The Weekly Breach Breakdown: Supply Chain Attacks Continue to Impact High-Profile Companies and Agencies

• While there were only a handful of supply chain attacks in 2020, there have already been three high-profile attacks in 2021 with the Accellion data breach, the SITA data breach and the Microsoft Exchange server attack.
• The Identity Theft Resource Center (ITRC) began to see a rise in supply chain cyberattacks in the second half of 2020 with the Blackbaud data breach and the SolarWinds cyberattack.
• For more information on these incidents and the recent rise in supply chain attacks, listen to the ITRC’s Weekly Breach Breakdown podcast.
• To learn about recent data breaches, consumers and businesses should visit the ITRC’s new data breach tracking tool, notified.
• For more information, or if someone believes they are the victim of identity theft, consumers can contact the ITRC toll-free at 888.400.5530 or via live-chat on the company website www.idtheftcenter.org.

Don’t Shoot the Messenger

Welcome to the Identity Theft Resource Center’s (ITRC) Weekly Breach Breakdown for March 12, 2021. Each week, we look at the most recent and interesting events and trends related to data security and privacy. We’ve focused for the past two episodes on data privacy and how state laws are giving consumers more rights and businesses more obligations to keep personal information safe and secure. This week, we talk about the challenges of doing just that – protecting data – while supply chain attacks are on the rise

In Shakespeare’s Antony and Cleopatra, a messenger is sent to inform the Egyptian Queen that her lover has married another, prompting a threat to treat his eyes as the Ptolemaic version of tennis balls. In response, the messenger reminds Cleopatra that “I that do bring the news made not the match.” Today, we would say the title to this week’s episode is – “Don’t shoot the messenger.”

Yet, this is where many businesses find themselves now as they send out data breach notices to customers – even though they did not cause the problem. A vendor did.

A Look Back at the Blackbaud Data Breach

People might recall that one of the highest-profile cyberattacks in 2020 involved a company known as Blackbaud. The company, an IT provider to nonprofits, healthcare and education institutions, was breached and the data of more than 500 companies and 12 million individuals were held for ransom. People might also recall that these kinds of attacks where a cybercriminal can get the information of many companies from a single vendor is known as a supply chain attack.

Supply Chain Attacks on the Rise

There were only a handful of supply chain attacks in all of 2020. However, so far in 2021, there have been three high-profile attacks – two in the last two weeks. One of the events involves one of the biggest names in technology: Microsoft.

This cluster of attacks reinforces a trend the ITRC saw take hold toward the second half of 2020 with the Blackbaud breach. It was followed by the block-buster cyberattack against the IT services company SolarWinds, which impacted cabinet-level agencies in the U.S. government and an undetermined number of private sector companies (believed to be in the thousands).

Accellion Data Breach

While the SolarWinds attack appears to be the work of cybercriminals seeking intelligence information for the Russian government (not consumer data to sell), the ransomware group that attacked software provider Accellion wanted information that it could hold hostage or sell outright. It did not want information from Accellion, but from the customers whose information could be stolen from Accellion’s tech platform.

The criminals went to the time and expense of reverse-engineering the 20-year-old Accellion platform and found new flaws, as well as old ones. They unpatched ones that allowed criminals to extract information from high-profile clients – including law firms, telecommunications companies, universities, grocery store chains and government agencies in the U.S. and other countries.

SITA Data Breach

We don’t know how a supply chain cyberattack against tech provider SITA was executed. However, we know that the company processes the frequent flier information of 90 percent of the world’s airlines. The company describes the cyberattack as “highly sophisticated,” and member airlines have started informing their frequent fliers of the breach.

Microsoft Exchange Server Attack

The third supply chain cyberattack in this most recent string is also the most dangerous. A cybercriminal group based in China was able to exploit flaws in Microsoft Exchange servers. The kinds that run the ubiquitous Outlook email software inside organizations. The threat actors inserted backdoors into company email systems that could be used to take control of the email system from outside the network where the server resides.

More than 100,000 organizations worldwide could be impacted by the cyberattack, including at least 30,000 in the U.S. Government officials and Microsoft leaders have all encouraged organizations operating Exchange servers to patch their servers immediately. They have also made a series of tools available to help users determine if the attack has impacted them.

Fortunately, these issues do not involve the cloud-based Microsoft 365 services used by individuals and small businesses that include Outlook email.

Contact the ITRC

If anyone has questions about keeping their personal information private and how to protect it, they can visit www.idtheftcenter.org, where they will find helpful tips on these and many other topics. That includes small businesses, too.

If someone thinks they have been the victim of an identity crime or a data breach and needs help figuring out what to do next, they should contact us. People can speak with an expert advisor on the phone, chat live on the web, or exchange emails during our normal business hours (6 a.m.-5 p.m. PST). Visit www.idtheftcenter.org to get started.

Be sure to check out the most recent episode of our sister podcast, The Fraudian Slip. We will be back next week with another episode of the Weekly Breach Breakdown.

Read Next