Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label IT system. Show all posts
VF Crop
Breach Unveils Cyberattacks CyberCrime Cyberhackers Cybersecurity Data Breach Data Disaster IT system Ransomware VF Crop

Data Disaster: 35M Customers in Peril as VF's Breach Unveils

 


With its 13 brands, VF Corporation is one of the largest global apparel and footwear companies in the world. They own JanSport, Dickies, Eastpak, Timberland, Smartwool, Vans, The North Face, and The North Face brands that accounted for 55% of the backpack market in 2015. It has been reported that VF Corp has been the victim of a ransomware attack in December 2023. 

As a result of the ransomware attack, some of the company's systems were taken out of operation and were forced to contain the threat. There has been a cyber attack on VF Corp's customer data, reported TechCrunch. VF Corp, the parent company of popular brands like Vans, Supreme, and The North Face, claims it stole data from 35.5 million customers in a December attack, according to a regulatory filing. Nevertheless, the company has not provided any information on what type of personal information was compromised. 

Even though the report says that the filing does not explicitly state what personal information was stolen, the company stated that, for its consumer businesses, it does not retain Social Security numbers, bank account information, or credit card numbers. 

A Denver, Colorado-based company, VF Corp, reported its data breach to regulators on Thursday and did not have any evidence that hackers had stolen customer passwords. The Denver-based company did not have any evidence that the hackers had stolen customer passwords. There is no specific information in the filing about what kind of personal data was taken, or if the company has yet been aware of what has been stolen. 

The VF Corp spokesperson did not respond to TechCrunch's email requesting additional information. In addition to the fact that VF Corp does not collect any information about a consumer's Social Security number, bank account number, or credit card, nor does it have any evidence that hackers have stolen any of the company's customer passwords, the company says it does not maintain this information. 

Social Security number and financial information are not stored by VF Corp in its systems, according to the company. Furthermore, VF Corp says that it has not found any evidence that customer passwords have been stolen. As a result of the shutdown of certain systems, VF encountered disruptions in its operations. 

As a result of the incident, retail stores were interrupted in replenishing inventory and orders were delayed. Several and varied issues have resulted in cancellations of orders on the part of customers and consumers, reduced demand on e-commerce sites of some brands, and delayed shipments of some wholesale products. 

The company has managed to restore all of the impacted systems, although minor issues are still being encountered. A VF spokesperson said on Thursday that the company has not disclosed what information was stolen from its IT systems, but it did indicate certain data that was not stolen and that it is still investigating. 

In addition, there has been no evidence to suggest that the company has stolen the passwords of its customers and that Social Security numbers, bank account details, or credit card numbers are stored in its computer system. 

VF, as a co-founder and chief innovation officer for CyberSaint, is providing a certain level of assurance to the SEC and their investors that the 35 million records were not tampered with with highly sensitive [personally identifiable information] PII. Padraic O'Reilly, co-founder and chief innovation officer for CyberSaint, explained that what was not taken. 

According to his view, based on this information, we can presume that consumer names, addresses, demographic information, and information regarding their purchases may be included in the investigation. 8-Ks are usually released in stages as investigations progress, so stay tuned in this situation.
Read more »
United Kingdom
Cyber Security IT system NCSC security measures United Kingdom

In Q2 2022, NCSC Plans to Launch a New Assurance Scheme for IR and SimEx

 

In Q2 2022, the National Cyber Security Centre (NCSC) plans to implement a new assurance scheme for incident response (IR) and simulated exercises (SimEx), which might be a game-changer in the security sector. This will essentially result in the standardization of IR and SimEx across the board, as well as the expansion of commercial reach, opening up new markets for assured suppliers. Previously, the NCSC only offered the Cyber Incident Response (CIR) Service – shortly to be renamed CIR Level 1 – to UK Central Government and major corporations with complex IT systems that were regarded to have "national significance" networks. 

The new CIR service will dramatically broaden its reach to include local businesses, major businesses, and SMEs, while the new Cyber Incident Exercising Service will target large and medium organizations, as well as central and regional UK government. Because of the scope of the undertaking, the NCSC aims to hire Assured Scheme Partners to assess and onboard Assured Service Providers to police the scheme. 

