Security News Survey – October 11, 2019

This week, we look at data breaches impacting a New Zealand primary health organization, TransUnion Canada, and one of Russia’s largest banks.

Happy National Cybersecurity Awareness Month (NSCAM), readers!

If you haven’t done so already, be sure to read our latest NCSAM blog discussing a major cybersecurity threat that’s of particular interest to us here on the Interset team: insider threats. In fact, the topic is one you’ll see make an appearance in today’s Security News Survey. Let’s jump right in. 

New Zealand health breach impacts one million patients

Approximately one million New Zealanders have been compromised in a massive data breach affecting Tū Ora Compass Health, one of the country’s primary health organizations (PHO). According to reports, the PHO notified authorities of a security incident in early August. Investigations quickly began and revealed that the organization suffered multiple cyberattacks dating back to 2016. An official statement from Tū Ora doesn’t share much definitive information in terms of those responsible, motives, or even whether or not patient access was indeed compromised. The organization is, however, obligated to “assume to worst,” which is why it has started breach notifications to its patients. Potentially compromised records date back to 2002 and could include patient names, dates of birth, National Health Index number, contact information, and some medical information, such as immunization records. 

As a response to this incident, Tū Ora has implemented new security measures, including the creation of a security operations center (SOC) to proactively monitor threats in real time. 

TransUnion Canada data breach compromises 37,000 consumers

Credit reporting agency TransUnion Canada has started notifying consumers about a security incident in which a malicious actor used stolen credentials belonging to CWB National Leasing, a Winnipeg-based financial institution, to access certain consumer credit information. According to the notification, TransUnion’s systems were not breached. Instead, it seems the hacker(s) had obtained certain consumer data (such as Social Insurance Numbers) from an unknown source and used this information to look up files on the portal in question. TransUnion keeps records of consumer names, dates of birth, addresses, credit and loan information, and repayment history. An estimated 37,000 individuals have been impacted by the breach.

TransUnion is offering affected consumers ID theft insurance and has terminated compromised credentials. 

Potential malicious insider steals data from a major Russian bank 

Sberbank, one of Russia’s largest financial institutions, has suffered a data breach that may be one of the country’s largest financial industry breaches on record. In a statement by the bank, at least 200 customers were confirmed to be affected. An investigation by a Russian newspaper, however, suggests that the 200 customer files are just a small sample of a database of around 60 million that an online seller is claiming to have access too. The seller is asking around $0.08 per entry. 

Both the bank and the newspaper, Kommersant, are pointing to a malicious insider as the source of the breach. According to the bank, it’s impossible to access the database from the outside due to the fact that it is isolated from external networks. An investigation is on-going and the bank has promised to reveal the results of its efforts once complete.