Please fill in the form below to subscribe to our blog

The Week in Breach News: 1/01/25 – 1/07/25

January 08, 2025

This week: It may be a new year, but cybercriminals are still up to the same old tricks. This week, nation-state threat actors hit the U.S. Treasury and a Russian railcar manufacturer, a malicious insider leaks healthcare data and our new State of the Dark Web 2025 eBook debuts.



Uncover today’s worst phishing threats and see smart strategies to keep businesses out of trouble. GET EBOOK>>



The U.S. Department of the Treasury

https://www.cnn.com/2024/12/30/investing/china-hackers-treasury-workstations/index.html

Exploit: Hacking (Nation-state)

Industry: Government

The U.S. Treasury Department revealed that a Chinese state-sponsored Advanced Persistent Threat (APT) actor breached Treasury workstations in what was officials characterized as a “major incident”. The breach, discovered on December 8, involved hackers exploiting a vulnerability in BeyondTrust’s Remote Support product to steal a key and bypass security, enabling the threat actors to access unclassified documents and workstations. Treasury is working with law enforcement and other federal agencies to evaluate the impact and address the threat.

How It Could Affect Your Customers’ Business: This incident underscores the growing threat posed by state-sponsored cyber actors and highlights vulnerabilities in third-party software supply chains.

Kaseya to the Rescue: Learn to mitigate a company’s risk of damage from often email-based cyberattacks like ransomware in A Comprehensive Guide to Email-based Cyberattacks. GET THE GUIDE>>


Las Palmas Del Sol Healthcare

https://www.hipaajournal.com/las-palmas-del-sol-healthcare-insider-data-breach

Exploit: Insider Threat

Industry: Healthcare

Las Palmas Del Sol Healthcare has notified 1,854 patients of a data breach discovered on February 23, 2024. A former employee accessed patient records without authorization between January 1, 2018, and March 12, 2021, and may have shared the information. The breach involved names, addresses, birthdates, health plan details, hospital account numbers and medical visit information, but did not include Social Security numbers, financial data or driver’s license details. The employee was terminated, and their credentials were revoked, but the damage had already been done. Las Palmas Del Sol Healthcare has sent letters to impacted individuals.  

How It Could Affect Your Customers’ Business: It is critical for companies to prioritize insider threat protection and detection programs to avoid major problems like this one.

Kaseya to the Rescue:  Explore the biggest challenges professionals contended with in 2024 and the impact of AI on cybersecurity in the Kaseya Cybersecurity Survey 2024. GET THE REPORT>>


Youth Eastside Services

https://www.jdsupra.com/legalnews/youth-eastside-services-sends-out-data-7834752

Exploit: Hacking

Industry: Healthcare

Youth Eastside Services (YES) has reported a data breach to the U.S. Department of Health and Human Services Office for Civil Rights following the discovery of unauthorized access to its computer system. The breach, which occurred between November 13 and November 14, 2024, allowed an unknown party to access sensitive consumer information, including names, dates of birth, addresses, demographic details, medical records and insurance information. YES began notifying affected individuals of the breach on December 3, 2024. The organization continues to investigate the incident and is working to secure its systems to prevent future breaches. 

How It Could Affect Your Customers’ Business: This incident highlights the major cybersecurity challenges that companies in the healthcare sector continue to face.

Kaseya to the Rescue: See how an antiphishing solution that leverages AI and automation can help businesses stop phishing economically. DOWNLOAD EBOOK>>


Feeling overwhelmed by your task list? Discover four strategies for reducing your workload! GET INFOGRAPHIC>>



Germany – Fraunhofer IAO

https://www.techmonitor.ai/technology/cybersecurity/germany-fraunhofer-iao-ransomware-attack-investigation

Exploit: Ransomware

Industry: Education

The Fraunhofer Institute for Industrial Engineering IAO in Stuttgart, Germany, has confirmed it was the victim of a ransomware attack on December 27, 2024. The breach impacted unspecified specialized systems and data. In a statement, Fraunhofer IAO described the attack as localized, affecting only certain operations. While the institute typically processes research data that does not directly identify individuals, it acknowledged that some data may have been exposed to unauthorized third parties. This could potentially lead to disadvantages for affected individuals. The full extent of the incident is still under investigation. 

How It Could Affect Your Customers’ Business: Implementing proactive defenses and engaging in rapid incident response tools can help mitigate the impact of ransomware attacks.

Kaseya to the Rescue:  Our infographic walks you through exactly how security awareness training prevents phishing from hooking unsuspecting employees. DOWNLOAD IT>>


UK – DEphoto

https://databreaches.net/2025/01/01/hacked-on-christmas-dephoto-starts-notifying-customers-only-to-be-attacked-again/

Exploit: Hacking

Industry: Media & Entertainment

The threat actor 0mid16B has claimed responsibility for a cyberattack on U.K.-based DEphoto, a photography business specializing in school, sports and event photography. The attack, which took place on December 25, 2024, compromised the personal data of 555,952 customers, including 429,597 orders, 240,307 detailed customer orders, and 16,213 records with unencrypted credit card information. The hackers also exfiltrated hundreds of gigabytes of data, including photos of children and event pictures. Screenshots shared by 0mid16B suggest that DEphoto’s backend MSSQL server, including critical databases, was accessed. 0mid16B claims they first contacted DEphoto on December 25, demanding 50,000 GBP ($62,741) via WhatsApp, but after the company allegedly failed to secure or monitor its system, the attackers struck again on December 29 using stolen credentials. 