The government agency is presently selecting its Assured Scheme Partners, with whom it will collaborate to develop the operating model and define how it will execute its technical standards across both services. 

SimEx can range from simple desktop exercises to full-fledged simulations, allowing corporate teams to respond to a given attack scenario. They could take the shape of a ransomware or phishing assault, DDoS simulation, or sensitive data being released on the dark web. A simulated exercise's purpose is to practise, analyze, or enhance the IR plan, so the true learning comes from how effectively the incident response process functions. 

Although it is unclear how the new Cyber Incident Exercising Service can support this wide range of activities, the NCSC has announced that it will include table-top and live-play formats. It will likely provide a sliding scale of increasingly complicated services, bringing much-needed clarity to the market. 

One of the main difficulties with SimEx today is that once the business considers testing its IR, prices may quickly escalate, so a formal framework with multiple techniques would help teams know precisely what they've signed up for and how much bang for their buck they're getting. 

Rather than the organization blindly investing in technology and presuming that its policies are being followed, these tests evaluate the effectiveness of security protocols by using attack scenarios that the organization is likely to face in the current threat landscape, informing the business of what is/isn't working and where the disparities are so that future spend can be focused.
Read more »
United Kingdom
Cyber Attacks IT system Nation-State Attacks United Kingdom

Attack on UK's Defence Academy Compelled a Rebuild of the IT System

 

According to a former senior officer, a probable nation-state attack on the UK's primary defense training facility last year compelled the academy to replace its IT infrastructure. Air Marshal Edward Stringer recently retired as the director-general of joint force development and the UK Defence Academy. 

Every year, the academy teaches roughly 30,000 UK armed forces personnel, as well as civil officials and military personnel from foreign countries. However, it was caught off guard by a cyber-attack in March of last year, which had "significant" operational ramifications, according to Stringer. 

IT team had to find backup ways to use regular internet, etc, to keep the courses running, which they did - but not as smoothly as before, to be fair, added Stringer.

He claimed he didn't know whether the hackers were criminals or a hostile state, but his main concern was whether the hackers sought to use the Defence Academy as a "backdoor" into much more secret portions of the MOD's IT systems. When asked if the cyberspies were effective, Air Marshal Stringer replied, "No, I was quite confident, that there hadn't been any other breaches beyond the Defence Academy." 

Despite the fact that no important information is believed to have been stolen, teaching was disrupted when courses were shifted online owing to the pandemic. “It doesn’t look like a violent attack, but there were costs. There were costs to operational output. There were opportunity costs in what our staff could have been doing when they were having to repair this damage,” Stringer said. “What could we be spending the money on that we’ve had to bring forward to rebuild the network? There are no bodies in the streets, but there’s still been some damage done.” 

The MOD's digital branch launched an inquiry into the cyber-attack, but no findings - such as who was behind it - have been made public. The incident was also reported to the National Cyber Security Centre, a part of GCHQ. 

That rebuilding looks to be ongoing, with a note on the present Defence Academy website stating: “new website coming soon … please bear with us while we continue to update our site … check back soon for updates.” 

Serco, an outsourcing contractor, is purportedly in charge of the academy's IT systems, including website maintenance. While China, Russia, and other adversaries would surely have been motivated to undertake an attack, Stringer stopped short of attributing it to state-sponsored operatives.
Read more »
Vestas
Cyber Attacks Data Compromise IT system Security Vestas

Vestas Shuts IT Systems in Response to Cyber Security Incident

 

Vestas Wind Systems, a global leader in wind turbine manufacture, has shut down its IT systems after a cyberattack. 

Vestas is a prominent North American wind turbine producer, installer, and service provider, with 40,000 MW installed and 36,000+ MW in under service in the United States and Canada. 

The company stated that on Friday, November 19th, they were attacked, compelling them to shut down IT systems across numerous business divisions and locations in order to prevent the attack from spreading. Customers, staff, and other stakeholders may be impacted as a result of the interruption, and some Vestas facilities have been compelled to reduce output. 

