The Week in Breach: Cybersecurity and Breach News 07/29/20 – 08/04/20
This Week in Cybersecurity and Breach News: BlackBaud’s breach woes cause complications worldwide, double extortion ransomware comes calling, and how neglecting basic security awareness training can cost a fortune – plus the NEW agenda for CONNECT IT GLOBAL!
Cybersecurity and Breach News: Dark Web ID’s Top Threats
- Top Source Hits: ID Theft Forum
- Top Compromise Type: Domain
- Top Industry: Education & Research
- Top Employee Count: 501+
Cybersecurity and Breach News – United States
United States – National Cardiovascular Partners
Exploit: Unauthorized Account Access
National Cardiovascular Partners: Healthcare Provider
Risk to Small Business: 2.232 = Severe
Patient data was exposed after hackers were able to gain access to the Excel spreadsheet where it was stored through an employee account compromise. Undetected for over 3 weeks, the spreadsheet contained patient information, including names, contact information, and a host of other sensitive data that varied by patient. No word on what else the hackers may have obtained.
Individual Risk: 2.377 = Severe
Impacted patients are being notified and offered a one-year membership in Experian IdentityWorks, an identity theft protection service. These patients should also take appropriate measures against identity theft, spear phishing, fraud, and other criminal uses.
Customers Impacted: 78,070
How it Could Affect Your Customers’ Business: Handling sensitive medical data is a proposition that requires excellent security training as well as a strong suite of cybersecurity solutions. Not only was this incident preventable, but it was also expensive – and it will not just cost a fortune in recovery, it will also invite regulatory penalties.
ID Agent to the Rescue: Password and account compromise can be prevented. Multifactor authentication with Passly makes a stolen password powerless by requiring another identifier, like a unique code, to access systems and data that the bad guys won’t have. LEARN MORE>>
United States – IndieFlix
Exploit: Unsecured Database
IndieFlix: Streaming Service
Risk to Small Business: 1.603 = Severe
Another unsecured data bucket on a publicly accessible Amazon Simple Storage (S3) server is the culprit for a data breach at the streaming platform IndieFlix. The exposed data includes over 90,000 files. Some of the data includes scans of confidential motion picture acquisition agreements, tax ID requests that include filmmaker social security numbers and employer identification numbers, and detailed contact information of thousands of film professionals – plus thousands of unlocked video files of short films, movie clips, and trailers that can be accessed and downloaded by anyone with a direct link to the files.
Individual Risk: 1.599 = Severe
3,217 scans of requests for tax identification numbers that include addresses, signatures, as well as social security numbers and/or employer identification numbers of the filmmakers or their distribution agents were compromised. Film industry professionals and organizations that have signed agreements with IndieFlix or given the company their contact details between 2013 and 2016, should be aware of the potential for their data, including financial information, to be used for fraud and spear phishing attacks.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business Sloppy storage causes big problems that can have a huge impact on a company’s reputation client confidence. By improving security awareness training, employees will develop better handling habits for data and passwords.
ID Agent to the Rescue: ID Agent’s digital risk protection platform includes security awareness training to encourage better digital behavior and improve information security. LEARN MORE>>
United States – Athens Independent School District
Exploit: Ransomware
Athens Independent School District: Public School System
Risk to Small Business: 1.207 = Extreme
A school system in East Texas has paid cybercriminals a ransom of $50K for the key to unencrypt its data. The school board noted that it had no choice but to pay the ransom because it could not complete recovery in time to start the new school year. The report also noted that other school systems in East Texas have been hit with ransomware attacks recently as well. The district has cyberattack insurance.
Individual Risk: No personal or financial data about students or staff was reported as compromised at this time.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware is today’s biggest cybersecurity headache, and it’s usually delivered through a poisoned phishing email. A well-timed ransomware attack can create a big payday for cybercriminals as impacted victims are left with little recourse when they’re on a tight schedule.
ID Agent to the Rescue: Phishing isn’t just an email problem anymore. BullPhish ID can raise awareness of different kinds of phishing attacks to train staffers to be alert to suspicious messages and report them instead of interacting with them. SEE A DEMO>>
United States – Ledger
Exploit: Unauthorized Database Access
Ledger: Cryptocurrency Storage Hardware Developer
Risk to Small Business: 1.993 = Severe
Cryptocurrency wallet maker Ledger has announced that they experienced a data breach that exposed contact information for many clients. The breach was discovered by a participant in a bug bounty program. A marketing database containing email addresses for approximately one million users was unsecured, and a subset of 9,500 customers also had other contact information including first and last name, mailing addresses, and phone numbers exposed.
