The Week in Breach News: 02/26/25 – 03/04/25
This week: 3.3 million job seekers have their data exposed at a background check company; justice grinds to a halt as hackers shut down Cleveland courts; see 10 ways that cybercriminals are weaponizing AI; and learn how you can protect the most vulnerable gateway into an organization.
Read this week’s new featured blog: 10 Ways That Cybercriminals Are Weaponizing AI
Cleveland Municipal Court
https://www.govtech.com/security/cyber-attack-keeps-cleveland-municipal-court-offline
Exploit: Hacking
Industry: Government
The Cleveland Municipal Court has been forced to close following a cybersecurity incident, according to an update posted on the court’s official Facebook page. Officials stated that affected systems were shut down as a “precautionary measure” to ensure the safe restoration of services. All internal systems, software and the court’s website are currently offline while authorities investigate the incident and determine the best course of action for resuming operations. As of press time, there was no estimate for when the court would reopen.
How It Could Affect Your Customers’ Business: Organizations should have a well-documented and tested incident response plan to minimize downtime and disruption.
Kaseya to the Rescue: Explore the biggest challenges professionals contended with in 2024 and the impact of AI on cybersecurity in the Kaseya Cybersecurity Survey 2024. GET THE REPORT>>
Reading Cooperative Bank (RCB)
Exploit: Phishing
Industry: Banking & Finance
Massachusetts-based lender Reading Cooperative Bank (RCB) has disclosed a phishing-related cyberattack affecting 24,041 customers. The breach, which occurred between August 8, 2024, and January 31, 2025, was traced back to a bank employee who unknowingly clicked on a phishing email from what appeared to be a trusted business contact. RCB has confirmed that certain individuals’ personally identifiable information may have been compromised. In response, the bank has implemented additional cybersecurity safeguards and is working with internal and external experts to strengthen its security measures. Customers affected by the breach are encouraged to monitor their accounts for suspicious activity.
How It Could Affect Your Customers’ Business: Continuous security awareness training for every employee helps ensure that staffers are ready to recognize and avoid phishing attempts.
Kaseya to the Rescue: Learn to mitigate a company’s risk of damage from email-based threats in A Comprehensive Guide to Email-based Cyberattacks. GET THE GUIDE>>
DISA Global Solutions
https://www.infosecurity-magazine.com/news/disa-global-solutions-confirms
Exploit: Hacking
Industry: Business Services
DISA Global Solutions, Inc. has confirmed a cyber incident that exposed the sensitive personal information of more than 3.3 million individuals undergoing employment screenings. The company notified affected individuals on Friday, February 28 after discovering unauthorized access to its network on April 22, 2024. An internal investigation, supported by third-party forensic experts, revealed that an unidentified attacker accessed DISA’s systems between February 9 and April 22, 2024. While the exact data taken has not been confirmed, the affected files likely contained personal information such as names, Social Security numbers, driver’s license numbers and financial account. DISA, a provider of employment screening services, conducts background checks and drug testing for various industries, including Fortune 500 companies.
How It Could Affect Your Customers’ Business: The breach lasted over two months before discovery, highlighting the need for continuous network monitoring to identify unauthorized access sooner.
Kaseya to the Rescue: Our 10 Tips for Successful Employee Security Awareness Training infographic can help you maximize the effectiveness of your security awareness training efforts. DOWNLOAD IT>>
Inspira Financial
Exploit: Supply Chain
Industry: Banking & Financial Services
Inspira Financial Trust LLC, a provider of health, wealth, retirement and benefits solutions, has notified at least 2,308 retirement plan participants of a data breach, according to an alert from the Maine attorney general’s office. The breach, which occurred between December 2024 and January 2025, involved a third-party call center representative improperly accessing data related to a “limited number of retirement accounts” operated by Inspira. The company, formerly known as Millennium Trust Co., discovered the breach in January 2025. The exposed personal information may include names, Social Security numbers, dates of birth, mailing addresses, previous employers, previous retirement plan sponsors and Inspira account numbers, types and balances. Inspira is offering affected participants free identity protection and credit monitoring services through Experian for two years.
How It Could Affect Your Customers’ Business: Organizations must ensure their vendors and service providers follow strong security policies through regular vendor security assessments.
Kaseya to the Rescue: Maximize your security on a lean budget with the insights you’ll find in our infographic 5 Ways to Squeeze More From a Tight Security Budget. DOWNLOAD IT>>
Nuna Baby Essentials
https://www.jdsupra.com/legalnews/nuna-baby-essentials-sends-data-breach-5385993
Exploit: Hacking
Industry: Manufacturing
Nuna Baby Essentials confirmed on February 3, 2025, that it was the victim of a cyberattack. Following the discovery, the company launched an investigation to understand the scope of the breach and determine what, if any, consumer information had been compromised. The investigation revealed that an unauthorized party gained access to Nuna Baby’s computer network on September 8, 2024, and was able to access certain files containing confidential consumer information. In total, data belonging to 16,676 individuals was exposed. After discovering the breach, Nuna Baby reviewed the compromised files to assess the leaked information and identify the affected consumers. On February 21, 2025, the company sent data breach notification letters to those impacted, detailing the specific information that had been compromised.
How it Could Affect Your Customers’ Business: The company launched an investigation only after discovering the breach rather than detecting it proactively, giving attackers more time to act.
