In March 2022, there were 88 publicly disclosed cyber security incidents that accounted for 3,987,593 breached records. This means in the first quarter of 2022 the total number of breached records is 75,099,482. Many of March’s cyber security incidents occurred internationally, with only a handful of breaches in the UK.

Russian government sites hacked

Officials in Russia have shared that some Russian federal agency websites were compromised in a supply chain attack on the 8 March 2022, after unknown attackers hacked the stats widget used by multiple government agencies to track the number of visitors. Affected websites included the Federal State Statistics Service, the Federal Penitentiary Service, the Federal Bailiff Service, the Federal Antimonopoly Service, the Culture Ministry, and other Russian state agencies. The incident was exposed after attackers published their own content and blocked access to the websites. Websites were back up and running after a few hours.

These attacks are just some of the many happening during the ongoing conflict between Ukraine and Russia. In the last month, the Russian government shared a list of more than 17,000 IP addresses allegedly used in DDoS attacks against Russian networks. The Federal Security Service’s National Coordination Center for Computer Incidents (NKTsKI) has warned Russian and Ukrainian companies to take measures to counter threats to their information security and shared guidance to defend against such attacks. The Ukrainian Vice Prime Minister Mykhailo Fedorov announced the creation of an “IT army” to support the country’s “fight on the cyber front” in this “massive wave of hybrid warfare.”

As the conflict continues, many international cyber forces are warning of the cyber risk to businesses, and are recommending proactive steps to reduce the risk. Our Director Claire Maddox has shared her tips over on LinkedIn, helping you meet best practice and select tools which can do some of the work on your behalf. 

Personal data of thousands of New York students exposed

A very popular online grading and attendance system was hacked in January, but the breach was only revealed this month. The breach is now reported as the largest exposure of students’ personal data in America. Cyber criminals hacked into the IT systems Illuminate Education and gained access to a database containing the personal data of around 820,000 current and former New York City public school students, dating back to 2016. Data compromised in the incident included students’ names, birth dates, ethnicities, home language and student ID numbers. It was also disclosed that the hackers had exfiltrated class and teacher schedules, and data regarding which students received free lunches or special education services.

Education officials in America are now questioning Illuminate and accusing them of misrepresenting the safeguards it had in place concerning student data, and of failing to encrypt its IO Classroom, Skedula and Pupilpath platforms. Illuminate said it had not found any evidence of fraudulent or illegal activity related to the hacking incident. The New York state police are now working with Illuminate and education officials to resolve the ongoing issues.

Microsoft employee hacked by Lapsus$ extortion group

Microsoft has confirmed that one of their employees was compromised by the Lapsus$ hacking group, allowing the threat actors to access and steal portions of their source code. On the 21 March the Lapsus$ gang released 37GB of source code, stolen from Microsoft’s Azure DevOps server. The source code is for various internal Microsoft projects, including for Bing, Cortana, and Bing Maps. No customer data was stolen, but Microsoft is investigating how it happened.

Cyber-attack shuts down Scottish Association for Mental Health

On the 18 March it was announced that the Scottish Association for Mental Health (SAMH) was dealing with a cyber-attack that was affecting workers’ ability to receive and respond to emails across both their national and local service locations, and all national phone numbers went down too. Billy Watson the chief executive of SAMH explained “We are devastated by this attack. It is difficult to understand why anyone would deliberately try to disrupt the work of an organisation that is relied on by people at their most vulnerable.” They are now working closely with various agencies including Police Scotland.

Hundreds of organisations potentially hit by Okta hack

Hundreds of organisations that rely on Okta to provide access to their networks may have been affected by a cyber-attack on the company. Okta said the “worst case” was 366 of its clients had been affected and their “data may have been viewed or acted upon”. Its shares fell 9%. The attack has affected several different types of companies, including larger ones such as FedEx, to much smaller businesses like Thanet District Council in Kent. It is now believed that Cyber-gang Lapsus$ is behind the hack. The cyber-gang is known for extortion, threatening the release of sensitive information, if demands by its victims are not made. Lapsus$ has been named responsible for many of the cyber attacks in March.

UK ferry operator has data breached

Wightlink, a UK ferry operator was hit by a “highly sophisticated” cyber-attack in February, but have only announced it now. The attack compromised personal data belonging to several customers and staff, impacting back-office IT systems, but not its ferry services, booking system, or website, and only personal data from a few ferry trips. The police and the UK’s Information Commissioner’s Office (ICO) has been notified and the customers whose personal data was stolen have been told and been asked to keep an eye out if anything suspicious happens with their personal data.

Children’s details sent out in data breach

Personal data identifying children on the Isle of Wight was shared by the council via an email on the 22 March. The Isle of Wight Council email included an attachment with personal details of 90 families on the island. The data was breached due to a computer system error. The council has apologised, and the Information Commissioners’ Office (ICO) has been informed of the data breach. In a statement they stated, “The email was recalled 20 minutes after sending and a follow up email was also sent to recipients asking them to delete the original email without opening it.”

Nespresso data leak in South Africa

At the beginning of March, South African Nespresso distributor Top Coffee had to send a notice to their customers informing them that their names, phone numbers, and email addresses were leaked. However, it is believed no financial information was exposed. The data is said to have been leaked through a third-party supplier. The issue was immediately fixed, and the data collected from then on has been fully protected, however there have been some lasting effects, with some very unhappy customers who were eventually individually hacked thanks to data leaked during this breach. Nespresso are still talking to customers and are investigating how this incident even occurred in the first place.

Molson Coors discloses cyber attack

On the 11 March, brewing giant Molson Coors experienced a cyber security incident that disrupted operations and beer production. The company has not provided additional details of the cyberattack, but some security experts are calling the incident a ransomware attack. This is the fourth ransomware attack in the beverage industry in the past five months. Ransomware remains a global cybersecurity threat and is the one cybercrime that has a high direct return of investment associated with it, by holding the victims’ ransom for financial payment. Molson Coors has now brought in an outside forensic IT firm to investigate the breach and to make sure something like this does not happen again.

Big French health insurance company hit by data leak

On 17 March it was disclosed that 19 healthcare employees from a big French healthcare insurance company were hacked, which then caused the details of at least 510,000 people to be stolen. Data stolen from affected members of the public included names, surnames, date of birth, social security numbers, GP details, and levels of reimbursement. However, no contact details (such as telephone numbers or addresses) were stolen, nor was any bank details or medical information on health conditions. The company is now informing those concerned by email or letter and are requesting that those affected look out for any potential scams, as the hackers do have some personal information, therefore can target people with seemingly legitimate messages or demands.