As we cross the halfway mark of the year, we can't help but reflect on the ups and downs we've experienced in the Windy City. Just like our beloved Blackhawks, who've been skating on thin ice this season, Chicago's cybersecurity landscape has also been subject to a few hard hits. But don't hang up your jerseys just yet, folks! Like any true Chicagoan, we've got that never-say-die spirit, and there's plenty of game time left for an epic comeback. In this blog post, we're going to take a deep dive into the cybersecurity news that has shaped the first half of our year here in Chicago. So, if you're running a business that could use the expertise of top-tier cybersecurity companies in Chicago, this midyear review is your ultimate playbook. Let's lace up those skates and hit the ice! In case you couldn’t tell, there’s going to be plenty of Chicago references – many of them forced.
January 26, 2023
In typical Chicago fashion, 2023 started out bitter cold for Zacks Investment Research, a prominent Chicago-based financial analysis firm. The company had to disclose a data breach that had occurred between November 2021 and August 2022. But hold onto your hats, folks—the plot thickened like a Chicago-style pizza when it was revealed in June 2023 that the breach was larger than previously thought, impacting a staggering 8.8 million users. This data breach saga, bitter than any Cubs' losing streak, underscores the relentless challenges in the cybersecurity field. So, keep your mittens on as we delve into this and other cybersecurity incidents in our midyear recap.
February 22, 2023
Just as the Blackhawks dodge opponents on the ice, Chicagoans face their own off-rink battles, this time in the realm of cybersecurity. In a chilling turn of events, UnitedHealthcare, a well-known health services provider in the Windy City, experienced an icy slapshot of a data breach in February 2023. The breach, which occurred between February 19 and 25, led to the disclosure of sensitive member data, including names, health insurance ID numbers, birth dates, addresses, and claim details. However, the puck did stop there, as no Social Security or driver's license numbers were exposed. In true Chicago spirit, UnitedHealthcare reacted swiftly, notifying those impacted and offering two years of LifeLock Identity Theft Protection Services. This incident underscores the importance of cybersecurity in Chicago, as even the toughest defenses can be breached.
February 24, 2023
In 2022 (I know the main event happened last year, but keep reading), a significant cyber event took place where Chicago-based trading firm Jump Crypto fell victim to the Wormhole exploit, resulting in a loss of 120,000 Etherium coin (ETH), amounting to $325 million. However, in a rare victory for cybersecurity, Jump Crypto and Oasis successfully recovered the stolen funds, demonstrating resilience and investigative prowess a year later. The recovery was made possible through a "counter-exploit" that manipulated upgradable proxy patterns to alter an underlying smart contract. The recovered ETH, now worth about $140 million, was restored to the crypto platform Wormhole, marking a pivotal success in the battle against cybercrime. The incident underscores the critical importance of robust cybersecurity measures in the evolving digital landscape.
March 17, 2023
The American Bara Association (ABA) suffered a notable data breach in the spring. This incident was reminiscent of a game in which the Bulls, despite their formidable defense, suffered a surprising loss. The ABA, a professional organization with robust security measures in place, fell victim to a sophisticated cyber-attack. The breach compromised sensitive information of its members, including their names, addresses, and contact information. This incident served as a wake-up call, highlighting the fact that even the most prepared can fall victim to cyber threats if they let their guard down.
April 3, 2023
The Illinois Gastroenterology Group (IGG) recently found itself in the hot seat, just as a Chicago White Sox pitcher would when facing a loaded bases situation in the ninth inning. The healthcare group experienced a costly data breach, leading to a lawsuit settlement that's equivalent to a grand slam hit against them. This cyberattack exposed patient data, causing a major fumble in IGG's reputation and finances. The cost of this lawsuit to IGG was staggering, underscoring the importance of maintaining a strong defense line in the form of robust cybersecurity measures. Just like a professional sports team, any weak link can lead to a major setback. The settlement sends a powerful message that all organizations must be prepared to face the consequences if they don't adequately protect sensitive data.
April 23, 2023
Just as the Chicago Wolves are always on guard, ready to defend their goal from any incoming puck, organizations (both public and private) in the Windy City must be similarly prepared to thwart any cybersecurity threats. The Illinois State Court Network fell victim to the Everest ransomware attack. The cybercriminals not only encrypted the court's data but also put system access up for sale to the highest bidder. This was a chilling reminder that in the digital arena, just like in a fast-paced hockey match, the offense never rests. For organizations in Chicago, this incident underscores the call to action: to develop robust, agile defense strategies that can outmaneuver any cybersecurity threat. Regardless of what sector an organization operates in, they must remain vigilant, anticipating the adversary's moves and constantly adapting their strategies, just as the Wolves would on the ice.