Kaseya to the Rescue: Watch this webinar to explore Kaseya 365 User, our latest innovation to empower small and midsize businesses to maximize security while boosting productivity. LEARN MORE>>
Feeling overwhelmed by your task list? Discover four strategies for reducing your workload! GET INFOGRAPHIC>>
France – Orange Group
Exploit: Ransomware
Industry: Telecommunications
Orange Group has confirmed a data breach after a hacker known as “Rey” claimed to have stolen thousands of internal documents, including customer and employee data, from its Romanian branch. The hacker said they accessed Orange’s systems for over a month, exploiting vulnerabilities in Jira and internal portals. They exfiltrated 6.5GB of data, including 380,000 email addresses, invoices, contracts and partial payment card details. Orange stated the breach affected a “non-critical application” and is under investigation. Rey attempted to extort the company but was ignored.
How it Could Affect Your Customers’ Business: The hacker exploited portal vulnerabilities, emphasizing the need for proactive vulnerability management and penetration testing.
Kaseya to the Rescue: Take a deep dive into the players that shape dark web commerce today in our eBook State of the Dark Web. DOWNLOAD IT>>
Uncover today’s worst phishing threats and see smart strategies to keep businesses out of trouble. GET EBOOK>>
Australia – Genea
Exploit: Hacking
Industry: Healthcare
Leading Australian IVF provider Genea confirmed that an unauthorized third party accessed its data following suspicious activity detected within its systems. In a statement released last Wednesday, February 26, Genea revealed that it launched an investigation into the incident, which occurred just days after the company experienced a phone service outage. As a precaution, some systems and servers were taken offline but are now being restored. The company is urgently investigating the nature and extent of the breach, including whether personal information has been compromised. Genea has assured patients that securing its systems remains a top priority as the investigation continues. The provider confirmed there would be “minimal disruption” to current treatments at clinics across the country.
How it Could Affect Your Customers’ Business: Genea’s assurance of minimal disruptions for clients highlights the value of resilient IT infrastructure and disaster recovery plans to maintain critical services.
Kaseya to the Rescue: Learn how to mitigate the security risks that come from the actions of both accidental and malicious insider risk in our Guide to Reducing Insider Risk. DOWNLOAD IT>>
Take a deep dive into why an AI-powered anti-phishing solution is a smart financial choice. GET EBOOK>>
Read this week’s featured blog: 10 Ways Cybercriminals Are Weaponizing AI
AI is fueling a new wave of cyberattacks, from deepfakes to hyper-realistic phishing emails, making it harder for traditional security to keep up. But AI isn’t just for the attackers. See how defenders can use this technology to stay one step ahead in the fight against cybercrime. READ THE BLOG>>
Learn how to identify and mitigate malicious and accidental insider threats before there’s trouble! GET EBOOK>>
BullPhish ID welcome email template changes are here
The welcome email templates in BullPhish ID have been updated. Now, when a user has both DarkWeb ID and BullPhish ID accounts, the BullPhish ID welcome email includes key information to simplify logins between the two platforms. Users will be informed about the following:
- BullPhish ID and DarkWeb ID share the same login credentials. This includes username, password, and multi-factor authentication (MFA) settings.
- Updating or resetting your password on BullPhish ID will automatically update it on DarkWeb ID.
- Once you activate either account, your credentials will work seamlessly across both platforms.
This information has been added to all of the BullPhish ID welcome email templates. LEARN MORE>>
Protect the most vulnerable gateway to your organization
End users are often the weakest link in cybersecurity, with phishing and email threats on the rise. Our “Protect the Most Vulnerable Gateway to Your Organization” infographic outlines a three-pronged approach: prevention, response and recovery.
This infographic will help you:
- Learn why 89% of IT professionals see end-user behavior as the top security threat.
- Discover how prevention, response and recovery protect your network’s vulnerable points.
- Get practical tips on training, automation and proactive user security.
DOWNLOAD THE INFOGRAPHIC>>
Did you miss… our Guide to Phishing Protection for Businesses? DOWNLOAD IT>>
Learn how to spot today’s most dangerous cyberattack & get defensive tips in Phishing 101 GET EBOOK>>
March 11: Kaseya + Datto Connect Local: New Jersey Symposium REGISTER NOW>>
March 11: Kaseya + Datto Connect Local: Munich Symposium REGISTER NOW>>
March 12: Microsoft 356 & Google Workspace User Health Check Webinar REGISTER NOW>>
March 13: Microsoft 365 & Google Workspace User Health Check Webinar for Internal IT Teams REGISTER NOW>>
March 18: Kaseya + Datto Connect Local: Birmingham, United Kingdom REGISTER NOW>>
March 18: The AI Phishing Revolution: How Cybercriminals Are Outsmarting Traditional Defenses Webinar REGISTER NOW>>
March 19: Kaseya + Datto Connect Local: Los Angeles Symposium REGISTER NOW>>
April 1: Kaseya + Datto Connect Local: Fort Lauderdale REGISTER NOW>>
April 10: Kaseya + Datto Connect Local: Columbus, Ohio REGISTER NOW>>
April 28 – May 1: Kaseya Connect Global REGISTER NOW>>
June 17 – 19: Kaseya DattoCon Europe REGISTER NOW>>
October 6 – 8: Kaseya DattoCon REGISTER NOW>>
Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.
Partners: Feel free to reuse this content. When you get a chance, email pr@kaseya.com to let us know how our content works for you!
Read our case studies and see how MSPs and businesses have benefited from using our solutions. READ NOW>