Colorado Town Suffers Ransomware Attack
The town of Lafayette, Colorado, fell victim to a ransomware attack last week without the capability to recover from the attack without paying a ransom of $45,000 in cryptocurrency. The attack disabled many city services for a number of days until officials determined they would not be able to recover without paying for systems to be decrypted. This attack was another example of how having data backed up, even if somewhat dated, is less expensive and more secure in the long run.
Illinois Healthcare Data Breach
The Illinois healthcare system suffered a multi-month data breach stemming from several compromised email accounts earlier this year. The breach does not affect all IHS clients, but those who were affected had much of their sensitive information, including social security numbers and personal health documents, leaked. The breach began in early February, but victims were not informed until the end of July, when they were offered credit and identity monitoring services to protect against illicit use of their data.
Cyberattack Strikes InfoSec Training Organization
One of the largest cybersecurity training organizations was recently targeted by a phishing attack against an internal email account. The compromised account was then used to install an illicit Office365 add-on to maintain control of the account and to forward over 500 emails to a third-party account, many of which contained sensitive information on customers. Affected customers have been contacted and warned to be vigilant against future phishing attacks.
Pace Center Data Compromised Following Blackbaud Breach
Some donor data for the Florida-based non-profit Pace Center for Girls was leaked after a data breach targeted its software provider, Blackbaud, in May. The breach affected over 200 organizations relying on Blackbaud for cloud-computing services and contained personally identifiable information on thousands of donors. Fortunately, no payment card data was included in the breach and the Pace organization has begun improving security protocols to avoid further attacks.
Payment Card Data Stolen from MSU Website
At least 2,600 individuals were possibly affected by a payment card leak after the Michigan State University online shop was infiltrated through a known website vulnerability. The attack used a card-skimming technique and remained active on the site for nearly a year, leaving many customer’s data vulnerable to other possible attacks. This would be the second cybersecurity-related incident to target MSU in the last year. In May, the university was hit with a ransomware attack that resulted in the publishing of stolen data.