Cybersecurity Current Events - Mar. 10th, 2025

The cybersecurity landscape continues to evolve rapidly this week with significant developments affecting organizations across various sectors. From strategic acquisitions strengthening data security capabilities to major data breaches exposing sensitive information of millions, staying informed about these rapidly changing events is crucial for maintaining a strong security posture. This week, Forcepoint is expanding its AI-driven security portfolio through acquisition, Cisco is investing in digital skills training across the EU, SimSpace is launching a new security optimization platform, and several major data breaches have impacted NTT Communications, DISA Global Solutions, multiple healthcare organizations, and Bank of America.

Curious about how these events are unfolding? Let's dive deeper!

1. Forcepoint to Acquire Getvisibility, Expanding AI-Driven Data Security

Summary:

Global data security leader Forcepoint has announced a definitive agreement to acquire Getvisibility, an innovator in AI-powered Data Security Posture Management (DSPM) and Data Detection and Response (DDR). The acquisition builds on a successful multi-year partnership and will further integrate Getvisibility's AI-driven risk visibility and remediation capabilities within Forcepoint's full-lifecycle data security solutions. By strengthening the interoperability between these technologies, Forcepoint aims to enable seamless discovery, classification, prioritization, remediation, and protection of sensitive data across modern hybrid and AI environments. The combined solution will help organizations transform data security from a compliance obligation into a strategic advantage.

Timeline: Announced March 10, 2025

Threat Actors: N/A

Key Implications:

• Enhanced AI-powered data security capabilities for enterprise and government customers
• Improved ability to identify and mitigate data risks across cloud, on-premises, and AI environments
• Rising importance of integrated data security solutions as data breach costs continue to increase
• Growing recognition that breach-related class action costs will exceed regulatory fines by 50% in 2025

Actionable Advice:

1. Evaluate your current data security posture management capabilities
2. Consider how AI-driven security tools can enhance visibility into sensitive data risks
3. Implement solutions that provide continuous monitoring and automated remediation
4. Review your security stack for integration capabilities across data security functions

Additional Resources:Businesswire

2. Cisco to Train 1.5 Million People in Digital Skills Across the EU

Summary:

Cisco has announced an ambitious initiative to equip 1.5 million individuals across the European Union with essential digital skills by 2030. The program, unveiled at the European Commission's Employment and Social Rights Forum in Brussels, will focus on fundamental digital skills, including digital awareness, cybersecurity, data science, IoT, and AI. This effort aligns with the EU's Union of Skills framework and will be delivered through the Cisco Networking Academy, which has already trained over 3.2 million learners in the EU since 1998. Additionally, Cisco plans to train 5,000 educators over the next five years to strengthen vocational and higher education by providing expertise in AI, cybersecurity, networking, and digital transformation.

Timeline: Announced March 10, 2025

Threat Actors: N/A

Key Implications:

• Addresses the growing cybersecurity skills gap across the European Union
• Strengthens workforce readiness for an increasingly AI-driven economy
• Enhances digital literacy and security awareness across multiple sectors
• Supports the European Commission's 2030 Digital Decade targets

Actionable Advice:

1. Organizations should explore partnerships with training programs like Cisco Networking Academy
2. Invest in ongoing cybersecurity education for employees at all levels
3. Consider developing internal training programs that focus on emerging technologies
4. Support employees in pursuing cybersecurity certifications and continuing education

Additional Resources:Ed Tech Innovation Hub

3. SimSpace Unveils Stack Optimizer for Security Performance Validation

Summary:

SimSpace, a leader in high-fidelity simulated environments, has launched Stack Optimizer, a new solution designed to help organizations evaluate, test, and optimize their security and IT infrastructure. By leveraging realistic simulated environments, Stack Optimizer enables comprehensive security performance benchmarking, validation of detection engineering strategies, optimization of operational workflows, and verification of compliance readiness. The platform provides a real-world testing environment where organizations can measure their security technologies against simulated threats and operational stress tests, allowing teams to refine detection logic, optimize tool configurations, enhance interoperability, and streamline security workflows.

Timeline: Announced March 10, 2025

Threat Actors: N/A

Key Implications:

• Enables organizations to validate security tools and strategies before implementation
• Helps reduce false positives and alert fatigue in security operations centers
• Provides realistic testing environments for measuring resilience against attacks
• Supports compliance validation against industry standards

Actionable Advice:

1. Consider implementing simulation platforms to test security tools before deployment
2. Regularly validate detection engineering strategies against emerging threats
3. Use operational stress testing to identify weaknesses in security infrastructure
4. Benchmark security performance against industry standards to identify gaps

Additional Resources:Morningstar

4. Data Breach at Japanese Telecom Giant NTT Affects 18,000 Companies

Summary:

Japanese telecommunication services provider NTT Communications Corporation has disclosed a cybersecurity incident that compromised information belonging to almost 18,000 corporate customers. The breach, discovered in early February 2025, affected the company's 'Order Information Distribution System,' which contained details on corporate customers but no data on personal customers. The types of data potentially stolen include customer names, representative names, contract numbers, phone numbers, email addresses, physical addresses, and service usage information. NTT discovered the breach on February 5 and blocked the threat actor's access by the next day. However, further investigation revealed that the attackers had pivoted to another device on NTT's network by February 15, which was promptly disconnected to prevent further lateral movement.

