United States

Cold storage and logistics company, Americold, is continuing to have issues ever since its network attack last week.
The company said it contained the attack, which occurred April 25, and is now investigating the incident which affected operations per customer and employee reports. It also estimated its systems will be down into this week.
In an 8-K report to the Security and Exchange Commission (SEC), Atlanta, Georgia-based Americold reported:
“On April 26, 2023, Americold Realty Trust, Inc. (the “Company”) began to receive evidence that its computer network was affected by a cybersecurity incident. The Company immediately implemented containment measures and took operations offline to secure its systems and reduce disruption to its business and customers. The Company has launched a review of the nature and scope of the incident, is working closely with cybersecurity experts and legal counsel, and has reported the matter to law enforcement. The Company is taking action to resume normal operations at impacted facilities so that it can continue to support customers.”

Global food distributor, Sysco fell victim to a “cybersecurity event” at the beginning of the new year where the attacker gain information on workers and the company.
Sysco said in a 10-Q report, “on March 5, 2023, Sysco became aware of a cybersecurity event perpetrated by a threat actor believed to have begun on January 14, 2023. Immediately upon detection, Sysco initiated an investigation, with the assistance of cybersecurity and forensics professionals.
“The investigation determined that the threat actor extracted certain company data, including data relating to operation of the business, customers, employees and personal data. This data extraction has not impacted Sysco’s operational systems and related business functions, and its service to customers continued uninterrupted."
The incident affected 126,243 people. It took the company just under two months to discover the breach. They notified victims earlier this month. In essence from breach to notifying victim, it took the company almost five months.

The Philadelphia Inquirer was hit with a cyberattack that resulted in significant disruptions to its operations. It was unable to print its Sunday paper on May 14, and it had to scramble to restore several systems. The paper closed its office through Tuesday and the newspaper is working with “third-party forensic specialists from Kroll to restore systems and fully investigate the matter,” according to the emailed statement.

With the timing of the attack right before the city’s mayoral primary election, political motivation is a possibility. The Philadelphia Inquirer has not made any ransom demands public, nor is it clear if the information of employees or customers has been compromised, according to The Philadelphia Inquirer coverage.

Stiles Machinery has detected a cyber-attack on its IT systems. The Grand Rapids-based equipment supplier announced that it had detected the attack and shut down its systems to protect its system.

The company issued a statement: "Out of an abundance of caution, we have decided to completely shut down our systems while we investigate the situation further. The security and data of our customers and business partners are one of our highest priorities. Currently, we have no indication of any data loss. We are working to restore operations to full functionality as soon as possible."

The City of Dallas, Texas, has suffered a Royal ransomware attack, causing it to shut down some of its IT systems to prevent the attack's spread. Local media reported that the City's police communications and IT systems were shut down Monday morning due to a suspected ransomware attack. This has led to 911 dispatchers having to write down received reports for officers rather than submit them via the computer-assisted dispatch system. The Dallas County Police Department's website was offline for part of the day due to the security incident.

"Wednesday morning, the City’s security monitoring tools notified our Security Operations Center (SOC) that a likely ransomware attack had been launched within our environment. Subsequently, the City has confirmed that a number of servers have been compromised with ransomware, impacting several functional areas, including the Dallas Police Department Website," explained a media statement from the City of Dallas. "The City is currently working to assess the complete impact, but at this time, the impact on the delivery of City services to its residents is limited. Should a resident experience a problem with a particular City service, they should contact 311. For emergencies, they should contact 911."

BleepingComputer has also confirmed that the City's court system canceled all jury trials and jury duty from May 2nd into today, as their IT systems are not operational. Dallas is the ninth largest city in the United States, with a population of approximately 2.6 million people.

U.S. wireless carrier T-Mobile said an unidentified malicious intruder breached its network in late November and stole data on 37 million customers, including addresses, phone numbers and dates of birth.

T-Mobile said in a filing with the U.S. Securities and Exchange Commission that the breach was discovered Jan. 5. It said the data exposed to theft — based on its investigation to date — did not include passwords or PINs, bank account or credit card information, Social Security numbers or other government IDs.

"Our investigation is still ongoing, but the malicious activity appears to be fully contained at this time," T-Mobile said, with no evidence the intruder was able to breach the company's network. It said the data was first accessed on or around Nov. 25.

T-Mobile, based in Bellevue, Washington, became one of the country's largest cellphone service carriers in 2020 after buying rival Sprint. It reported having more than 102 million customers after the merger.

While it may seem like a small attack, T-Mobile disclosed its second data breach this year after the company found attackers accessed personal information of over 800 customers in late February.
The first breach, which the company discovered in early January, hit 37 million customers. This attack affected 836 customers, according to a notification to the Maine Attorney General’s office.
The breach occurred between Feb. 24 and March 30, according to the notification. The Bellvue, Washington-based T-Mobile said it discovered the issue March 27. The information the attackers acquired entailed name and driver’s license number or non-driver identification card number.

NCR is suffering an outage on its Aloha point of sale (PoS) platform after being hit by an ransomware attack claimed by the BlackCat/ALPHV gang.
NCR provides digital banking, PoS point of sale system, and payment processing solutions for restaurants, businesses, and retailers
On Friday, NCR released a statement saying: “On April 13, NCR determined that a single data center outage that is impacting some functionality for a subset of its commerce customers was caused by a cyber ransomware incident. Upon such determination, NCR immediately started contacting customers, enacted its cybersecurity protocol and engaged outside experts to contain the incident and begin the recovery process. The investigation into the incident includes NCR experts, external forensic cybersecurity experts and federal law enforcement.

Sargent & Lundy, a Chicago-based construction and engineering firm fell victim to a Black Basta ransomware attack. The hack exposed information of over 6,900 individuals belonging to multiple electric utility companies. The organization works as a US government contractor handling critical infrastructure projects across the country.

The firm also handles nuclear security issues, working alongside the departments of Defense, Energy, and other agencies. Federal officials closely monitored the potential broader impact on the US power sector, though it is being reported that no other power-sector firms were involved.

A cyber hack forced the Central Ohio Transit Authority (COTA) to shut down its computer network. Officials shut down its network, removed it from the internet and hired Surefire Cyber to collect and analyze data and logs from 590 COTA operating systems. COTA continued operating all transit services during the IT network outage. For weeks, riders didn't have Wi-Fi access and buses couldn't track real-time transit information or plan trips. All operations have since returned to normal.

There is no indication that "personally identifiable information was accessed" and that "there are no active, ongoing cyber-security threats within our systems," said Sophia Mohr, COTA's chief innovation and technical officer.