Cybercrime , Fraud Management & Cybercrime , Incident & Breach Response
Breach Roundup: Hyundai, Yum! Brands, Dutch RaidForums UsersAlso in Focus: Lurssen, Micro-Star International, Tasmanian Government
Every week, Information Security Media Group rounds up cybersecurity incidents and breaches around the world. In the days between April 6 and April 13, the spotlight was on European Hyundai car dealerships, Yum! Brands, former RaidForums users, a German shipbuilder, a Taiwanese PC vendor and the Tasmanian government.
See Also: Live Webinar | Breaking Down Security Challenges so Your Day Doesn’t Start at 3pm
Hyundai - Italy, France and Spain
Hyundai disclosed a data breach affecting Italian, French and Spanish car owners including those who had booked a test drive. Troy Hunt, creator of the HaveIBeenPwned database of breached records, tweeted an image of the breach notification letter sent Wednesday to an Italian customer. Hyundai Italia responded to the tweet by saying, "an unauthorized third party accessed some information from our customer database, we immediately informed the authorities and contacted the persons concerned beforehand." A car owner in France shared a similar letter and the Spanish division of the car company posted a data breach notification letter online stating that personal data exposed in the attack includes email and physical addresses, telephone numbers and vehicle identification numbers, but not driver's license numbers.
Yum! Brands Inc., parent company of popular fast-food joints KFC, Pizza Hut and Taco Bell, sent letters to its employees notifying them that the company's January ransomware attack also resulted in data theft. Attackers stole some individuals' names, driver's license numbers and other ID card numbers, Yum! said in a breach notification letter sent to the victims. The company told Information Security Media Group that only employees were affected by the breach, with "no indication that customer information was impacted.”*
Dutch police are sending messages to identified users of shuttered criminal marketplace RaidForums. An international law enforcement operation dismantled the site in April 2022.
"The Dutch Police urgently request that you stop participating in online activities in which you run the risk of breaking the law," reads a translation of the email reported by CyberWarZone. "Remove pirated software or datasets obtained from Raidforums or other similar sites."
Dutch authorities arrested three men charged with extortion in February whom police identified through seized RaidForums data.
Lürssen - Germany
German manufacturer of luxury yachts and military vessels Lürssen reportedly fell victim to a ransomware attack over the Easter holiday. The attack brought large parts of Bremen-based Lürssen shipyard operations to a standstill, said public broadcaster news program "Buten un Binnen." German law enforcement told "Buten un Binnen" that a criminal investigation is underway. Details about the incident, the impact and identity of the ransomware group or their demand are not publicly known.
The shipmaker builds vessels for the German Navy, and its independent subsidiary Luerssen Australia has a contract to design and build 12 offshore patrol vessels for the Royal Australian Navy.
Taiwanese PC vendor MSI disclosed a cyberattack. In a disclosure made to Taiwan's Stock Exchange, MSI said that some of its information service systems had been affected and that relevant authorities had been informed. New ransomware group Money Message claimed responsibility for the attack on its leak site and demanded a $4 million ransom.
MSI warned customers to get their BIOS and firmware updates from official sources and "not to use files from sources other than the official website," the company said.
The Tasmanian government, yet another organization affected by a zero-day vulnerability in Fortra's GoAnywhere MFT file transfer software, said it has set up a daytime hotline to help individuals affected by the theft of approximately 16,000 documents. Clop ransomware actors on Thursday released the documents, which contain financial invoices and statements that may include individual names and addresses held by the Department for Education, Children and Young People.
Play Ransomware Actors Claim CH Media Attack
The Play ransomware group has threatened to dump personal and confidential data, projects and employee payroll information of Switzerland-based CH Media if its ransom demands are not met by April 24. The company said in March that a ransomware attack had affected "several" services of its newspaper, magazine, private radio and television channels.
Other Coverage From Last Week
- Latitude Financial Refuses to Pay Ransom
- Microsoft Patches Zero-Day Bug Exploited by Ransomware Group
- White House Probes Classified Intelligence 'Discord Leaks'
*Clarification, April 14, 8:10 AM UTC: The story was amended to include a statement from Yum! Brands, clarifying that only employees, not customers, were affected by the breach.