Cybercrime , Fraud Management & Cybercrime , Incident & Breach Response

Breach Roundup: Effects of ISP Ransomware Attack in Colombia

Also, Clorox Product Shortages; California Passes Data Broker Restrictions
Breach Roundup: Effects of ISP Ransomware Attack in Colombia
A view of Guatapé, Colombia (Image: Shutterstock)

Every week, Information Security Media Group rounds up cybersecurity incidents and breaches around the world. This week, Colombia grappled with the aftermath of a ransomware attack against IFX Networks, Clorox suffered product shortages, a glitch allowed T-Mobile users to access other users' data, California passed restrictions for data brokers and Finland seized a dark web marketplace.

See Also: Gartner Guide for Digital Forensics and Incident Response

Colombian Government Sites Hit in IFX Networks Cyberattack

Latin American internet service provider IFX Networks faces possible civil and criminal actions from the government of Colombia after a Sept. 12 ransomware attack against the company led to vast swaths of the government coming to a standstill online. The attack led the national court system to suspend some proceedings - although by Thursday the system had begun to resume normal functions, El Espectador reported.

Minister for Information Technology and Communications Mauricio Lizcano on Monday tweeted that he has ordered administrative actions against IFX Networks and is coordinating with government prosecutors over a civil action and "possibly a criminal case." Colombian President Gustavo Petro told reporters in New York on Sept. 18 that more than 50 state agencies and private companies had been affected by the attack, Reuters reported.

In a Thursday update on its website, Miami-based IFX said it had restored service to approximately 90% of customers. Hackers had attacked the VMware ESXi hypervisor on the ISP's virtual machines, the company also said.

Clorox Deals With Product Shortages

Household cleaning product maker Clorox Company is dealing with product shortages following an August cyberattack requiring extensive cleanup efforts (see: Breach Roundup: Raccoon Stealer Makes a Comeback).

A Monday regulatory filing reveals the hack caused disruptions to production, and the company did not expect to return to "normal automated order processing" until the week of Sept. 25.

Clorox, maker of eponymous bleach products as well as natural personal care Burt's Bees products and Hidden Valley Ranch - presumably through a different manufacturing process than bleach - said it has resorted to manual ordering and processing procedures. It recently began to "experience an elevated level of consumer product availability issues."

A return to full production will occur over time, Clorox said, adding that it cannot provide an estimate of how long the transition to full normality may take.

App Glitch Allows T-Mobile Users to Access Other Users' Info

Customers of leading U.S. telecom provider T-Mobile reported on social media outlets including Reddit that they could see another customer's information on the "Bill" and "More" tab. The exposed information included names, phone numbers, addresses, account balances, and partial credit card data, such as expiration dates and the last four digits. Some affected customers even reported seeing multiple individuals' sensitive data while logged into their own accounts.

T-Mobile told The Verge that the issue had been caused by a "technology update" and not a cyberattack. Information from fewer than 100 accounts was displayed to others, but a larger number of customers were able to access this data, the company said. T-Mobile has a history of data breaches and of being a target of hackers (see: T-Mobile Breached Again; Lapsus$ Behind the Attack).

Auckland Transport Hit by Medusa Ransomware Attack

The Medusa ransomware gang is demanding a $1 million extortion payment from Auckland Transport in New Zealand. The authority that oversees public ferries, buses and trains faced an outage starting Sept. 13 to its AT Hop electronic fare payment card. Existing auto top-ups worked with delays and ticket and top-up machines accepted only cash, the New Zealand Herald reported. The agency tweeted on Tuesday that the payment system would be fully back online by the end of the day.

Auckland Transport is unlikely to pay the ransom. "We have no interest in engaging with this illegal and malicious activity," AT CEO Dean Kimpton told the Herald on Tuesday. The Medusa ransomware gang has been active since 2021 but ramped up its activities this year including through an attention-grabbing May attack on the Minneapolis public school system.

California Passes New Restrictions for Data Brokers

The California statehouse on Sept. 14 approved legislation seeking to simplify the process for residents to remove their data from state-registered data brokers. While the existing California Consumer Privacy Act allows individual data removal requests, the Delete Act mandates a unified mechanism for data deletion requests across all data brokers.

If signed by California Gov. Gavin Newsom, the proposal will become effective in October 2026 and enable residents to keep deleting anything new acquired every 45 days.

Finland Seizes Dark Web Marketplace

Finnish law enforcement shut down Piilopuoti, a Finnish-language dark web marketplace specializing in illegal drug trade since May 2022. Operating on the encrypted Tor network, the site facilitated anonymous criminal activities, primarily drug trafficking. Authorities conducted a criminal investigation in collaboration with international partners from Germany and Lithuania, along with Europol and Eurojust.

Other Coverage From Last Week

With reporting from Information Security Media Group's Mihir Bagwe in Mumbai.


About the Author

Anviksha More

Anviksha More

Senior Subeditor, ISMG Global News Desk

More has seven years of experience in journalism, writing and editing. She previously worked with Janes Defense and the Bangalore Mirror.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.com, you agree to our use of cookies.