Week 23 Cyberattack Digest 2019 – Customs and Border Protection, University of Chicago Medicine, Quest Diagnostics and others

We have some news for you in our new cyberattack digest 2019 week 23, have a closer look at the incidents of the past week.

Photos of over 100,000 travellers exposed by hackers

by CNBC – 10 June 2019

Customs and Border Protection revealed last Monday that photos of travelers and license plates collected by a single U.S. border point have been exposed in a cyber incident characterized by a congressman as a “major privacy breach.” The name of the affected subcontractor was not revealed. Still, it is known that Tennessee-based company billing itself as the sole provider of stationary license plate readers at U.S. borders had also been attacked. A Customs spokesman said the images involved less than 100,000 people. The exposed materials included photographs of travelers in vehicles entering and exiting the United States at a single land-border port of entry over one and a half months. Automated license-plate readers serve for “detecting, identifying, apprehending, and removing individuals illegally entering the United States at and between ports of entry or otherwise violating U.S. law,” the Department of Homeland Security said in a December 2017 privacy document.

University of Chicago Medicine donors data is accessible on the Internet

by SC Media – 7 June 2019

Another incident involving leaked data touches University of Chicago Medicine donors. The personal information of over 1,6 million potential and existing donors was exposed by a misconfigured and unprotected ElasticSearch server. The server was left open on the Internet without a password. The publicly accessible ElasticSearch instance was noticed by Security Discovery researcher Bob Diachenko on May 28th. Just a day before that, the Internet-connected devices search engine Shodan added it to its index of exposed servers.  Diachenko examined that leaked data and learned that the big 34GB-sized ElasticSearch cluster called ‘data-ucmbsd2′ contained 1,679,993 records. This means that all these records might have been accessed by anyone.

Data of Quest Diagnostics and LabCorp patients is affected

by SC Media – 5 June 2019

Recently, Quest Diagnostics has reported that about 12 million of its patients might have been affected by a malicious breach of third-party bill collection vendor American Medical Collection Agency (AMCA). Soon after that, another clinical testing firm LabCorp reported a security incident that touched about 7.7 million of its customers. Burlington, North Carolina-based LabCorp publicly revealed the disturbing news in a Securities and Exchange Commission K-12 filing and warned that patient data handed to AMCA was exposed. the incident presumably took place from Aug. 1, 2018 through March 30, 2019. The exposed data can include names, birth dates, addresses, phone numbers, dates of service, providers and unpaid balances. What is more, some 200,000 clients who paid LabCorp bills with the help of AMCA’s web portal also had their payment card information exposed. AMCA did not publicly commented the identities of these victims, but claimed that it had already started to notify these affected people.

Triple Threat ransomware leaves Lake City systems out of order

by WCJB – 11 June 2019

Lake City became a victim of a malware attack. The ransomware called “Triple Threat” combines three methods of attack that are applied to a victim’s system. Several city systems are left out of order and all email systems are inoperable, the majority of land-lines are also out of order. Local IT specialists are working to eliminate the consequences of the incident. The issue also disabled all emergency services, including police and fire. Paper receipts for utility and water payments and hand-written building permits are being employed; utility payments can be made in person, still credit card payments are not currently available. “Our systems are shut down, but there is no evidence to indicate any sensitive data has been compromised,” City Information Technology Director Brian Hawkins commented.

That is all for today. To learn about further incidents, follow us on Twitter, Facebook, and LinkedIn.

Do you want more?

Subscribe me to your mailing list