Cyber attacks and data breaches in review: April 2021

For the second month in a row, we discovered more than four publicly disclosed security incidents per day on average.

According to our figures, there were at least 143 cyber attacks and data breaches in April, which accounted for than one billion breached records.

You can find the full list of incidents on our sister site, but as always, we delve into some of the notable incidents affecting European organisations here.

Technological University of Dublin disrupted by ransomware

The Tallaght campus of the TU Dublin (Technological University of Dublin) confirmed last month that it was the victim of a ransomware attack that affected its IT systems and backups.

The university posted a notice on its website notifying students and staff that some systems had been disrupted, and that the team’s IT department was unable to respond to requests.

There’s never a good time for incidents such as these to occur, but the timing of this attack is particularly damaging for TU Dublin.

Although students were on spring break when the attack occurred, that doesn’t mean access to the systems isn’t still crucial. Many students will be approaching their end-of-year exams and need access to university systems to revise.

In what has already been a tumultuous year for them, this is an extra blow that further harms their ability to study.

The silver lining is that the scale of the breach appears to be relatively small. In an email sent to students, the university confirmed that the attack didn’t include the IT systems of processes of the City and Blanchardstown campuses.

Meanwhile, the early indications were that no sensitive data had been exfiltrated. However, that may well change depending on how TU Dublin handles the attackers’ demands.

The university may be tempted to pay up in the hope that the attackers won’t leak the data, but best practice advises against this.

Cyber criminals are increasingly posting the stolen information online whether they get paid or not, which means there’s no benefit to negotiating with them.

Moreover, once an attacker has compromised an organisation’s systems, it’s considered a data breach, because an unauthorised person has access to it. Even if the crook deletes the information and makes no copies (and there’s no way of knowing whether they have), it doesn’t change that fact.

So, as difficult a decision though it is, organisations are advised to cut their losses and accept that the data is gone. The incident must be reported to the relevant authority and their systems should be wiped and replaced, where possible, with backups.

National College of Ireland also suffers ransomware attack

Ransomware has become the most widely reported form of cyber attack, with public sector organisations some of the easiest targets – so it shouldn’t come as a surprise that another Irish educational institute came under attack in April.

This time it was the NCI (National College of Ireland), which suffered major disruption between 3 April and 13 April.

Access to its IT systems were suspended and the campus building was closed to both students and staff following the attack. Additionally, the college’s library Moodle site and MyDetails service were all knocked offline, while classes, assessments and induction sessions were postponed.

The NCI confirmed that it had contacted the relevant authorities regarding the breach, including the Data Protection Commissioner and Gardaí.

Menswear firm Boggi Milano targeted by ransomware

We cap off this ransomware-heavy review with an attack on the Italian high-end fashion firm Boggi Milano.

The incident is an example of the dangers of underestimating the damage of cyber attacks. The company’s website was unaffected by the attack, which is perhaps why a Boggi Milano spokesperson initially claimed that the incident hadn’t had a significant impact.

But later research revealed that the attackers had compromised 40 gigabytes of data, including HR files and salary information.

The incident marks a departure from ransomware attackers’ usual practices, which is to target the public sector and educational institutes.

Such organisations are the most likely to meet the three criteria that attackers are looking for: lax security practices, an urgent need to resume operations and adequate funds to meet their demands.

However, it perhaps shouldn’t be a surprise that cyber criminals would target a retailer. As we’ve demonstrated here, ransomware is an ever-present threat and no one is immune.

Stay up to date with cyber security news

Are you looking for regular updates on the latest cyber attacks and data breaches?

Subscribe to our Weekly Round-up to learn what’s happening in the cyber security industry and receive tips on how to protect your organisation.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.