Vestas stated it's still trying to restore the integrity of its IT systems in a blog post published on the company's website, but it doesn't have a timeline for doing so. Vestas also admitted that some data had been breached, implying that the hackers had been able to steal data from the hacked systems. 

Vesta disclosed in a new statement, "The company's preliminary findings indicate that the incident has impacted parts of Vestas' internal IT infrastructure and that data has been compromised. At this stage, the work and investigation are still ongoing." 

The corporation also stated that the impact on manufacturing, construction, and service has been limited. While Vestas hasn't specified what kind of hack they were hit with, the description seems like a ransomware attack. 

The firm has been contacted by BleepingComputer for further information regarding the event and whether the hackers are seeking a ransom, but they are yet to get a response. 

Rising attacks on critical infrastructure 

Vestas employs 25,000 people and has production sites in 16 countries, with a revenue of over a billion USD each year. As countries accelerate the adoption of pollution-reduction policies and roll out renewable energy investment programs, Vestas has a crucial role in fulfilling such services. 

As a result, interrupting the manufacturing, installation, and maintenance processes might have a severe impact on regions that rely on wind turbines for power. Vestas was already dealing with supply chain challenges and rising material prices, so this cyberattack comes at an especially inconvenient moment. 

As ransomware gangs ramp up their operations in search of higher payments, critical infrastructure has become increasingly vulnerable to cyberattacks. Ireland's Health Service Executive, meat manufacturer JBS, and US gasoline pipeline Colonial Pipeline have all been targets of previous attacks on key infrastructure.
Read more »
Tech Companies
BlackMatter Cyber Attacks IT system Medical Sector Ransom Notes Ransomware Tech Companies

Olympus Suffers Second Cyberattack in 2021

 

Olympus, a Japanese tech giant, disclosed that it was hit by a cyberattack that forced it to take down its IT systems in the United States, Canada, and Latin America. 

Olympus is a company founded in 1919 being a technology leader in the medical sector that develops cutting-edge opto-digital products, life science, and consumer electronics products. On October 12, Olympus announced on its website that it is investigating a potential cybersecurity incident discovered on October 10 and currently working with the utmost priority to fix this issue.  

The company stated, "Upon detection of suspicious activity, we immediately mobilized a specialized response team including forensics experts, and we are currently working with the highest priority to resolve this issue." 

"As part of the investigation and containment, we have suspended affected systems and have informed the relevant external partners. The current results of our investigation indicate the incident was contained to the Americas with no known impact to other regions." 

The firm did not state whether or not the customer or corporate data was obtained or stolen as a result of the "potential cybersecurity incident," but added that it would share updated information on the assault as soon as it becomes available. 

Olympus added, "We are working with appropriate third parties on this situation and will continue to take all necessary measures to serve our customers and business partners in a secure way. Protecting our customers and partners and maintaining their trust in us is our highest priority." 

According to an Olympus spokesman, the firm discovered no indication of data loss during an ongoing investigation into this occurrence. 

This incident comes after the ransomware assault on Olympus' EMEA (Europe, Middle East, and Africa) IT infrastructure in early September. Although Olympus did not disclose the identities of the attackers, ransom notes discovered on damaged computers showed that BlackMatter ransomware operators orchestrated the attack. 

The identical ransom notes directed victims to a Tor website previously used by the BlackMatter group to connect with its victims. Although Olympus did not provide many specifics about the nature of the attack that impacted its Americas IT systems, ransomware groups are notorious for carrying out their operations on weekends and holidays in order to minimize detection. 

In an August joint alert, the FBI and CISA stated that they had "observed an increase in highly impactful ransomware attacks occurring on holidays and weekends—when offices are normally closed—in the United States, as recently as the Fourth of July holiday in 2021."
Read more »
USA
Cyber Attacks Healthcare IT system OSF Healthcare Outage USA

Cyber Attacker had Prior Access to the IT Systems of OSF Healthcare Before Outage

 

The Journal Star reported that OSF HealthCare's computer systems were back up on April 25 following a two-day outage that forced the Peoria, Ill.-based health institution to implement downtime processes and policies. The outage occurred around 3:45 a.m. on April 23, as per the report. 

