UK Cyber Attacks & Data Breaches List - September 2022

Thirteen UK cyber attacks and data breaches

Well what a month! Not only were there 13 cyber attacks and data breaches in total, but amongst the victims were some pretty big names.

The Uber cyber attack stands out the most, for what appears to be its massive scale and ironically little impact. There seem to be some conflicting stories out there, with attribution either going to an 18 year old individual hacker or to the notorious LAPSUS$ hacking group.  Reputedly the malicious actor accessed the company’s PAM (Privileged Access Management) system from where they were able to privileged access to a host of other systems, including Slack.  Uber have said relatively little about the breach, but perhaps there will be more news to come……?

Rockstar Games, the makers of Grand Theft Auto, also came under cyber attack this month, with parts of the source code for GTA 6 being leaked online. Interestingly there were some rumours that this was also a LAPSUS$ attack, and also that Slack has been used as an attack vector, again a similarity shared with the Uber breach.

To round off a trio of interesting cyber attacks, Wintermute, a crytpo exchange, suffered a breach and loss of $160m of crytpto. According to the FBI between January and March this year $1.3 billion was lost in crypto heists, highlighting that market instability and rug pulls are not the only risks which need to be considered when investing in this space.

In September the thirteen data breaches and cyber attacks were in the following sectors:

  • Financial services
  • Food, drink & accommodation
  • Health & social care
  • Manufacturing
  • Public sector, defence and government
  • Technology, communication & media
  • Transportation and logistics
  • Utilities

If you would like to know more about how we collate this information, please follow this link.

Image for 2022 cyber attack on intercontinental hotel group UK

06 Sep 2022

Inter Continental Hotels Group cyberattack disrupts booking systems

Cyber Attacks - Ransomware

Leading hospitality company InterContinental Hotels Group PLC (also known as IHG Hotels & Resorts) says its information technology (IT) systems have been disrupted since yesterday after its network was breached.

Image for 2022 cyber attack on Go Ahead UK

06 Sep 2022

Major UK transport company Go-Ahead battles cyber-attack

Transportation and Logistics

Cyber Attacks - Hacking Incident

Go-Ahead, one of the UK’s biggest transport companies, has said it is managing a cyber-attack that has affected software used to schedule bus drivers and services.

Image for 2022 data breach on Euro cell UK

08 Sep 2022

Eurocell employee details exposed in major cyber attack

Manufacturing

Data Breaches

A leading PVC-U roofing products manufacturer and distributor has contacted current and former employees, including some in the West Midlands, to inform them that a cyber attack on the company has led to a substantial data breach.

Image for 2022 cyber attack on Gloucestershire hospice UK

08 Sep 2022

Hospice cyberattack leaves staff unable to access patient records

Health and Social Care

Cyber Attacks - Hacking Incident

A Gloucestershire hospice has been hacked and patient details can't be accessed. This has resulted in the hospice team being unable to access electronic patient records for those on its waiting list.

Image for 2022 data breach on Magento UK

13 Sep 2022

Hackers breach software vendor for Magento supply-chain attacks

Technology

Data Breaches

Hackers have injected malware in multiple extensions from FishPig, a vendor of Magento-WordPress integrations that count over 200,000 downloads.

Image for 2022 cyber attack on Newport city council UK

15 Sep 2022

Welsh city council hit by cyber attack

Government and Public Sector

Cyber Attacks - Hacking Incident

Newport City Council has been targeted by a cyber attack.
Council officers received an email on Thursday, September 15, notifying them of a ”major cyber incident”.

Image for 2022 data breach on Aberdeen factoring firm UK

15 Sep 2022

Aberdeen factoring firm apologises after data breach involving over 180 homeowners in countesswells

Financial Services

Data Breaches

A residential factoring company in Aberdeen has apologised after it accidentally attached the names and addresses of 180 homeowners to a group e-mail about dog fouling.

Image for 2022 cyber attack on UBER UK

16 Sep 2022

Uber reels from 'security incident' in which cloud systems seemingly hijacked

Transportation and Logistics

Cyber Attacks - Hacking Incident

Uber is tonight reeling from what looks like a substantial cybersecurity breach.

The food delivery and ride sharing disruptor has admitted that something is up, saying it is investigating the matter with the Feds.

Image for 2022 data breach on Revolut UK

17 Sep 2022

Revolut hit by ‘phishing’ cyberattack

Financial Services

Data Breaches

A cyberattack on Revolut has compromised the personal details of more than 50,000 people. The breach at the app-based payments company occurred last Sunday night after a Revolut employee was caught out by a phishing scam.

Image for 2022 data breach on grand theft auto 6 UK

19 Sep 2022

Grand Theft Auto 6 maker confirms source code, vids stolen in cyber-heist

Technology

Data Breaches

Take-Two Interactive confirmed on Monday that its Rockstar Games subsidiary has been compromised and confidential data for Grand Theft Auto 6 has been stolen.

Image for 2022 cyber attack on Wintermute UK

20 Sep 2022

Crypto biz Wintermute loses $160m in cyber-heist, tells us not to stress out

Financial Services

Cyber Attacks - Hacking Incident

Cryptocurrency market maker Wintermute says $160 million in digital assets have been stolen from it in a cyber-heist, though it assures customers that everything's fine.

Image for 2022 cyber attack on Fulcrum utility services ltd UK

27 Sep 2022

Fulcrum Utility Services hit by cyber attack but no data breached

Utilities

Cyber Attacks - Hacking Incident

Fulcrum Utility Services Ltd - Sheffield-based multi-utility infrastructure and services provider - Says it has recently managed a cyber security incident, after detecting unauthorised activity on its network.

Image for 2022 cyber attack on Britain MI5 UK

30 Sep 2022

UK's MI5 website briefly hit by denial of service attack - BBC

Government and Public Sector

Cyber Attacks - Denial of Service

The website of Britain's MI5 domestic spy service was briefly hit by a denial of service attack on Friday, the BBC reported.

Bob Nicolson

Published on

Bob Nicolson | Head of Consultancy

bob.nicolson@nicolsonbray.com