Cybercrime , Fraud Management & Cybercrime , Incident & Breach Response
Breach Roundup: Effects of ISP Ransomware Attack in Colombia
Also, Clorox Product Shortages; California Passes Data Broker RestrictionsEvery week, Information Security Media Group rounds up cybersecurity incidents and breaches around the world. This week, Colombia grappled with the aftermath of a ransomware attack against IFX Networks, Clorox suffered product shortages, a glitch allowed T-Mobile users to access other users' data, California passed restrictions for data brokers and Finland seized a dark web marketplace.
See Also: Gartner Guide for Digital Forensics and Incident Response
Colombian Government Sites Hit in IFX Networks Cyberattack
Latin American internet service provider IFX Networks faces possible civil and criminal actions from the government of Colombia after a Sept. 12 ransomware attack against the company led to vast swaths of the government coming to a standstill online. The attack led the national court system to
Minister for Information Technology and Communications Mauricio Lizcano on Monday tweeted that he has ordered administrative actions against IFX Networks and is coordinating with government prosecutors over a civil action and "possibly a criminal case." Colombian President Gustavo Petro told reporters in New York on Sept. 18 that more than 50 state agencies and private companies had been affected by the attack, Reuters reported.
In a Thursday update on its website, Miami-based IFX said it had restored service to approximately 90% of customers. Hackers had attacked the VMware ESXi hypervisor on the ISP's virtual machines, the company also said.
Clorox Deals With Product Shortages
Household cleaning product maker Clorox Company is dealing with product shortages following an August cyberattack requiring extensive cleanup efforts (see: Breach Roundup: Raccoon Stealer Makes a Comeback).
A Monday regulatory filing reveals the hack caused disruptions to production, and the company did not expect to return to "normal automated order processing" until the week of Sept. 25.
Clorox, maker of eponymous bleach products as well as natural personal care Burt's Bees products and Hidden Valley Ranch - presumably through a different manufacturing process than bleach - said it has resorted to manual ordering and processing procedures. It recently began to "experience an elevated level of consumer product availability issues."
A return to full production will occur over time, Clorox said, adding that it cannot provide an estimate of how long the transition to full normality may take.
App Glitch Allows T-Mobile Users to Access Other Users' Info
Customers of leading U.S. telecom provider T-Mobile reported on social media outlets including Reddit that they could see another customer's information on the "Bill" and "More" tab. The exposed information included names, phone numbers, addresses, account balances, and partial credit card data, such as expiration dates and the last four digits. Some affected customers even reported seeing multiple individuals' sensitive data while logged into their own accounts.
T-Mobile told The Verge that the issue had been caused by a "technology update" and not a cyberattack. Information from fewer than 100 accounts was displayed to others, but a larger number of customers were able to access this data, the company said. T-Mobile has a history of data breaches and of being a target of hackers (see: T-Mobile Breached Again; Lapsus$ Behind the Attack).
Auckland Transport Hit by Medusa Ransomware Attack
The Medusa ransomware gang is demanding a $1 million extortion payment from Auckland Transport in New Zealand. The authority that oversees public ferries, buses and trains faced an outage starting Sept. 13 to its AT Hop electronic fare payment card. Existing auto top-ups worked with delays and ticket and top-up machines accepted only cash, the New Zealand Herald reported. The agency tweeted on Tuesday that the payment system would be fully back online by the end of the day.
Auckland Transport is unlikely to pay the ransom. "We have no interest in engaging with this illegal and malicious activity," AT CEO Dean Kimpton told the Herald on Tuesday. The Medusa ransomware gang has been active since 2021 but ramped up its activities this year including through an attention-grabbing May attack on the Minneapolis public school system.
California Passes New Restrictions for Data Brokers
The California statehouse on Sept. 14 approved legislation seeking to simplify the process for residents to remove their data from state-registered data brokers. While the existing California Consumer Privacy Act allows individual data removal requests, the Delete Act mandates a unified mechanism for data deletion requests across all data brokers.
If signed by California Gov. Gavin Newsom, the proposal will become effective in October 2026 and enable residents to keep deleting anything new acquired every 45 days.
Finland Seizes Dark Web Marketplace
Finnish law enforcement shut down Piilopuoti, a Finnish-language dark web marketplace specializing in illegal drug trade since May 2022. Operating on the encrypted Tor network, the site facilitated anonymous criminal activities, primarily drug trafficking. Authorities conducted a criminal investigation in collaboration with international partners from Germany and Lithuania, along with Europol and Eurojust.
Other Coverage From Last Week
- UK Parliament Approves Online Safety Bill
- Financially Motivated Hacks by Chinese-Speaking Actors Surge
- Australian Law Firm Hack Affected 65 Government Agencies
With reporting from Information Security Media Group's Mihir Bagwe in Mumbai.