Please fill in the form below to subscribe to our blog

The Week in Breach: 5/14/18 – 5/20/18

May 23, 2018

The Week in Breach: 5/14/18 – 5/20/18
Breach news to share with your customers!


Highlight’s from The Week in Breach:

  • Ransomware still plaguing state and local agencies
  • Accidental data disclosures on the rise
  • AWS implementation flaws create security flaws compromised

Breach activity remained strong over the past week. Enterprise exploits held steady as expected; however, we’ve seen a resurgence in state actor-led attacks downstream targeting mid-market and SMB. Largely credential-based stuffing and phishing attacks, they have proven highly effective and will undoubtedly grow over the coming months.

Check out the post on Health Data Breaches at the end of this week’s report. The number of health data breach victims reported to Federal agencies in 2018 has doubled in recent weeks to more than 2 million.

What We’re Listening to This Week:

Security Now – Hosted by Steve Gibson, Leo Laporte

Defensive Security Podcast – Hosted by Jerry Bell (@maliciouslink) and Andrew Kalat (@lerg)

Small Business, Big Marketing – Australia’s #1 Marketing Show!

Stories of Interest: 

The New 1st State… In Cyber that is…
Maryland becomes the first state in the nation to offer businesses tax credits for purchasing cybersecurity equipment and services. It’s promoting programs to encourage young women to pursue careers in tech (cyber in particular), as well. Kudos to Governor Hogan, we are proud to be based in a forward-thinking state!

Fail of the Week! Comcast Xfinity!
If Comcast created its own version of Verizon’s Data Breach Investigation Report (DBIR), do you think they would report on this?

TeenSafe App… Not Really Keeping Your Teens Safe
And I quote, “…for a hacker, even a child’s phone is a treasure trove of data that can be used against their will.” Yikes.

The Breach Rundown

Worcester Bosch (British boiler maker)

Small Business Risk: High (Malware/ Forensics, Brand Reputation/ Loyalty)
Exploit: Suspected Phishing, Malware Injection
Risk to Individuals: Low (Limited/ Low-value PII)

What you need to know: This incident demonstrates that organizations across all industries are indiscriminately targeted by automated compromise services. Damage, as it relates to this particular incident, is largely breach forensics, reputation and monetary loss.   

Worcester Bosch (British boiler maker)

Date Occurred/Discovered May 13, 2018
Date Disclosed May 14, 2018
Data Compromised Home addresses of customers of “tens of thousands of customers”
How it was Compromised A “systems issue” on Sunday morning caused multiple emails with addresses and names of customers to be sent out by accident
Customers Impacted Exact number uncertain, but noted to be “tens of thousands”
Attribution/Vulnerability Undisclosed at this time

Boston Dental

Small Business Risk: High (Forensics, Brand Reputation/ Loyalty)
Exploit: Database & Security Misconfiguration
Risk to Individuals: High (Exploitable/High-value PII)

What you need to know: Not much was publicly disclosed about the misconfiguration or how long the data was exposed. I’m sure we’ll see more on this incident in the coming weeks.

Boston Dental (Las Vegas-area dental group)

Date Occurred/Discovered Discovered March 13, 2018
Date Disclosed May 14, 2018
Data Compromised The breached data included health insurance information, Social Security numbers and birth dates.
How it was Compromised The information of patients was inadvertently posted on Cambridge Dental Consulting Group’s public website, A caller from the U.S. Department of Health and Human Services notified the company on March 13 that it had downloaded the information. 
Customers Impacted 3 percent of patients from any of the 19 Boston Dental offices plus Diamond Lake Dental in Hemet, CA
Attribution/Vulnerability Undisclosed at this time

Public Sector
LA County 
Small Business Risk: High (Forensics, Reputation/ Public Trust)
Exploit: Database & Security Misconfiguration, Poor Security Controls
Risk to Individuals: High (Exploitable Credentials/ High-value PII)
What you need to know:  This is an alarming incident for several reasons.

  • Basic Cloud Services Misconfiguration
  • Poor Credential Encryption Hygiene
  • Poor Data Storage/ Data at Rest Encryption
  • Poor Data Loss Monitoring

LA County Social Service Hotline (211)

Date Occurred/Discovered Discovered: UpGuard, a cybersecurity firm based in Mountain View, Calif., said it notified the county in April 2018.
Date Disclosed May 2018
Data Compromised UpGuard discovered exposed Social Security numbers, addresses and sensitive notes about calls regarding mental health and abuse. The data also contained records for 3.5 million calls and a substantial amount of personally identifiable information that included 33,000 Social Security numbers and in many cases full names and addresses — as well as detailed notes for 200,000 calls logged between 2010 and 2016
How it was Compromised It was not immediately clear whether any unauthorized people accessed the data, which was kept in a cloud storage repository maintained by 211 L.A. County, the nonprofit group that operates the county’s 211 hotline.
Attribution/Vulnerability UpGuard officials indicated that the information discovered included names, email addresses and weakly encrypted passwords of users operating the 211 system, potentially opening them to attack. He said it was available for public download from an Amazon web server.  UpGuard officials said that if an administrator incorrectly configures permissions for the data it stores with Amazon, accessing the data can be “as simple as typing a URL”, which is what happened in this case.

