The Week in Breach News: 03/12/25 – 03/18/25
This week: Bad actors hit with the purported first artificial intelligence (AI) created ransomware strain; the Cleo vulnerability impacts over 60 schools; a ransomware attack leaves a Canadian chocolatier with a bitter taste; and protecting your human firewall.
Read this week’s new featured blog: The Human Firewall: Strengthening Your Organization’s Most Vulnerable Gateway
National Presto Industries
https://therecord.media/presto-home-appliances-manufacturer-cyberattack
Exploit: Hacking
Industry: Manufacturing
National Presto Industries, the maker of Presto brand home appliances, is currently experiencing a system outage caused by a cybersecurity incident that began in March 2025. The incident has temporarily disrupted the company’s operations, affecting shipping and receiving, some manufacturing processes and back-office functions. Many of these systems are in the process of being restored. To maintain critical functions during this period, the company has implemented temporary measures. National Presto Industries operates across three business segments: home appliance products, including pressure cookers, waffle makers and air fryers; subsidiaries that contract with the U.S. military; and a safety department that produces carbon monoxide detectors, fire alarms and fire extinguishers. The company did not disclose which arm was impacted.
How It Could Affect Your Customers’ Business: Having a robust business continuity plan is the key to minimizing downtime and reigning in the cost of an incident.
Kaseya to the Rescue: Explore the biggest challenges professionals contended with in 2024 and the impact of AI on cybersecurity in the Kaseya Cybersecurity Survey 2024. GET THE REPORT>>
Carruth Compliance Consulting
https://therecord.media/thousands-of-public-school-workers-impacted-data-breach
Exploit: Hacking
Industry: Business Services
A cyberattack on Carruth Compliance Consulting has resulted in data exposure for thousands of teachers and administrators. The cybercriminal group Skira Team claimed responsibility, stating it stole data from 36 public schools. The Oregon-based provider of third-party administrative services to public school districts and non-profit organizations for their 403(b) and 457(b) retirement savings plans said it detected suspicious activity on December 21 and later confirmed that hackers accessed its systems between December 19 and December 26. Stolen data includes names, Social Security numbers, financial account details, and in some cases, driver’s licenses, W-2 forms, medical records and tax filings. Beneficiaries’ information may also be affected.
How It Could Affect Your Customers’ Business: The breach went undetected for several days, allowing attackers to steal extensive data. Rapid threat detection is a must for minimizing damage.
Kaseya to the Rescue: Learn how to secure your systems and data from threats like this in The Comprehensive Guide to Third-Party and Supply Chain Risk. DOWNLOAD IT>>
Bank of America
https://finance.yahoo.com/news/bank-america-alerts-customers-data-180043994.html
Exploit: Third Party
Industry: Finance
Bank of America has alerted a group of customers about a potential data breach that may have exposed sensitive information, including personal details and Social Security numbers. The breach, which occurred on December 30, was caused by improper handling of confidential documents by a third-party document destruction service provider. While the exact number of affected accounts has not been disclosed, the exposed information could include names, financial account details, addresses, phone numbers, email addresses, dates of birth, Social Security numbers and other unique government ID data. To mitigate the impact, Bank of America is offering affected customers a complimentary two-year membership to an identity theft protection service.
How It Could Affect Your Customers’ Business: Companies must ensure that their vendors have strong security in place and audit the relationship regularly.
Kaseya to the Rescue: Maximize your security on a lean budget with the insights you’ll find in our infographic 5 Ways to Squeeze More From a Tight Security Budget. DOWNLOAD IT>>
Sunflower Medical Group
https://www.hipaajournal.com/cyberattack-on-sunflower-medical-group-affects-221000-patients
Exploit: Ransomware
Industry: Healthcare
Sunflower Medical Group, a private multi-specialty medical group with care centers in Kansas City, Lenexa and Roeland Park, Kansas, has suffered a data breach impacting the personal and protected health information of 220,968 individuals. Suspicious activity was detected within its network on January 7, 2025, prompting a third-party forensic investigation. The investigation confirmed that an unauthorized actor had access to the network from December 15, 2024, to January 7, 2025, during which files, including patient data, were exfiltrated. The compromised data includes names, addresses, dates of birth, Social Security numbers, driver’s license numbers, medical information and health insurance details. The Rhysida ransomware gang has claimed responsibility for the breach, listing it on its dark web breach site. According to the listing, the attackers exfiltrated a 3-terabyte SQL database, which allegedly contains the data of approximately 400,000 individuals.
