Please fill in the form below to subscribe to our blog

The Week in Breach News: 09/20/23 – 09/26/23

September 27, 2023

This week: An employee data breach grounds Air Canada, over one million people have their data exposed by a Virginia government agency, and a look at surging ransomware risk plus tips on mitigating it.

a red fish hook on dark blue semitransparent background superimposed over an image of a caucasian man's hands typing on a laptop in shades of blue gray

Learn how to spot today’s most dangerous cyberattack & get defensive tips in Phishing 101 GET EBOOK>>

Virginia Department of Medical Assistance Services (DMAS)

Exploit: Hacking

Virginia Department of Medical Assistance Services (DMAS): Government Agency 

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.376 = Extreme

Virginia’s Department of Medical Assistance Services (DMAS) has admitted that it has suffered a data breach that impacts 1,229,333 people. DMAS said that one of its servers had been hacked by bad actors, resulting in the exposure of confidential personal data, although DMAS has not specified exactly what data was taken. DMAS also said that it began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.

How It Could Affect Your Customers’ Business: This may be a very expensive disaster for the agency after regulators are finished with it.

Kaseya to the Rescue: Every company needs to be ready for trouble with an incident response plan in place to minimize downtime and speed up recovery. This checklist can help. DOWNLOAD CHECKLIST>>

Lakeland Community College

Exploit: Ransomware

Lakeland Community College: Institution of Higher Learning

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.203 = Moderate

Lakeland Community College in Ohio is notifying 290,000 people of a data breach that may have compromised their personal, financial and health information. The attack occurred between March 7 and March 31, 2023, and the Vice Society ransomware group has claimed responsibility. The college said that the stolen data includes individuals’ full names plus one or more of the following: Social Security numbers, birth dates, driver’s license numbers or state identification numbers, financial account information, credit or debit card information, passport numbers, medical information and/or health insurance policy information.

How It Could Affect Your Customers’ Business: The education sector has been a top target for cybercriminals conducting ransomware attacks.

Kaseya to the Rescue:  See how the solutions in Kaseya’s Security Suite help IT professionals minimize risk, avoid cyberattacks and build a cyber-savvy workforce. WATCH THE WEBINAR>>

The Town of Pittsburg, KS

Exploit: Hacking

The Town of Pittsburg, KS: Municipality

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.873 = Moderate

A cyberattack has left a small city in Kansas without government email, phone and online payment systems. Officials in Pittsburg, KS, population 20,000, said that the cyberattack was discovered over the weekend. They were quick to reassure citizens that the city’s emergency services and 911 capabilities were not impacted. City officials said that their IT personnel reacted quickly and took proactive measures to protect city data and network systems. The incident remains under investigation.

How It Could Affect Your Customers’ Business: Governments of every size need to be prepared for ransomware attacks because they’re favored targets for bad actors.

Kaseya to the Rescue: What cyberattacks are the most popular this year, and what should you be preparing for in 2024? This webinar tells you everything. WATCH WEBINAR>>

EDR represented by a rendering of connected devices

Learn how Datto EDR satisfies cyber insurance requirements for endpoint protection & EDR. DOWNLOAD REPORT>>

Air Canada

Exploit: Ransomware

Air Canada: Airline

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.710 = Severe

Canada’s flagship air carrier, Air Canada, has announced that it has experienced a data breach as the result of a hacking incident. The airline said in a statement that an unauthorized group briefly obtained limited access to an internal Air Canada system related to limited personal information of some employees and certain records. The airline was quick to reassure the public that all systems are fully operational, including flight operations systems and customer-facing systems, Air Canada said. However, 36,000 Air Canada employees’ personal information may have been compromised.  

How It Could Affect Your Customers’ Business: Employee data is just as valuable to bad actors as customer data and it needs the same strong protection.