Individual Risk: 2.775 = Moderate
Only basic information like email addresses was exposed for a majority if the affected clients, but some customers’ addresses and phone numbers were compromised as well. Clients should be suspicious of potential spear phishing attacks.
Customers Impacted: 1 million
How it Could Affect Your Customers’ Business: Simple security failures like thismoneor the data breach caused by phishing at Twitter don’t increase client confidence in companies that promise secure technology.
ID Agent to the Rescue: Convincing your clients that they need to upgrade their cybersecurity, especially security awareness training, can be a hard sell in today’s economy. Through Goal Assist, our Partners can get a timely assist with a tricky sales call from one of our experts to help them notch the win. LEARN MORE>>
United States – Havenly
Exploit: Unauthorized Database Access
Havenly: Interior Design Collaboration Website
Risk to Small Business: 2.302 = Severe
As part of last week’s ShinyHunters data dump, the account details of millions of Havenly users were leaked on the Dark Web. The leaked data included affected users’ login name, full name, hashed password, email address, phone number, zip, and other data related to the usage of the site. Havenly noted that it does not store credit card numbers and no financial data was involved in this incident
Individual Risk: 2.503 = Moderate
No financial data was reported as compromised in this breach, but users should be aware of the personal details that were stolen being used to conduct spear phishing attempts.
Customers Impacted: 13 million
How it Could Affect Your Customers’ Business: Data dumps from major players in the data selling business are becoming more common. These dumps often include email addresses and login credentials for work accounts that staffers may be using (or reusing) for convenience.
ID Agent to the Rescue: Take the sting out of potential password reuse problems with Passly. Even if an employee is recycling an already compromised password, Passly puts crucial extra layers of protection between bad actors and sensitive data. LEARN MORE>>
United States – Drizzly
https://techcrunch.com/2020/07/28/drizly-data-breach/
Exploit: Unauthorized Database Access
Drizzly: Alcohol Delivery Service
Risk to Small Business: 2.101 = Severe
Online booze startup Drizzly just announced that it suffered a data breach. Hackers were able to snatch customer email addresses, DOBs, hashed passwords, and some delivery addresses. The company says that no financial information was taken, but researchers noticed that hackers trying to sell Drizzly’s data claim to also have credit card numbers.
Individual Risk: 2.661 = Moderate
No financial information was reported stolen, by the company, but cybersecurity reports put that claim in question. Users of the service should change their passwords immediately and monitor their credit accounts for fraud.
Customers Impacted: 2.5 million
How it Could Affect Your Customers’ Business: As more competition pops up in online delivery service spaces, customers will be inclined to choose to do business with companies that can protect their data.
ID Agent to the Rescue: Are you monitoring the Dark Web for compromised user credentials? You should be. Find out about credentials that have been compromised at an organization before the bad guys do with Dark Web ID. LEARN MORE>>
Cybersecurity and Breach News – Canada
Canada – Pivot Technology Solutions
Exploit: Ransomware
Pivot Technology Solutions – Managed Services Provider
Risk to Small Business: 1.513 = Severe
A ransomware attempt at Canadian MSP Pivot Technology Solutions was ultimately foiled, but not before the attackers were able to access and copy sensitive company data for some US employees and consultants. Compromised staff and associate data included names, addresses, dates of birth, gender, disability status, and type of insurance coverage. Cybercriminals also stole payroll data including details about deductions, 401k forms, income, and benefits as well as scooping up, banking details like routing and account numbers, and Social Security numbers.
Individual Risk: 2.074 = Severe
The company is offering free monitoring solutions to affected staffers and advises anyone who suspects that their information may have been involved to monitor accounts for financial and identity compromise.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware is the bane of cybersecurity professionals around the world. It is typically used to encrypt data, but even an attempt that fails to encrypt data can still expose sensitive information.
