Security News

Battery maker VARTA AG announced yesterday that it was targeted by a cyberattack that forced it to shut down IT systems, causing production to stop at its plants.VARTA is a German manufacturer of batteries for the automotive, consumer, and industrial sectors, partially owned by Energizer Holdings.

UK utilities giant Southern Water admits between 5 and 10 percent of its customers have had their data stolen during a January cyberattack. In a letter sent to customers already, seen by El Reg, Southern Water said names, dates of birth, national insurance numbers, bank account numbers, sort codes, and payment reference numbers may have been stolen.

Prudential Financial has disclosed that its network was breached last week, with the attackers stealing employee and contractor data before being blocked from compromised systems one day later. "As of the date of this Report, we believe that the threat actor, who we suspect to be a cybercrime group, accessed Company administrative and user data from certain information technology systems and a small percentage of Company user accounts associated with employees and contractors," Prudential said.

The Information Technology Industry Council, which represents a laundry list of heavy hitters, expressed dissatisfaction over the proposed reporting rules, describing them as adding "Another hue of color to the kaleidoscope of incident reporting regimes" being passed by the US federal government of late. ITIC said the eight-hour reporting requirement was "Unduly burdensome and inconsistent" with other reporting rules, adding that the 72-hour update period "Does not reflect the shifting urgency throughout an incident response."

The US government today confirmed that China's Volt Typhoon crew comprised "Multiple" critical infrastructure org's IT networks, and warned that the state-sponored hackers are readying "Disruptive or destructive cyberattacks" against these targets. "Volt Typhoon's choice of targets and pattern of behavior is not consistent with traditional cyber espionage or intelligence gathering operations, and the US authoring agencies assess with high confidence that Volt Typhoon actors are pre-positioning themselves on IT networks to enable lateral movement to OT assets to disrupt functions," the 12 government agencies warned.

Lurie Children's Hospital said it pulled network systems offline as it continues to respond to "a cybersecurity matter" alongside outside experts and law enforcement agencies. "Lurie Children's Hospital said in a statement:"As Illinois' leading provider for pediatric care, our overarching priority is to continue providing safe, quality care to our patients and the communities we serve.

Clorox has confirmed that a September 2023 cyberattack has so far cost the company $49 million in expenses related to the response to the incident. On August 11th, Clorox suffered a cyberattack that caused significant disruption in the company's operation, leading to lowered production and decreased availability of consumer products.

Lurie Children's Hospital in Chicago was forced to take IT systems offline after a cyberattack, disrupting normal operations and delaying medical care in some instances. Lurie Children's is a Chicago-based pediatric acute care hospital with 360 beds, 1,665 physicians covering 70 sub-specialties, and 4,000 medical staff and employees.

Enforcing a password policy that helps end-users create stronger passwords and blocks the use of weak and common phrases will make it more difficult for hackers. Specops data shows that 83% of compromised passwords satisfied both length and complexity requirements of regulatory password standards.

Keenan & Associates is sending notices of a data breach to 1.5 million customers, warning that hackers accessed their personal information in a recent cyberattack.Since 2017, it has been part of AssuredPartners NL, one of the largest brokerage firms in the U.S. The company submitted a notification to the Office of the Maine Attorney General, warning that 1,509,616 people were impacted by a data breach incident that occurred in the summer of 2023.