Cybercrime , Fraud Management & Cybercrime , Incident & Breach Response
Breach Roundup: A Barcelona Hospital, AT&T and Hatch BankPlus, Chick-fil-A, Acer & the Online Insurance Marketplace Serving the US Congress
Every week, Information Security Media Group rounds up cybersecurity incidents around the world. In the past week, a ransomware attack at Hospital Clinic de Barcelona disrupted services, AT&T experienced a leak of customer information for which the company says a vendor is responsible,* a zero-day exploitation at Hatch Bank's vendor led to a data leak and a fast food chicken purveyor warned customers about a hack that apparently led to a payment card breach. Also: A hacker posted proprietary data of computer giant Acer, and congressional lawmakers and staffers saw some of their personal data being offered for sale online following a breach at an online insurance marketplace. We also update how fruit and vegetable processor Dole handled its ransomware attack.
See Also: Cyberwarfare in the Russia-Ukraine War
Hospital Clinic de Barcelona
A ransomware attack on one of Barcelona's largest hospitals on Sunday paralyzed medical services, forcing cancellations. A system shutdown at Hospital Clinic de Barcelona resulted in 150 cancellations of non-urgent operations and 3,000 patient checkups, the government of Catalonia acknowledged. The attack affected computers at the hospital's laboratories, emergency room and pharmacies.
The government says the RansomHouse ransomware operation is responsible. RansomHouse launched in May 2022 and may be a front for the White Rabbit ransomware operation, given that White Rabbit ransom notes name-check RansomHouse.
The Cybersecurity Agency of Catalonia deployed over 165 individuals to support the hospital's restoration effort. Operations at the hospital's Villarroel headquarters on Wednesday returned to 25% capacity for external consultations and to 70% for scheduled surgeries.
Wireless provider AT&T announced Thursday that a hacker had breached a vendor system, obtaining access to data known as Customer Proprietary Network Information. An AT&T spokeswoman told Information Security Media Group the breach affects 9 million customers and that "the data set was several years old, mostly relating to device upgrade eligibility." Affected data included the number of lines on an account or wireless rate plan, she said.
AT&T also says the security vulnerability has been fixed and that no financial information, such as payment cards or Social Security numbers, was caught up in the breach.
Databreaches.net first posted a breach notification that was shared by an AT&T customer.
Fintech platform Hatch Bank confirmed a late-January data breach incident that enabled hackers to exfiltrate personal information of almost 140,000 users. The attackers exploited a zero-day bug in the company's GoAnywhere file transfer software, tracked as CVE-2023-0669.
The Clop ransomware gang claimed responsibility for the attack, stating it also stole data from 130 other organizations.
American fast-food restaurant chain Chick-fil-A confirmed a data breach of customer accounts in a letter sent to more than 71,000 individuals.
The attack potentially exposed mobile numbers of customers and - according to a breach notice provided to the attorney general of Maine, payment card numbers in combination with their security codes. The company says the attack began on Dec. 18, 2022, and ended Feb. 12. Hackers "launched an automated hack against our websites and mobile application" using account credentials obtained from a third-party source.
Taiwanese computer manufacturer Acer confirmed to Bleeping Computer a data breach resulting from a hack on a server hosting private documents used by repair technicians.
A threat actor posted onto a criminal forum data described as 160 gigabytes worth of information including confidential presentations, software binaries, details of back-end infrastructure and BIOS images.
"There is currently no indication that any consumer data was stored on that server," Acer stated.
US Lawmaker Data
The FBI is investigating a data breach affecting congressional members and staff after a hacker stole account and sensitive personal information from online health insurance marketplace DC Health Link. The hacker posted the information for sale on a criminal forum (see: Hackers Sell US Lawmaker Data Stolen From Insurance Market).
We earlier reported that fruit and vegetable processing giant Dole had experienced a ransomware attack. In a filing with U.S. regulators, the company said overall operational impact had been "limited" but the attack "was disruptive for our Chilean and Fresh Vegetables businesses in particular."
Asked during a quarterly earnings call about the incident, Dole CEO Rory Byrne said the company doesn't expect to recover costs or lost revenue, SupplyChainDive reported.
*Clarification and correction March 10 00:07 UTC: Modified to emphasize that that AT&T attributes the data breach to a third party vendor and to correct the type of affected information.