How It Could Affect Your Customers’ Business: The attack underscores the ongoing targeting of healthcare organizations by ransomware gangs due to the high value of patient data.
Kaseya to the Rescue: Our 10 Tips for Successful Employee Security Awareness Training infographic can help you maximize the effectiveness of your security awareness training efforts. DOWNLOAD IT>>
Uncover today’s worst phishing threats and see smart strategies to keep businesses out of trouble. GET EBOOK>>
Ganong Bros.
https://www.country94.ca/2025/03/14/ganong-in-st-stephen-hit-by-ransomware-cyber-attack/#
Exploit: Ransomware
Industry: Manufacturing
Operations at Canadian chocolatier Ganong Bros. in St. Stephen, New Brunswick, were soured by a ransomware attack. The Play ransomware group has claimed responsibility. The attack was discovered on Feb. 22, 2025. Ganong Bros. stated that it immediately took countermeasures to protect its network and data, including engaging third-party cybersecurity experts and external legal counsel to assist with containment, remediation and a forensic investigation. But chocolate lovers don’t need to worry. Operations have since been restored to normal.
How it Could Affect Your Customers’ Business: While ransomware can cripple production, effective backup and recovery strategies can help businesses restore operations quickly.
Kaseya to the Rescue: Learn how to protect the most vulnerable gateway to your organization with a three-pronged approach to effective cybersecurity. DOWNLOAD INFOGRAPHIC>>
Are you feeling overwhelmed by IT tasks? Let us show you how to reduce your security workload! GET TIPS>>
France – Sorbonne Université
https://cybernews.com/news/sorbonne-university-paris-claim-funksec-ai-ransomware-attack
Exploit: Ransomware
Industry: Education
The Funksec ransomware group, known for deploying what some insiders claim is the first GenAI-created ransomware strain, has claimed a high-profile target: Sorbonne University in Paris. On Friday, Funksec posted the prestigious university on its dark leak site, alleging that it exfiltrated 20GB of files from the university’s servers. The group has given university officials roughly 12 days to meet an undisclosed ransom demand, threatening to release the data, which reportedly includes plans, reports and credentials. Since its public debut in November 2024, Funksec has made waves for being among the first to use generative AI to create ransomware variants.
How it Could Affect Your Customers’ Business: AI-enhanced cyberattacks will make it easy for bad actors to conduct sophisticated attacks at scale more frequently than ever before.
Kaseya to the Rescue: Learn how a subscription to Kaseya 365 User helps you reduce costs, streamline security management and protect users and data across SaaS applications. LEARN MORE>>
Learn how to minimize phishing risk with AI & automation in The Anti-phishing Email Security Buyer’s Guide GET IT>>
Micronesia – Department of Health Services
https://therecord.media/ransomware-attack-micronesia-health-system
Exploit: Ransomware
Industry: Government
The Department of Health Services for the state of Yap has warned its 12,000 residents of a ransomware attack that targeted its systems on March 11, 2025. The attack forced the department to take its entire network offline, resulting in a loss of internet connectivity and the shutdown of all computers to prevent further damage. The department is working with private IT contractors and other government agencies to restore services, assess the scope of the breach and determine what data may have been compromised. As a result of the attack, email communication through health servers and all digital health systems have been shut down, although patients can still receive treatment. This incident comes just two weeks after the health ministry of Palau, a neighboring region in Micronesia, also fell victim to a ransomware attack. Micronesia, with a population of over 100,000 people across the states of Yap, Chuuk Pohnpei and Kosrae, is home to more than 600 islands.
