Press "Enter" to skip to content

A round of significant breaches to review

Let’s hit a few breaches.

Planned Parenthood LA was hit with a ransomware attack in October, exposing info for four hundred thousand patients.  The breach does not appear targeted, and the perpetrator is unknown.

Colorado’s Delta-Montrose Electric Association (DMEA) is still struggling to recover from a devastating cyber attack last month that took down 90% of its internal systems and caused 25 years of historical data to be lost, per reporting in ZDNet.   The company expects this week to begin accepting payments and resume billing, meaning a month-long billing outage.    The company notes a good portion of their data was corrupted.

The Cuba ransomware has been revealed by the FBI as compromising at least 49 organizations from US critical infrastructure sectors.   FBI also added that this ransomware group had made over $40 million since it started targeting US companies.

The US State Department has at least nine employees with iPhones hacked by software from the NSO Group.  It’s unknown who used the software, though the company says they only sell it to government organizations approved by the Israeli government.  

And, while not a breach, a new report from analysts at Mandiant (formerly FireEye) show that Nobelium, most known for the SolarWinds breach, is still at it.   They haven’t slowed down and are working with others too.  

Why do we care?

Today’s a bit tactical, although I will raise the question that I spotted online in regards to Colorado’s story… why wasn’t this particular story talked about more?  

My answer is that the breaches are too commonplace.   There are too many to track for most consumers, and they generally all sound the same.    That will continue to be a challenge to those trying to increase attention on security.