The Week in Breach:

United States – Electronic Arts Inc (EA)
Exploit: Hacking
Electronic Arts Inc (EA): Game Developer

Customers Impacted: Unknown
More Info:

Risk to Business: 1.355 = Extreme

Electronic Arts (EA) has announced that it is investigating a data breach. Cybercriminals stole valuable corporate data from the company, including game source code and related tools. Early reports noted that hackers had stolen source codes for the popular title “FIFA 21” and source code and tools for the Frostbite engine. Researchers estimate that 780 gigabytes of data were snatched then advertised for sale on underground hacking forums.

Individual Impact:  No sensitive personal or financial information has been declared compromised in this incident, and the investigation is ongoing.

United States – Edward Don
Exploit: Ransomware
Edward Don: Foodservice Distributor
Customers Impacted: Unknown
More Info:

Risk to Business: 1.816 = Severe

Foodservice equipment distributor Edward Don has been hit by a ransomware attack. The incident has disrupted their business operations, including their phone systems, network, and email. As a result, employees have been driven to using personal Gmail accounts to communicate with customers regarding urgent orders or fulfillment issues. The incident is under investigation, and full functionality was quickly restored.

Individual Impact: No sensitive personal or financial information has been declared compromised in this incident, and the investigation is ongoing.

United States – McDonald’s Corp
Exploit: Ransomware
McDonald’s Corp: Fast Food Chain
Customers Impacted: Unknown
More Info:

Risk to Business: 2.606 = Moderate

McDonald’s Corp. said hackers exposed US business information and some customer data in South Korea and Taiwan. The attackers accessed e-mails, phone numbers, and delivery addresses. The company reported that it had hired external consultants to investigate unauthorized activity on an internal security system, prompted by a specific incident in which the unauthorized access was cut off a week after it was identified. The announcement noted that the burger chain does not believe any customer payment data was stolen but cautioned that there might be employee data exposed.

Individual Impact: There has not yet been confirmation that sensitive personal or financial information has been compromised in this incident, but the investigation is ongoing.

United States – Intuit
Exploit: Account Takeover (ATO)
Intuit: Financial Software Developer
Customers Impacted: Unknown
More Info:

Risk to Business: 1.612 = Severe

Accounting software giant Intuit has notified customers that they have suffered a breach. The company warned users of TurboTax that their personal and financial information was accessed by attackers following what looks like a series of account takeover attacks. Intuit announced that the threat actors used credentials (usernames and passwords) obtained from “a non-Intuit source” to access the accounts

Individual Impact: 1.832 = Severe

Intuit notified potentially impacted clients by mail that information contained in a prior year’s tax return or current tax returns in progress including their name, Social Security number, address(es), date of birth, driver’s license number, and financial information (e.g., salary and deductions) and information of other individuals contained in the tax return may have been exposed.

United States – Sol Oriens
Exploit: Ransomware
Sol Oriens: Defense Contractor
Customers Impacted: Unknown
More Info:

Risk to Business:   2.337 = Severe

REvil has struck again, this time against a tiny but important target in the defense sector. Sol Oriens, which consults for the US Department of Energy’s National Nuclear Safety Administration, is a 50-person firm based in Albuquerque, New Mexico. Researchers noted finding Sol Oriens documents posted on the dark web, told CNBC that they include invoices for NNSA contracts, descriptions of research and development projects managed by defense and energy contractors dated as recently as 2021.

Individual Impact: No sensitive personal or financial information has been confirmed as compromised in this incident, although some sources are reporting that human resources data is in the mix.

United States – Volkswagen Group of America
Exploit: Third-Party Data Breach
Volkswagen Group of America: Automotive Manufacturer
Customers Impacted: 3.3 million
More Info:

Risk to Business: 1.825 = Severe

Volkswagen US has announced that it has suffered a data breach impacting millions of US customers and prospective customers. The car company released information saying that a data breach at a vendor has exposed data on more than 3.3 million buyers and prospective buyers in North America. An unauthorized third party obtained limited personal information about customers and interested buyers from a vendor that its Audi Volkswagen brands and some U.S. and Canadian dealers used for digital sales and marketing.

Individual Impact: 2.213 = Severe

The information was gathered for sales and marketing between 2014 and 2019 and was in an electronic file the vendor left unsecured. According to Volkswagen, the majority of people impacted had phone numbers and email addresses exposed, but some clients had their driver’s license information stolen as well. In some cases, information about a vehicle purchased, leased, or inquired about was also obtained. VW said 90,000 Audi customers and prospective buyers also had sensitive data impacted relating to purchase or lease eligibility. VW said it would offer free credit protection services to those individuals.

United States – New York City Law Department
Exploit: Ransomware
New York City Law Department: Municipal Government Agency
Customers Impacted: Unknown
More Info:

Individual Impact: No sensitive personal or financial information has been confirmed as compromised in this incident.

United States – Carter’s
Exploit: Third-Party Data Breach
Carter’s: Children’s Clothier
Customers Impacted: Unknown
More Info:

Risk to Business: 2.331 = Severe

In a new disclosure, baby clothing giant Carter’s admitted that it had suffered a data breach through a third-party data processor, exposing the personal data of hundreds of thousands of its customers over a multiyear period. The service provider, Linc, handled automation for online purposes. The Linc system was used to send customers shortened URLs containing everything from purchase details to tracking information without basic security protections.

Individual Impact: At this time, no sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing.

Cybersecurity News Risk Levels

1 - 1.5 =  Extreme Risk  |  1.51 – 2.49 =  Severe Risk |  2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.  

Leaving the office behind shouldn’t mean leaving behind your cybersecurity. That’s why we offer a comprehensive cybersecurity package for remote workers. Work securely and efficiently, from the comfort of your own home, with Sentry Roam.

Learn More

Want to receive a weekly email about data breaches? Sign up below!

placeholder   placeholder   placeholder

© 2021 Digital Agent, All Rights Reserved