Late last week, ABN Amro Bank NV announced that unauthorized parties may have accessed the data of some of its clients after supplier AddComm was the victim of a ransom-ware attack this month.
AddComm, which distributes documents and tokens to clients and employees for ABN Amro, said in a statement that the hack took place between May 5 and May 17 and disrupted its services for a few days.
At this time, it is not clear what type of data was involved, and ABN Amro said it has no indication that the unauthorized parties have used the data of its clients and that the lender’s systems were not affected.
This comes in the same month that Banco Santander SA said that information of clients and staff managed by a third-party was accessed without authorization, and Deutsche Bank, Commerzbank and ING Groep were among dozens of companies to suffer from the MOVEit file transfer tool breach.
Meanwhile, the European Central Bank, which oversees lenders in the region, conducted a stress test to examine how banks respond to and recover from cyber attacks and observed the extensive use of outsourced functions as one of the main challenges impacting 88% of banks that claim they are at least partially reliant on service providers to operate their core banking system.
Dave Ratner, CEO, HYAS had this to say:
“The fact is that every exploit has to do one thing before it wreaks havoc: communicate with the threat actor controlling it. Identifying and thwarting that communication is the first, last and best chance an organization has to prevent an attack. Third-party breaches will continue to escalate and be a critical pain point for organizations of all sizes until true cyber resiliency implementations are put into effect and organizations have not just the operational internal visibility that they require, but also the capability to detect those telltale signs of a breach and imminent attack, early in the kill chain, and stop it before damage ensues.”
Emily Phelps, Director, Cyware:
“The recent ransomware attack underscores the critical need for proactive cybersecurity measures in the financial sector. To address these challenges, modernizing traditional SOCs into cyber fusion centers can enable real-time threat intelligence sharing and collaboration across institutions, fostering a collective defense approach. By integrating strategic AI-driven cybersecurity solutions, financial institutions can proactively detect and mitigate threats, ensuring the resilience and integrity of their operations.”
Third party attacks are a danger that every business needs to wrap their heads around. If they don’t, they’ll be the next victim through no fault of their own.
2.8 Million People Impacted By A Prescription Management Company Getting Pwned
Posted in Commentary with tags Hacked on May 29, 2024 by itnerdOn Friday, Sav-Rx, a prescription management company, filed a breach notification disclosing that it suffered a cyberattack in October 2023, compromising the personal data of over 2,812,336 people in the US.
A&A Services, operating as Sav-RX, is a company that provides prescription drug management services to employers, unions, and other organizations across the U.S.
The impact on its business operations was minimal, systems were restored in a day and prescriptions were shipped on time.
The data exposed included:
The breach notification revealed that the hackers first accessed customer data on October 3, 2023.
Sav-Rx stated that it took eight months to send out notices because their initial priority was minimizing interruption to patient care before launching the investigation on the impact of the incident.
In response to the incident, Sav-Rx is setting up a 24/7 security operations center, implementing MFA on critical accounts, network segmentation, enhanced geo-blocking, upgraded firewalls and switches, strengthened Linux security, and BitLocker encryption.
BullWall Executive, Carol Volk had this to say:
“While Sav-Rx managed to restore operations swiftly, the compromised data—ranging from full names and Social Security numbers to insurance ID numbers—highlights the grave risks posed to individuals’ personal information. The delayed breach notification, which took eight months, reflects the challenges organizations face in balancing immediate operational needs with comprehensive incident response.
“This incident is a stark reminder that cybersecurity cannot be an afterthought. Sav-Rx’s response, including the establishment of a 24/7 security operations center and implementation of multi-factor authentication, network segmentation, and advanced encryption, is commendable. However, these steps, including ransomware containment, should have been proactive measures rather than reactive responses.
“The healthcare sector must prioritize cybersecurity investments and adopt proactive strategies to protect patient data and critical infrastructure. The Sav-Rx breach emphasizes the importance of preparedness and the need for continuous vigilance to safeguard against future attacks.”
Dave Ratner, CEO, HYAS follows with this:
“The remediation and implementation plan being conducted post-breach is necessary and good — and if other organizations haven’t done this yet then they are behind — but unfortunately in today’s era it is not sufficient. Given the prolific onslaught of attacks, and the fact that criminals continue to evolve their techniques and attack vectors, everyone needs to include the implementation of cyber resiliency and Protective DNS in their 2024 security plans.”
Everything that this organization is doing now is too late to prevent the damage that is sure to come to those who are affected by this breach. Hopefully someone in Washington is going to call this company on the carpet to explain themselves in detail.
Leave a comment »