OSF HealthCare, based in Peoria, Ill.- started informing patients on October 1 that their personal health information had been exposed for more than six weeks as a result of a cyberattack on its IT systems earlier this year. At numerous OSF HealthCare hospitals and sites, the computer systems included patient information and records.

OSF HealthCare is a non-profit Catholic healthcare organization based in Illinois and Michigan that administers a medical group, hospital system, and other healthcare facilities. OSF HealthCare is owned and run by the Sisters of the Third Order of St. Francis and is headquartered in Peoria, Illinois. 

"During the outage, downtime procedures and protocols were closely followed, which included rescheduling some appointments and procedures," an OSF HealthCare spokesperson informed. "Patient safety is at the forefront of everything we do, and any decision to delay an appointment or procedure was made with safety in mind." 

OSF HealthCare announced on its website on Oct. 1 that the outage was caused by a data security problem. After conducting an investigation, the health system learned that an unauthorized entity obtained access to its networks from March 7 to April 23. The hacker gained access to various files relating to OSF Little Company of Mary and OSF Saint Paul patients. 

The compromised data include personally identifiable information, name, birthdates, Social Security numbers, treatment information, medication information, and health insurance information. As per the warning, financial information from a "smaller subset of patients" was also compromised. 

Patients whose Social Security numbers or driver's license information were disclosed will receive free credit and identity monitoring services from the health system. OSF HealthCare further stated that new precautions and technical security procedures have been adopted to safeguard its network infrastructure. 

OSF HealthCare operates 14 hospitals and a variety of other institutions throughout Illinois and Michigan. All institutions and facilities continued to operate and also admitted new patients during the April outage.
Read more »
Singapore
Cyber Attacks Exposed Patient Records IT system MOH Ransomware attack Singapore

73,500 Patients Data was Compromised in a Ransomware Attack on a Singapore Eye Clinic

 

The personal data and clinical information of roughly 73,500 patients of a private eye clinic were hit by a ransomware attack earlier this month, the third such occurrence in a month. Names, addresses, identity card numbers, contact information, and clinical information such as patients' clinical notes and eye scans were among the data, according to Eye & Retina Surgeons (ERS) on Wednesday. 

The clinic, however, stated that no ransom has been paid and that no credit card or bank account information has been obtained or compromised. The compromised IT systems at the clinic are not connected to the ministry's IT systems, such as the National Electronic Health Record, and there have been no similar cyber-attacks on MOH's IT systems, according to the Ministry of Health. 

The ministry also requested ERS to look into the issue, conduct a thorough evaluation of its systems, and collaborate with the Cyber Security Agency (CSA) to "take prompt mitigation efforts to enhance its cyber defences."

"Following this incident, MOH will be reminding all its licensed healthcare institutions to remain vigilant, strengthen their cybersecurity posture, and ensure the security and integrity of their IT assets, systems, and patient data. It is only through the disciplined maintenance of a safe and secure data and IT system that healthcare professionals will be able to deliver accurate and appropriate care, and uphold patient safety," the MOH said. 

The clinic's IT system has recently been restored "securely," with IT experts performing "thorough" system checks, reformatting servers, and running anti-virus scans on all computer terminals. The ERS stated that it had taken steps to avoid the situation from happening again. It is currently telling patients about the cyber-attack. 

Following the ERS ransomware incident, identical problems occurred at insurer Tokio Marine Insurance Singapore and IT firm Pine Labs. According to a recent study from Singapore's Cyber Security Agency (CSA), there were 89 ransomware cases reported to the agency last year, up from 35 cases in 2019. The assaults mostly targeted small and medium-sized businesses in the manufacturing, retail, and healthcare sectors. 