Public Sector
Greenwood, SC 

Small Business Risk: High (Ransomware, Bitcoin Payment, Forensics, Reputation/ Public Trust)
Exploit: Ransomware, Security Misconfiguration, Poor Security Controls
Risk to Individuals: High (Exploitable Credentials / PII)
What you need to know: Ransomware exploits are plaguing poorly resourced and defended public sector systems. The data extracted email addresses, passwords and home addresses and can be used to create highly effective phishing campaigns.

Greenwood, SC Commissioners of Public Works (CPW)

Date Occurred/Discovered Occurred May 16, 2018
Date Disclosed May 18, 2018
Data Compromised The hackers were able to see a data table that contained email addresses, CPW customer and account numbers, and passwords.
However, officials said no personal identifying information, such as social security and driver’s license numbers, credit card information and addresses, was compromised.
How it was Compromised Foreign hackers accessed CPW’s online customer portal. The hackers used ransomware and demanded CPW pay via bitcoin. Instead, the utility disabled portal access and took related systems offline
Attribution/Vulnerability Outside actors / undisclosed at this time.

Health Data Breaches are on the Rise

The number of health data breach victims reported to Federal agencies in 2018 has doubled in recent weeks to more than 2 million.

The largest breach of the year so far involved a break-in at a California government office that affected 582,000 individuals. The agency reports the “unauthorized access/disclosure” incident to OCR in April. In a statement posted on the agency’s site, DDS says “trespassers ransacked files, vandalized and stole state property and started a fire” at the agency’s Sacramento legal and auditing offices. The offices contained PHI of about 582,000 individuals, plus personal information of about 15,000 employees at the agency’s regional centers, service providers, and applicants seeking employment with the department, the statement says. After the break-in, DDS discovered a number of paper documents and compact discs were either displaced or damaged from the fire and the sprinklers. DDS says it has no evidence that personal and health information was compromised due to the incident. Also stolen in the break-in were 12 laptop computers owned by the state. Those computers, however, were encrypted, the statement notes.

The incident involving the California DDS is one of 57 breaches reported in 2018 so far that are described as “unauthorized access/disclosure” cases. In total, those incidents have impacted 1.1 million individuals; about half of those breach victims were impacted by the California DDS break-in.

As of Thursday, the Department of Health and Human Services’ HIPAA Breach Reporting Tool website – commonly called the “wall of shame” – showed that 124 breaches have been reported to HHS so far in 2018. About 30% of those breaches – 38 incidents – have been posted to the website since April 17, the last time Information Security Media Group analyzed the federal breach tally.

By far the largest of breach ever posted on the wall of shame is a hacking incident reported in 2015 by health insurer Anthem Inc.which impacted 78.8 million individuals.

The Five Largest 2018 Breaches, So Far

Name of Entity Individuals Affected
California Dept. of Developmental Services 582,000
Oklahoma State University Center for Health Sciences 280,000
St. Peter’s Ambulatory Surgery Center 135,000
Center for Orthopaedic Specialists 82,000
Tufts Associated Health Maintenance Organization 70,000

Source: U.S. Dept. of Health and Human Services

Hacking Incidents

Meanwhile, the wall of shame shows 36 hacking/IT incidents posted so far in 2018, impacting about 41 percent of the total number of people affected – or about 812,000 individuals.

The second largest incident posted to the federal tally so far in 2018 – and the biggest “hacking/IT incident” posted to date this year – was reported by the Oklahoma State University Center for Health Sciences. That incident reported in January but discovered in November 2017, impacted nearly 280,000 Medicaid patients.

Another hacking incident recently posted on the wall of shame is a breach impacting nearly 82,000 individuals reported by the California-based Center for Orthopaedics Specialists on April 18. That incident involved a February ransomware attack on the center’s computer network.

Thefts and Losses

Another common cause of breaches posted on the wall of shame this year are losses or thefts. So far this year, 27 such incidents impacting a total of 79,000 individuals have been listed. Of those, 21 incidents involved laptops and other electronic devices. The rest involved paper/film.

While the wall of shame is still splattered with 2018 breach reports involving the loss or theft of unencrypted computing devices, far fewer of those major incidents are being reported now compared to several years ago when those cases were the No. 1 culprit in many of the largest breaches appearing “wall of shame” breaches. The wall of shame has likely seen fewer big breaches in recent years involving lost or stolen unencrypted devices because of improved awareness and security practices involving mobile devices.


MSP Partners, please feel free to share this information with your customers!

Are you looking to see how Dark Web ID™ can help you protect your customers’ credentials? Learn about ID Agent’s Partner Program now!