Australia's securities regulator says server hit by cyber security breach - Accellion

[swidup]

https://www.reuters.com/article/us-australia-cyber-asic/australias-securities-regulator-says-server-hit-by-cyber-security-breach-idUSKBN29U0S7

https://www.databreaches.net/fears-grow-data-hacked-from-reserve-bank-may-be-leaked-by-clop-ransomware-group/

[swidup]

https://www.theregister.com/2021/01/25/asic_accellion_breach/

https://toronto.ctvnews.ca/cyberattack-hits-vaccine-records-for-thousands-of-durham-region-children-ctv-news-investigation-1.5543525

[swidup]

Washington State auditor's office https://www.khq.com/news/washington-state-auditors-office-suffers-security-breach-seattle-times-reports/article_641dbe82-62ac-11eb-9063-a33a89824152.html

https://www.geekwire.com/2021/data-breach-exposes-1-6-million-washington-state-residents-filed-unemployment-claims-2020/ 1.6 million records

[swidup]

Goodwin Procter https://www.law.com/americanlawyer/2021/02/03/vendor-responsible-for-goodwin-breach-has-some-other-big-law-clients/

https://www.law.com/americanlawyer/2021/02/03/vendor-responsible-for-goodwin-breach-has-some-other-big-law-clients/

https://www.abajournal.com/news/article/goodwin-procter-reports-data-breach-due-to-hack-of-third-party-vendor

https://news.bloomberglaw.com/us-law-week/goodwin-procter-says-it-was-hit-by-data-breach-of-vendor

[swidup]

University of Colorado https://denver.cbslocal.com/2021/02/09/cu-cyberattack-personal-information-compromised-students-employees/

[swidup]

Singtel https://www.zdnet.com/article/singtel-hit-by-third-party-vendors-security-breach-customer-data-may-be-leaked/

[swidup]

QIMR Berghofer Medical Research Institute https://portswigger.net/daily-swig/australian-research-institute-confirms-likely-data-breach-after-third-party-accellion-hack

[swidup]

https://www.databreaches.net/accellions-data-breach-left-clients-in-tough-position-pay-extortion-to-criminals-or-have-their-data-dumped/ list of victims include:

By last night, this site could find data dumps by CLOP threat actors for a number of Accellion clients in addition to Jones Day. Not all of the following have issued statements or press releases confirming that their data had been stolen:

SingTel  had previously reported that the breach impacted 129,000 people, and a number of their clients and employees. They  received a ransom demand.
Fugro 
American Bureau of Shipping (Eagle.org)
Danaher.com

Other known victims have not (yet?) shown up on the dark web leak site. There has been some media coverage or statements by these entities, but so far, there has been no report that they received ransom demands and as of this morning, they do not appear on CLOP’s leak site.

Royal Bank of New Zealand
Allens law firm in Australia
Goodwin Procter law firm
The Australian Securities and Investments Commission (ASIC)
Washington State
University of Colorado
QIMR Berghofer

[swidup]

Kroger https://www.databreaches.net/kroger-reports-accellion-data-breach-affecting-pharmacy-records-associate-hr-data/

https://finance.yahoo.com/news/kroger-pharmacy-customer-data-impacted-165106034.html

And Kroger's other brands are also affected, including Dillons https://www2.ljworld.com/news/public-safety/2021/feb/19/medical-data-personal-data-targeted-as-part-of-hack-of-dillons-pharmacy-locations/

[swidup]

Mandiant said an unknown attacker that it is tracking as UNC2546 exploited four zero-day vulnerabilities in Accellion's File Transfer Appliance (FTA) sometime in mid-December 2020. The four vulnerabilities, all of which are now patched, are: CVE-2021-27101, CVE-2021-27102, CVE-2021-27103, and CVE-2021-27104. https://www.darkreading.com/attacks-breaches/accellion-data-breach-resulted-in-extortion-attempts-against-multiple-victims/d/d-id/1340226

[swidup]

Transport for NSW https://www.itnews.com.au/news/transport-for-nsw-data-stolen-in-accellion-breach-561396

NSW Health https://news.softpedia.com/news/nsw-health-confirms-data-breach-due-to-accellion-flaws-533148.shtml

[swidup]

Bombardier https://www.zdnet.com/article/airplane-maker-bombardier-data-posted-on-ransomware-leak-site-following-fta-hack/ data posted

[swidup]

accellion-fta-attack-mandiant-report-full.pdf Mandiant's final report

[swidup]

Qualys https://blog.qualys.com/vulnerabilities-research/2021/03/03/qualys-update-on-accellion-fta-security-incident?mkt_tok=Nzk3LUVOSS03NDIAAAF7mZPnKjzUmeOE09Edz3OhZSR1Uc5vm_fQJtNPvv3uYHqwGiNzJ2JCc237PKMqyZlB72W-t5KRq8TWDcsjsf-IJotyeRpfAGmpiWFQEJsN7zgJvLk

https://www.teiss.co.uk/qualys-victim-of-accellion-fta-vulnerability/

https://blog.qualys.com/vulnerabilities-research/2021/04/02/qualys-update-on-accellion-fta-security-incident

[swidup]

CSX https://www.freightwaves.com/news/csx-probes-security-incident-as-hackers-leak-data

[swidup]

Nova Scotia Health Employees' Pension Plan https://www.cbc.ca/news/canada/nova-scotia/nova-scotia-health-employees-pension-plan-security-breach-1.5939806

[swidup]

https://www.reuters.com/article/dataprivacy-accellion-latham/accellion-taps-latham-as-fallout-spreads-from-data-breach-idUSL2N2L31D5 and the class actions have begun.

