UK Cyber Attacks & Data Breaches List - September 2022
Thirteen UK cyber attacks and data breaches
Well what a month! Not only were there 13 cyber attacks and data breaches in total, but amongst the victims were some pretty big names.
The Uber cyber attack stands out the most, for what appears to be its massive scale and ironically little impact. There seem to be some conflicting stories out there, with attribution either going to an 18 year old individual hacker or to the notorious LAPSUS$ hacking group. Reputedly the malicious actor accessed the company’s PAM (Privileged Access Management) system from where they were able to privileged access to a host of other systems, including Slack. Uber have said relatively little about the breach, but perhaps there will be more news to come……?
Rockstar Games, the makers of Grand Theft Auto, also came under cyber attack this month, with parts of the source code for GTA 6 being leaked online. Interestingly there were some rumours that this was also a LAPSUS$ attack, and also that Slack has been used as an attack vector, again a similarity shared with the Uber breach.
To round off a trio of interesting cyber attacks, Wintermute, a crytpo exchange, suffered a breach and loss of $160m of crytpto. According to the FBI between January and March this year $1.3 billion was lost in crypto heists, highlighting that market instability and rug pulls are not the only risks which need to be considered when investing in this space.
In September the thirteen data breaches and cyber attacks were in the following sectors:
- Financial services
- Food, drink & accommodation
- Health & social care
- Public sector, defence and government
- Technology, communication & media
- Transportation and logistics
06 Sep 2022
Leading hospitality company InterContinental Hotels Group PLC (also known as IHG Hotels & Resorts) says its information technology (IT) systems have been disrupted since yesterday after its network was breached.
06 Sep 2022
Go-Ahead, one of the UK’s biggest transport companies, has said it is managing a cyber-attack that has affected software used to schedule bus drivers and services.
08 Sep 2022
A leading PVC-U roofing products manufacturer and distributor has contacted current and former employees, including some in the West Midlands, to inform them that a cyber attack on the company has led to a substantial data breach.
08 Sep 2022
A Gloucestershire hospice has been hacked and patient details can't be accessed. This has resulted in the hospice team being unable to access electronic patient records for those on its waiting list.
13 Sep 2022
Hackers have injected malware in multiple extensions from FishPig, a vendor of Magento-WordPress integrations that count over 200,000 downloads.
15 Sep 2022
Newport City Council has been targeted by a cyber attack.
Council officers received an email on Thursday, September 15, notifying them of a ”major cyber incident”.
15 Sep 2022
A residential factoring company in Aberdeen has apologised after it accidentally attached the names and addresses of 180 homeowners to a group e-mail about dog fouling.
16 Sep 2022
Uber is tonight reeling from what looks like a substantial cybersecurity breach.
The food delivery and ride sharing disruptor has admitted that something is up, saying it is investigating the matter with the Feds.
17 Sep 2022
A cyberattack on Revolut has compromised the personal details of more than 50,000 people. The breach at the app-based payments company occurred last Sunday night after a Revolut employee was caught out by a phishing scam.
19 Sep 2022
Take-Two Interactive confirmed on Monday that its Rockstar Games subsidiary has been compromised and confidential data for Grand Theft Auto 6 has been stolen.
20 Sep 2022
Cryptocurrency market maker Wintermute says $160 million in digital assets have been stolen from it in a cyber-heist, though it assures customers that everything's fine.
27 Sep 2022
Fulcrum Utility Services Ltd - Sheffield-based multi-utility infrastructure and services provider - Says it has recently managed a cyber security incident, after detecting unauthorised activity on its network.
30 Sep 2022
The website of Britain's MI5 domestic spy service was briefly hit by a denial of service attack on Friday, the BBC reported.
Bob Nicolson | Head of Consultancy