Timeline: Discovered February 5, 2025; Contained February 15, 2025; Disclosed March 7, 2025

Threat Actors: Currently Unknown

Key Implications:

• Significant exposure of corporate client data could lead to targeted phishing attacks
• Highlights the risks of lateral movement in network breaches
• Demonstrates the importance of rapid detection and containment
• Potentially affects thousands of companies across Japan and internationally

Actionable Advice:

1. Organizations with NTT contracts should monitor for suspicious communications
2. Implement network segmentation to limit lateral movement during breaches
3. Enhance monitoring capabilities to quickly detect unauthorized access
4. Develop and rehearse incident response plans for third-party data breaches

Additional Resources:Bleeping Computer

5. DISA Global Solutions Data Breach Affects 3.3 Million Individuals (Repeated due to its huge impact)

Summary:

DISA Global Solutions, a company specializing in employee screening services, has disclosed a major data breach affecting over 3.3 million individuals. The Texas-based firm, which serves more than 55,000 businesses including a third of Fortune 500 companies, experienced an unauthorized access to part of its network beginning on February 9, 2024. Alarmingly, the intrusion remained undetected for more than two months until April 22, 2024, and public notification occurred nearly a year later. The compromised information included highly sensitive personal data such as Social Security numbers, financial account details, driver's licenses, and other government-issued identification documents. Given DISA's role in employee screening, the breach likely exposed data from background checks and drug tests, potentially including employment histories, criminal records, and health-related information.

Timeline: Breach began February 9, 2024; Discovered April 22, 2024; Publicly disclosed early 2025

Threat Actors: Currently Unknown

Key Implications:

• Massive exposure of sensitive personal information affecting millions of individuals
• Extended dwell time indicates significant gaps in security monitoring
• Delayed notification raises concerns about incident response protocols
• High risk of identity theft and fraud for affected individuals

Actionable Advice:

1. Individuals potentially affected should monitor credit reports and financial accounts
2. Consider credit freezes or fraud alerts to protect against identity theft
3. Be vigilant for phishing attempts that may leverage the exposed information
4. Organizations should review their third-party screening providers' security practices

Additional Resources:Fox News/p>

6. 560,000 People Impacted Across Four Healthcare Data Breaches

Summary:

Four separate healthcare organizations across the United States have disclosed data breaches affecting more than 560,000 individuals in total. Kansas-based Sunflower Medical Group reported the largest incident, impacting 220,000 people after hackers gained access to their systems between December 15, 2024, and January 7, 2025. The Rhysida ransomware group claimed responsibility, stating they stole over 3TB of files. Hillcrest Convalescent Center in North Carolina reported a breach affecting 106,000 people, while Gastroenterology Associates of Central Florida disclosed an incident affecting 122,000 individuals, reportedly claimed by the BianLian ransomware group. Community Care Alliance in Rhode Island reported a breach affecting 115,000 people, also claimed by the Rhysida ransomware group. The compromised data across these incidents includes names, Social Security numbers, dates of birth, financial information, medical records, and health insurance details.

Timeline: Various incidents between April 2024 and January 2025; All disclosed by March 10, 2025

Threat Actors: Rhysida ransomware group (Sunflower Medical Group and Community Care Alliance); BianLian ransomware group (Gastroenterology Associates of Central Florida)

Key Implications:

• Healthcare continues to be a prime target for cybercriminals due to valuable data
• Multiple ransomware groups are simultaneously targeting healthcare organizations
• The healthcare sector faced 720 reported data breaches affecting 186 million records in 2024

Actionable Advice:

1. Healthcare organizations should implement robust backup and recovery solutions
2. Deploy advanced endpoint protection with ransomware-specific capabilities
3. Conduct regular security awareness training focused on phishing prevention
4. Implement network segmentation to limit access to sensitive patient data

Additional Resources:Security Week

7. Bank of America Alerts Customers to Data Breach

Summary:

Bank of America has issued a warning to a select group of customers about a possible data breach that may have exposed sensitive information, including personal details and Social Security numbers. The breach, which occurred on December 30, resulted from improper handling of confidential documents by a third-party document destruction service provider. According to the bank's statement, "A document destruction vendor did not secure bank-related materials appropriately in transport. Some documents were found outside of the secure containers on the exterior of the financial center." While the exact number of affected accounts has not been disclosed, the bank confirmed that at least two customers in Massachusetts were impacted. The potentially exposed information includes names, financial account details, addresses, phone numbers, email addresses, gender, dates of birth, Social Security numbers, and other unique government ID data.

Timeline: Breach occurred December 30, 2024; Disclosed March 2025

Threat Actors: N/A (Physical security incident involving third-party vendor)

Key Implications:

• Highlights physical security vulnerabilities in document disposal processes
• Demonstrates risks associated with third-party vendor management
• Shows that data breaches can occur through non-cyber means
• Reinforces the need for comprehensive security across all aspects of data handling

Actionable Advice:

1. Financial institutions should regularly audit third-party vendor security practices
2. Implement strict chain-of-custody protocols for sensitive document handling
3. Consider digital document management solutions to reduce physical security risks
4. Affected individuals should monitor accounts for suspicious activity and consider identity theft protection services

Additional Resources:Benzinga

Cyber threats continue to impact industries from finance to healthcare to telecommunications. The rise in ransomware, third-party breaches, and sophisticated attacks highlights the urgent need for organizations to strengthen their security postures through AI-enhanced solutions, comprehensive training, and robust testing methodologies.

Partnering with EIP Networks for People-First Cybersecurity

EIP Networks remains committed to a person-first approach to cybersecurity, delivering tailored solutions to meet your organization's unique needs. Stay ahead of threats by engaging with our current events and weekly roundups here on our Blog, LinkedIn or X (Twitter), and learn how to fortify your security posture by booking an assessment with our expert team.

At EIP Networks, we provide cutting-edge cybersecurity solutions to protect your business from emerging threats. Don't wait for a breach—schedule a free consultation today and secure your digital future. #WeDoThat