April 25, 2023
Aspen Dental’s cybersecurity breach serves as a stark reminder for all businesses in Chicago – it's essential to operate like the Chicago Bears on the gridiron. Like a well-trained football team, your business must anticipate threats, remain agile, and most importantly, have robust defense strategies in place. The breach, which occurred due to a sophisticated phishing attack, compromised the personal and financial data of thousands of patients. This incident underlines the fact that even well-established businesses can fall prey to such cyberattacks if they let their guard down. When the Bears take the field, they're prepared for any move their opponents might make, and that's precisely how Chicago businesses should approach cybersecurity. This breach has resulted in a significant loss of trust among Aspen Dental's patients and has highlighted the potential financial and reputational damage a cybersecurity incident can cause.
May 8, 2023
Billy Corgan's lyrical genius was no match for a cyber attacker's ingenuity. Just as the Smashing Pumpkins hit hard with their tracks, so too did the hackers, breaching the band's network and threatening to leak pre-released songs faster than a slapshot at the United Center. This incident stands as a stark reminder of the vulnerability that even the most armored of networks face in Chicago. While Billy was able to payout the ransom before any damage was done, this isn’t always the case for businesses facing cybersecurity breaches in Chicago.
May 18, 2023
As the first buds of spring began to appear in the Windy City, Chicago's digital landscape, much like a perfectly assembled hot dog, was exposed to an unexpected ingredient that threatened to spoil the taste. A significant data breach had infiltrated Illinois' Department of Human Services, affecting Medicaid, SNAP, and TANF recipients, much like an unwelcome squirt of ketchup on a classic Chicago-style hot dog. This cybersecurity incident, which exposed the private information of approximately 300,000 individuals, underscored the vulnerability of even the most armored networks, much like the vulnerability of our beloved hot dogs to unwanted condiments. It served as a stark reminder of the paramount importance of cybersecurity defense, whether you operate in private industry or the public sector.
May 21, 2023
Chicago’s North Shore neighbors are no strangers to cybercrime and it isn’t just businesses that are vulnerable to large losses. A Northbrook resident reported a theft of approximately $200,000 through a cyberattack. The victim confirmed that an unknown hacker had gained unauthorized access to their personal email account and initiated a fraudulent wire transfer. Both individuals and businesses are starting to realize the threat of email compromise and losses that can be incurred as a result.
June 6, 2023
Keeping in line with the theme of Chicago’s neighbors in the North Shore, there is the cyberattack on Boots, a UK-based division of Deerfield's Walgreens. A prominent cybercrime gang, allegedly based in Russia, launched a cyberattack on British Airways, Boots, and the BBC, exploiting a weakness in the MOVEit software. The attackers, identified as Lace Tempest, used a type of ransomware called CL0P to steal employees' personal information from these organizations.
June 9, 2023
CL0P also appears to be the gift that keeps giving, much like the heartburn after eating a Chicago style hotdog. The Illinois Department of Employment Security was victimized by a ransomware attack led by the notorious cybercrime gang, CL0P. The hackers exploited the same weakness in the MOVEit software, leading to a massive data breach affecting numerous businesses and organizations (see above). The compromised data consisted of employees' sensitive personal details, such as names and dates of birth. As a result, the department has initiated measures to reinforce its security protocols and mitigate the impact of the breach.
We have reached the end of our midyear recap, like a Chicago-style hot dog without relish or a deep-dish pizza without cheese, an organization without top-notch cybersecurity is incomplete and vulnerable. The cybersecurity incidents that occurred so far in 2023 reveal that no network, even the most fortified, is invincible. Hence, the need for informed vigilance and proactive measures is as essential as mustard on your hot dog or a piping hot slice of pizza.
Don't let your organization be the next cybersecurity statistic, instead, stand at the forefront of cybersecurity awareness. Subscribe to Quantum Vigilance's newsletter today for uncomplicated, business-friendly insights that you and your team can easily digest. The cybersecurity experts at Quantum Vigilance are your trusted partners, providing the guidance you need to keep your organization safe and secure in the ever-evolving digital landscape of Chicago. Don't wait for the next data breach news to act; be proactive, be vigilant, and most of all, be cyber secure.