The Week in Breach News: 11/27/24 – 12/03/24

This week: More cyber trouble for the UK’s National Health Service (NHS); bad actors nab an estimated $17 million from Uganda’s central bank; learn how IT pros can help retailers mitigate cyber-risk this holiday season; and nine more new Microsoft-themed phishing simulations in three languages are now available.

Veteran’s Health Administration

https://www.fox9.com/news/veterans-health-administration-cyberattack-compromises-records

Exploit: Third-Party?Data Breach

Industry: Government

The Veterans Health Administration (VHA) has reported a ransomware attack on DBP, a contracted medical transcription vendor, resulting in the exposure of protected health information for 2,302 veterans. While the breach encrypted one of DBP’s servers, an investigation confirmed that the attackers did not access any medical record data stored in the VA’s electronic health record system. The exposed data may include veterans’ full names, medical record details and Social Security numbers. Affected individuals will be notified directly via letters, according to VHA officials.

How It Could Affect Your Customers’ Business: This incident underscores the danger that all types of organizations face from supply chain cyberattacks.

Kaseya to the Rescue: Learn to mitigate a company’s risk of damage from often email-based cyberattacks like ransomware in A Comprehensive Guide to Email-based Cyberattacks. GET THE GUIDE>>

Bojangles

https://www.globenewswire.com/news-release/2024/11/22/2986119/0/en/Bojangles-Restaurants-Data-Breach-Exposes-Personal-Information-Murphy-Law-Firm-Investigates-Legal-Claims.html

Exploit:?Hacking

Industry: Restauraunt

Bojangles’ Restaurants, Inc. Has admitted that the company experienced a?data breach in March 2024. Based on its forensic investigation, Bojangles determined that cybercriminals gained access to its employee data files between February 19, 2024, and?March 12, 2024. The investigation uncovered?that the information exposed in the data breach includes, but is not limited to names, social security numbers, driver’s license numbers, government-issued ID card numbers, financial account information, medical information and health insurance information. ?

How It Could Affect Your Customers’ Business: Companies with a high turnover rate may also have a large store of employee data that is attractive to cybercriminals.

Kaseya to the Rescue: ?Explore the biggest challenges professionals contended with in 2024 and the impact of AI on cybersecurity in the Kaseya Cybersecurity Survey 2024. GET THE REPORT>>

As you map out your security awareness training plans for 2025, consider utilizing these nine new phishing simulation kits that imitate Microsoft in Spanish, French and Portuguese.

Microsoft – Quarantined Email

• Microsoft – Correo Cuarentenado (Spanish)
• Microsoft – E-mail Mis en Quarantaine (French)
• Microsoft – E-mail em Quarentena (Portuguese)

Microsoft Teams: Message Available

• Microsoft Teams – Mensaje Disponible (Spanish)
• Microsoft Teams – Message Disponible (French)
• Microsoft Teams – Mensagem Disponível (Portuguese)

SharePoint – Remote Work Policy

• SharePoint – Política de Trabalho Remoto (Portuguese)
• SharePoint – Politique de Travail à Distance (French)
• SharePoint – Política de Trabajo Remoto (Spanish)

Learn more about these and other fresh phishing simulation kits in the Release Notes.