February 2025

We're back with this month's edition of The Cipher Chronicle. Get ready to dive into the latest stories, insights, and solutions that we've seen over the past few weeks.

The Adversary Decoder Threat Report– Food Industry Edition

Curious about the unique cyber risks lurking in the food and beverage sector? Our Adversary Decoder Threat Report dives into the specific tactics, techniques, and procedures (TTPs) that threat actors use to target food supply chains—from producers and distributors to retailers and restaurants. In this report, you'll get a comprehensive look at emerging attack trends, discover real-world breach examples, and gain actionable strategies to improve your operations.

Download the Report →

Check out some of the latest hacks and attacks from this month that may be targeting your industry.

1. Anne Arundel County

Exploit: Hacking

Industry: Government

What Happened: On February 24, an external cyber incident disrupted government services in Anne Arundel County. Multiple buildings closed, and public programs—like AARP tax prep—were affected, though schools and libraries remained operational. Officials expect a days-long recovery as they investigate the breach.

The Chronicle's Take: Government entities are prime targets for attackers; we saw a similar theme in January when the U.S. Department of the Treasury faced a hacking incident. This underscores the continuing need for public agencies at every level to bolster their cybersecurity posture.

How it Could Affect Your Customers' Business: It is critical for governments (and their vendors) to commit to robust cybersecurity measures to minimize service downtime and protect citizens' data.

2. Hipshipper

Exploit: Hacking

Industry: Transportation & Logistics

What Happened: Hipshipper, a shipping platform popular with eBay, Shopify, and Amazon sellers, exposed 14.3 million records in an unprotected AWS bucket. Leaked data contained full names, home addresses, phone numbers, and shipping details, remaining unsecured for at least a month.

The Chronicle's Take: As with last month's incident at Avery Products Corporation, a single misconfiguration can lead to a massive data leak. Whether you're a product manufacturer or a logistics platform, safeguarding stored information is essential.

How it Could Affect Your Customers' Business: Employee mistakes and poor access controls can be devastating. Regular security awareness training and routine audits help prevent oversights that compromise sensitive data.

3. Grubhub

Exploit: Ransomware (via Third-Party)

Industry: Food Delivery/Technology

What Happened: A third-party support account was compromised, exposing names, email addresses, phone numbers, partial payment card details, and some hashed passwords. Grubhub quickly cut ties with the vendor, but the breach also impacts student users in campus dining programs. The incident comes shortly after Grubhub's $650 million acquisition deal.

The Chronicle's Take: Timing is never good for a security lapse—especially amid a high-profile transaction. Third-part access should be scrutinized regularly.

How it Could Affect Your Customers' Business: Security problems can derail business deals and erode consumer trust. Ensure that both internal teams and external partners follow strict data-handling policies.

4. Lee Enterprises

Exploit: Hacking

Industry: Media

What Happened: A major cyberattack happened on February 3rd, disrupting one of the largest newspaper groups in the country, affecting printing, delivery, and access to editorial files. Dozens of newspapers under Lee Enterprises, including the Buffalo News and the St. Louis Post-Dispatch, faced significant publishing delays.

The Chronicle's Take: Organizations must prepare for ransomware, hacking, and other disruptions. Regular backups and a tested incident response plan are vital.

How it Could Affect Your Customers' Business: Even a brief outage can halt a media outlet's core function: delivering timely information. Robust security and reliable backups are essential to maintain continuity.

5. Memorial Hospital

Exploit: Ransomware

Industry: Healthcare

What Happened: Memorial Hospital and Manor in Georgia notified 120,000 patients that personal data was stolen during a ransomware attack in late 2023. Attackers forced the hospital offline, leading staff to rely on manual recordkeeping. The Embargo group claims it exfiltrated 1.15 TB of data.

The Chronicle's Take: Healthcare remains a frequent target. Hospitals hold vast stores of patient data—making compliance and robust cybersecurity measures essential to patient care.

How it Could Affect Your Customers' Business: Patient data is incredibly valuable on the dark web, so healthcare providers must prioritize updated security tools, continuous monitoring, and strict access controls.

6. Attorney General of Virginia

Exploit: Hacking

Industry: Government

What Happened: The Virginia Attorney General's office was forced offline this month. Systems including Net Docs, Outlook, Teams, file sharing, and VPN access were taken down as officials investigated the breach. State police are assisting in the inquiry.

The Chronicle's Take: Government agencies are high-value targets. Swift detection and compartmentalization can limit damage and speed recovery.

How it Could Affect Your Customers' Business: Shutting down core systems can paralyze essential operations. Incident response plans should encompass quick isolation measures to minimize disruptions.

Cyber threats may be growing, but so are you options for defense. Here's what we've been up to lately:

Latest Cipher Blog: Top 7 Mistakes Finance Companies Make When Hiring Cybersecurity Consulting Services

Finance companies often look for quick wins or cut corners on security. Our new blog dives into the biggest pitfalls—and how to avoid them. If you're in the finance sector (or just curious about what not to do), this one's for you.

Read the blog →

Is it Time to Upgrade Your MDR?

Our Extended Managed Detection & Response (xMDR) service uses advanced technology and expert human analysis to safeguard your business around the clock. Take a look at the features in our new, no-fluff brochure.

Learn more about xMDR →

Complimentary Attack Surface Report

Worried about shadow IT, unpatched vulnerabilities, or exposed assets you don't even know about? Our in-depth attack surface report identifies your more pressing weaknesses before threat actors do.

Claim Your Free Assessment →

Mark Your Calendar: CIPHERISE

April 9th, 2025 | NYC

Join us for a full day of cutting-edge insights, candid discussions, and exclusive networking with top security leaders. Featuring keynote speaker Mikko Hypponen —cyber security visionary and global expert on emerging threats—plus an evening VIP lounge at Madison Square Garden to watch the Rangers vs. Flyers in style.

Spots are limited.

Secure Your Seat →

Our Team This Past Month

Annual Meeting — This past week our team met in person in Tampa, FL, to discuss how we can improve our offerings and continue providing best-in-class services to our customers.

We’re hiring! We're always growing at Cipher. Take a look at our current openings. View our open positions.

A Final Note

Defending your organization is a year-round responsibility. As threat actors refine their tactics, staying vigilant becomes even more important. Whether you're grappling with insider threats, planning your next big security initiative, or simply curious about the latest threat intel, our team is here to help every step of the way.

Thanks for tuning in to The Cipher Chronicle. Stay sharp our there, and we'll see you next month!