top of page

November 2023 Round up

McLaren Health Care Data Breach (2.2 Million Individuals Affected):
  • McLaren Health Care, a Michigan-based healthcare delivery system, disclosed a data breach impacting around 2.2 million individuals.

  • Occurred between late July and August, the breach exposed sensitive information, including Social Security numbers, health insurance details, and medical records.

  • The BlackCat/ALPHV ransomware gang claimed responsibility, though McLaren has not confirmed any ransom payments. Read more

Toyota Financial Services Cyber Attack (Medusa Ransomware Group):
  • Toyota's European and African financial services department faced a cyber attack, leading to the temporary shutdown of systems.

  • The Medusa ransomware group claimed responsibility and demanded an $8 million ransom, threatening to release stolen data.

  • Vulnerabilities in Toyota's internet-accessible systems, particularly the "Citrix Bleed" vulnerability, were exploited by the attackers.

US Nuclear Energy Firm (Idaho National Laboratory) Data Breach:
  • The Idaho National Laboratory, part of the US Department of Energy, experienced a data breach exposing sensitive employee information.

  • An unnamed hacktivist group claimed responsibility, obtaining data such as dates of birth, email addresses, and Social Security numbers.

  • This breach highlights the potential national security consequences of cyber threats.

BlackCat/APLHV Ransomware Gang's Unusual Reporting to SEC:
  • The BlackCat/APLHV ransomware group reported one of its victims, MeridianLink, to the US Securities and Exchange Commission (SEC) for alleged non-compliance with cyber attack disclosure rules.

  • The gang breached MeridianLink's network, giving a 24-hour ransom ultimatum before reporting the incident to the SEC.

  • The incident raised questions about the applicability of cyber attack notification rules.

Canadian Government Data Exposure (Contractor Cyber Attack):
  • The Canadian Government faced a data breach involving contractors Brookfield Global Relocation Services and SIRVA Worldwide Relocation & Moving Services.

  • Sensitive information of an undisclosed number of employees, including Canadian Armed Forces and Royal Canadian Mounted Police personnel, was exposed.

  • The LockBit ransomware group claimed responsibility for breaching SIRVA's systems.

LockBit Ransomware Affiliates Exploiting Citrix Bleed Vulnerability:
  • Affiliates of the LockBit ransomware group were found actively exploiting the "Citrix Bleed" vulnerability.

  • This flaw in Citrix NetScaler appliances allows attackers to bypass password requirements and multifactor authentication, gaining unauthorized access.

General Electric Investigates Cyber Attack Claims:
  • General Electric (GE) is investigating claims of a cyber attack where a threat actor allegedly breached the company's development environment.

  • The actor, known as "IntelBroker," attempted to sell access to GE's development and software pipelines on a hacking forum.

  • GE is taking appropriate measures to investigate and safeguard its systems.


bottom of page