Oil Company Breach Leads Roundup

Malware Disrupts Network; Backup Media Theft Affects 55k
Oil Company Breach Leads Roundup

In this week's breach roundup, the oil firm Saudi Aramco confirmed a substantial malware attack. And the theft of back-up media affected 55,000 patients and employees at an Indiana cancer center.

See Also: Hunt Cloud Threats or Be Hunted | CISO Guide to Cloud Compromise Assessments

Oil Giant Confirms Malicious Virus Attack

Saudi Arabian oil giant Saudi Aramco confirmed that a malicious virus disrupted its internal network services Aug. 15. Those services have since been restored. The virus originated from an outside party and affected approximately 30,000 workstations, according to a press release posted to the company's website.

"We addressed the threat immediately, and our precautionary procedures, which have been in place to counter such threats, and our multiple protective systems have helped to mitigate these deplorable cyber threats from spiraling," said Khalid A. Al-Falih, president and CEO.

The company is continuing to investigate the causes of the attack and those who are responsible.

Stolen Back-up Media Affects 55,000

The theft of server back-up media containing sensitive information has affected 55,000 patients and employees of Cancer Care Group in Indianapolis. A bag containing the media was stolen from an employee's locked vehicle on July 19, according to a statement from the group. Patient information potentially exposed included names, addresses, dates of birth, Social Security numbers, medical record numbers, insurance information and some clinical information used for billing. Employee information included dates of birth, Social Security numbers, beneficiary names and other employment and financial data.

"There is no evidence to believe that the back-up media were the target of the theft or that any of the information on the media has been accessed or used for fraudulent purposes," according to the statement. Police are continuing an investigation.

In the wake of the incident, the provider organization is encrypting all mobile media, updating policies and procedures, upgrading data storage technology and re-educating its workforce on mobile media protection issues, the statement notes.

Compromised Server Affects Faculty, Students

The University of Rhode Island is notifying 1,000 current and former faculty members and 22 former students that their personal information was accessible on a publicly shared server. The server belonged to the College of Business Administration, according to a news release on the university's website. Approximately 80 students from another school were affected as well; they're being notified with assistance from an out-of-state attorney general's office.

Compromised information on current and former faculty includes names, dates of birth, hiring year, rank, Social Security number and some compensation data. For University of Rhode Island students, the information exposed included name and Social Security number. Students from the out-of-state university had their names, Social Security numbers and grades exposed.

The breach was discovered July 31 when the university was informed that sensitive files were located on the public server. According to the news release, the files were accessed from outside of the university. The server, which was used by faculty in the business college to upload and share information related to their courses, has since been shut down.

The university is offering one year of free credit monitoring services to those affected.

Breach Impact? Class Dismissed

In an incident that apparently was tied to a breach, Wilkinson County School District in Irwinton, Ga., called for an emergency dismissal of its schools Aug. 24 after it received phone calls and e-mails with a "threatening tone" and parents received "strange phone calls," according to local 41NBC news reports.

A Wilkinson County student allegedly accessed the usernames and passwords for PowerTeacher, a classroom management tool used to store grades, demographics and personal information. The log-in information for PowerTeacher was then posted to a website, 41NBC said. The report states that one parent received a call during which their child's personal information was repeated to them over the phone.

Officials are not certain whether the breached information was used to conduct the phone calls and send e-mails, or how many log-in credentials and student information were compromised.

Local law enforcement is investigating the case.

About the Author

Jeffrey Roman

Jeffrey Roman

News Writer, ISMG

Roman is the former News Writer for Information Security Media Group. Having worked for multiple publications at The College of New Jersey, including the College's newspaper "The Signal" and alumni magazine, Roman has experience in journalism, copy editing and communications.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.