State Bar of Georgia ransomware attack exposes personal data. Update on Pinnacle Health data breach. Hackers take aim at first-person shooter.

At a glance.

• State Bar of Georgia ransomware attack exposes personal data.
• Update on Pinnacle Health data breach.
• Hackers take aim at first-person shooter game publisher. 

State Bar of Georgia ransomware attack exposes personal data. 

The State Bar of Georgia has confirmed that a ransomware attack it suffered in April exposed member and employee data, Security Week reports. Although the bar has not disclosed how many individuals were impacted, the organization has over 50,000 members, as every individual authorized to practice law in the US state of Georgia is required to join.

The attack, which involved BitLocker ransomware, led to the encryption of tens of servers and workstations, though the bar said at the time that no ransomware demands had been made and there was no evidence that the attackers had exfiltrated any data. However, the organization issued a statement last week declaring that some information on members as well as current and former employees might have been obtained by the threat actors. “Although we had security protocols and technology in place to help prevent unauthorized access, some of those defenses were evaded,” the bar said. The compromised data includes names, street addresses, dates of birth, Social Security numbers, driver’s license numbers, direct deposit details, or name change information. 

Update on Pinnacle Health data breach. 

As we noted last week, Pinnacle Midlands Health Network, a large New Zealand medical network that operates dozens of general practitioner offices across the North Island, suffered a cyberattack in September. Over the weekend, Stuff reports, Pinnacle discovered that current and former patient data stolen in the attack had been published on the dark web. Pinnacle chief executive Justin Butcher says an investigation is underway, and that the stolen data appear to include high level info related to the use of hospital services, claiming information related to services that Pinnacle provides, and information sent to practices regarding patient immunization and screening status. He added that Pinnacle does not store doctor notes or consultation records. “I am not a dark web expert in any way, shape or form. I am a paramedic by trade,” Butcher stated. “So our understanding is that it’s been uploaded to the dark web, which is a subset of the Internet, which is not easily accessible for the average person and requires specialised software.” It’s unclear whether Pinnacle has received any ransom demands from the attacker; Butcher explained that security experts had advised the medical network against sharing such details. 

Hackers take aim at first-person shooter game publisher. 

American video game publisher 2K has disclosed that some personal data were exposed in a breach last month after hackers, posing as official communication, gained access to the company’s support desk and sent a malicious link to players. Eurogamer.net reports that an email notification has been sent to those affected, reading, “The unauthorised third-party accessed and copied some personal data that was recorded about you when you contacted us for support, including your email address, helpdesk ID number, gamertag, and console details.” Publisher of popular games like first-person shooter BioShock, 2K says there is no evidence that financial information or login credentials were compromised, but as a precaution, all players have been directed to reset their passwords and enable multifactor authentication.