LockBit Ransomware Gang Offers an Apology and Free Decryptor to Children’s Hospital
Read also: Meta fined €390M over online privacy violations, CircleCI discloses a security breach, and more.
Thursday, January 5, 2023
LockBit apologizes for a ransomware attack
One of the most prolific ransomware groups LockBit has apologized for a mid-December cyber-attack on Toronto’s Hospital for Sick Children (SickKids Hospital), Canada’s largest pediatric medical center. The group has also provided the compromised facility with a free decryption key.
The Russian-speaking gang published a statement on its data leak site explaining that an affiliate responsible for the attack violated the group’s policy on targets, which prohibits to attack institutions where damage to the files could cause death. The offender was removed from LockBit’s affiliate program, the group said.
Meta fined €390 million in the latest EU privacy crackdown
The Irish Data Protection Commission (DPC) has fined Facebook and Instagram parent Meta a total of €390 million over its business practices that violate EU privacy rules.
The commission said that Meta breached its obligations in relation to transparency and practically forced users to “consent to the processing of their personal data for behavioural advertising and other personalised services.” Meta has three months to ensure that its current data processing operations are brought into compliance with the EU's General Data Protection Regulations (GDPR).
CircleCI urges users to rotate their CircleCI tokens after a security breach
CI/CD service provider CircleCI is urging all users to rotate secrets stored in CircleCI and review internal logs for any unauthorized access starting from December 21, 2022 through January 4, 2023. The warning comes after the company detected a security breach, which it is currently investigating.
The provider has not shared any details about the nature of the incident or when it happened, but said that it’s “confident that there are no unauthorized actors active in our systems.”
Just ahead of New Year's Eve, Slack disclosed a data breach where a threat actor stole some “Slack employee tokens” and gained access to its GitHub repositories. The company said that no compromised repositories contained customer data, means to access customer data, or Slack’s primary codebase.
Toyota India, Volvo reportedly suffer a data breach
Toyota Kirloskar Motor, Toyota's Indian unit, has suffered a data breach that may have exposed some customers’ personal information. The company said it was notified of the security incident by one of its service providers and that the relevant authorities were informed of the data breach. The auto maker didn’t say how many customers were affected.
In related news, a threat actor has announced on a hacker forum that they are selling what they claim to be data belonging to the Swedish auto giant Volvo obtained during a December 2022 ransomware attack. The dataset that reportedly contains sensitive information, including access to several of the company’s databases, WiFi points and logins, employee lists, and software keys, is being sold for a price of $2,500.
Volvo said it is conducting its own investigation into the alleged breach.
Rail giant Wabtec confirms a data breach after a ransomware attack
Wabtec Corporation, a provider of freight and transit rail equipment, has confirmed that hackers stole personal and sensitive information during a ransomware attack last year. The company said the attack affected branches in the United States, Canada, UK, and Brazil.
The incident was discovered in June 2022, but it appears that the company’s systems have been infected with malware since March 2022. The stolen data includes names, passport numbers, employee identification numbers, health service numbers, social insurance and Social Security numbers, medical information, financial data, usernames/passwords, biometric information. In August, the LockBit ransomware gang leaked some of the data stolen from Wabtec on their leak site.
What’s next:
- Follow ImmuniWeb on Twitter and LinkedIn
- Explore 20 use cases how ImmuniWeb can help
- Browse open positions to join our great Team
- See the benefits of our partner program
- Request a demo, quote or special price
- Subscribe to our newsletter
Application Security Weekly is a weekly review of the most important news and events in cybersecurity, privacy and compliance. We cover innovative cyber defense technologies, new hacking techniques, data breaches and evolving cyber law. 
