21 February 2020

IRM Weekly Cybersecurity Roundup: MGM Resorts data breach and more

Want the IRM weekly cybersecurity roundup sent straight to your inbox? Sign up to our newsletter.

MGM Resorts data breach exposed guest information

MGM Resorts Data Breach

The suspected MGM Resorts data breach from 2019 has been confirmed, with 10.6 million people affected.

Most famous for their resorts in Las Vegas, the company’s assets include the Bellagio and Mandalay Bay. The MGM Resorts data breach was acknowledged on Wednesday 19th February but they refused to confirm the 10.6 million number which researchers have since disclosed.

High-profile guests from MGM properties including Twitter’s Chief Executive Jack Dorsey and singer Justin Bieber are said to be among those affected. Information exposed includes phone numbers and addresses alongside more sensitive data such as passports and drivers licenses.

You can read more here.

Russia blamed for Georgia cyber-attack

The ‘Sandworm’ Russian intelligence unit has been blamed by UK and US security services for the cyber-attack on Georgia last October.

The cyber-attack took down Georgia’s national broadcasters and websites. The attack was described as “reckless and brazen” by the country’s Foreign Secretary.

Representatives of Georgia publicly came forward on Thursday to blame Russia, which has been quickly supported by the UK and the US, with more likely to follow.

You can read more here.

Quarantined Coronavirus residents’ data leaked

Two phones containing information on Coronavirus victims have gone missing in Hong Kong, leading to data leak concerns.

The phone were being used in Hong Kong by the Customs and Excise Department Headquarters. 122 people’s numbers, names, locations and photos are contained on the phones, which were being used to monitor the people with Coronavirus.

The phones are password-protected with information encrypted, but information security has been stepped up since to ensure similar incidents do not reoccur.

You can read more here.

Gas facility shut-down by ransomware attack

Gas Facility

The identify of a gas compression facility has been kept undisclosed after the Cybersecurity and Infrastructure Agency (CISA) has responded to a ransomware attack in the US.

It’s also unknown exactly where the cyber-attack took place, but it has been confirmed that the attacker was able to go from the facilities IT network onto the operational technology network when an employee clicked on a malicious email link.

Once the attacker gained access to the system, they deployed data-encrypting ransomware on both networks. Not being able to access the systems has led to loss of availability on human machine interfaces, data historians and polling services.

It’s said that the victim’s emergency response plan did not consider cyber-attacks, it only considered physical safety. After assessing the damage from the cyber-attack, the company decided to implement a “deliberate and controlled shutdown” for two days.

This decision led to other locations having to halt operations due to pipeline transmission dependencies.

You can read more here.

Quick-fire Updates

Watchdog probe launched: after Redcar council’s online services are still not up and running a week after its systems were crippled by ransomware. Read more here.

Personal data of almost 150k Canadians breached by Federal Government: Over the past two years, new figures show that at least 144,000 Canadians have had their PII mishandled by federal departments and agencies. Read more here.