January Cyber Roundup

A recent massive T-Mobile cybersecurity breach resulted in 37 million customers’ data being stolen

T-Mobile has once again fallen victim to a massive new cybersecurity breach, discovered on Jan. 5. The company has a history of hacks from recent years, for which it was fined hundreds of millions of dollars. Using weak API security, the attack caused the exposure of the personal data of more than 37 million customer accounts, which was apparently first accessed on or around Nov. 25. The stolen records include addresses, phone numbers and dates of birth.

Kovrr insights: cost of a similar incident

To get an understanding of the impact of such incidents, Kovrr’s cyber incidents database, which contains both threat intelligence and financial data on a vast collection of cyber incidents, includes details on many large-scale breaches. For example, in October 2022, REvil Ransomware attacked a private health insurance provider, compromising about 9.7 million customer records held by the company. Only the response cost of the attack exceeded 16 million USD.

‍

‍

A massive ransomware attack on Atlantic General Hospital causes many disruptions to their network

Atlantic General Hospital in Maryland suffered from outages and network disruptions after ransomware attack, as it reported on Jan 30. The interruptions caused a limited disruption in the routine of the hospital, which had to operate under downtime procedures. Certain services that are fully supported by the hospital network, such as the hospital out-patient walk-in lab, pulmonary function testing and outpatient imaging, had to be temporarily shut down while dealing with the attack.

Kovrr insights: Cyber Trends

In recent years, we can see the amount of ransomware attacks on the healthcare industry increase significantly, second only to the number of attacks on government-related services. As shown by Kovrr's cyber incident database, there was a 25.3% increase in the number of ransomware attacks on healthcare services between from 2021 to 2022.

‍

‍

LockBit ransomware attack partially disabled Ion Group services for 8 days

On the last day of January, LockBit ransomware group attacked financial software company Ion Group. The attack, Shutting down part of the company's network, left banks in US and Europe processing trades manually. LockBit warned stolen data will be released if the ransom isn’t paid. After eight days Ion paid the ransom, and gradually resumed its services.

Kovrr insights: average cost of a similar incidents

According to Kovrr’s Cyber Incidents Database, the average ransom paid in 2020-2022 by companies with revenue larger than 50 Million USD, is 750,000 USD. It would be reasonable to assume that Ion paid a ransom of around that amount.