Cyber Security Incidents 15th May 2023

This cyber report highlights the various cyber security incidents reported on 15th May 2023. Some are ransomware incidents, while others are different security transgressions into corporate or Government networks.

Each story covered below carries the reference links for you to follow the cyber security incidents on an ongoing basis.

The cyber security report for May 17 2023 is available on this page.

PharMerica Data Breach

PharMerica has confirmed a data breach incident that happened on 12th March 2023. The incident was detected on 21st March 2023. Over 6 million patients’ records were compromised.

The ransomware attack was carried out by the ‘Money Message’ ransomware threat actor. The ransomware operator was able to steal terabytes of patient records.

The data breach involves patient records that contain people’s names, postal addresses, birth dates, Social Security Numbers (SSN), any drugs they used or might be using, and health insurance information. 

The main aspects of this ransomware attack are shared below:

  • Over 4.7 terabytes of data were accessed by the threat actor
  • 1.6 million patient records were accessed by the ransomware operator
  • The breach happened in March 2023.
  • Eventually, the ransomware operator started dumping the personal information of patients on the dark web forums.
  • PharMerica has already offered 1 year of identity protection services from Experian

Source – Techradar

York Country School of Technology – Karakurt

There has been a ransomware attack on the York County School of Technology. The threat actor Karakurt has given time until 20th May 2023 to the York school for ransom payments. It has threatened to publish the school data after the expiry of the deadline.

There has been no confirmation of the cyber-attack by the York school. The website of the York County School of Technology is working fine. There has been no mention of the ransomware incident on the school’s Twitter handle.

To know more about the threat actor Karakurt Data Extortion Group, you can check this page on the CISA website.

PCS Wireless – ALPHV

ALPHV ransomware threat actor has led a cyber incident against PCS Wireless. The threat actor has claimed access to corporate data and data from multiple locations of the company.

PCS Wireless has its headquarters in Miami, Florida. However, it is well spread out across the world with office locations in New Jersey, the United Kingdom, the Netherlands, Australia, Dubai, and Japan.

It is not clear if one or multiple office locations have been targeted in this ransomware incident. The website of PCS Wireless works fine as we write this and there has been no confirmation of the attack yet by the company representatives.

PCS Wireless offers multiple products that include laptops, smartphones, smartwatches, tablets, and smart home devices and accessories.

The ALPHV (formerly BlackCat) ransomware operator is a ‘ransomware as a service’ cyber threat actor.

Source of this cyber incident

Bank Syariah Indonesia – Lockbit

Bank Syariah Indonesia suffered a ransomware incident in the first week of May. The Bank suffered impaired functionality during May 8-11, as it tried to resurrect the systems after the ransomware attack.

This ransomware attack was executed by the Lockbit ransomware operator. Over 1.5 terabytes of data were compromised under the cyber attack. Lockbit had given 72 hours for the ransom payments to be completed.

On 15th May, Lockbit dumped the Bank data on the dark web forums. It remains unclear if the stolen data has the personal details of the Banks’ customers.

In the initial statement released by Lockbit, it mentioned that the group had access to 15 million customer records and information about the employees.

Discord customer data breach

Discord has confirmed a data breach involving customer data. The source of the leak has been traced to a third-party customer service agent’s support ticket queue system. While Discord has not confirmed the provider name, there are indications that the breach happened with Zendesk.

During the breach, the data of customers who had opened helpdesk tickets was compromised. Email addresses and customer support exchanges have been accessed by the attacker.

At this point, it remains unclear as to the nature of the attack or the threat actor at play behind the scenes.

Discord released a statement and notified the customers through the statement below:

“Due to the nature of the incident, it is possible that your email address, the contents of customer service messages and any attachments sent between you and Discord may have been exposed to a third party,” Discord said in letters sent to affected users.

“As soon as Discord was made aware of the issue, we deactivated the compromised account and completed malware checks on the affected machine,” the company said in the incident notification.”

Source – Bleeping Computer

City of Dallas – ROYAL

The City of Dallas Government network and infrastructure was the subject of a ransomware attack. The attack was carried out by the Royal ransomware group. It was first confirmed on 3rd May 2023.

The impact of the attack caused several service disruptions for the City Government.

It is learned that the City of Dallas is working in a phased approach to restoring internal systems and services to the residents of Dallas. Microsoft and Crowdstrike are helping in the recovery process. Full recovery may take months.

At this point, it remains unclear if the residents’ personal information or data has been accessed by the Royal ransomware group.

For the latest update on the Dallas city cyber incident or ransomware incident, you may check the latest Dallas news article about this cyber incident.

Philadelphia Inquirer

Philadelphia Inquirer faces its worst business disruption since 1996 as it came under a cyber attack over the weekend. Internal systems of the group have been targeted as part of the cyber attack.

The nature of the cyber attack and the threat actor behind this incident are unconfirmed as of now. The Philadelphia Inquirer group is working with cyber-security experts to find the extent and scope of the attack.

There is no confirmation about the type and extent of data that may have been stolen or encrypted by the threat actor. No confirmation of ransom demands has been made by the Inquirer team.

The company is in the middle of a forensics investigation to gauge the depth of the attack. It will become clearer over the next few weeks if the personal data of employees has been stolen or compromised by the threat actor.

Philadelphia Inquirer is being helped by Microsoft and Crowd Strike to restore internal systems in a phased manner.

Meanwhile, Philadelphia Inquirer was unable to release the Sunday print edition because of the cyber attack. The Monday print edition came without classified ads.

You can read more about the Philadelphia Inquirer cyber incident on this page.

How useful was this post?

Click on a star to rate it!

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?

Rajesh Dhawan

Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.