How it Could Affect Your Customers’ Business: The era of AI-enhanced cyberattacks is here, which means that every business needs to ensure that it has closed all of its security gaps.
Kaseya to the Rescue: Identify the must-have features in a user protection solution and explore how to build a robust user protection strategy in our Modern User Protection Buyer’s Guide. GET IT>>
Take a deep dive into why an AI-powered anti-phishing solution is a smart financial choice. GET EBOOK>>
Read this week’s featured blog: The Human Firewall: Strengthening Your Organization’s Most Vulnerable Gateway
In a digital world where productivity takes priority, many employees overlook the importance of cybersecurity, creating significant risks. Our latest blog explores how this mindset contributes to vulnerabilities and what IT professionals can do to address the gap in security responsibility. READ MORE>>
Learn how to identify and mitigate malicious and accidental insider threats before there’s trouble! GET EBOOK>>
Kaseya 365 User Product Innovation Update
March 20, 2025 | 11:00 AM & 7:00 PM ET
Join us for an exclusive live webinar on the latest Kaseya 365 User innovations, including exciting updates for BullPhish ID, Graphus, Dark Web ID, SaaS Alerts, Spanning and Datto SaaS Protection. See how our new features and automations will enhance phishing defense, simplify security and improve backup and recovery.
Attend this live webinar to:
- Learn how to better protect your organization from evolving cyberthreats.
- Be among the first to see our solutions’ newest features and functions.
- Get a look at what’s ahead on our roadmap.
- Connect with Kaseya User Protection experts.
Get to know the players, commodities and places that are shaping today’s dark web. DOWNLOAD EBOOK>>
Explore the Kaseya 365 User Business Case: Redefining User Protection for the Modern Workforce eBook
Protecting your users is key to preventing cyber and data security trouble. Our comprehensive eBook delves into how Kaseya 365 User helps businesses:
- Prevent, respond to and recover from user-based threats seamlessly.
- Reduce costs while simplifying security management and bolstering compliance.
- Implement innovative protection for users and data across SaaS applications like Microsoft 365 and Google Workspace.
Download the eBook today to learn how Kaseya 365 User provides robust protection beyond the endpoint, all without stretching your budget. DOWNLOAD THE EBOOK>>
Learn how to spot today’s most dangerous cyberattack & get defensive tips in Phishing 101 GET EBOOK>>
TODAY! Master the Tech: Protect & Secure Users with Kaseya 365
March 19, 2025 | 2:00 PM ET
Join us for Master the Tech: Kaseya 365 User and take a deep dive into how Kaseya’s 365 User applications, including Dark Web ID, BullPhish ID, Graphus, SaaS Protect and SaaS Alerts, work together to safeguard users from cyber threats. Learn how identity protection, phishing prevention, data backup and real-time threat detection can strengthen your security strategy and empower your users. Don’t miss this opportunity to enhance your cybersecurity knowledge and optimize Kaseya 365 User’s full potential.
March 20: Kaseya 365 User Product Innovation Update REGISTER NOW>>
March 25: The 2025 Outlook for AI at Kaseya: Game-Changing Features and Trends Overview REGISTER NOW>>
March 25: Turning PenTesting into Profit: Sales, Pricing Models & Service Packaging Explained REGISTER NOW>>
April 1: Kaseya + Datto Connect Local: Fort Lauderdale REGISTER NOW>>
April 10: Kaseya + Datto Connect Local: Columbus, Ohio REGISTER NOW>>
April 28 – May 1: Kaseya Connect Global REGISTER NOW>>
June 17 – 19: Kaseya DattoCon Europe REGISTER NOW>>
October 6 – 8: Kaseya DattoCon REGISTER NOW>>
October 28 – 30: Kaseya DattoCon Asia-Pacific REGISTER NOW>>
Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.
Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!
Read our case studies and see how MSPs and businesses have benefited from using our solutions. READ NOW>