Consumer data stolen in Rackspace ransomware attack. Hive leaks healthcare provider data on dark web.

At a glance.

• Consumer data stolen in Rackspace ransomware attack.
• Another UK school confirms data breach resulting from Vice Society attack. 
• Hive leaks healthcare provider data on dark web.

Consumer data stolen in Rackspace ransomware attack.

Popular US cloud computing company Rackspace suffered a ransomware attack last month, and the company has now disclosed the attackers accessed customer data. When the incident was first disclosed on December 6, Rackspace said it was unaware if any data had been exposed, but in an update posted on Friday, the company confirmed that the Play ransomware group gained access to the personal data of twenty-seven customers. As TechCrunch explains, the attack impacted the company’s hosted Exchange email environment, which had to be shut down as a result, and the hackers gained access to PST files, calendar events, and contacts from Exchange accounts and email inboxes. Rackspace stated, “We have already communicated our findings to these customers proactively, and importantly, according to CrowdStrike, there is no evidence that the threat actor actually viewed, obtained, misused or disseminated any of the 27 Hosted Exchange customers’ emails or data in the PSTs in any way.” The company said it has contacted impacted individuals directly, and those who have not been notified can be assured their data was not compromised.

Another UK school confirms data breach resulting from Vice Society attack. 

As we noted last week, the Vice Society ransomware gang has published private data stolen from fourteen UK schools on the dark web. DevonLive reports that students from Pilton Community College, located in the town of Barnstable in North Devon, England, were among the victims. The exposed data includes info about special education needs, scans of student passports, and employee pay scales going back over ten years. Over the past year, Vice Society has targeted learning institutions across the UK and US, using extortion tactics to try to squeeze ransom payments from the schools. A number of the schools in this particular spate of incidents in the UK are aware they were attacked but are working to determine whether private data were compromised.

Hive leaks healthcare provider data on dark web.

The Hive ransomware group has added Consulate Health Care, a leading US senior healthcare provider, to its list of victims on its Tor-hosted leak site. As Security Affairs reports, the threat actors are threatening to release stolen data including company contracts, non-disclosure agreements, internal company documents like budgets and investor relations, and customer and employer PII. The attack, which took place on December 3, was disclosed on January 6 and confirmed by Consulate on the company’s website. “One of our vendors recently suffered a security incident in early December where cybercriminals targeted portions of their network,” the announcement reads. “Our vendor promptly began working with third-party experts to help them investigate and respond to the incident. During that investigation, the vendor became aware that the unauthorized third party may have accessed records with personal information.” Security researcher Dominic Alvieri was the first to discover Hive had leaked 550 GB of Consulate’s data. Noting that Hive had originally given the company three weeks to comply, Alvieri speculated in a post on Twitter that the company’s ransom negotiations with Hive must have failed.