The Week in Breach News: 04/02/25 – 04/08/25
This week: Baltimore, MD, takes a $1.5 million business email compromise hit; hackers steal data from Australian pension payment funds; newly translated password security courses are here; and how to build a cyber-aware workforce.
Read this week’s new featured blog: Building a Cyber-Aware Workforce: Best Practices for Employee Training
Lower Sioux Indian Community
https://www.darkreading.com/cyberattacks-data-breaches/minnesota-tribe-operations-ransomware-attack
Exploit: Ransomware
Industry: Government
The Lower Sioux Indian Community in Minnesota reported a ransomware attack that disrupted operations across its healthcare facility, government center, hotel and Jackpot Junction casino. In response, the tribe activated incident response protocols, took systems offline and is working with third-party experts to investigate. The Lower Sioux Health Care Center established alternate communication for medical needs, while the Lower Sioux Government Center confirmed the ransomware nature of the attack. Guest services remain limited, and government offices closed early due to the incident. At the casino, slot machines, kiosks, hotel systems and dining services remain offline, with events and rewards programs canceled. The RansomHub cybercriminal group has claimed responsibility for the attack.
How It Could Affect Your Customers’ Business: This attack disrupted multiple tribal functions, including healthcare and government, highlighting the need for comprehensive cybersecurity across all systems.
Kaseya to the Rescue: Explore the biggest challenges professionals contended with in 2024 and the impact of AI on cybersecurity in the Kaseya Cybersecurity Survey 2024. GET THE REPORT>>
Central Texas Pediatric Orthopedics
Exploit: Hacking
Industry: Healthcare
Central Texas Pediatric Orthopedics (CTPO) has notified regulators that it suffered a data breach in March 2025. In this incident, the Qilin ransomware group accessed and exfiltrated sensitive personal and health information. CTPO launched an investigation with third-party experts and is still assessing the full impact. Compromised data may include names, government-issued IDs, medical and health insurance information, and dates of birth. A public breach notice was filed with the Texas Attorney General’s Office on March 6. Compensation may be available for affected individuals.
How It Could Affect Your Customers’ Business: Beyond system disruption, attackers will steal data to pressure victims, raising both security and compliance risks.
Kaseya to the Rescue: Maximize your security on a lean budget with the insights you’ll find in our infographic 5 Ways to Squeeze More From a Tight Security Budget. DOWNLOAD IT>>
Laborers’ International Union of North America Local 1184
https://www.jdsupra.com/legalnews/liuna-announces-data-breach-following-9031973
Exploit: Hacking
Industry: Non-profit
Laborers’ International Union of North America (LiUNA) Local 1184 reported a ransomware attack that occurred on November 17, 2024, allowing an unauthorized party to access sensitive data. The breach may have exposed names, Social Security numbers, membership and dispatch records, contact details and more. LiUNA regained control of its systems the following day and launched an investigation to determine the scope. Affected individuals, including current and former members, represented individuals and employees, are being notified directly.
How It Could Affect Your Customers’ Business: The breach shows that member-based organizations must treat themselves as high-risk targets due to the volume of sensitive data they manage.
Kaseya to the Rescue: Get tips to strengthen a company’s defenses and bolster its cyber resilience with our Building a Cyber-Resilient Business checklist. GET THE CHECKLIST>>
State Bar of Texas
Exploit: Ransomware
Industry: Non-Profit
The State Bar of Texas began notifying individuals this week about a data breach resulting from a February ransomware attack. The breach occurred between January 28 and February 9, 2024, during which a threat actor stole files containing personal information. Compromised data may include Social Security numbers, driver’s license numbers, financial details, medical information and health insurance records. While over 2,700 individuals are affected, the exact number has not been disclosed. The INC Ransom gang has claimed responsibility for the attack.
How It Could Affect Your Customers’ Business: The breach lasted nearly two weeks before detection, illustrating how prolonged unauthorized access can significantly worsen the impact of a cyberattack.
Kaseya to the Rescue: Learn to protect the most valuable gateway to an organization with this infographic that outlines a three-pronged approach to effective cybersecurity. GET IT>>
Baltimore, Maryland
https://statescoop.com/city-of-baltimore-reportedly-lost-1-5m-in-id-theft-cyberattack/
Exploit: Business Email Compromise
Industry: Government
A March cyberattack led to over $1.5 million in identity theft fraud for the City of Baltimore. The cybercriminal, who had built a rapport with city departments since last fall, used publicly available information to impersonate a vendor’s employee. They fooled a city worker into changing the impersonated vendor’s banking details and successfully cashed a $803,000 check in February. A subsequent attempt to cash a $721,000 check in March was flagged as fraud. The matter remains under investigation.
How it Could Affect Your Customers’ Business: A single employee error enabled this fraud, highlighting the importance of regular training and establishing smart security protocols.
