• Skip to main content
  • Skip to footer

Commonwealth Sentinel

Cyber Security for local government, non-profits and small business

MENUMENU
  • Home
  • About Us
    • Sheri Donahue
    • Leo Haggerty
    • Careers
  • Services
    • Vulnerability and Threat Evaluation
    • Transformation Management
    • CISO Management Services
    • Incident Response Management
  • News
  • Blog
  • FAQs
  • Newsletter
  • Shop
  • Contact Us

commonsent / March 18, 2021

Lower-profile Accellion hack hit dozens of high-profile targets, including Kroger, CSX, Harvard

As many people are going online to register for their COVID-19 vaccinations with healthcare organizations such as doctors’ groups, hospitals, and pharmacies, one such provider announced that it has suffered a data breach. Kroger announced that on January 23rd, data in their pharmacy and money order systems were stolen as a result of using Accellion file transfer software.

As we reported in our February 19th, Be Cyber Safe newsletter, the Washington State Auditor’s Office experienced a similar data breach in December from using the same file transfer software that Kroger used resulting in 1.4 million Washingtonians’ personal information stolen while being transferred from the unemployment office to the auditor’s office during a fraud investigation.

Could The Kroger Company have prevented this breach after learning what happened to Washington State a month earlier using the same software? Yes, had they been aware of the breach. But more disgraceful is that the clients of Accellion, the software developer, had been encouraging its clients to upgrade to a newer version of the software. The legacy system was nearly 20 years old.

Upon learning of the Washington State breach on December 16th Accellion developed and released a patch by December 20th and claims to have notified their customers within 72 hours. Several factors could have impacted the lack of response by customers to patch their systems. First, it occurred during the Christmas holidays. Second, it occurred around that same time as the Solar Winds hack which definitely dominated the headlines for several days.

So maybe it happened because IT personnel were not paying attention to their emails over the holidays or because the media was covering a bigger cyber security story. Unfortunately, there will always be a holiday, vacation, or sick day and there will always be big headlines.

The better solution is for processes to be in place to monitor updates to the software an organization uses to ensure the most up-to-date, safest version is being used. This requires dedicated personnel to cyber security. Not just an IT person or team.

Secondly, there must be accountability. How often have each of us received a letter from a commercial organization, healthcare provider, or even a government agency (like the Washington State Auditor’s Office, OPM, or even the Kentucky Office of Unemployment Insurance – three times!) telling us that they will pay for one or two years of credit monitoring? Does this really fix the problem? It may mitigate our personal damage.

The most important thing is change. Improve. Learn from the incident. Put processes in place so that it does not happen again.

To that end, be sure to read our story in “Cyber News” about the continued impacts of the Microsoft Exchange Server exploits. Even if you, or your ISP, patched the Microsoft Exchange Server, you must also ensure that cyber criminals are not already in your system waiting to attack from within.

Contact Commonwealth Sentinel for assistance today at (502) 320-9885.

Filed Under: Blog, News

Footer

CONTACT US

COMMONWEALTH SENTINEL

1230 US Highway 127 S
Suite #5
Frankfort KY 40601
(502) 320-9885

EMAIL US

ABOUT US

Cyber security consulting for local governments, non-profit organizations, and small businesses facing the threats of the cyber world.  At Commonwealth Sentinel, we are passionate about helping people be cyber-safe!

FOLLOW US

  • Email
  • Facebook
  • LinkedIn
  • Phone
  • Twitter
  • YouTube

Copyright © 2023 Commonwealth Sentinel

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT