UK Cyber Attacks & Data Breaches List - August 2022
Seven UK cyber attacks and data breaches
Two big stories this month, both of which sadly illustrate how cyber criminals have targeted critical infrastructure. Firstly Advanced were attacked by a ransomware gang taking out a key tool used by NHS 111 services, and secondly South Staffordshire Water were also subjected to a ransomware attack.
The attack on Advanced knocked out several of their products, crucially including Adastra which is used by 85% of NHS 111 services to log calls and give over the phone medical advice. The attack was so devastating it took Advanced nearly 3 weeks to bring its systems back online, during which time, according to The Register, NHS 111 call handlers had to resort to pen and paper.
South Staffordshire Water suffered a similar ransomware attack on its infrastructure, though they were quick to explain that critical water services were not impacted. This particular incident was shrouded in confusion when Clop, the ransomware gang, originally mistakenly announced they had hacked into Thames Water. This was soon cleared up however by a statement from Thames Water.
Both these cyber attacks demonstrate not only a willingness, but also a clear strategic objective of cyber criminals to deliberately and cynically target critical infrastructure, and is very much a wake up call to businesses and organisations delivering such critical services. Sadly these attacks are likely to be on the rise as this precedent continues to be set.
In August the seven data breaches and cyber attacks were in the following sectors:
- Health & social care
- Real estate
- Technology, communication & media
- Retail & wholesale trade
- Food, drink & accommodation
- Professional & technical services
02 Aug 2022
Housing association Bromford, who have tenants in Gloucestershire, has been the target of a cyber attack.
07 Aug 2022
A cyber attack on the NHS 111 system is thought to have been carried out by a gang of cyber criminals looking for ransom payments.
08 Aug 2022
Sheppard Robson refused to pay the ransom and reported the incident to the police.
We immediately took steps to limit the damage caused by the attack by disconnecting our systems from the internet and shutting down any systems still in operation.
12 Aug 2022
Cisco has confirmed a breach of its network, where the attacker used voice phishing to convince an employee to accept a malicious multifactor authentication (MFA) push.
15 Aug 2022
South Staffordshire PLC, the parent firm of South Staffs Water and Cambridge Water, has reassured its 1.6million UK customers that the cyber attack will not affect water supplies
19 Sep 2022
A Stoke-on-Trent car dealership which boasts more than 10,000 'satisfied customers' has been hit by a major cyber attack.
26 Aug 2022
DoorDash has confirmed that "a small percentage" of its customers and delivery drivers' information, including names, email and delivery addresses, phone numbers, and order and partial credit card details, were exposed as part of a broad phishing campaign dubbed Oktapus.
Bob Nicolson | Head of Consultancy