Information used to process insurance claims.Information accessed included the following data: The Cincinnati-based grocery chain offered free credit monitoring to anyone affected by the data breach. The company created a website for information about the breach at. 23, did not affect grocery store data or Kroger IT data, according to a company news release. The breach, which Kroger was notified of Jan. “As public users and consumers give more of themselves away online to access digital services, they expect that their data is safe,” said Auth0 APAC general manager Richard Marr, recommending improvements in cybersecurity awareness training, proactive threat detection, customisable security solutions, and multifactor authentication-and noting that “with the complexity of today’s attacks, one tactic alone is not enough.The Kroger chain advised customers of its pharmacy and Little Clinic of a data security breach in which patient names and personal information was illegally accessed. Such exposure may prove inevitable when installed legacy systems fail to keep up with the security demands of modern information architectures-but companies will, one security expert advises, need to compensate for this by using a layered security architecture that inherently constrains the potential damage from an attack. With two recent breaches in major software causing headaches for enterprise users and an indeterminate number of other systems likely already breached, odds are that the SolarWinds and Accellion breaches are just two in what will be an ongoing string of compromises of commercial software-particularly tools like FTA that, Accellion was quick to point out, are decades old and near their end of life. The Accellion compromise was deemed serious enough that the Australian Cyber Security Centre (ACSC) posted a warning about the high-severity vulnerability, which also spurred a joint advisory involving similar authorities in the US, the UK, New Zealand, and Singapore.ĭespite forensic analysis revealing the limited scope of the breach, recent revelations suggested that Transport for NSW had been subsequently approached by the Clop ransomware gang, which followed an increasingly common trend by demanding a ransom payment to prevent the publication of commercially confidential documents. … We are examining our protocols for using third-party file-sharing services and will put procedures in place to try to ensure that files are regularly reviewed and saved in the most secure location.” The institute shut down its system-which was previously installed outside of its network for security reasons-after a February 2021 notification from Accellion that it had likely been affected in the breach, which would have exposed some staff CVs and a broad range of anonymous data from clinical trials of antimalarial drugs.Īlthough much of the trial data has to be kept for 15 years, QIMR Berghofer director and CEO Professor Fabienne Mackay said in a statement, “they did not need to be stored in Accellion. State healthcare agency NSW Health-which was also recently caught up in the high-impact SolarWinds breach-was also named as a victim of the Accellion compromise, although Cyber Security NSW reported that no patient data had been compromised.Īlso joining the list of compromised targets was Brisbane-based medical research institute QIMR Berghofer, which recently confirmed that about 620MB of data “appears to have been accessed” from its FTA system on Christmas Day 2020. ![]() ![]() The Accellion-enabled breach of corporate regulator ASIC follows a similar playbook, with the organisation disabling the relevant servers before conducting a forensic investigation that, it said, showed that “it is highly unlikely that the threat actors accessed any data held on the ASIC server”. The Accellion systems have been shut down and a joint investigation with the NSW Police was under way, with peak body Cyber Security NSW reporting that “an assessment of the volume and value of data, and any consequences for customers or government” was in progress. A similar breach of the FTA system used by TfNSW also emerged in late February 2021, with the agency noting that “some … information was taken” but that forensic analysis had confirmed that the compromised data did not include driver’s licence or other personal details.
0 Comments
Leave a Reply. |