Suncor Energy Cyber Attack causes severe disruptions across Canada
Petro-Canada gas stations faced some service disruptions due to a cyber-attack on its parent company, Suncor, one of North America's most prominent energy firms.
Based in Canada, Suncor is a key oil producer that operates several refineries across North America and maintains a network of over 1,800 Petro-Canada retail and wholesale locations.
Suncor issued a short statement on June 25th acknowledging a cyber security incident that might affect transactions with suppliers and customers. To assist in the investigation and response, the company enlisted the help of third-party cyber security experts and also alerted the relevant authorities.
At present, the company reported no evidence of customer, supplier, or employee data being compromised or misused due to this incident.
Following the incident, Petro-Canada communicated via its Twitter account on June 26th that they're working with Suncor to address the situation, warning customers that certain services, such as credit card payments and car washes, may be unavailable. They also notified customers of a temporary inability to log into their loyalty program account through the app or website.
The nature of the disruption—whether it was instigated by a ransomware attack—remains uncertain. In ransomware attacks, cybercriminals can encrypt and extract data from a victim's systems, either conducting one or both types of actions. Such attacks can cause the type of disruptions experienced.
This cyber attack is just the latest to target energy infrastructure and follows the Colonial Pipeline ransomware attack in 2021 that led to substantial disruption and data theft, with the company forced to pay a hefty ransom to the attackers.
According to researchers cyber criminals have been seen selling access to energy organisations, including oil and gas companies, on cybercrime forums.
Blizzard games impacted by DDoS attack
Blizzard Entertainment, the creator of the recently released video game Diablo 4, fell prey to a distributed denial-of-service (DDoS) cyber attack on June 25th. The attack forced several hosted games, including Diablo 4 and World of Warcraft, offline, disrupting gameplay across various Blizzard titles.
The company's customer support team acknowledged the issue in a June 25th tweet, stating that they were closely tracking the attack affecting the latency and connection to their games. After three hours, Blizzard announced that the DDoS attacks on their network had ceased.
Players still encountering difficulties were advised to troubleshoot their connection. As of now, no specific cause for the DDoS attack has been identified, but some players suggested it might be an act of retaliation against the company. As one player on the Blizzard forum stated, it was "not surprising" that the company was the target of a cyber attack.
Over the recent years, Blizzard Entertainment has been embroiled in various controversies and fan dissatisfaction with recent releases.
Australia’s Medibank hit with massive $250 million fine for cyber security failures
The Australian Prudential Regulation Authority (APRA) has imposed a $250 million penalty on Medibank Private following a hacking incident that resulted in the online exposure of millions of Australians' personal medical data.
The regulatory body confirmed the decision on Tuesday, attributing it to the "identified weaknesses in Medibank's information security environment."
Consequently, the health insurance company is now mandated to set aside an additional $250 million in capital until a comprehensive remediation plan is executed.
Effectively, this means Medibank will be restricted from utilisng over half of its pre-penalty capital, inhibiting its ability to allocate these funds towards expenditures or investments. Medibank is also facing numerous class action lawsuits following last year’s cyber attack that saw over 9 million Australians have their private medical data compromised.
JP Morgan fined $4 million for ‘accidently’ deleting data
The U.S. Securities and Exchange Commission (SEC) has imposed a $4 million fine on JP Morgan following the deletion of millions of email records from 2018, which were associated with its Chase Bank subsidiary.
The financial behemoth reportedly eradicated approximately 47 million digital communication records from nearly 8,700 electronic mailboxes during the period from January 1 to April 23, 2018.
Significantly, a considerable number of these were business records that the Securities Exchange Act of 1934 mandates to be preserved.
The situation highlights the vital importance of implementing robust data backup procedures, as these can safeguard vital information and ensure regulatory compliance, particularly in the face of inadvertent data loss or deletions.
New report shows that 79% of UK Healthcare providers were hit by cyber attackers in the last 2 years
New global research from SOTI highlights increasing security challenges in healthcare, with 79% of UK frontline providers experiencing a data breach since 2021. The report shows a 22% annual increase in data breaches among UK healthcare IT professionals over the past two years, and a 14% rise in accidental data leaks from employees.
Consequently, 50% of healthcare organisations reported a planned or accidental data leak in the past year, while 51% faced a breach from an external source or DDoS attack. The growing variety of devices in use, including mobiles, tablets, rugged devices and printers, exacerbates these issues.
Additionally, 37% of UK healthcare IT workers believe that outdated systems expose their networks to security attacks, with 35% claiming they spend too much time fixing legacy IT issues.
