potentially acquired without authorization.

This breach is a stark reminder of how strong authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.

Read more...

The Target:​ The Legal Aid Agency, which is part of the UK’s Ministry of Justice, provides criminal and civil legal aid and advice to people in England and Wales.

The Take: The compromised data includes applicants’ contact details and addresses, dates of birth, national ID numbers, criminal history, and employment status, as well as financial information such as contribution amounts, payments, and debts.

The Vector: An investigation conducted with the aid of the National Crime Agency and National Cyber Security Centre revealed on May 16 that the intrusion was “more extensive than originally understood and that the group behind it had accessed a large amount of information relating to legal aid applicants”.

This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.

Read more...

The Target:​ Crypto giant Coinbase

The Take: The company said the hacker stole customer names, postal and email addresses, phone numbers, and the last four-digits of users’ Social Security numbers. The hacker also took masked bank account numbers and some banking identifiers, as well as customers’ government-issued identity documents, such as driver’s licenses and passports.

The Vector: Coinbase said the hacker “obtained this information by paying multiple contractors or employees working in support roles outside the United States to collect information from internal Coinbase systems to which they had access in order to perform their job responsibilities.”

This breach is a stark reminder of how strong authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.

Read more...

The Target:​ Frederick Health Medical Group, a major healthcare provider in Maryland.

The Take: Depending on the affected individuals, the attackers stole a combination of sensitive personal information, including patient names, addresses, dates of birth, Social Security numbers, and driver's license numbers. They also exfiltrated personal health information, such as medical record numbers, health insurance information, and/or clinical information related to patients' care.

The Vector: The investigation determined that an unauthorized person gained access to the network and, on January 27, 2025, copied certain files from a file share server.

This breach is a stark reminder of how strong authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.

Read more...

The Target: Ascension, one of the largest private healthcare systems in the United States.

The Take: Depending on the impacted patient, the attackers gained access to a combination of personal information, including name, address, phone number(s), email address, date of birth, race, gender, and Social Security numbers (SSNs).

The Vector: The timeline of the breach implies the attack was part of a series of Clop ransomware data theft attacks that exploited a zero-day flaw in Cleo secure file transfer software.

This breach is critical reminder that zero-day exploits do happen, and furthermore that patching software in a timely, effective manner is a key component of ensuring customer data is protected. Ensuring third-party vendors are deploying patches and fixes in accordance with a firm’s cybersecurity policy is an important step in an overall robust security posture.

Read more...

The Target: ​ ​ SK Telecom is the largest mobile network operator in South Korea, holding approximately 48.4% of the mobile phone service market in the country, corresponding to 34 million subscribers.

The Take: USIM data is information stored on a Universal Subscriber Identity Module (USIM), which typically includes International Mobile Subscriber Identity (IMSI), Mobile Station ISDN Number (MSISDN), authentication keys, network usage data, and SMS or contacts if stored on the SIM. This data could be used for targeted surveillance, tracking, and SIM-swap attacks.

The Vector: A malware infection allowed threat actors to access sensitive USIM-related information for customers.

This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.

Read more...

The Target: ​ ​Car rental giant Hertz

The Take: The stolen data varies by region, but largely includes Hertz customer names, dates of birth, contact information, driver’s licenses, payment card information, and workers’ compensation claims. Hertz said a smaller number of customers had their Social Security numbers taken in the breach, along with other government-issued identification numbers.

The Vector: The company attributed the breach to a vendor, software maker Cleo, which last year was at the center of a mass-hacking campaign by a prolific Russia-linked ransomware gang. Hertz is one of dozens of companies that used Cleo’s software at the time of their data thefts. The Clop ransomware gang claimed last year to have exploited a zero-day vulnerability in Cleo’s widely used enterprise file transfer products, which allow companies to share large sets of sensitive data over the internet. By breaching these systems, the hackers stole reams of data from Cleo’s corporate customers.

This breach is critical reminder that zero-day exploits do happen, and furthermore that patching software in a timely, effective manner is a key component of ensuring customer data is protected. Ensuring third-party vendors are deploying patches and fixes in accordance with a firm’s cybersecurity policy is an important step in an overall robust security posture.

Read more...

The Target:​ ​Sensata Technologies is an industrial technology company that develops, manufactures, and sells a wide range of sensors and sensor-rich solutions, as well as electrical protection components and systems.

The Take: A preliminary investigation with assistance from external cybersecurity experts confirmed that the hackers have exfiltrated data from the company network.

The Vector: Data theft is a common tactic used by ransomware actors to extort victims, increase pressure to pay a ransom, and create legal and regulatory complexities. Currently, Sensata is still determining what files were stolen in the attack and will notify impacted individuals and regulatory authorities as needed, based on the results of its investigation.

This breach is a stark reminder of how strong authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.

Read more...

The Target: ​ American software giant Oracle.

The Take: The compromised data includes usernames, passkeys, and encrypted passwords, which Oracle staff revealed to some clients.

The Vector: A hacker infiltrated a computer system, resulting in the theft of old client log-in credentials, according to Bloomberg News, citing two people familiar with the matter.

This breach is a stark reminder of how strong authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.

Read more...