News

Cyber News Rundown: Boston Public Library systems temporarily shut down after attack

  • 3 September 2021
  • 2 replies
  • 295 views
Cyber News Rundown: Boston Public Library systems temporarily shut down after attack
Userlevel 7
Badge +6

One of the nation’s largest library groups, the Boston Public Library system, was forced to temporarily shut down several their systems after a cyberattack. In other cyber security news, Illinois patients of the DuPage Medical Group could be facing a serious breach of their medial records resulting from a July cyberattack.

Bangkok Airways data leaked by LockBit group

Following a recent ransomware attack, Bangkok Airways has confirmed that their systems were compromised and some customer data was stolen. Unfortunately, their announcement was preceded by the LockBit ransomware group’s reveal of the stolen data on their leak site. It is believed that this attack as well as a recent attack on Ethiopian Airlines were both performed by the same group, who used the Accenture vulnerability to gain access to the affected airline’s systems.

Illinois medical data leak affects over 600k patients

The DuPage Medical Group (DMG) is contacting their collective 600,000 Illinois patients to inform them of a data breach that potentially leaked a significant amount of medical information. After the July cyberattack took forced the medical group to take several of their systems offline, the medical group has been busy investigating the unauthorized intrusion but only recently discovered the stolen data. DMG have offering credit and identify monitoring services to any affected patients, in hopes of catching any resulting fraud.

Marketo Group offers Fujitsu data for sale

At the end of August, the Marketo hacker group posted 4GB of data that they claim was stolen from the Fujitsu tech company. While the number of buyers for the data trove is unknown as it is privately posted, it does appear to have generated interest from other potential threat actors. Officials are investigating whether this data is connected to a cyberattack that Fujitsu suffered back in May, though no conclusions have been made.

Boston Public Library falls victim to cyberattack

The Boston Public Library revealed that their systems were forced offline due to a cyberattack affecting the entire network of one of the largest publicly available library databases. While there aren’t many details known about the attack itself, officials for the library have isolated the attack and kept the affected systems offline to avoid further harm. Fortunately, the IT staff has already been able to get some systems restored and will hopefully have the remaining systems back to normal functionality soon.

Data compromised on millions of gamers

Researchers discovered an unsecured Elasticsearch database containing over 134GB of information belonging to a Chinese games developer. This unsecured database could have exposed millions of users to potential fraud. Though nobody from the games developer, EskyFun Entertainment Network, responded to the researcher's initial contact, the database was promptly secured once the Hong Kong CERT organization was informed of the breach.


2 replies

Userlevel 7
Badge +25

I become more and more angry and more and more sad when I read these reports. But please continue to share them. While I appreciate companies like Webroot who try and protect people from this nonsense, my anger is toward companies and system operators who are not keeping up with potential threats, and also not checking their systems regularly for potential breach points and security holes.  I can understand why small companies might have a hard time keeping up, but Elasticsearch?   And I think we are just seeing the tip of the iceberg these days. :disappointed:

Userlevel 7
Badge +20

I become more and more angry and more and more sad when I read these reports. But please continue to share them. While I appreciate companies like Webroot who try and protect people from this nonsense, my anger is toward companies and system operators who are not keeping up with potential threats, and also not checking their systems regularly for potential breach points and security holes.  I can understand why small companies might have a hard time keeping up, but Elasticsearch?   And I think we are just seeing the tip of the iceberg these days. :disappointed:

I agree completely. Ever since the Equifax breach that happened years ago, I’ve been so on edge regarding companies not taking our data privacy seriously. This is what we get as a society without strong data privacy laws. 

Reply