Anyone looking to stock up on Clorox bleach or the brand’s other products may have trouble finding them on store shelves for the next several months after a recent cyberattack upended the company’s production process.
In response to the attack, Clorox took the affected systems offline and began operating at a reduced production capacity, resulting in “an elevated level of consumer product availability issues.”
An assessment of the cyberattack revealed widespread damage to the company’s IT infrastructure, causing it to spend the past month repairing its ordering systems and gradually putting them back online. The filing said the company expected to resume its regular order processing by the week of Sept. 25.
The United States government is bringing legal action against Penn State University under the False Claims Act, saying the university lied or misled about its adherence to government cybersecurity protocols when contracting with the federal government.
The suit is being brought on behalf of Matthew Decker, chief information officer at a Penn State research laboratory who also served briefly as interim vice provost and CIO for the university in 2016. Decker’s claims and testimony about the university’s malfeasance form the basis of the lawsuit.
Like all defense contractors, Penn State receives and generates as part of its work what is known as controlled unclassified information — data which falls below the threshold of official government secrets, but must nonetheless be managed by contractors in highly specified ways to prevent malicious parties from using them to piece together gaps in government security or programs.
The most common way for contractors to demonstrate that they are handling such information responsibly is through adherence to federal standards created by the National Institute for Standards and Technology (NIST). These include 22 detailed requirements for protecting controlled unclassified information that span digital and physical protections, as well as audits, risk assessments and proper security configurations.
MGM Resorts is battling to recover its systems following a Sept. 10 cyberattack that left its hotel operations across the country in digital disarray. Experts suspect a ransomware attack is behind the outages.
The damage is most acute in Las Vegas, where MGM Resorts is the largest single employer, with several hotels on the famed Strip, including the MGM Grand, Mandalay Bay, Bellagio, Luxor, Aria. According to reports and social media posts, many MGM Resorts guests were locked out of their hotel rooms after the cyberattack interfered with key cards, requiring security to let guests into their room with old-fashioned keys. Slot machines on the casino floors were also down, according to local reports.
MGM Resorts has nearly 50,000 guest rooms on the Las Vegas Strip alone.
"MGM Resorts recently identified a cybersecurity issue affecting some of the Company's systems," the hospitality giant said in a statement acknowledging the incident. "Promptly after detecting the issue, we quickly began an investigation with assistance from leading external cybersecurity experts. We also notified law enforcement and took prompt action to protect our systems and data, including shutting down certain systems."
MGM Resorts websites were still offline Tuesday and directed customers to call by phone to make reservations. The company added the investigation is ongoing in cooperation with law enforcement.
New sources are naming Caesars Entertainment as the first victim to be hit by a massive cyberattack on the Las Vegas strip – making MGM Resorts the second casualty in what appears to be a series of ransomware attacks targeting Sin City’s hotel and casino giants starting last month.
MGM Resorts announced it had been hit by a cyberattack Monday on X (formally known as Twitter).
First, rumors of MGM falling victim to a social engineering attack orchestrated by the notorious ALPHV/BlackCat ransomware gang were confirmed by security insiders on X. Then came the stories of Caesars Palace paying out a $30 million ransomware the week before, which also started to take root on social media.
On Monday evening, apparent MGM insider @LasVegasLocally posted on X that fellow casino giant Caesars Entertainment, like MGM, had also been hacked. The post claimed that Caesars quietly paid a $30 million ransom demand “to avoid the problems MGM is experiencing."
The following day, X user @vegassatrfish posted about getting a similar scoop from a current MGM employee. She posted a copy of a text exchange between them on her account. The supposed employee mentioned that call centers and the company's VPN were down for the hotel group as well.
HARTFORD, Conn. (WFSB) - A criminal ransomware network connected to a cyber attack at some of Connecticut’s hospitals has been taken down by the FBI, according to the Department of Justice.
The attack hit over 200,000 computers across the U.S. and cost hundreds of millions of dollars in damage, according to the DOJ.
The FBI called it a duck hunt taking down the hacking network called Qakbot.
“Qackbot is one of the most successful persistent and notorious botnets in the globe,” said U.S. Attorney Martin Estrada. “Stopping cybercrime is a matter of cybercrime is a matter of national security.”
These cyber-attacks also hit hospitals in Connecticut. At the beginning of August data was taken by hackers from Prospect Medical Holdings, the parent company of Waterbury Health and Eastern Connecticut Health Networks (ECHN).
Computer systems were offline and some hospital services were shut down.
At Waterbury Hospital, trauma patients were routed away from the ER. Nurses said it took longer for labs to come back and to communicate with doctors.
At ECHN, nurses had no access to payroll information leaving some underpaid.