Security Update March 11th 2023

It’s Saturday March 11th and that means it’s time for the week’s cyber news recap! Over the past week, there have been several significant developments in the world of cybersecurity so let’s jump right in.

Sandbox Data Breach

On Tuesday, blockchain metaverse company Sandbox announced that an unauthorized third party had gained access to an employee’s computer and used the data found on it to launch phishing attacks. The phishing emails included a hyperlink to malware that could install on the user’s device, potentially granting access to their personal data. In response, the company blocked the employee’s accounts and access, reformatted the employee’s laptop and reset all related passwords, including requiring two-factor authentication.

Acer’s Data Leaked

On Wednesday, malicious actors posted data stolen from technology company Acer on a popular hacking forum. It was reported that the leak contains 160GB of data from several hundred directories with nearly 3,000 files. The data includes confidential product model documentation, binaries, backend infrastructure and other sensitive information. The leak dates to February 2023, which, if confirmed, would point to a breach separate from the one the company experienced in 2021.

Chick-fil-A Data Breach

On Thursday, fast-food chain Chick-fil-A revealed that its investigation into reports of hacked user accounts showed that around 71,000 customers had their financial information stolen. It was believed that hackers had gained access to an external system and acquired customers’ names and other personally identifying information in combination with financial account or payment card numbers. Card security, access codes, passwords, and account PINs were also compromised.

Acronis Breach

Swiss cybersecurity firm Acronis was also breached this week. On Friday, a threat watcher shared on social media that an unspecified hacker had breached Acronis and leaked data stolen from the company on a dark-web forum. The data includes certificate files, command logs, system configurations, and file system archives.

ALPHV and LVHN

Also on Friday, a pro-Russian threat actor known as ALPHV (BlackCat) targeted US healthcare network LVHN, threatening to leak cancer patient data and photos to blackmail the provider into meeting their ransom demands. However, the healthcare provider refused to succumb to any of the threats.

Hatch Bank Data Breach

Finally, fintech banking platform Hatch Bank revealed on Saturday that it had experienced a data breach caused by an attack on the Fortra GoAnywhere MFT file-sharing platform. It was discovered that the data of almost 140,000 customers had been stolen, including customer names and social security numbers. Joe Slowik, threat intelligence manager at Huntress, found links between the GoAnywhere MFT attack and TA505, the hacking group known for deploying Clop ransomware. This week has been an eventful one in the world of cybersecurity. The data breaches and malicious attacks by cybercriminals demonstrate the importance of having strong cyber security measures in place. Stay tuned for more updates!