UK Police Data Compromised in Third-Party Ransomware Attack
Greater Manchester Police (GMP), one of the UK's major police forces, confirmed a data breach following a suspected ransomware attack on Stockport-based identity card maker, Digital ID. The company, which serves over 22,000 clients globally, had "some information" related to GMP employees. Although the exact nature of the compromised data remains undisclosed, financial information is not believed to be affected. As many as 20,000 individuals may have had their information stolen.
According to reports, GMP has contacted the Information Commissioner’s Office and a nationally-led criminal investigation is underway. Employees are being kept informed and supported throughout the process. Digital ID declined to provide specifics but confirmed they were the target of a ransomware attack affecting multiple clients. The company had previously been responsible for printing cards requiring employee data from organisations, including GMP.
This breach follows a similar incident last month involving London’s Metropolitan Police. At the time, names, ranks, and other details of officers were exposed due to a fault in a supplier's IT system. Both investigations are ongoing, and at the time of writing neither organisation has commented on whether ransom demands have been received.
Hackers of MGM also hit three other companies
Hackers targeting casino giants MGM Resorts International and Caesars Entertainment have also breached three other companies in diverse sectors. David Bradbury, Chief Security Officer at Okta, a global identity management firm, revealed that five clients, including MGM and Caesars, fell prey to hacking groups ALPHV and Scattered Spider. While the names of the other targeted companies remain confidential, Okta is assisting official investigations into the multi-sector attacks.
The breaches have refocused attention on ransomware attacks, affecting a broad spectrum of industries annually. These incidents led to a decline in market value for MGM and Caesars, disrupting MGM's operations across its global hotel and gaming venues. Okta, which provides security services like multi-factor authentication, issued an alert last month after identifying multiple breaches among its customers.
The hacking group ALPHV claimed responsibility for the MGM attack, hinting at further strikes unless a deal is reached. The exact ransom amount remains undisclosed. Scattered Spider, appears to have collaborated with ALPHV on the hacks.
Major North Carolina Hospitals Targeted in International Cyber Attack
Microsoft’s health-care tech subsidiary, Nuance has disclosed that personal data at key North Carolina hospitals may have been compromised in a large-scale cyber attack earlier this year. The Russian ransomware group Clop claimed responsibility for the May incidents, hacking into Nuance as well as Sony, Norton, and other major tech companies. The breach originated from an attack on software company Progress during May 28-29, affecting “thousands of organisations,” according to Nuance. Compromised data included patients' services and demographic information.
Upon learning of the breach on May 31, Nuance immediately secured its systems, enlisted cyber security experts, and installed security patches. Nuance emphasised that data privacy and security are among its top priorities, reassuring that they have extensive measures in place to protect sensitive information.
Lazarus Group Escalates Crypto Thefts, Steals $240 Million Since June 2023
The North Korea-affiliated Lazarus Group has stolen nearly $240 million in cryptocurrency, marking a significant escalation in cyberattacks. The hacking collective is suspected of a $31 million theft from CoinEx on September 12, 2023 adding to a string of heists targeting various cryptocurrency platforms like Atomic Wallet, CoinsPaid, Alphapo, and Stake.com.
Elliptic noted that the Lazarus Group is shifting focus from decentralized to centralized services, likely due to advancements in DeFi security and increased vulnerabilities in centralized exchanges. This shift coincides with North Korean leader Kim Jong Un’s recent visit to Russia, believed to be related to an arms deal, and ongoing missile tests.
Cryptocurrency theft serves as a financial lifeline for North Korea to bypass international sanctions and fund its weapons programs. Fraudulent employment tactics have also been employed, as seen in CoinsPaid's disclosure of the "Operation Dream Job" scam, where phony recruiters targeted its employees to compromise systems.
