April 24, 2023
On Monday, 24 April 2023, we discovered that some of our systems has been impacted by an encryption/ransomware attack. The perpetrator encrypted AMS servers, making them inaccessible.
The Cactus Blog leak site reported the attack on July 20.
September 9, 2023
One of the world’s largest manufacturers of magnet and nonferrous wire products, Rea Magnet Wire Company, Inc. suffered a ransomware attack.
On October 4, Rea, a privately held company, sent a letter out to its customers saying they suffered a ransomware attack on September 9. The company said in the letter:
“On September 9, 2023, the Company was victimized by a ransomware attack. Fortunately, the attack did not affect all of the Company’s internal systems, and, through the quick and thoughtful work of our IT team and our external partners and advisors, we were able to restore substantially all of our systems within days. At present, the Company is operating normally, and we do not expect that the attack will have a material effect on the business going forward.
“In the course of the ransomware attack, the perpetrators stole information from the Company’s systems that may have included your name, mailing address, email address, phone number, date of birth, and social security number and/or tax identification number.”
October 14, 2023
On October 14, 2023, Henry Schein determined that some of its manufacturing and distribution businesses had been the target of a cyberattack. In response, Henry Schein reported the incident to law enforcement and took steps to contain the incident, including taking down portions of its computer system. Henry Schein also enlisted the help of third-party cybersecurity and forensic information technology experts to determine if any confidential information stored on its computer network was subject to unauthorized access.
The company has not shared any other details on the cyberattack, but its brief description suggests that it may have involved ransomware.
October 10, 2023
Engineering and building material provider, Pleasanton, California-based Simpson Manufacturing Co. Inc., fell victim to a cyberattack Tuesday.
An 8-K disclosure filed with the Securities and Exchange Commission (SEC), the company said it experienced disruptions in its Information Technology area Tuesday and took some systems offline.
“On October 10, 2023, Simpson Manufacturing Co., Inc. experienced disruptions in its Information Technology (IT) infrastructure and applications resulting from a cybersecurity incident. After becoming aware of the malicious activity, the Company began taking steps to stop and remediate the activity, including taking certain systems offline. The Company is working diligently to respond to and address this issue. The incident has caused, and is expected to continue to cause, disruption to parts of the Company’s business operations.
October 1, 2023
Estes Express confirmed that its IT systems were the target of an ongoing cyberattack, but said terminals and drivers were still picking up and delivering freight while the IT infrastructure was out of action.
“We’re working as quickly as possible to resolve this issue and to return to business as usual,” the Richmond, Va.-based company wrote on X, the platform formerly known as Twitter, noting that it was “unable to share specific details at this time.”
The disruption caused by the cyberattack at Estes will tighten LTL capacity further, even though it is likely a short-term event.
August 1, 2023
Topgolf Callaway (Callaway) suffered a data breach at the start of August, which exposed the sensitive personal and account data of more than a million customers. This impacts customers of Callaway and its sub-brands Odyssey, Ogio, and Callaway Gold Preowned sites. According to the data breach notification, the incident affected 1,114,954 individuals in the United States.
Callaway has forced a password reset for all customer accounts to prevent unauthorized access.
September 5, 2023
McLaren Healthcare in Michigan reported outages affecting billing and electronic health record systems. According to the Detroit Free Press, McLaren had to shut down the computer network at 14 different facilities — a situation that got so bad that employees had to communicate through their personal phones. The Black Cat/AlphV ransomware gang claimed to have stolen 6 TB of data.
UPDATE: 13 November: McLaren reports Black Cat stole data on 2.2 million patients.
August 22, 2023
Bleepingcomputer reports there’s mounting evidence that Akira ransomware targets Cisco VPN (virtual private network) products as an attack vector to breach corporate networks, steal, and eventually encrypt data. Reportedly, Akira has been using compromised Cisco VPN accounts to breach corporate networks without needing to drop additional backdoors or set up persistence mechanisms that could give them away.
Cisco VPN solutions are widely adopted across many industries to provide secure, encrypted data transmission between users and corporate networks, typically used by remotely working employees.
May 25, 2023
Cyberattack at Augusta Utilities disabled electric readers for five weeks, causing customer bills to almost double. The readers are used to measure customer water usage. Separate parts inside the device were all affected during the cyber shutdown. There’s a backorder on water meters because of high demand during COVID. A total of 75,000 meters are installed in Richmond County. With 15 employees, each employee has to check 5000 meters.
On Sep 26, 4 months after the hack, local WRDW/WAGT reports that customers still claim inaccurate billing. Augusta says that 30% of the 75,000 water meters active in Richmond County still have to be read in person. The company is aware some meters may need to be replaced entirely. Since 2021, Augusta Utilities has been working on deciding a trial replacement model to replace all 75,000, it will take five years to complete replacing them all.
April 30, 2023
American Airlines and Southwest Airlines disclosed data breaches. The cause was the hack of Pilot Credentials, a third-party vendor that manages multiple airlines’ pilot applications and recruitment portals. Documents containing information provided by certain applicants in the pilot and cadet hiring process were stolen. American Airlines said the data breach affected 5745 pilots and applicants, while Southwest reported a total of 3009.