Kaseya to the Rescue: Our 10 Tips for Successful Employee Security Awareness Training infographic can help you maximize the effectiveness of your security awareness training efforts. DOWNLOAD IT>>
Feeling overwhelmed by your task list? Discover four strategies for reducing your workload! GET INFOGRAPHIC>>
U.K. – Royal Mail
Exploit: Third-Party Data Breach
Industry: Government
Royal Mail is investigating a security breach after over 144GB of data, allegedly stolen from its systems via a supplier, Spectos, was leaked. The breach, confirmed by Spectos on March 29, resulted in attackers gaining access to customer data. The threat actor, “GHNA,” released 16,549 files containing Royal Mail customers’ personal information, including names, addresses and delivery details. The leak also included confidential documents, such as Mailchimp lists, delivery datasets, WordPress database files and Zoom recordings. The attackers exploited compromised credentials from a 2021 malware incident involving a Spectos employee. Operations at Royal Mail remain unaffected.
How it Could Affect Your Customers’ Business: This breach originated from a compromised vendor, Spectos, emphasizing the need for regular audits of third-party vendors and their cybersecurity practices.
Kaseya to the Rescue: Identify the must-have features in a user protection solution and explore how to build a robust user protection strategy in our Modern User Protection Buyer’s Guide. GET IT>>
Get to know the players, commodities and places that are shaping today’s dark web. DOWNLOAD EBOOK>>
Australia – AustralianSuper
Exploit: Hacking
Industry: Finance
Several major Australian superannuation funds reported breaches over the weekend, according to the Association of Superannuation Funds of Australia. While the full scope remains unclear, AustralianSuper, Australian Retirement Trust, Rest, Insignia and Hostplus confirmed they were affected. AustralianSuper, managing A$365 billion for 3.5 million members, said up to 600 accounts were accessed using stolen passwords, with four members losing a combined A$500,000. Australian Retirement Trust, with A$300 billion in assets, detected unusual login activity on several hundred accounts but reported no unauthorized transactions. Rest Super, managing A$93 billion, said around 20,000 accounts, or 1% of its 2 million members, were impacted in a separate attack.
How it Could Affect Your Customers’ Business: Proactive monitoring of account activity is critical to identify and respond to potential threats before they escalate.
Kaseya to the Rescue: Discover how Kaseya 365 User delivers comprehensive protection beyond the endpoint without breaking the bank. GET THE EBOOK>>
Take a deep dive into why an AI-powered anti-phishing solution is a smart financial choice. GET EBOOK>>
Read this week’s featured blog: Building a Cyber-Aware Workforce: Best Practices for Employee Training
In a fast moving cyberthreat landscape, the strongest defense isn’t just technology — it’s your team. Learn best practices to help you build a cyber-aware workforce that can act as your organization’s first defense against cyber trouble. READ MORE>>
Learn how to identify and mitigate malicious and accidental insider threats before there’s trouble! GET EBOOK>>
3 Newly translated password security training courses are here
Three newly translated training courses are available now in the BullPhish ID training portal. The new module is called “Choosing Strong MFA Second Factors,” featuring the following courses:
- Escolhendo Os Segundos Fatores Fortes De MFA VO (Portuguese)
- Choisir Des Deuxièmes Facteurs Forts Pour L’AMF VO (French)
- Elegir Segundos Factores De AMF Potentes VO (Spanish)
Learn more in the BullPhish ID Release Notes.
Learn how to spot today’s most dangerous cyberattack & get defensive tips in Phishing 101 GET EBOOK>>
Make the business case for Kaseya 365 User
Protect your business by safeguarding your users with Kaseya 365 User. Our eBook shows how this innovative subscription helps prevent, respond to and recover from user-based threats, while reducing costs, streamlining security and achieving compliance across SaaS apps like Microsoft 365 and Google Workspace. Download now to learn more!
Get expert advice for protecting your organization’s most vulnerable gateway in this infographic. DOWNLOAD IT>>
Get ready for Kaseya Connect 2025
Are you ready to join us for the IT technology event of the year? Kaseya Connect is taking place on April 28 – May 1, 2025, at the beautiful MGM Grand Resort in Las Vegas! Experience hands-on training and certifications, get exclusive insights into Kaseya’s next chapter and network at exciting evening events. Plus, you’ll enjoy this year’s keynote speakers, Pro Football Hall of Famer Peyton Manning and Hot Ones’ Sean Evans.
Arrive early for pre-day events like GlueXperience and the M&A Symposium to enhance your skills in integrations, workflows and business. Plus, dive into Kaseya Security Live, our new pre-day experience focusing on emerging cybersecurity threats. It’s all happening in Vegas!
Don’t miss this incredible opportunity to connect with over 4,000 professionals. Register now for Kaseya Connect 2025!REGISTER NOW>>
April 10: Kaseya + Datto Connect Local: Columbus, Ohio REGISTER NOW>>
April 28 – May 1: Kaseya Connect Global REGISTER NOW>>
May 20: Kaseya + Datto Connect Local: Chicago Symposium REGISTER NOW>>
June 3: Kaseya + Datto Connect Local: New York City Symposium REGISTER NOW>>
June 17 – 19: Kaseya DattoCon Europe REGISTER NOW>>
October 6 – 8: Kaseya DattoCon REGISTER NOW>>
October 28 – 30: Kaseya DattoCon Asia-Pacific REGISTER NOW>>
Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.
Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!
Read our case studies and see how MSPs and businesses have benefited from using our solutions. READ NOW>