To encourage all licensed healthcare providers to set up and continually assess their security protections, impose new measures, and apply best practices to secure their IT systems and endpoints, the MOH issued the Healthcare Cybersecurity Essentials guidelines in August.
Read more »
Ransomware
Canada Cyber Attacks IT system Montreal Network Security Ransomware

Following a Ransomware Cyberattack, D-BOX Stated it is Gradually Restarting Operations

 

After a ransomware cyberattack on its internal information-technology systems, D-BOX Technologies Inc. says it is progressively resuming operations, with restoration work likely to be completed in the coming weeks. Production was never entirely disrupted by the cyberattack, according to the Montreal-based entertainment company, and rehabilitation of its different internal IT systems has begun. 

D-BOX creates and redefines realistic, immersive entertainment experiences by using elements such as motion, vibration, and texture to move the body and stimulate the imagination. D-BOX has partnered with some of the world's most innovative firms to provide new ways to improve amazing stories. 

The company has postponed the release of its interim financial statements and analysis for the three months ending June 30. The incident had a limited impact on internal systems, and services to studios and theatre operators were unaffected, according to the statement. The company expects a 40% increase in revenue in the first quarter, reaching roughly 3.1 million Canadian dollars ($2.5 million). It stated that its management was attempting to file the financial report as quickly as possible, but that a delay of two to four weeks was probable. 

Analysis suggests that the systems of its clients were neither hacked nor impacted during the cyberattack, according to a report by an external firm specializing in cyber incidents. As a result of the incident, D-BOX does not expect any security patches to its services or software updates to be necessary for its partners. In addition, as a precaution, the company has provided all of its employees and directors a 12-month subscription to Equifax's identity theft and fraud protection service. 

“Security is a top priority and D-BOX is committed to continuing to take all appropriate measures to ensure the highest integrity of all our systems,” said Sebastien Mailhot, President, and CEO of D-BOX. “I’m proud of the efforts of our IT team and external advisors, as they mitigated the attack and accomplished an enormous amount of work in order to resume activities. D-BOX is committed to continuing to communicate directly with all of its clients and partners, whom we thank for their patience as we resolve this situation. The Corporation believes that the financial impact of this cyberattack on the results should be negligible.”
Read more »
USA
Australia cyber attack IT networks hacked IT system JBS USA

World’s Biggest Meat Supplier JBS Suffered a Cyber Attack

 

An advanced cyber attack was carried out at the largest meat processing enterprise in the world. 

JBS, the largest beef supplier in the world, stated that its systems returned online late on Tuesday, following a severe cyberattack that took down certain activities of the USA and Australia. 

The attack damaged servers in North America and Australia that were supporting their IT systems, the corporation said in a press release. 

"The company is not aware of any evidence at this time that any customer, supplier, or employee data has been compromised or misused as a result of the situation," JBS said. "Resolution of the incident will take time, which may delay certain transactions with customers and suppliers." 

JBS USA, the food giant, is part of JBS Foods. According to its website, it operates in 15 countries and has clients in around 100 nations. Pilgrim's, Great Southern, and Aberdeen Black are among its brands. JBS said that it is working with an incident response company to restore its systems as quickly as possible. 

During a press conference on Tuesday, the White House acknowledged the attack. Principal Deputy Secretary of Press, Karine Jean-Pierre, briefed reporters that JBS has been a victim of a ransomware attack "from a criminal organization likely based in Russia." The FBI investigates the attack, the White House confirms. 

President Biden has also instructed his government, to assess the impact on the supplies of beef in the country that may be mitigated, alongside the United States Dollars. 

According to Union officials, JBS stopped slaughtering cattle in every U.S. plant on Tuesday. The incident on Monday brought Australian activities to a halt. JBS controls approximately 20% of the US livestock slaughter capability with North American operations based in Greeley, Colorado. 

Australia's Agriculture, Drought, and Emergency Management Minister David Littleproud tweeted regarding the JBS cyber-attack on Tuesday, stating that the company works tightly with law enforcement authorities and in Australia and abroad, to get operational activities back and forth and "to bring those responsible to account." 

The attack happened a few weeks after a cyberattack that prompted a six-day shutdown from one of the largest gas pipelines in the United States: Colonial Pipeline. Since then, the pipeline has returned to normal working. 