Kaseya to the Rescue:  Explore how security awareness training helps organizations defend against today’s most dangerous cyber threats in this infographic. DOWNLOAD IT>> 

See what the biggest cybersecurity challenges are right now in our Mid-Year Cyber Risk Report 2023. DOWNLOAD IT>>

France – Exail Technologies

Exploit: Misconfiguration

Exail Technologies: Aerospace Engineering

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.673 = Severe

French defense and aerospace contractor Exail Technologies is in the spotlight after a data breach. The company specializes in advanced technologies and autonomous robotics. Exail was quick to fix the problem after it was brought to its attention. The file left open was an environment file containing database credentials. This type of file serves as a set of instructions for computer programs. The company has not commented publicly on the incident.  

How it Could Affect Your Customers’ Business: A successful cyberattack or data security incident impacting a government contractor can have major repercussions.

Kaseya to the Rescue:  Our eBook How to Build a Security Awareness Training Program helps IT professionals design and implement an effective training program quickly. DOWNLOAD IT>> 

The Netherlands – International Criminal Court (ICC)

Exploit: Hacking

International Criminal Court (ICC): Court 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.612 = Severe

Hackers breached the security of the International Criminal Court last week. Officials at the International Criminal Court said that their IT personnel detected anomalous activity affecting its information systems and took immediate action to limit the damage. ICC did not release any information about data that may have been stolen. The body said that the incident is under investigation with the assistance of Dutch authorities.

How it Could Affect Your Customers’ Business: Sensitive data can help bad actors conduct more effective spear phishing and business email compromise operations.

Kaseya to the Rescue: Learn more about how our Security Suite can help MSPs protect their clients from expensive and damaging cyberattacks and other information security trouble. GET THE FACT SHEET>> 

young brunette caucasian woman sits at a com[uter mo

See the path from a cyberattack to a defensive success with managed SOC in this infographic. GET IT>>

Australia – Pizza Hut Australia

Exploit: Hacking

Pizza Hut Australia: Fast Food Chain

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.802 = Moderate

Pizza Hut has informed Australian consumers that it has experienced a data breach that impacts 193,000 customers. The company said that bad actors gained access to its customer database, including names, delivery address and instructions, email addresses and contact numbers. For registered accounts, the cybercriminals may have accessed encrypted credit card numbers and encrypted passwords. Pizza Hut said that its operations had not been affected by the hack. The breach has been reported to the Office of the Australian Information Commissioner and remains under investigation. 

How it Could Affect Your Customers’ Business: Customers can lose faith in a company after a data breach, and its reputation can suffer leading to lost revenue.

Kaseya to the Rescue: Follow the path to see how Managed SOC defends businesses from cyberattacks efficiently and effectively without breaking the bank in a handy infographic. GET IT>>

New Zealand – Auckland University of Technology

Exploit: Ransomware

Auckland University of Technology: Institution of Higher Learning

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.882 = Severe

New Zealand’s third-largest university has experienced a cyberattack. The University said that bad actors were able to gain access to the school’s IT environment. The Monti ransomware group has added the university to its dark web leak site. The group says that they snatched 60GB of data from New Zealand’s third-largest university, giving them a deadline of October 9 to pay an undisclosed ransom.   

How it Could Affect Your Customers’ Business: One reason that bad actors favor attacks on universities is because their business is time sensitive and they’re more likely to pay.

Kaseya to the Rescue: What are the biggest risks that organizations face right now? Find the answer in our Mid-Year Cyber Risk Report 2023! DOWNLOAD IT>>

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident

Explore how AI technology helps businesses mount a strong defense against phishing GET INFOGRAPHIC>>

Streamline mandatory employee training with Continuous Target Sync

A new powerful feature in BullPhish ID called “Continuous Target Sync” simplifies the process of conducting mandatory training for all of your users. This feature eliminates the need to manually set up custom groups, making it easier than ever to ensure that all employees receive the required training courses, including new hires. See how to gain the maximum benefit from this landmark feature in this new walkthrough. SEE THE WALKTHROUGH>>

How much is data really worth on the dark web? Find out in The IT Professionals Guide to the Dark Web! GET EBOOK>>

