Back to top

Hacks, Attacks and Breaches: 3/24/2021 to 3/30/2021

Suzanne Gassman

Here’s the latest installment of the Hacks, Attacks and Breaches cybersecurity news update.

The Logically team provides top cyber security stories every week to keep you up to date on the latest news headlines on cybersecurity, hacking, computer security, ransomware and other cybersecurity threats.

United States – Hobby Lobby

Exploit: Misconfiguration
Hobby Lobby: Craft Supply Retailer

Risk to Small Business: Hobby Lobby made a blunder that was discovered this week. Researchers came across an Amazon Web Services (AWS) cloud database belonging to the controversial retailer that was misconfigured to be publicly accessible exposing 138GB of sensitive information.

How it Could Affect Your Business: Making simple, avoidable blunders like this does not fill your customers with confidence that you are taking information privacy seriously.

United States – CNA Financial

Exploit: Ransomware
CNA Financial: Insurer

Risk to Small Business: Major insurer CNA Financial has disclosed that it was the victim of a purported ransomware attack this week, causing significant network disruption. The company’s email systems have been offline and the underwriting and claims units have been stymied, likely due to systems becoming unavailable. CNA said that they were disconnecting systems for safety and working to restore operations.

How it Could Affect Your Business: Ransomware is the cause of many expensive disasters and they do not all involve data. Cybercriminals can also hold your business operations hostage.

United States – California State Controller

Exploit: Phishing
California State Controller: State Government Agency 

Risk to Small Business: A phishing attack last week gave attackers access to email and files at the California State Controller’s Office (SCO). The agency announced that attackers had access to the email records of an employee in its Unclaimed Property Division after the employee clicked a phishing link and then entered their email ID and password.

 How it Could Affect Your Business: Something as simple as one mishandled email can wreak havoc on your business. No matter how busy you are, training must be a priority to avoid this consequence.

United States – PDI Group

Exploit: Ransomware
PDI Group: Defense Contractor 

Risk to Small Business: US military contractor PDI Group has experienced a ransomware attack, with Babuk Locker claiming responsibility. the gang says that they have 700 GB of data they claim to have stolen from PDI’s internal network and they have made ransom demands after posting a sample to their site. PDI Group manufactures specialty trailers, dollies, and other transport tools for multiple military applications.

How it Could Affect Your Business: Failing to protect the secrets of your success like blueprints and formulas is a fast path to trouble when your competitors can download them from dark web sources.