[swidup]

Flagstar Bank https://www.zdnet.com/article/flagstar-bank-customer-data-breached-through-accellion-hack/

[swidup]

Trillium Community Health Plan https://www.databreaches.net/trillium-community-health-plan-members-impacted-by-accellion-breach/

Nova Scotia Health Employees’ Pension Plan (NSHEPP) https://www.databreaches.net/ca-personal-data-of-50000-n-s-health-care-workers-may-have-been-compromised-by-accellion-breach/

[swidup]

Southern Illinois University School of Medicine https://www.databreaches.net/southern-illinois-university-school-of-medicine-impacted-by-accellion-breach-notifies-patients/

[swidup]

Centene https://news.bloomberglaw.com/tech-and-telecom-law/centene-sues-accellion-over-personal-health-data-exposed-in-hack

https://healthitsecurity.com/news/accellion-breach-tally-for-centenes-subsidiaries-1.3m-patients-impacted

[swidup]

Arizona Complete Health https://www.beckershospitalreview.com/cybersecurity/ransomware-attack-exposes-27-000-arizona-health-plan-members-data-for-2-5-weeks.html

[swidup]

Shell https://www.computerweekly.com/news/252498363/Oil-giant-Shell-hit-through-Accellion-FTA-breach

Morgan Stanley https://news.softpedia.com/news/morgan-stanley-suffers-data-breach-following-accellion-fta-s-attack-533491.shtml

[swidup]

University of Colorado, Boulder and the University of Miami Data published https://edscoop.com/university-of-colorado-u-miami-ransomware-accellion/

https://news.yahoo.com/310-000-records-compromised-university-181145836.html

[swidup]

CalViva Health hit with data breach - Health Net Community Solutions, Inc http://sjvsun.com/news/health/calviva-health-hit-with-data-breach/

[swidup]

University of California https://ucnet.universityofcalifornia.edu/news/2021/03/uc-part-of-nationwide-cyber-attack.html UC Davis https://www.ucdavis.edu/news/uc-among-targets-nationwide-cyberattack UC Berkeley https://portswigger.net/daily-swig/uc-berkeley-confirms-data-breach-becomes-latest-victim-of-accellion-cyber-attack

[swidup]

Yeshiva University https://yucommentator.org/2021/04/hackers-steal-yu-students-and-employees-personal-information-in-accellion-security-breach/

[swidup]

Stanford School of Medicine https://www.mercurynews.com/2021/04/01/investigation-underway-into-stanford-personal-data-breach

Harvard Business School https://www.thecrimson.com/article/2021/4/2/experts-explain-hbs-data-breach/

[swidup]

RaceTrac Petroleum Inc. https://csnews.com/racetrac-shell-impacted-third-party-cybersecurity-incident

[swidup]

Trinity Health https://www.beckershospitalreview.com/cybersecurity/hackers-download-trinity-health-patients-phi-5-details.html

https://medcitynews.com/2021/04/500000-trinity-health-patients-affected-in-widespread-accellion-data-breach/ patient count

EvergreenHealth https://www.evergreenhealth.com/data-breach-notice

[swidup]

City of Toronto https://www.databreaches.net/toronto-hit-by-potential-cyber-breach-from-accellion-file-transfer-software/

[swidup]

Jones Day https://www.abajournal.com/news/article/jones-day-documents-hacked-in-vendor-breach-reveal-chicago-drone-program-details?

[swidup]

Accellion's Failure to Warn RBNZ of Security Flaws Led to Hack https://news.softpedia.com/news/accellion-s-failure-to-warn-rbnz-of-security-flaws-led-to-hack-533099.shtml

[swidup]

https://www.beckershospitalreview.com/cybersecurity/accellion-data-breach-victims-topple-3-47-million-10-hospital-healthcare-orgs-hit.html

Here are the organizations that have reported Accellion-related data breaches so far, ranked by the number of individuals affected:

Kroger Pharmacy: 1,474,284

Health Net: 1,236,902

Trinity Health (Livonia, Mich.): 586,869

California Health & Wellness: 80,138

Trillium Health Plan: 50,000

Arizona Complete Health: 27,390

CalViva: 15,287

Stanford Medicine (Palo Alto, Calif.): unknown

The University of Miami Health (Coral Gables, Fla.): unknown

Centene Corp. (parent company to other insurers): unknown

[swidup]

https://www.reuters.com/legal/litigation/accellion-reaches-81-mln-settlement-resolve-data-breach-litigation-2022-01-13/