Slash ransomware risk with Datto EDR

With ransomware risk rising, IT professionals are looking for ways to mitigate it. Datto Endpoint Detection and Response (EDR) is the perfect addition to your defensive arsenal. These resources can show you how it can protect companies from a ransomware nightmare.
How Datto EDR with Ransomware Rollback Helps You Recover Fast from a Ransomware Attack – This infographic explains exactly how Datto EDR’s Ransomware Rollback feature speeds up ransomware recovery. DOWNLOAD IT>>
The Evolution of Endpoint Detection and Response (EDR): Datto EDR Buyers Guide – Learn more about how EDR revolutionizes endpoint security, continuously monitoring end-user devices to detect and respond to cyber threats such as ransomware. DOWNLOAD IT>>

Did you miss…the 2023 edition of Phishing 101? DOWNLOAD IT>>

dark web threats represented by a hacker in a hoodie shrouded in shadows with faint binary code

Find out about five of today’s biggest dark web threats to businesses in this infographic. DOWNLOAD IT>>

Feds Issue Ransomware Warning as Attacks Surge

Ransomware can do major damage to businesses fast, as seen in the recent ransomware attack on MGM. After a successful hit knocked out the gaming giant’s digital capabilities including its reservation system and slot machines, reports say that the resort operator lost as much as $8 million per day from the outage. By 2031, a ransomware attack will strike a business every two seconds with an estimated annual cost of $265 billion in damage. For most IT professionals, ransomware is a dreadful prospect. Unfortunately, it’s a prospect that far too many businesses are facing these days. As the pace of attacks grows, experts say that ransomware gangs’ tactics are evolving, and U.S. federal officials are warning about growing threats from ransomware groups. 

an ominously dark image of a hacker in a blue grey hoodie with the face obscured.

Explore the nuts and bolts of ransomware and see how a business falls victim to an attack. GET EBOOK>>

FBI and CISA released a joint warning about increasing ransomware activity 

Last Thursday, The U.S. Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) released a joint advisory about the rising threat level posed by the Snatch ransomware gang.  The advisory reports on observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) associated with the group. The gang is not new, having come on the scene in 2018, but the FBI and CISA released this joint advisory after noting that Snatch threat actors have consistently evolved their tactics. The agencies say that’s because the gang aims to take advantage of current trends in the cybercriminal space, leveraging the successes of other ransomware variants to increase their own success rate. 

The advisory notes that Snatch has lately targeted a wide range of critical infrastructure sectors including the Defense Industrial Base (DIB), Food and Agriculture and Information Technology. In their recent attacks, the group has been conducting big ransomware operations that include data exfiltration on the double extortion model. After the gang successfully completes the data exfiltration, it then moves to direct communications. At this stage, the gang contacts the victims to demand payment. The gang may threaten to post the victims’ data on Snatch’s extortion blog if the ransom goes unpaid. 

EDR represented by a rendering of connected devices

Learn how Datto EDR satisfies cyber insurance requirements for endpoint protection & EDR. DOWNLOAD REPORT>>

Ransomware claims are surging 

This warning comes as researchers warn that insurance claims from ransomware attacks are rising at an alarming rate.  A new report by cyber insurer Coalition showed ransomware has been hitting businesses with greater frequency and severity than in previous years. The insurer noted that the extortionists’ demanded ransoms have also risen, making an already expensive ransomware attack even worse. The average ransom demand was $1.62 million, a 47% increase over the previous six months and a 74% increase over the past year.   

According to their research, ransomware-related cyber insurance claims increased by 27% during the first half of 2023 and led to debilitating losses for the victim businesses. The claims that insurers received after a ransomware incident were also more severe than claims they’ve received in the past. Claims also show that attack severity has reached a record high, increasing 61% from the previous half and 117% over last year. The report went on to note that companies with over $100 million in revenue saw the largest increase in the number of ransomware claims filed (20%). Those companies also experienced more substantial losses from attacks with a shocking 72% increase in claims severity in the first half of 2023 over the last half of 2022.   

a young, bearded white man in a dress shirt looks pensively at charts on a computer monitor

See the keys to selecting a Managed SOC to find the perfect one for your clients & your MSP. GET CHECKLIST>>

What are some of the possible effects a business might suffer from a ransomware attack? 

