Security News Survey – June 28, 2019

This week, we look at more ransomware attacks on Florida towns, compromised city email accounts in Wisconsin, and a nine-year data breach in Delaware.

We’ve seen numerous U.S. cities suffer at the hands of cyber attackers during the first half of this year. This week, more cities have been grappling with serious security issues, suggesting that the trend we’ve seen in recent weeks will only continue to grow. Let’s take a look. 

Third Florida city falls victim to a cyber attack

The Village of Key Biscayne, a barrier island near Miami, confirmed this week that a security incident occurred on June 23, resulting in a cautionary shutdown of some city systems. The town’s systems were restored by Wednesday night, and an investigation into the attack is being conducted with the help of third-party forensic experts. 

Key Biscayne is the third Florida city to be affected by a security incident in the last few weeks. Earlier this month, Riviera Beach and Lake City both fell victim to ransomware attacks. Riviera Beach revealed last week that the city agreed to pay the hackers’ ransom demand of around $600,000, and Lake City followed suit this week, paying a $460,000 ransom in bitcoin to release the city’s data and computer systems. The Lake City attack featured a TripleThreat malware attack, which led to the shutdown of network systems and phones.

Wisconsin city discovers unauthorized access to city email accounts

Florida isn’t the only state with security problems this week. Sun Prairie, Wisconsin, discovered unauthorized access to email accounts of several city employees that lasted for around two months. These email accounts allowed access to confidential information, including account credentials, drivers’ licenses, bank information, Social Security numbers, and more. Sun Prairie officials are conducting an investigation to understand the scope of the breach, including what information was accessed during the two-month period between January 16 and March 6 of 2019. 

The city has not confirmed how the unauthorized access occurred but claims it will be updating its “security measures, policies, and procedures” in light of this event. 

Delaware insurance provider discovers nine-year data breach

Delaware-based dental and vision insurance provider Dominion National began notifying patients this week of a data breach that appears to have started almost nine years ago. According to reports, Dominion National discovered during a security investigation in April of this year that its servers were compromised in August of 2010. These servers are said to contain enrollment and demographic information, including names, addresses, dates of birth, Social Security numbers, bank information, and more. In an official statement, the company claims that there is “no evidence” that any of the information was actually accessed or misused. 

An estimated 95,000 patients were potentially impacted in the breach, and Dominion National is providing two years of credit monitoring and fraud protection services for those affected. The company also says it is boosting security measures, including implementing new monitoring and alerting software.