Toronto schools, a large credit union and Columbus Ohio – all hacked. Cyber Security Today for Tuesday, September 3, 2024

Share post:

Back to school? The largest school bord in Canada is hit with a data breach, The MoveIt breach from last year continues to claim victims and why has the City of Columbus tried to get a restraining order against a whistleblower who revealed that the City has been hacked?

Welcome to Cyber Security Today. I’m your host, Jim Love. With the holiday weekend, we are posting a Tuesday and Thursday edition this week. Our week in review will drop on Saturday morning as usual.


“The Toronto District School Board, Canada’s largest school board with 582 schools and about 235,000 students, has confirmed a data breach affecting student information. This breach stems from a ransomware attack discovered in June.

The compromised data, found in a technology testing environment separate from the board’s official networks, could include students’ names, school names, grades, TDSB email addresses, student numbers, and partial birthdates.

While the TDSB assures that the risk to students is low and no data has been found on the clear or dark web, the Lockbit ransomware gang has claimed responsibility for the attack. They’ve threatened to leak the stolen data if a ransom isn’t paid within two weeks.

The school board has taken immediate action, including isolating affected systems, enhancing security measures, and notifying law enforcement and privacy authorities.

This breach not only reminds of us the ongoing threat of ransomware attacks on educational institutions and other public institutions, but  and the importance of securing all environments, including testing ones.

Sources include: Security Affairs

The MoveIt breach from last year continues to claim claim victims. Listeners will remember that the popular file share utility was hacked last year by a group called CI0p and had an enormous number of victims – estimated at 2,700 organizations and 96 million individuals affected.

Unlike typical ransomware operations, that might contact companies or individuals directly , Cl0p chose to post hundreds of separate notices on their victim-shaming site, likely due to the massive scale of the attack.

It appears that, perhaps due to the volume they may have missed naming and shaming at least one victim.

The Texas Dow Employees Credit Union, or TDECU, has disclosed a data breach affecting over 500,000 individuals – more than its entire membership. The breach, linked to a vulnerability in Progress Software’s MoveIt file transfer system, went undetected for an astonishing 14 months.

While the ransomware gang Cl0p began exploiting the MoveIt vulnerability in May 2023, TDECU only discovered the breach on July 30, 2024. This is unusual given that Progress Software notified customers and issued a patch within days of the initial exploit.

The stolen data includes sensitive information such as full names, Social Security numbers, and financial account details. TDECU’s delayed discovery raises questions about their cybersecurity practices and monitoring systems.

TDECU has notified authorities and sent letters to all of the affected individuals. They are offering support to potential victims of the hack including credit monitoring.=

Sources include: Malwarebytes, American Banker

Over the weekend, we were contacted to make us aware that the City of Columbus, Ohio’s capital, fell victim to a ransomware attack by the Rhysida group. Initially, reports suggested 6.5 terabytes of data were potentially stolen, though systems weren’t encrypted. The city’s IT systems, including police dispatch centers, were taken offline as a precaution.

The writer pointed out that this breach had gone largely unreported due to it happening right around the time of the CrowdStrike issue.

Despite Mayor Ginther’s initial assurances of data safety, 3 terabytes of stolen data appeared on the dark web after the city refused to pay the ransom. A local cybersecurity expert’s analysis revealed sensitive information including employee payroll data, police officer details, criminal records, and even more sensitive information. According to another source, this also could have included the identities of undercover police, domestic violence victims and even child rape victims.

There are a lot of questions about how this happened and some possible criticism of the city. Our contact noted that incident raises critical questions about the city’s cybersecurity practices. Could Columbus still be running its own Microsoft Exchange servers in 2024? How could a city of this size lack proper network segmentation and security measures?

All valid questions. And there has been actions taken against the city. The local police department filed a class action lawsuit against the city for lack of transparency and data protection.

But here’s where the story gets into something that our contact was concerned about, the city has now filed for a restraining order against the cybersecurity expert who provided details to the local media about the incident.

There are differing stories about who did what and we don’t have “feet on the ground” to validate what happened. But the city is reporting that it’s not going after the whistleblower for embarrassing the city, but because he might be trying to give the information to others. The city didn’t provide any proof to support this.

The whistleblower, who goes by the handle Connor Goodwolf is making no comment and retaining a lawyer.

Here’s where we take issue. And I’ve gotten some criticism myself for editorializing since I took over the hosting, but with 40 years’ experience in IT, I think I’m qualified to have an opinion.

When I was in charge of editorial at the former IT World, we had a similar experience. We received a tip about a hack that had not yet been revealed. With that tip we were shown some information to prove that they the hack had occurred. That information was available on the dark web.

When we ran the story, the company had their lawyer issue a demand that we reveal everything we knew and destroy the data we had. If they’d asked nicely, we’d have destroyed the data. For us our only use of seeing the data was to ensure that we were accurate in our reporting.

This might not seem like much, but a threat of a legal action is taken seriously. While we had some insurance, we had to get our own lawyer and if this had gone to a lawsuit, it would have been costly both in time and resources, something any struggling publication would feel the impact of.

Despite this, we agreed to destroy the data, but not to reveal our source.

This time, it appears that it might be an individual that is targeted – perhaps one that has even less resources to deal with this than we had.

My question is this. If we truly value transparency, shouldn’t government departments, city, state, province or country – shouldn’t they be protecting whistleblowers? And at a time when many of the ways we find out about hacks are from individuals who feel that citizens and victims have a right to know, and a small number of security publications and blogs that try to inform us – it’s even more important that these voices be heard.

We thank the listener who brought this story and this issue to our attention.

That’s our show. Thanks for listening..

 

 

 

 

 

SUBSCRIBE NOW

Related articles

Apple’s delayed rollout disappoints: Hashtag Trending for Wednesday, Sept 11, 2024

Apple's Gradual AI Rollout Disappoints, Japan to Build World's First Zeta-Class Supercomputer, 1,000 Times Faster Than Current Leaders,...

Are AI enabled features worth a 300% increase in software price? Hashtag Trending for Wednesday, September 4, 2024

Governments are demanding information from tech firms at a growing rate, a study says that the Tik Tok...

You’re not crazy – your smart phone could be listening to you

If you have every heard someone say that they'd just had a conversation on their smart phone only...

Elon Musk vs Brazil : Hashtag Trending for September 3, 2024

Elon Musk takes on the Brazilian government, backup software provider Veeam provides an escape hatch for VMware and...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways