Cyber Incident Weekly Report - Week of August 12, 2024
Alleged Data Breach on National Public Data (NPD) Could Expose Almost 3 Billion Records
WHAT HAPPENED: Earlier this week, almost 2.7 billion records of personal information of US citizens were leaked on a hacking forum, exposing names Social security numbers, and physical addresses. The data was allegedly stolen from National Public Data (NPD), a company that collects and sells information used in background checks and private investigations. At the time of writing, NPD has not confirmed the breach. Additionally, on August 1, 2024, a class action lawsuit was filed against National Public Data (defendant) “for its failure to properly secure and safeguard the personally identifiable information that it collected and maintained… Plaintiff Hofmann received a notification from his identity theft protection service provider notifying him that his PII was compromised as a direct result of the “nationalpublicdata.com” breach…” It is important to note that, at the time of writing, the plaintiff provided no proof regarding the type of stolen PII and how the link was made to the alleged NDP breach.?
CONCERNING: American, Data Breach, National Public Data (NPD).
SENSCY'S ANALYSIS: Before analyzing the incident, SensCy would like to remind our readers that at the time of writing, there is no verifiable proof that the data dumped on the hacking forum was stolen from NPD. However, this breach likely leaked some of your personal information. We recommend that you monitor your credit report for fraudulent activity and report it to the credit bureaus if detected. Additionally, since the samples reviewed by researchers contained email addresses and phone numbers, you should remain vigilant against phishing and SMS phishing attacks.
?Cybersecurity experts and researchers have been able to analyze some of the data and could confirm that it contains their and family members' legitimate information, including those who are deceased. It is also important to know that individuals would have more than one record, meaning that the alleged breach did not impact 3 billion people as previously reported in many articles. Researchers have also confirmed that not all information was accurate and that their Social Security numbers were associated with the wrong people. Some of the data analyzed was also outdated and already on other leaks obtained by scrapping publicly available information. SensCy also believes there is a high possibility that the data leaked was scraped from public sources due to the large amount of data. US law experts are also cautious regarding the source of the leaked information. They are arguing that the NDP database would include more than just line records, it would include PDFs, legal details like parking tickets, copies of judgments, etc, making it very challenging to steal 4TB in less than 24 hours without NDP noticing.?
USDoD, who originally sold the data in April, and SXUL, the threat actor who was given credit for allegedly stealing the data, are not widely known threat actors, making their claim less legitimate. While NDP has yet to comment, only the courts can require NDP to make a formal on-the-record statement about the incident.?
SensCy will continue to monitor the development of the incident.
The East Valley Institute of Technology (EVIT) Confirms Data Breach
WHAT HAPPENED: Earlier this week, the East Valley Institute of Technology (EVIT) began notifying over 200,000 individuals, including students, staff, faculty, and parents, that their personal and health information was compromised in a data breach. According to reports, the incident occurred on January 9, when a threat actor accessed EVIT’s network. The stolen data includes names, addresses, email addresses, Social Security numbers, dates of birth, driver’s licenses, student ID numbers, race/ethnicity, account numbers, medical information, financial aid information, and other student information. The stolen data also includes biometric data, login information, and payment information. The ransomware group LockBit took responsibility for the attack in January, but it is unclear if the data was ever leaked to the dark web because the site used by LockBit was taken down by law enforcement in February.?
领英推荐
CONCERNING:? Academia, Universities, Schools, Back to School, Ransomware.
SENSCY'S ANALYSIS: While schools and universities are still a primary target for hackers and threat actors due to the large amount of data they store on their systems, the extent of the breach at EVIT is unusually high. With over 48 distinct categories of personally identifiable information (PII) leaked in the breach, this would indicate that the LockBit group moved laterally within EVIT’s systems after the initial compromise. This is only possible because of poor data compartmentalization from EVIT. While the school explained that the incident had a “limited impact on [its] operations," the inclusion of information like military ID, and biometrics in the breach are significant indicators of the severity of the breach. SensCy recommends that all affected individuals sign up for the free identity theft protection services. SensCy also recommends that all academic institutions implement a zero-trust network architecture to limit lateral movement in the event of a breach. SensCy also recommends implementing proactive measures including strengthening cybersecurity defenses and monitoring capabilities.?
Local Government in Texas Hit by Ransomware
WHAT HAPPENED: The city of Killen, Texas confirmed in a press release that it was recovering from a ransomware attack. City officials explain that the attack impacted internal system servers, impacting citizens with potential delays in essential services at the Utility Collections division. The city also cut off connections with the larger network of Bell County to contain the issue and claimed that the BlackSuit Ransomware group was responsible for the attack. BlackSuit Ransomware is believed to be a rebrand of another ransomware group that previously successfully took down the city of Dallas’ networks last year.
CONCERNING: Local Government, Ransomware, Critical Infrastructure, BlackSuit.
SENSCY'S ANALYSIS: SensCy continues to monitor the rise and increased frequency of cyber attacks on local governments, unfortunately, the attack on Killeen joins a long string of ransomware incidents targeted at local government over the last year. While it is well established that foreign threat actors focus on small and local governments due to the limited cyberinfrastructure and resources, and the potential financial burden on cities with small budgets, these attacks are a serious threat not just to the targeted city, but also to the broader stability and security of the U.S. When governments are repeatedly attacked, public confidence in their ability to protect sensitive information and maintain essential services can erode. In some cases, repeated attacks can lead to political unrest or social instability, especially when residents feel their safety is at risk due to government incompetence in handling cybersecurity. Furthermore, attacks on local governments can have broader implications for national security. They can expose vulnerabilities in critical infrastructure and provide opportunities for further exploitation by malicious actors. Finally, these attacks are usually conducted by state-sponsored ransomware gangs, meaning that they have ties or are protected by their home governments. This can complicate international relations and raise the stakes, as these attacks can be seen as part of a broader cyber warfare strategy.