Weekly Cyber Threat Intelligence Summary

By /

Welcome to this week’s Cyber Threat Intelligence Summary, where we bring you the latest updates and insights on significant cyber threats. This edition covers an alleged data breach at Ticketmaster, a cyberattack on Synnovis affecting London hospitals, and a data breach disclosed by the BBC. The full reports are available to CYMON users. Request access here.

1. Ticketmaster Suffers Alleged Data Breach

An investigation has been launched into an alleged data breach affecting Ticketmaster. Australia’s Department of Homeland Affairs is collaborating with the company, and the FBI is also assisting in the investigation. Full report available for CYMON users here.

  • Key Takeaways:
    • An investigation has been launched into an alleged data breach affecting Ticketmaster. Australia’s Department of Homeland Affairs is working with the company to investigate claims of a breach, with the FBI offering assistance.
    • The claim was made on the English-language cybercriminal forum BreachForums, shortly after the site was restored following an alleged FBI takedown. Site administrator ShinyHunters posted a listing offering a leak of customer data for sale, which is priced at $500,000.
    • The poster claims that 560 million customers are exposed in the leak. The dataset allegedly contains hashed credit card information, full names, physical addresses, email addresses, phone numbers, and purchase history.

Latest Update – 06.06.2024:

  • Researchers have discovered another victim of the Snowflake data breach, being Advance Auto Parts.
  • The data breach, posted on an underground forum; contains 3TB of data from the company, by a threat actor known as @Sp1d3r.
  • According to the threat actor, the data being sold includes:
    • Customer Profiles
    • Customer Order Info
    • Loyalty Numbers
    • Auto-parts
    • Sales History
    • Employee Info
    • Transaction Details
  •  Researchers have confirmed that a number of the customer records are legitimate.

2. Synnovis Hit by Cyberattack Resulting in Operational Disruptions at Hospitals

Two major London hospitals, Guy’s and St Thomas’ and King’s College, have cancelled all non-emergency operations and blood tests following a cyberattack on their IT provider, Synnovis. Full report available for CYMON users here.

  • Key Takeaways:
    • Two London hospitals, Guy’s and St Thomas’ and King’s College, have cancelled all non-emergency operations and blood tests following a cyberattack affecting IT provider Synnovis.
    • Synnovis supplies the system for all pathology services at the two hospitals, as well as others across six London boroughs.
    • Staff have been told to prioritise urgent and emergency result requests, such as those for patients needing blood transfusions. Trauma cases at King’s College are being transferred to other sites.
    • Synnovis has stated the its IT systems have suffered a malware attack, which is affecting its services, and would result in delays in patient results. It is unclear how long the issue will last.

Latest Update – 05.06.2024:

  • Synnovis has now released an official statement regarding this incident, confirming it to be a ransomware attack that has impacted all of its IT systems.
  • While Synnovis has not disclosed which ransomware group is responsible for the attack, there has been speculation that suggests the Qilin ransomware group is responsible.

3. BBC Discloses Data Breach

The British Broadcasting Corporation (BBC) has disclosed a data breach involving unauthorised access to its Pension Scheme cloud-based storage service. Full report available for CYMON users here.

  • Key Takeaways:
    • News and media organisation the British Broadcasting Corporation (BBC) has disclosed a data breach following unauthorised access to its Pension Scheme cloud-based storage service.
    • Information exfiltrated reportedly affects 25,000 current and former BBC employees, and includes names, National Insurance numbers, dates of birth, and home addresses. The incident took place on 21 May 2024.
    • The BBC states specifically that no telephone numbers, email addresses, bank details, financial information, usernames, or passwords were stolen as part of this incident. 
    • It further states that its myPension Online member portal and myPensionID services were unaffected. Individuals affected by this will be contacted via email or post where applicable. 

Discover the strategic and tactical insights, plus expert analyst comments

Stay ahead of cyber threats with our comprehensive threat intelligence reports. Request a demo today to access these invaluable insights and enhance your cybersecurity posture.

Start Monitoring
Scroll to Top