It’s been a busy month for cybercrime with a range of organisations and industries targeted by cyber gangs. The NHS has once again fallen victim and the Ministry of Defence has also been hitting the headlines after a significant data breach.
Here’s the latest on this month’s cybersecurity breaches and attacks …
Ministry of Defence data breach
Earlier this month, headlines appeared detailing a significant data breach at the Ministry of Defence (MoD). The breach is said to have compromised the personal information of an unknown number of UK military personnel by targeting a payroll system used by the MoD.
It’s said the breach exposed the names and bank details of current and former armed forces members and the breached system contained data about Royal Navy, Army, and Royal Air Force personnel over several years. Although the breach is significant, it is said that no operational MoD data was compromised. The MoD took immediate action, taking the system offline and have initiated investigations into the incident.
Affected individuals are being informed and provided with support, and the Defence Secretary Grant Shapps, is set to outline a ‘multi-point plan’ to protect affected personnel. The identity and intent of the hackers has not been announced but the incident highlights the increasing threats to the UK from hostile states and third parties.
NHS ransomware attack
NHS Dumfries and Galloway have confirmed that criminals have published children's mental health data following a ransomware attack.
The attack targeted the provider earlier this year, resulting in a large volume of patient data being posted on the dark web. Chief Executive, Julie White, has described the breach as unprecedented, with the number of affected individuals potentially in the thousands. The stolen data includes sensitive information about children's mental health and will affect many patients and staff.
National agencies, including the Scottish government, police, and the National Cyber Security Centre, are assessing the extent of the published data. The attack has raised concerns about the lack of communication from the NHS and about the safety of online services.
South of Scotland MSP, Colin Smyth, highlighted the anxiety this could cause to patients and staff, urging the NHS to contact those affected. The Scottish government is said to be working with various agencies to support NHS Dumfries and Galloway, and a dedicated telephone helpline has been set up for public enquiries.
Decathlon employee emails stolen
On May 27th, Decathlon's cybersecurity teams in Spain discovered email addresses belonging to Spanish employees were being offered for sale online by a threat actor named "888."
The data is said to only include employee emails, with no passwords or other data compromised. Decathlon confirmed that no customer data was impacted. Decathlon could face substantial legal and financial repercussions, although the immediate risks do seem limited to employee email addresses.
Christies – 500,000 customers data breach
RansomHub hacking group have claimed responsibility for a cyberattack on the auction house, Christies’, website, allegedly gaining possession of ‘sensitive personal information’ of Christies’ clients and threatening to release it.
The group claims to have data on at least 500,000 customers, including full names, document numbers, nationalities, and dates of birth. RansomHub have attempted to negotiate with Christies but stated that communication was stopped.
Christies have confirmed the unauthorised access to parts of its network, involving a limited amount of personal data of certain clients, but no financial or transactional records were compromised. Occurring on May 9th, the attack disrupted Christies’ website just before the spring auction season. Christies is said to be informing privacy regulators, government agencies, and affected clients about the breach.
Ticketmaster held to ransom
Ticket sales and distribution company, Ticketmaster, has reportedly been subjected to a cyber-attack, exposing the names, addresses, phone numbers, and partial payment details of 560 million customers.
The ShinyHunters hacking group who have claimed the attack is said to be demanding around £400,000 in ransom. Authorities in Australia and the US are working with Ticketmaster to understand and respond to the incident.
CYBERUK 2024 - NCSC support
As we know, cybercrime isn’t going anywhere and it’s the responsibility of organisations to work together, learn and tackle the ongoing threats to our businesses and critical infrastructures.
Published this month, the National Cyber Security Centre (NCSC) has launched a new cyber defence service designed to provide free support for individuals at higher risk of cyber threats, such as political candidates and election officials.
Announced at CYBERUK 2024, the service aims to prevent spear-phishing, malware attacks, and other cyber threats during a major election year. This opt-in service is part of a broader cyber support package for individuals and organisations ahead of the next general election. The launch follows recent government announcements about Russian Intelligence Services and China state-affiliated actors targeting UK institutions and individuals, including parliamentarians.
The NCSC’s new services build on the Protective DNS service, which has been protecting public sector users since 2017, handling over 2.5 trillion site requests and blocking 1.5 million malicious domains.
High-risk individuals are encouraged to sign up for the Account Registration service.
NCSC CEO, Felicity Oswald
The focus of CYBERUK is on establishing partnerships to collectively defend against cyber threats and improve national and individual sector cyber resilience. NCSC CEO, Felicity Oswald, delivered the CYBERUK keynote speech focusing on just this, from the importance of sharing intelligence, innovations and solutions to mutual challenges.
Felicity’s speech underscored the importance of collaboration between allies, governments, and industries to enhance cyber resilience, with initiatives like the Cyber Resilience Audit scheme and NCSC’s Cyber Assessment Framework playing important roles.
On-going cybersecurity
Every breach highlights the importance for all organisations, especially high-profile ones, to strengthen their cyber defences against growing threats.
At Brigantia, we work with our partners, helping them provide their clients with the latest information and cybersecurity products to keep businesses secure.
Get in touch to find out more.