Cyber Incident Weekly Report - Week of July 10, 2023

Apple’s Chipmaker TSMC Confirms Data Breach

WHAT HAPPENED: On Thursday, June 30, 2023, the LockBit group listed TSMC on their data leaked site and demanded a ransom of $70 million not to leak any data. TSMC represents approximately 60% of the global foundry market. The gang also wrote that the point of entry on the network and passwords would be leaked if the ransom wasn’t paid. According to a TSMC spokesperson, the “cyber incident” resulted from the breach at one of the company’s IT hardware suppliers, Kinmax Technology.?

CONCERNING: Third-party, Manufacturing, Apple

SENSCY'S ANALYSIS: This cyber incident is another good indicator of the risk related to third-party data access management. Kinmax Technology also partners with Microsoft, VMware, Cisco, Hewlett-Packard, and Fortinet. Although it is unclear if any of these organizations were also vulnerable to the LockBit attack, they will likely take a closer look at their data access management to ensure they do not expose their data to Kinmax. On the other hand, this is the second time TSMC has fallen victim to a cyber attack that could impact its overall organization. In 2018, TSMC’s computer system was infected by the WannaCry malware, costing the organization millions in revenue. Supply chain management is a critical component of any manufacturing company, and the threat actors know that they can cause severe damage if they can breach even the smallest part of an organization’s supply chain.

Datasite Experiences Third-party Breach Leaking Social Security Numbers?

WHAT HAPPENED: On June 27, 2023, Datasite, a software company managing financial transactions, filed a data breach notice with the Massachusetts Attorney General. The breach resulted in an unauthorized threat actor gaining access to consumers’ sensitive information, including Social Security numbers and names. Datasite is now sending letters to its clients with additional details about the breach.?

CONCERNING: Financial Software, Data Breach, Social Security numbers, Datasite

SENSCY'S ANALYSIS: Although details of the breach are still limited, we can already analyze the data breach notice. In the notice, Datasite explains that the breach occurred at one of their third-party vendors. This means that Datasite’s IT system was not the primary target but that threat actors found a vulnerability in one of the vendors to attack the company. However, the Cl0p ransomware gang, which has now breached over 200 companies using the MOVEit vulnerability, added Datasite as one of their victims on their website. It is highly likely that Datasite’s customers will experience a wave of targeted attacks, including phishing, identity theft, and potentially Business Email Compromise (BEC). While Datasite’s customers are at risk, the company could also be highly impacted by the breach. The loss of trust can be permanent, leading to a loss of revenue and reputation. Still, a breach can also result in significant fines after additional investigation if it is determined that the company did not protect its data correctly.

Lansing Community College Suffers Data Breach.

WHAT HAPPENED: On June 30, 2023, Lansing Community College (LCC) filed a data breach notice with the Attorney General of Maine after finding that an unauthorized threat actor had gained access to the school’s IT system for nearly three months. Sensitive information, including Social Security numbers, of 757,832 individuals were compromised during the breach. According to the breach notice, the threat actors had access to the IT systems between December 22, 2022, and March 15, 2023.

CONCERNING:?Academia, Schools, Universities, Data Breach

SENSCY'S ANALYSIS: Lansing Community College is the latest academic institution to disclose a cyber attack that resulted in a data breach. While the investigation is ongoing, it is essential to look at the timeline of events. One concerning aspect of this breach is that the threat actors were in LCC’s systems for three months without being detected. With this amount of time in the systems, the amount of data a threat actor can gather is enormous. The threat actors responsible for the breach are now highly likely to sell or use the stolen data to conduct more attacks on LCC current and former students and employees, including identity theft and potentially phishing. SensCy advises all employees, students, and parents to monitor any changes in their credits or bank information. Having an incident response plan will also help mitigate the attack early and can be a defining factor in a school's ability to recover from the attack. An incident response plan will reduce the cost and downtime.