ID Agent to the Rescue: Updated phishing resistance training is upgraded protection against ransomware. BullPhish ID’s constantly updated phishing resistance training features plug-and-play training campaigns including engaging videos in 8 languages. LEARN MORE>>
Cybersecurity and Breach News – United Kingdom & European Union
United Kingdom – Avon
https://www.infosecurity-magazine.com/news/cosmetics-giant-avon-leaks-19/?&web_view=true
Exploit: Unsecured Database
Avon: Cosmetics Manufacturer and Distributor
Risk to Small Business: 1.883 = Severe
A misconfigured cloud server at global cosmetics powerhouse Avon was the culprit of a 7GB data breach at the cosmetics giant after it was discovered by researchers. The Elasticsearch database on an Azure server was publicly exposed with no password protection or encryption for nine days. The treasure trove of information available included personally identifiable information of both customers and employees, including full names, phone numbers, dates of birth, emails, and home addresses with GPS coordinates. Also included in the haul were an eye-popping 40,000+ security tokens and OAuth tokens plus internal logs, account settings, and technical server information.
Individual Risk: 2.339 = Severe
While no financial data was reported as exposed, the personal information that was available to cybercriminals opens Avin customers and staffers up to spear phishing attempts and potential identity theft.
Customers Impacted: 19 million
How it Could Affect Your Customers’ Business: Basic security failures are unacceptable at companies of any size. Consumers are becoming more aware of the potential risk that comes from having their personal data exposed and will be less likely to do business with companies that fail to secure it.
ID Agent to the Rescue: Add protection for your data and systems that really delivers with Passly. The 1 -2 punch of multifactor authentication and secure password storage vaults lock up your access points, keeping cybercriminals at bay. SEE PASSLY’S FEATURES >>
Germany – Dussmann Group
Exploit: Ransomware
Dussmann Group: Services Conglomerate
Risk to Small Business: 1.827 = Severe
Nefilim Ransomware is responsible for a data breach at Dresdner Kühlanlagenbau GmbH (DKA), a subsidiary of the Dussmann Group. The attackers began the sale of 14 GB of sensitive data including archives contain numerous documents, including Word documents, images, accounting documents, and AutoCAD drawings before encrypting systems. In total, the gang claims to have encrypted four domains and stolen approximately 200GB of archived data.
Individual Risk: No personal or financial information was reported as stolen in this incident.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Dark Web data brokers aren’t just looking for password lists and credit card numbers. They also want proprietary data and business secrets like formulas and schematics like the ones stolen in this incident.
ID Agent to the Rescue: Insider threats can cause company secrets to be revealed, and that can put your business at risk. Whether malicious or unintentional, employee actions like failure to secure information are a problem that every business needs to take seriously. Learn to spot and stop insider threats in our “Stop Insider Threats” resource package that’s full of information for you and your customers. DOWNLOAD IT>>
Cybersecurity and Breach News – Middle East & Africa
Israel – Promo.com
https://portswigger.net/daily-swig/promo-com-data-breach-impacts-23-million-content-creators
Exploit: Third Party Data Breach
Promo.com: Marketing Video Creation
Risk to Small Business: 2.092 = Severe
The Israeli-based marketing video creation site has disclosed a data breach after a database containing 22 million user records was leaked for free on a hacker forum. The exposed data includes content creators’ first name, last name, email address, IP address, approximated user location based on their IP address, and gender, as well as encrypted, hashed passwords. Promo.com says that the information was stolen as part of a third party data breach involving one of their service providers.
Individual Risk: 2.802 = Moderate
No financial data was stolen in this incident, but the personal information stolen may open creators that use the site up to identity theft and spear phishing attempts.
Customers Impacted: 23 million
How it Could Affect Your Customers’ Business: A data breach at a third party provider is almost as dangerous to a company’s security and reputation as an in-house incident.
ID Agent to the Rescue: ID Agent’s dynamic digital risk protection platform offers both cutting-edge security awareness training, credential monitoring, and essential tools to protect data and systems – and business owners’ peace of mind. LEARN MORE>>
Cybersecurity and Breach News – Australia & New Zealand
Australia – Regis Healthcare
Exploit: Ransomware
Regis Healthcare: Aged Home Operator
Risk to Small Business: 2.002 = Severe
Care home operator Regis is reporting that it suffered a cyberattack leading tom a data breach that was allegedly perpetrated by “foreign attackers” using Maze ransomware. The stolen data from 2 servers includes the personal information of a small number of residents at Regis facilities and a staff member
Individual Risk: 2.705 = Moderate
While no financial information was reported stolen, a great deal of very specific and highly sensitive personal health data has been compromised. This is especially troubling as COVID-19 anxiety runs high, and may lead to public personal ramifications for patients that were affected as well as lending itself to spear phishing and blackmail attempts.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: The ripple effect of one breach can sometimes be felt throughout an industry, as many services and companies are intertwined. By adding a solid digital risk protection platform to their security plan, businesses can gain a more holistic view of their risks to start patching up holes in security before a problem becomes a disaster.
ID Agent to the Rescue: Get expert advice on how to position your clients for maximum protection against digital risk – and how to position yourself for greater success and increased MRR all in one powerful webinar. DOWNLOAD IT>>
The Week in Breach Cybersecurity and Breach News Risk Levels
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach Cybersecurity and Breach News are calculated using a formula that considers a wide range of factors related to the assessed breach.
The Week in Breach Cybersecurity and Breach News: Added Intelligence
Go Inside the Ink to Get the Inside Scoop on Cybersecurity and Breach News
Every weekday, our blog features timely cybersecurity and breach news, problem-solving advice, and expert analysis of today’s threats, plus insight that helps you plan for tomorrow. Don’t miss it!
Catch up on what you need to know now:
- 10 Game-Changing 2020 Data Breach Statistics
- 2 Effective Business Email Compromise Solutions
- 3 Reasons Why You Need to Attend Connect IT Global
- Guest Post: Clarify IT Needs With This MSP Strategy for Cybersecurity Threats
- The Ink This Week: Cybersecurity News & Analysis 07/31/20
- TwitterWas Compromised by a Phished Password – Can That Happen to You Too?
Free eBook of the Week
In Cybersecurity and Breach News This Week, Insider Threats Caused Major Problems – But You Can Fight Back.
Insider threats are the biggest potential cybersecurity pitfall that any business faces. While we often think of saboteurs, thieves, criminals, and spies as the threats that businesses need to be concerned about, malicious insiders are only a small fraction of the problem.
The most potentially devastating threats to cybersecurity are intentional. Well-intentioned but careless or poorly trained employees can open businesses up to a data breach, ransomware, credential compromise, or another security incident quickly.
Learn to spot and stop insider threats to protect businesses from both malicious actors and sloppy staffers in our eBook, “Combating Insider Threats”, a free download that’s available now as part of our “Stop Insider Threats” resource package – plus take a deeper dive into insider threats with our “6 Things You Need to Know About Insider Threats” whitepaper, perfect for giving to customers who want to learn more about this problem an how you can solve it for them!
Download “Combating Insider Threats” now. GET THE BOOK>>
Cybersecurity and Breach News Spotlight
The BlackBaud Breach Fallout Continues to Pile Up
The recent data breach at fundraising technology provider BlackBaud is an object lesson in how third party risks can compromise cybersecurity and cause huge problems for other businesses, leading to a cascade effect that keeps the damage rolling.
Initially, BlackBaud obfuscated the details it released about the breach, including insinuating that the initial ransomware attack was unsuccessful. Two weeks ago, we reported on the real story of that breach, noting that BlackBaud had actually paid the ransom demanded for the encryption key. The company also claimed that very little user data was stolen and the breach would only impact a small subset of its users.
Once again, that wasn’t necessarily the case. As the ripple effect of the initial breach became more apparent, large universities and institutions around the world began disclosing that information including details about their alumni, donors, and fundraising efforts had been compromised in the BlackBaud breach, Including The National Trust (UK), Texas Tech, the University of York, the University of South Wales, Aberystwyth University, and UK Charities including The Wallich, Crisis, Sue Ryder, and Young Minds.
The UK’s Information Commissioner’s Office (ICO) told the BBC that 125 organizations had reported that they were impacted by the event, including dozens of universities and 33 charities. Internationally, the breach is expected to impact many more universities, trusts, museums, schools, churches, and food banks.
So how can you protect your clients’ sensitive data and systems from breach danger or exposure because of third party service providers? We’ll be coming out with a new book addressing that problem soon, but here’s a sneak peek at our advice – and you can put this into practice right now.
Start employing single sign-on (SSO) and multifactor authentication (MFA) immediately. Those two tools combines add a strong barrier between cybercriminals and sensitive data and systems by giving IT staffers more control. MFA is often the star of the show when considering secure identity and access management solutions, but single-sign-on is the unsung hero.
SSO allows for the creation of a unique Launchpad for every user, giving IT staff the opportunity to control each user’s access to applications and data with one action. If someone’s account is compromised, instead of figuring out what they ad access to and turning each one off individually, IT staffers can cauterize the bleeding quickly by simply deactivating that user’s Launchpad, eliminating their access to everything.
Get these essential protections and more with our freshly updated secure identity and access management solution Passly. Not only do you get MFA and SSO, Passly also includes easy remote management tools, secure password storage vaults, and seamless integration with over 1,000 commonly used business applications. Start using Passly now to provide an essential upgrade in protection from unexpected threats that won’t break the bank – and gets to work securing data and systems from Day 1.
Watch this 10-minute technical demonstration video of Passly.
Are you up to speed on the ways that the Dark Web has changed in the wake of COVID-19? Get an inside look at what MSPs need to know right now to protect their clients and their bottom line in a new webinar. DOWNLOAD THE WEBINAR>>
INSTEAD OF YOU COMING TO US, CONNECT IT GLOBAL IS COMING TO YOU!
CONNECT IT GLOBAL has been completely revamped to provide you with even better virtual content! We’ve got an amazing lineup of Channel All-Stars ready to host must-see virtual panels and workshops to educate and inspire you. Plus, you’ll have opportunities to earn new certifications to enhance your portfolio. Learn sales, marketing, product, and business secrets to success. Here’s a taste of what’s planned:
- THE ID AGENT 2020 ROADMAP
- THE NEW CONNECT 360 – THE MSP PROFITABILITY MINI-SYMPOSIUM
- GO PHISHING: DETECTING ADVANCED, PERSISTENT PHISHING THREATS
- THE ANATOMY OF AN O365 BREACH
- GROWING REVENUE WITH SECURITY COMPLETE
- THE STATE OF COMPLIANCE: HOW FEDERAL STATE AND LOCAL LAWS IMPACT MSPS
Plus, We’ll have product announcements, plenty of fun activities, contests, and opportunities to get to network with Channel influencers as you gain insight into growing your MSP. See you there!
Catch Up With Us at These Virtual Events
AUG 11 – 13 Cyber Tri Fecta/Capture the Flag REGISTER>>
AUG 24 – 27: Connect IT 2020 REGISTER >>
AUG 30 – SEPT 1: Build IT 2020 REGISTER>>
SEPT 27 – 29: GlueX 2020 REGISTER>>
A note about cybersecurity and breach news for your customers:
Double Extortion Ransomware is in Fashion This Summer
In a tough economy, everybody’s looking for a way to make a little more money and increase profitability – even cybercriminals. Why should a cybercriminal only benefit once from the hard work of hacking into systems and deploying ransomware, when they could benefit twice?
Double extortion ransomware is becoming more trendy as a means of cybercrime because it opens up extra opportunities for profit as cybercriminals not only attempt to get paid by selling you the encryption key to unlock your systems and data, they also try to extort a little extra by threatening to release especially sensitive information on the Dark Web.
The majority of ransomware infections are delivered via phishing- and phishing isn’t just an email threat these days. Instead of the proverbial malware-laced attachment, phishing has expanded to include attack attempts through malicious links, SMS messages, texts, chats, and more.
By implementing and updated regular phishing resistance training, companies can improve their defense against ransomware. Choose an innovative solution like BullPhish ID that offers constantly updated, plug-and-play phishing training in bite-sized pieces using engaging video lessons in 8 languages to keep staffers on alert for suspicious messages and stop ransomware attacks before they start.
Get high-quality marketing tools to help you connect with your customers with our free resources for marketing and education like eBooks, webinars, social media graphics, infographics, and more!.
Follow us on social media to find out about breach news, upcoming events, new blog posts, eBooks, white papers, webinars, product updates, marketing tools, and other cybersecurity news!
Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in its entirety) for your own social media and marketing efforts. Just send an email to [email protected] to let us know – we welcome your feedback and we love to hear about how our content works for you!
Ready to become an ID Agent Partner or learn more about our remote-ready suite of cybersecurity solutions including the award-winning DarkWeb ID? Contact us today!