Please fill in the form below to subscribe to our blog

The Week in Breach: 02/05/20 – 02/11/20

February 12, 2020

This week, ransomware erodes productivity, a malware attack permanently destroys patient data, and a new study reveals the extent of data breaches in the UK.  

Dark Web ID Trends:

Top Source Hits: ID Theft Forums 
Top Compromise Type: 
Domain
Top Industry:
Education & Research
Top Employee Count:
251 – 500 Employees 


United States – TV Eyes
https://www.zdnet.com/article/ransomware-hits-tv-radio-news-monitoring-service-tveyes/

Exploit: Ransomware
TV Eyes: Media monitoring service

1.51 – 2.49 = Severe Risk Risk to Small Business: 2.222 = Severe: An unidentified ransomware strain has disabled the network’s core servers and engineering workstations. As a result, clients have been unable to access any information, which could have broad and long-lasting financial consequences for the media monitoring company. TV Eyes has declined to pay the ransom. Still, brand erosion and opportunity costs will make this an expensive attack at a critical time for the company, whose services are widely used by news outlets and PR agencies to access media content for reporting purposes.
2.5 – 3 = Moderate Risk

Individual Risk: 2.875 = Moderate: At this time, no personal information was compromised in the breach. However, some PR professionals and media members had expressed fears that their data was compromised before hackers encrypted their files. Those impacted by the breach should update their account credentials while being especially critical of digital communications.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: In addition to academic and government institutions, cybercriminals are increasingly targeting businesses that store customer data. Many are now willing to compromise customer data if ransom demands aren’t met, a new reality that significantly increases the potential damage of a ransomware attack. Since ransomware attacks always require a vulnerability to gain network access, companies should regularly assess their defensive postures to ensure that they are prepared for this nefarious attack methodology.

ID Agent to the Rescue: Helping your SMB customers understand the importance of security is no easy task. With Goal Assist™, we offer hands-on assistance with your direct sales interactions, setting you up for the win by providing the resources necessary to make a case for Dark Web monitoring. Learn more here: https://www.idagent.com/goal-assist.

United States – Electronic Warfare Associates (EWA)
https://www.zdnet.com/article/dod-contractor-suffers-ransomware-infection/

Exploit: Ransomware
Electronic Warfare Associates (EWA): Electronic product and services company

1.51 – 2.49 = Severe Risk Risk to Small Business: 2.111 = Severe: Cybercriminals encrypted the company’s web servers, leaving customer-facing signs of a cyberattack even several days after the event. In response, the company took down the affected servers, and it’s unclear how much of the company’s internal IT is impacted by the attack. More than a week after the attack was discovered by security researchers, EWA still hasn’t issued a statement to the public. This lack of transparency could complicate their recovery process, which already promises to be an arduous journey due to the complicated nature of their business.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware attacks often come with cascading consequences that impact every part of a business. Not only does this attack vector come with high up-front expenses, but the reputational damage and opportunity cost can be even more damaging. Every company should assess its threat landscape to ensure that it can adequately defend against a devastating ransomware attack.

ID Agent to the Rescue: WIth BullPhish ID™, MSPs can provide a more complete picture of a company’s security posture and potential risk, transforming the weakest links of an organization into their strongest points of protection. Find out how you can get started with us here: https://www.idagent.com/bullphish-id.

United States – Fondren Orthopedic Group 
https://www.beckershospitalreview.com/cybersecurity/30-000-medical-records-damaged-in-malware-attack-at-texas-provider.html

Exploit: Malware attack
Fondren Orthopedic Group: Orthopedic healthcare services provider

1.51 – 2.49 = Severe Risk Risk to Small Business: 1.555 = Severe: A malware attack destroyed a number of the medical provider’s patient records. The incident was first discovered in November 2019, but IT administrators only recently identified the permanent damage to their digital records. As a result, patients have to complete new patient information forms that include detailed medical histories. Given the sensitive and incredibly important nature of this information, this attack could negatively impact patient care, and it will undoubtedly invite regulatory oversight.
1.51 – 2.49 = Severe Risk

Individual Risk: 2.285 = Severe: Fondren Orthopedic Group noted that there is no evidence of patient information being compromised. However, the lost data includes patients’ names, addresses, phone numbers, treatment data, and healthcare information. It stands to reason that if hackers can erase patient data, then they can also use it for other nefarious purposes. Those impacted by the breach should carefully monitor their online accounts for unusual or suspicious activity, and they should scrutinize digital communications because compromised data is often redeployed in spear phishing attacks.

Customers Impacted: 30,049
How it Could Affect Your Customers’ Business: After this devastating malware attack, Fondren Orthopedic Group announced an update to their cybersecurity practices, a move that is too little, too late for the thousands of patients impacted by the breach. There are many steps companies can take to mitigate the risk of a data breach, but those steps need to be taken before an incident occurs. Otherwise, these measures serve as vanity metrics as opposed to a defensive strategy.

