Mercer University, a private research school in the United States, suffered a cyberattack in April, and the Akira ransomware group has claimed responsibility. The hackers reportedly gained access to the personal data of over 93,000 people, including Social Security numbers and other identifying information. In a notification letter to victims, the university stated that some of the compromised files may have included at least one record that contained their name, in combination with their Social Security number and/or driver’s license number. Akira added Mercer to its list of attacks on its leak site on the dark web and claimed that the university refused to meet the gang’s ransom demands.
Fresh Del Monte Produce, a leading international supplier of fruits and vegetables based in Florida, experienced a data breach in January. The company discovered anomalous activity on January 13 and immediately took its systems offline to limit the attackers’ access. An investigation completed in April found that the hackers had accessed certain files containing confidential employee and customer data, including names, Social Security numbers, driver’s license numbers, passport numbers, financial account information, and protected health information. Del Monte sent notification letters to victims on May 16, but the full extent of the breach is still not clear.
Elsewhere, Franklin Templeton, a financial services company based in California, has disclosed that it was impacted by a third-party breach at InvestorCom, a document delivery services provider, due to a vulnerability discovered in Fortra’s GoAnywhere managed file transfer service. According to reports, InvestorCom’s systems had been infiltrated on March 22, and following an investigation by Franklin Templeton, it was confirmed that some data it had shared with InvestorCom had been exposed. The information included customer names, street addresses, and account numbers, and victims were notified of the breach on May 23.
In each of these cases, details of the breaches serve as a stark reminder of the continuing threats facing businesses of all sizes and in all sectors. Cybercriminals remain committed to identifying and exploiting vulnerabilities, and organizations must remain vigilant in their efforts to protect themselves and their clients.
Mercer University’s breach is particularly concerning given the sensitive nature of the data accessed by the hackers. Social Security numbers and driver’s license numbers are commonly used for identity verification in the United States and can be leveraged to commit various types of fraud. Victims of the breach could be at risk of identity theft, which can have long-lasting financial and emotional consequences.
Del Monte Produce’s breach is also serious, as it potentially exposes customers to identity theft and financial fraud. Passport numbers and financial account information can be highly valuable on the dark web, and Del Monte customers will need to monitor their accounts and credit reports for signs of fraudulent activity.
Finally, Franklin Templeton’s breach highlights the risks involved in sharing sensitive data with third-party vendors. While outsourcing certain tasks can be cost-effective and efficient, it also introduces new potential attack vectors that must be considered and mitigated. Companies that rely on third-party vendors should conduct thorough due diligence to ensure that these providers have robust security measures in place.
In conclusion, cyberattacks are a constant threat, and organizations must remain vigilant in their efforts to protect themselves and their clients’ data. Cybersecurity best practices, such as regular software updates, robust access controls, and employee training on security awareness, can help minimize the risk of a breach. Additionally, organizations should conduct regular assessments to identify potential vulnerabilities and should have an incident response plan in place to minimize the impact of a breach if one occurs. As the cases above demonstrate, the cost of complacency can be significant, both in terms of financial losses and reputational damage.