Back to top

Hacks, Attacks and Breaches: 10/21/2020 to 10/27/2020

Suzanne Gassman

Here’s the latest installment of the Hacks, Attacks and Breaches cybersecurity news update.

The Logically team provides top cyber security stories every week to keep you up to date on the latest news headlines on cybersecurity, hacking, computer security, ransomware and other cybersecurity threats.

United States – Maxex

Exploit: Unsecured Database
MAXEX: Loan Trading

Risk to Small Business: Georgia-based home loan trader MAXEX had a data disaster this week as an estimated 9GB of data leaked from a suspected insecure server. Some of the data is from backend software development for its loan-trading platform. But a substantial portion included confidential banking documents, system login credentials, emails, the company’s data breach incident response policy, and cybersecurity readiness reports. The breach also exposed complete mortgage documentation for at least 23 individuals in New Jersey and Pennsylvania. The incident investigation is ongoing.

How it Could Affect Your Business: Sloppy security can mean that if you do have an incident like a data breach, you might not even know where to start looking for the cause, putting your business at risk for an expensive investigation in addition to a data disaster.

United States – Made in Oregon

Exploit: Unauthorized Database Access
Made in Oregon: Specialty Gift Retailer

Risk to Small Business: Customers of gift retailer Made in Oregon got a little something extra when they purchased their treats – a side order of fraud. For more than 6 months, cybercriminals gained access to its e-commerce site, stealing payment information for transactions that occurred between the first week of February 2020 and the last week of August 2020.

How it Could Affect Your Business: Information that is stolen in incidents like this often ends up on the Dark Web in a data dump or information market where it powers cybercrime for years to come.

United States – Pfizer

Exploit: Unsecured Database
Pfizer: Drugmaker

Risk to Small Business: In a monster week for pharma hacking, Pfizer leads the pack with a substantial data breach that it brought on itself. In a huge blunder, unsecured and unencrypted data containing logs, transcripts, and details of patient helpline conversations was leaked from a misconfigured Google Cloud storage bucket. The exposed data included detailed information regarding hundreds of conversations between Pfizer’s automated customer support software and patients using drugs including Lyrica, Chantix, Viagra, Ibrance, and Aromasin.

How it Could Affect Your Business: Leaving this kind of information laying around is a hacker’s dream, and a security nightmare for your business as not only the recovery costs but the regulatory penalties for exposing this kind of data adds up.

United States – City of Shafter

Exploit: Ransomware
City of Shafter: Municipal Government

Risk to Small Business: Cyberattacks against city governments and municipal services have been climbing worldwide, and Shafter, CA just joined the list after a ransomware attack took its systems offline for several days. The attack impaired the operations and delivery of city services, a common hallmark of recent municipal cybercrime.

How it Could Affect Your Business: Ransomware has been a menace to municipal governments large and small. Just last week, the Hackney Borough Council in London was rocked by ransomware, and the risk is growing for governments as incidents pile up.