News Brief: Week's Top Breaches Stem from Third-Party Attacks
The challenges of enterprise cybersecurity are well-known, yet data breaches, third-party compromises, and other cyberattacks continue to wreak havoc. A recent survey by PwC found that "what worries organisations most is what they're least prepared for." The top five threats cited by respondents -- cloud-related threats, hack-and-leak operations, third-party breaches, connected device attacks, and ransomware -- also ranked among the top issues that security leaders claimed they felt the least prepared to address. History has proved that these concerns are justified, and this past week's news highlighted just how prevalent such issues are.
The following companies made headlines for data breaches, data leaks, and attacks:
ConnectWise Breach
ConnectWise disclosed a breach targeting customers of its ScreenConnect remote monitoring and management software. The company attributed the attack to a "sophisticated nation state actor." ConnectWise engaged Mandiant for forensic investigation and notified affected customers and law enforcement. ConnectWise said it implemented enhanced monitoring and hardening measures. Details remain limited about the attack scope and number of affected customers.
LexisNexis Risk Solutions Data Leak
LexisNexis Risk Solutions (LNRS) is facing a third-party data leak affecting more than 360,000 customers. The breach, which was discovered on April 1 but occurred on Dec. 25, 2024, involved an unauthorized individual accessing LNRS customer data from a third-party platform. Compromised data could include names, contact details, Social Security numbers, driver's license numbers, and birth dates.
LNRS' own networks were unaffected. The company notified law enforcement, launched an investigation, and is offering affected users free identity protection and credit monitoring for up to two years. No evidence of data misuse has been reported, and no threat group has claimed responsibility.
Victoria's Secret Security Incident
Victoria's Secret took its U.S. website offline following an unspecified "security incident," while its U.K. site remained operational and physical stores continued business as usual. The company said it implemented response protocols and engaged third-party experts to address the incident.
Online customer services, including online returns and customer care, were temporarily unavailable. No details about the nature, scope, timing, or potential data compromise have been provided.
Cellcom Network Offline Due to Cyberattack
Cellcom has nearly restored calling and texting services after a cyberattack forced it to take its network offline on May 14. The attack targeted a separate network area and left Wisconsin and Michigan customers' devices in SOS mode for nearly a week.
CEO Brighid Riordan confirmed that the company had notified the FBI and begun an investigation. She said there was no evidence that customer data was compromised, as the attack targeted a separate network area.
MathWorks, creator of Matlab and Simulink, disclosed a ransomware attack that began on May 18. The attack affected both customer-facing online applications and internal systems.
The company initially reported "an issue with multiple applications" and later revealed more affected services, including ThingSpeak, Cloud Center, and Matlab Mobile. By May 21, the company had restored single sign-on and MFA, but some authentication services remained degraded.
Adidas Data Breach
Adidas confirmed that it suffered a data breach through a third-party customer service provider. Affected data included contact information of customers who previously interacted with the company's help desk.
No passwords, credit cards, or other sensitive information were compromised, according to the company. However, Adidas said it was taking steps to investigate and mitigate the incident.
DragonForce MSP Threat
DragonForce, a relatively new threat actor in the criminal ecosystem, is gaining popularity due to its unique "customer-centric" model that enables affiliates to use their own branding while using DragonForce's infrastructure.
The threat actor targeted multiple managed service providers (MSPs) with critical SAP and Samsung flaws. Sophos warns MSPs to patch these vulnerabilities immediately to protect against the DragonForce threat.
Additional News Briefs
Cleo patches file transfer zero-day flaw under attack. AT&T loses 'nearly all' phone records in Snowflake breach. Learn more about how to manage risks related to third parties here: