The North Face clothing brand suffered a second attack in as many years, this time the result of a credential stuffing campaign that exposed personally identifiable data for 200,000 user accounts. In other cybersecurity news, UK public transit operator Go-Ahead Group suffered an attack that caused some passenger delays.
Los Angeles Unified School District suffers ransomware attack
The second largest school district in the US, the Los Angeles Unified School District (LAUSD), fell victim to a ransomware attack on their IT systems. While officials are still working to determine the extent of the attack, schools all over Los Angeles County are open to students and staff during the investigation. It has yet to be determined if any student or staff data has been illicitly accessed, but LAUSD is working with law enforcement for verification.
InterContinental Hotels hit by cyberattack
The InterContinental Hotels Group (IHG) confirmed that their subsidiary Holiday Inn suffered a cyberattack that led to a two-day disruption in services. Customers were unable to view current reservations or make new ones during the disruptions, along with several other website issues. This attack on the IHG subsidiary comes just weeks after the Holiday Inn in Istanbul, Turkey was compromised by a LockBit ransomware attack that stole data on the hospitality chain.
Cyberattack affecting UK transport systems
The UK public transport operator Go-Ahead Group revealed that they had identified unauthorized activity within their network and notified passengers to expect some delays. Cyberattacks on both air and rail transit services have been on the rise for several years now, as they tend to not stay current with their security procedures and leave critical vulnerabilities unpatched. A recent report found that a large majority of UK organizations dedicate so few people to their security teams that they barely have time to investigate half of all attacks they regularly receive.
DangerousSavanna campaign targets African countries
Researchers have been following a spear phishing campaign dubbed DangerousSavanna that has been targeting French-speaking African countries for almost two years now. The campaign has been sending malicious attachments, using a variety of file types, to French-speaking employees of financial institutions all along the western coast of Africa. Cyberattacks on financial organizations in Africa reached new levels in 2022, with the average up significantly in the last year to 1,144 attacks each week.
200,000 accounts compromised in North Face hack
As the result of a credential stuffing attack on the main e-commerce site for The North Face, nearly 200,000 users accounts have had their sensitive information compromised. While The North Face does not store payment card details on their website, a significant amount of personally identifiable information was exposed and could continue the on-going chain of attacks using data stolen in prior breaches. This credential stuffing attack on The North Face is the second attack of this type to plague the clothing brand in the past 2 years.