A successful ransomware attack on an organization can have many unpleasant consequences for that company, including putting it out of business. Ransomware operations are expected to achieve their second-highest profits ever by year-end, with at least $449.1 million already extorted from attacks around the world during the first six months of 2023. Just like any other cyberattack, a company will incur an expensive incident response and recovery operation. Here are some of the other consequences a company might face after falling victim to a ransomware attack: 

  • Theft of data like customer and employee records containing personally identifiable information (PII), intellectual property or proprietary data 
  • Cybercriminals stealing information about operational technology (OT) 
  • Loss of access to critical systems, including industrial control systems (ICS) or OT 
  • Extended network downtime 
  • Loss of access to company data 
  • An adversary taking control of OT or ICS 
  • Bad actors learning company or personal secrets  
  • The release of company data or damaging information about a company on the dark web 
  • Lost productivity and increased payroll expenses 
  • Reputation damage that impacts future deals or consumer sentiment 

Get the scoop on 5 of the worst email-based attacks plus tips to protect businesses from them. GET INFOGRAPHIC>>

Mitigations to take against ransomware attacks 

CISA recommends that network defenders apply the following mitigations to limit potential adversarial use of common system and network discovery techniques. Their instructions point out that taking these actions may reduce the impact and risk of compromise by ransomware or data extortion actors: 

  • Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, and secure location (i.e., hard drive, storage device, the cloud).  
  • Maintain offline backups of data and regularly maintain backup and restoration (daily or weekly at minimum). By instituting this practice, an organization limits the severity of disruption to its business practices. 
  • Keep all operating systems, software, and firmware up to date. Timely patching is one of the most efficient and cost-effective steps an organization can take to minimize its exposure to cybersecurity threats. Prioritize patching known exploited vulnerabilities in internet-facing systems.  
  • Identify, detect, and investigate abnormal activity and potential traversal of the indicated ransomware with a networking monitoring tool. To aid in detecting the ransomware, implement a tool that logs and reports all network traffic and activity, including lateral movement, on a network. Endpoint detection and response (EDR) tools are particularly useful for detecting lateral connections as they have insight into common and uncommon network connections for each host 

How much is data really worth on the dark web? Find out in The IT Professionals Guide to the Dark Web! GET EBOOK>>

Ransomware Rollback speeds up recovery 

Datto EDR is an easy-to-use, advanced endpoint detection and response solution that detects evasive cyber threats quickly, enabling timely response and remediation before damage is done. Datto EDR’s Ransomware Detection monitors for the existence of crypto ransomware on endpoints by using proprietary behavioral analysis of files. Once ransomware is detected, Datto EDR alerts you, isolates the device and attempts to stop the ransomware processes to keep the infection from spreading. When paired with Ransomware Rollback, Ransomware Detection with Datto EDR offers a powerful early warning and rapid recovery system against malware.   

With Ransomware Rollback, one click instantly reverts files to their original state after a ransomware attack. This makes it a snap to and ensure normal business operations are up and running without any loss of time, money or data. In the event of a ransomware disaster, Ransomware Rollback enables It professionals to virtually turn back time and quickly recover ransomware-encrypted files, ensuring business operations continue to run smoothly as if nothing ever happened.       

Ransomware Rollback is available as part of Ransomware Detection, a free add-on to those who subscribe to Datto EDR. Learn more about this feature and how to set it up in this Knowledge Base article.      

This infographic helps IT professionals get the most out of a security awareness training solution. DOWNLOAD IT>>

Kaseya’s Security Suite arms IT professionals with the tools they need to mitigate ransomware risk

Get must-have tools for mitigating ransomware risk with Kaseya’s Security Suite.

