Cyber Attacks and Data Breaches in Review: February 2023

Welcome to our latest monthly review of cyber attacks and data breaches. We found 106 publicly disclosed security incidents during the month, which resulted in 29.5 million breached records.

As ever, you can find the full list of security incidents on our sister site. In this blog, we look at the most notable headlines across Europe.

Tusla to notify those affected by ransomware attack

Ireland’s child and family agency, Tusla, announced last week that it had identified 20,000 people whose information was exposed in the May 2021 ransomware attack against the HSE (Health Service Executive).

The incident was one of the most damaging ransomware attacks ever conducted, crippling services across a range of hospitals. Healthcare facilities are always among the most vulnerable to ransomware, because an inability to access files or other facilities could put people’s lives in danger.

The HSE’s chief executive, Paul Reid, described the attack as “significant and serious”, adding that the HSE has taken all precautionary measures to shut down its major systems.

An investigation into the ransomware attack, led by An Garda Síochána – Ireland’s police force – found that personal data of 20,000 people who worked at or with Tusla was compromised.

It’s unclear what information was affected, but people’s names and contact details are presumed to be have been stolen. There is also the possibility that more sensitive information, including information gathered by providing child protection and welfare services, was compromised.

This includes data related to adoption and foster care; early years services; domestic, sexual and gender-based violence services; and community support services.

Tusla is now notifying the 20,000 victims involved, but said that the process won’t be complete until November.

The agency said it has been working with Ireland’s Data Protection Commission, to ensure that the notification process protects those affected from further damage. It is particularly concerned about the possibility of notification letters themselves being compromised, which is why each letter will contain a unique PIN.

Individuals can use this code to access information through the Tusla Personal Information Access Portal, and they can contact a helpline line if they need further assistance.

Alternatively, individuals can set up an in-person meeting with a case worker to review the exposed data.

German minister warns of “massive” threat from Russian hackers

Germany could face a fresh wave of Russian-sponsored cyber attacks, the country’s interior minister warned last week.

In an interview with the Funke Mediengruppe, Nancy Faesar said there was a “massive danger” of sabotage, disinformation and cyber espionage, and has called on federal and regional governments to increase their defensive capabilities.

“The cybersecurity concerns have been exacerbated by the war. The attacks of pro-Russia hackers have increased,” she said.

Faesar highlighted the ever-evolving attack methods and the need for public and private organisations to continually develop defence capabilities.

Since Germany started supporting Ukraine following the Russian invasion, cyber attacks against the country have increased rapidly. Military organisations, energy providers and other critical  infrastructure providers have been the most frequently targeted, with the majority of attacks coming from Russia or its allies.

As the war in Ukraine rages on and Russia grows frustrated at the lack of progress, the scale of attacks could well increase. Security experts have warned that a significant attack could be imminent, with one source saying that the country is under a state of “permanent fire” from criminal hackers.

Nancy Faesar’s warning comes as the German government announced plans to expand its Federal Office for Information Security in a bid to “create new instruments with which the security authorities can stop cyber-attacks and resolve them”.

In a recent study, Google learned that the Kremlin was “pulling out all the stops” to recruit hacking groups to work on the government’s behalf. Meanwhile, Marc Korthaus, of the German IT security company Sys11, told the Frankfurter Allgemeine newspaper that cyber attacks were increasingly linked to political activity.

For example, when Germany announced last month that it would deliver Leopard 2 tanks to Ukraine, there was a sizeable increase in cyber attacks against German organisations, Korthaus said.

Alexander Vuckevic, the director of protection labs for the IT security company Avira, spotted a similar trend across Europe. “Every time Europe intensifies its sanctions against Russia or accelerates aid to Ukraine, the hackers intensify their attacks,” he said.

E-commerce giant Elevel exposed customer data

In other Russia cyber security news, the Moscow-based firm Elevel suffered a data breach earlier this year, leaking 1.1TB of personal data.

The breach was discovered by researchers at Cybernews, which found an open dataset belonging to e.way, an online shop operated by the electrical engineering firm.

In total, 7 million data entries from the past two years were found, including customers’ names, phone numbers, email addresses and delivery addresses.

“If left exposed, threat actors could download and clone the cluster’s data and use it for nefarious purposes, including phishing attacks, as they possess sufficient PII and to make their scam seem legitimate,” Cybernews researchers said.

“As a number of usernames and passwords are exposed, it could enable threat actors with valid credentials to gain further sensitive data and to impersonate users to make fraudulent purchases,” they added.

Cybernews confirmed that the dataset has since been secured.

Are you prepared for a cyber attack?

If you’re facing a cyber security disaster, IT Governance is here to help.

Our Emergency Cyber Incident Response Service offers the necessary support to deal with the incident, as our experts guide you through the recovery process.

They’ll review the breach, mitigate the damage and ensure that you are up and running again as soon as possible.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.