How it Could Affect Your Customers’ Business: Bad actors love to double dip, and businesses must be prepared to shore up their defenses quickly in the event of a successful cyberattack.

Kaseya to the Rescue: Watch this webinar to explore K365 User, our latest innovation to empower small and midsize businesses to maximize security while boosting productivity. LEARN MORE>>


GRA CARTOON LITTLE FISHES AT ON HOOK BLACK BLUE

Learn how to minimize phishing risk with AI & automation in The Anti-phishing Email Security Buyer’s Guide GET IT>>



Russia – RegionTransService

https://www.ukrinform.net/rubric-ato/3945101-diu-hackers-attacked-russian-regiontransservice-on-budanovs-birthday-source.html

Exploit: Hacking (Nation-state)

Industry: Logistics & Transport

Ukraine’s Defence Intelligence (DIU) has reportedly carried out a significant cyberattack on Russian rail freight transportation management company RegionTransService LLC, disabling all of its servers. The attack, executed on January 4, 2025, allegedly crippled the company’s operations, impacting 78 servers and 211 workstations and erasing the company’s backups. RegionTransService is a key facilitator of Russian military logistics.

How it Could Affect Your Customers’ Business:The cyberattack, which wiped out the company’s digital infrastructure, highlights the ongoing use of cyber operations in the conflict between Russia and Ukraine. 

Kaseya to the Rescue:  Learn about five ways that businesses may be in danger of trouble from the dark web in an infographic that’s also perfect for sharing on social media! DOWNLOAD IT>>


Explore how AI technology helps businesses mount a strong defense against phishing GET INFOGRAPHIC>>



Japan – Nikki-Universal

https://cybersecuritynews.com/nikki-universal-cyber-attack

Exploit: Ransomware

Industry: Manufacturing

Nikki-Universal Co. Ltd., a leading chemical manufacturer, has confirmed it was targeted in a sophisticated ransomware attack on December 22, 2024. The company revealed the breach on December 27, 2024, with the ransomware group Hunters International claiming responsibility. The attack led to the encryption of data on several of Nikki-Universal’s servers, with the hackers allegedly exfiltrating 761.8 GB of data, including 476,342 files. Hunters International has set a ransom deadline of January 10, 2025, warning that all stolen data will be released if their demands are not met. The company is working with cybersecurity experts to address the incident. 

How it Could Affect Your Customers’ Business: While having your data stolen is a major problem, paying hackers is never the answer,

Kaseya to the Rescue: Run more effective security awareness and phishing resistance campaigns with this infographic featuring 10 expert tips to maximize your training programs. DOWNLOAD IT>>


IDA-GRP-Blog-Image-May

Take a deep dive into why an AI-powered anti-phishing solution is a smart financial choice. GET EBOOK>>



Read this week’s feature story: Explore the Key Dark Web Players and Hotspots Shaping Cyberthreats


Who is using the dark web, and where are they doing business? Learn about the players that shape the dark web and the locations they frequent to gain valuable insights that can help you fortify your defensive strategy. READ MORE>>


Learn how to identify and mitigate malicious and accidental insider threats before there’s trouble! GET EBOOK>>


New email deliverability troubleshooting guide for Microsoft Office 365 users


The Resolving BullPhish ID Email Deliverability Conflicts in Microsoft 365 guide will help you identify and resolve the root causes of the most common email deliverability conflicts for Microsoft 365 users.

Access this new guide in the BullPhish ID Release Notes. READ IT>>


Learn more about growing supply chain risk for businesses and how to mitigate it in a fresh eBook. DOWNLOAD IT>>



Get ahead of cyberthreats with the latest dark web insights


Explore how cybercriminals leverage the hidden corners of the dark web and uncover how sensitive data is trafficked and sold in our newest eBook, State of the Dark Web 2025. In this guide, you’ll discover:

  • The role of artificial intelligence in revolutionizing cybercrime.
  • Key players driving the cybercrime ecosystem.
  • Real-world examples of pricing for cybercrime tools and stolen data.
  • Practical strategies to protect organizations from dark web threats.

Download your guide today! GET YOUR REPORT>>

Did you miss…our Guide to Phishing Protection for Businesses? DOWNLOAD IT>>


dark web threats represented by a hacker in a hoodie shrouded in shadows with faint binary code

Find out about five of today’s biggest dark web threats to businesses in this infographic. DOWNLOAD IT>>



Stay tuned to be the first to know about the fun and informative events we have planned for 2025!


Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.

Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!


Read our case studies and see how MSPs and businesses have benefitted from using our solutions. READ NOW>