BullPhish ID — This effective, automated security awareness training and phishing simulation solution provides critical training that improves compliance, prevents employee mistakes and reduces a company’s risk of being hit by a cyberattack.  

Dark Web ID — Our award-winning dark web monitoring solution is the channel leader for a good reason: it provides the greatest amount of protection around with 24/7/365 human and machine-powered monitoring of business and personal credentials, including domains, IP addresses and email addresses. 

Graphus — Automated email security is a cutting-edge solution that puts three layers of AI-powered protection between employees and phishing messages. It works equally well as a standalone email security solution or supercharges your Microsoft 365 and Google Workspace email security.   

Kaseya Managed SOC powered by RocketCyber — Our managed cybersecurity detection and response solution is backed by a world-class security operations center that detects malicious and suspicious activity across three critical attack vectors: endpoint, network and cloud.   

Datto EDR — Detect and respond to advanced threats with built-in continuous endpoint monitoring and behavioral analysis to deliver comprehensive endpoint defense (something that many cyber insurance companies require).   

Vonahi Penetration Testing – How sturdy are your cyber defenses? Do you have dangerous vulnerabilities? Find out with vPenTest, a SaaS platform that makes getting the best network penetration test easy and affordable for internal IT teams. 

See how Managed SOC gives businesses an essential edge against cyberattacks. DOWNLOAD INFO SHEET>>

ID Agent & Graphus Q4 Product Innovation

October 10 | 10 AM EDT | 7 AM PDT | 2 PM GMT

October 10 | 6 PM EDT | 3 PM PDT | 8 AM AEST (October 11)

Join us to learn about the latest product innovations for BullPhish ID, Dark Web ID, Passly and Graphus. You will learn about new time-saving product integrations and the latest features and enhancements, including mini-demos of the most exciting features and get a look at what’s on the Security products’ roadmaps for Q4 and beyond! REGISTER NOW>>

September 28: Kaseya + Datto Connect Local Charlotte REGISTER NOW>>

October 2 – 4: Kaseya DattoCon in Miami REGISTER NOW>>

October 10: Kaseya + Datto Connect Local Minneapolis REGISTER NOW>>

October 12: Kaseya + Datto Connect Local Chicago REGISTER NOW>>

October 17: Kaseya + Datto Connect Local Columbus REGISTER NOW>>

October 18: Kaseya + Datto Connect Local South Africa REGISTER NOW>>

October 19: Kaseya + Datto Connect Local Vancouver REGISTER NOW>>

October 24: Kaseya + Datto Connect Local Seattle REGISTER NOW>>

October 26: Kaseya + Datto Connect Local San Francisco REGISTER NOW>>

November 2: Kaseya + Datto Connect Local New York REGISTER NOW>>

November 7: Kaseya + Datto Connect Local New York REGISTER NOW>>

November 7: Kaseya + Datto Connect Local London REGISTER NOW>>

November 9: Kaseya + Datto Connect Local Manchester REGISTER NOW>>

November 14: Kaseya + Datto Connect Local Montreal REGISTER NOW>>

November 14 – 16: Kaseya DattoCon APAC REGISTER NOW>>

November 16: Kaseya + Datto Connect Local Pittsburgh REGISTER NOW>>

November 30: Kaseya + Datto Connect Local Long Beach REGISTER NOW>>

December 5: Kaseya + Datto Connect Local Orlando REGISTER NOW>>

December 7: Kaseya + Datto Connect Local Symposium Miami REGISTER NOW>>

December 12: Kaseya + Datto Connect Local Arlington TX (Dallas Area) REGISTER NOW>>

December 14: Kaseya + Datto Connect Local New Orleans REGISTER NOW>>

December 19: Kaseya + Datto Connect Local St. Petersburg, FL REGISTER NOW>>

dark web threats

Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>

Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.

Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!

let us help secure you against passwords reuse with contact information and the ID Agent logo on grey.

Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!


Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>

See Graphus in action in an on-demand video demo WATCH NOW>>

Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!