Companies face surge in AI-driven cyberattacks and ransomware
July 17 (Reuters) - Companies worldwide are grappling with a surge in AI-driven cyberattacks and ransomware that steal sensitive data and disrupt operations.
On Friday, Abbott Laboratories said it was investigating two cybersecurity incidents involving unauthorized access to certain internal systems, while health insurer Clover Health Investments said it detected unusual login activity on some of its systems.
The White House said earlier in the week it was launching a coordination group bringing together AI developers and critical infrastructure operators to share information on cybersecurity vulnerabilities identified by advanced AI systems and coordinate responses.
Here is a list of U.S. companies that have reported or been affected by cyber incidents this year.
U.S. companies reporting or affected by cyber incidents this year
January 26 — Nike (NKE.N): Ransomware group World Leaks said on its website that it had published 1.4 terabytes of data from Nike. The company declined to comment on the specifics of its investigation or on whether any ransom was paid.
January 28 — Bumble (BMBL.O), Match Group (MTCH.O), Crunchbase and Panera Bread: Cyberattacks hit Bumble, Match Group and Crunchbase, Bloomberg News reported, while Panera Bread disclosed an incident involving contact information and notified authorities.
February 24 — Wynn Resorts (WYNN.O): Hackers obtained employee data, the company said, prompting an investigation, while the attackers demanded the equivalent of about $1.5 million in bitcoin.
March 11 — Stryker (SYK.N): An Iranian-linked hacking group claimed responsibility for a cyberattack on Stryker that disrupted order processing, manufacturing and shipments globally, wiping remote devices running the Windows operating system, though the medical device maker said patient services and connected medical products remained unaffected.
March 12 — Crunchyroll: Hackers claimed they stole personal data and 8 million of the subscription-based anime streaming service's support ticket records, including 6.8 million unique email addresses, BleepingComputer reported.
March 28 — Hasbro (HAS.O): The toymaker said it was investigating a cybersecurity incident that involved unauthorized access to its network, took some systems offline, and warned the disruption could cause order fulfillment delays for several weeks.
April 10 — OpenAI: OpenAI said it identified a security issue after a third-party developer tool called Axios caused a GitHub workflow to download and execute a malicious version of Axios, but said it found no evidence that user data, systems or intellectual property were compromised.
April 13 — Take-Two Interactive's (TTWO.O) Rockstar Games: The ShinyHunters hacking group claimed it stole nearly 80 million Rockstar Games business records by exploiting a third-party breach involving analytics provider Anodot. Rockstar said only a limited amount of non-material company information was accessed.
May 4 — West Pharmaceutical Services (WST.N): The medical equipment maker said a cyberattack involving data theft and system lockups disrupted manufacturing and logistics operations globally, prompting it to take systems offline before restoring operations across its manufacturing, supply chain and commercial sites.
May 11 — Instructure/Canvas: Instructure, the developer of Canvas, a widely used educational learning management system, said a ShinyHunters-linked hack disrupted access and exposed student and school data from nearly 9,000 institutions, before reaching an agreement under which the group said the stolen data was deleted and customers would not be extorted.
May 21 — Blank Rome: The law firm said a cybercriminal group posing as the firm’s IT department tricked an attorney into uploading files, exposing personal information of 57,554 current, former and prospective clients, according to a proposed class action lawsuit.
May 27 — Carnival (CCL.N): The cruise operator said a social-engineering attack compromised an employee account, exposing personal information including names, addresses and government-issued identification numbers, before the company blocked the unauthorized access and notified affected individuals.
June 11 — Novo Nordisk (NOVOb.CO): The Wegovy maker said unauthorized actors copied information from its internal IT systems, including limited clinical trial patient data, prompting an investigation and the temporary shutdown of certain internal systems, though it said core operations were unaffected.
June 15 — iRhythm Holdings (IRTC.O): The medtech firm said a threat actor obtained potentially sensitive data, including proprietary information and patient health information, through a social-engineering attack on third-party-hosted business applications and later issued a payment demand, while the company said patient care, medical device systems and operations were unaffected.
June 15 — AdaptHealth (AHCO.O): The company said a "threat actor" stole patient information and insurance billing passwords after a social-engineering attack compromised a third-party contractor’s account, gaining access to cloud-based business applications and internal patient management systems.
June 17 — Fortinet (FTNT.O): Researchers said a large-scale hacking campaign targeting Fortinet firewall and VPN devices compromised about 75,000 systems worldwide, leading to password theft at Fortune 500 companies and government agencies across more than 15 countries.
July 16 — Coca-Cola Co (KO.N): The beverages giant said fairlife temporarily suspended U.S. production operations after unauthorized access to parts of its systems, including production-related systems, while the dairy company investigated the incident and worked to restore affected operations.
July 17 — Clover Health Investments (CLOV.O): The health insurer said a hacker used social engineering to access three employee accounts, potentially exposing some personal and protected health information, though it does not expect a material impact on operations.
July 17 — Abbott Laboratories (ABT.N): Healthcare firm said it is investigating unauthorized access to a limited number of internal systems in its cancer diagnostics business and a potential breach of its LabCentral portal, but expects no material impact on operations, customers or financial results.