"If the Colonial Pipeline cyberattack didn't impact enough consumers to spur response by the international community, the JBS meat supplier incident likely will," Meg King, the director of the science and technology innovation program at The Wilson Center, told CNN Business. "Now is the time for a global agreement to break the business model of ransomware," she added. 

However, "The White House is engaging directly with the Russian government on this matter and delivering the message that responsible states do not harbor ransomware criminals," Jean-Pierre said. 

In the past, the US government has suggested that firms do not compensate offenders for ransomware attacks if they encourage such hacking in the future.
Read more »
User Security
cyber attack IT system User Data User Privacy User Security

Top Dairy Group Lactalis Suffers Cyberattack, Company Confirms No Data Breach

Lactalis, the world's one of the best dairy groups disclosed that it was recently hit by cyberattacks after hackers breached its company's systems. Short for Lactalis group, the company has around 85,000 employees working throughout 81 countries, with dairy exports to more than 100 countries across the globe. 

Lactalis group also owns few top global brands which include Galbani, Lactel, Parmalat, Santal, and Président.  In a press release issued last Friday, the company said that merely a few computers in the network were affected in the attack. Lactalis had identified malicious access in its computer network, upon finding the intrusion, the company immediately contained the attack and informed the investigative agencies later. 

Further investigations revealed that a third party tried breaking into the company networks.  Luckily, there was no data breach, says Lactalis after an ongoing investigation that confirmed the incident. The press release reads, "The Lactalis Group has detected an intrusion on part of its computer network. We immediately took steps to contain this attack and have notified the competent authorities. The results of our investigations establish that a malicious third party is seeking to break into our servers.  For the sake of transparency, we are making public this information. Our IT teams are fully mobilized and supported by experts recognized in cybersecurity. Our investigation with them revealed no data breach at this point." 

The company has currently taken down its IT systems across all the company websites that were affected by the attack. The company further adds, "Lactalis teams are working to protect the interests of our customers, our partners, and our employees. This is why we have restricted, at our initiative to as a preventive measure, our access to the public internet network." As of now, Lactalis says that it didn't suffer any data breach during the attack, however, in most cases, threat actors usually steal personal information and data when spreading throughout a breached network. Attacks like these often lead to extortion and threat actors may expose information on data leak sites if the party fails to pay the ransom.
Read more »
Parliament
Cyber Attacks Finland Hackers IT system Parliament

Finland MP’s Faces Dire Cyber Intrusion

 

The parliament of Finland verified on Monday that some hackers had procured entry into the internal IT system of Finland and have also retrieved some personal as well as confidential information by accessing into the email accounts of some of the Member of the Parliament (MPs).

In a statement the government officials confirmed that the incident took place in the autumn season of 2020 and was turned up in the month of December by the IT staff of the Parliament after they felt that something suspicious is happening. This occurrence is being investigated under the examination of the Finnish Central Criminal Police (KRP) .

Although the Crime Commissioner Tero Muurman in an official statement said that “The act is not accidental”, on the other hand the police in investigation are not unveiling any detail about the case. Instead they quoted that they are investigating the security breach as a “suspected gross hacking and espionage” incident. Though after flicking through all the recorded statement one thing is clear that the intrusion did no harm to the internal IT System of the Parliament.

 “At this stage , one alternative is that unknown factors have been able to obtain Information through the hacking, either for the benefit of a foreign state or to harm Finland” , Muurman further added. The larceny of the hackers has affected a lot of individuals of the country though obviously the number is unsure. 

The thing that requires the maximal gravity here is that, during the same time, in the fall, some Russian hackers have also accessed the emails of various Parliamentary personnel and representative of Norway to acquire some information. Both the hacks were quite indistinguishable in nature and can be thought to be linked as well. 

The officials in command stated, “This case is exceptional in Finland serious due to the quality of the target and unfortunate for the victims”. Proffering a sense of placidity to the victims the KRP Tero Muurman also made a statement claiming that “International cooperation has taken place in the investigation” and the drudges would be behind the bars for the felony. 
Read more »
Subscribe to: Posts (Atom)