ID Agent to the Rescue: We go into the Dark Web to keep you out of it. Dark Web IDTM is the leading Dark Web monitoring platform in the Channel. The award-winning platform combines human and sophisticated Dark Web intelligence with search capabilities to identify, analyze and proactively monitor an organization’s compromised or stolen employee and customer data. Schedule a demo today: https://www.idagent.com/dark-web/#contact.

Canada – Confederation College
https://www.cbc.ca/news/canada/thunder-bay/confederation-college-malware-incident-1.5449400

Exploit: Malware attack
Confederation College: Provincially funded college of arts and technology

1.51 – 2.49 = Severe Risk Risk to Small Business: 2.222 = Severe: A malware attack disabled the college’s IT services, rendering many digital accounts unusable. Fortunately, Confederation College doesn’t believe that any personal information was compromised in the breach, but they will face blowback from their student body that entrusts their personal information to the school.
2.5 – 3 = Moderate Risk

Individual Risk: 2.555 = Moderate: At this time, no personal information was compromised in the breach. However, the college encourages anyone with a school email address to reset their account password and the passwords for any other accounts that may also use these credentials.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Even when login credentials are compromised in a data breach, businesses can still protect their accounts with simple security features like two-factor authentication. This service requires users to confirm their identity on a separate device before allowing account access, so cybercriminals deploying stolen credentials for brute force attacks are unable to find their way on to your organization’s network. As more and more information makes its way online, two-factor authentication is an obvious tool that every organization should implement.


ID Agent to the Rescue: With PasslyTM , you can protect your employees’ password integrity. We offer integrated multi-factor authentication, single sign-on, and identity management solutions to protect your credentials and your data. Find out more at: https://www.idagent.com/passly.

United Kingdom – Tissue Regenix 
https://www.scmagazine.com/home/security-news/cybercrime/cyberattack-halts-tissue-regenixs-u-s-based-manufacturing-operations/

Exploit: Malware attack
Tissue Regenix: Medical technology company

1.51 – 2.49 = Severe Risk Risk to Small Business: 1.888 = Severe: A malware attack forced Tissue Regenix to take its systems offline, which negatively impacted its short-term production capacity. Tissue Regenix hired cybersecurity experts to eradicate the malware, but the immediate financial repercussions were immense. The company’s shares dropped by 22% after the announcement. Researchers believe that the malware entered their network through a third-party, highlighting the importance of a 360-degree defensive posture that accounts for all possible risks.

Individual Risk: No personal information was compromised in the breach,

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: There are many ways that a data breach can impact a company’s financial outlook. In this case, the impact was immediate and intense. For businesses grappling with the cost of data security measures, this episode is a reminder that the cost of inaction can far exceed those of an effective cybersecurity strategy.

ID Agent to the Rescue: With Compliance ManagerTM, any company can automate data privacy standards and documentation responsibilities, making compliance a simple, intuitive process for everyone. Click the link to get started today: https://www.idagent.com/compliance-manager.

United Kingdom – Dundee College
https://www.theregister.co.uk/2020/02/04/dundee_angus_college_ransomware/

Exploit: Ransomware
Dundee College: Academic and research institution

1.51 – 2.49 = Severe Risk Risk to Small Business: 1.666 = Severe: A ransomware attack disabled Dundee College’s entire IT infrastructure, canceling classes and requiring thousands of students to reset their account credentials. Currently, the outage has lasted more than a week, and it includes access to student records, educational material, and online learning portals. The event takes place at a critical time for the school, as they are conducting interviews for future students. In addition, the incredible recovery cost and reputational damage will facilitate a serious blowback to the college’s financial viability.
1.51 – 2.49 = Severe Risk

Individual Risk: 2 = Severe: At this time, it’s unclear if personal data was compromised in the ransomware attack. However, Dundee College requires all students to reset their passwords before accessing their school accounts.

Customers Impacted: 5,000
How it Could Affect Your Customers’ Business: Ransomware attacks come with a litany of consequences, ranging from reputational damage to regulatory penalties and lost business. At the same time, cybercriminals are increasingly taking their attacks a step further by stealing company data before they encrypt it, increasing the impetus for companies to develop a comprehensive response strategy. Identifying compromised data and its whereabouts on the Dark Web or hacker forums is an excellent place to start.

ID Agent to the Rescue: Dark Web ID monitors the Dark Web to find out if your employee or customer data has been compromised. We work with MSSPs to strengthen their security suite by offering industry-leading detection. Discover more at: https://www.idagent.com/dark-web.

Australia – Metrix Consulting
http://www.watoday.com.au/national/western-australia/perth-mint-visitor-data-stolen-after-feedback-survey-company-hacked-20200131-p53woy.html

Exploit: Phishing scam
Metrix Consulting: Strategic insight consultancy

1.51 – 2.49 = Severe Risk Risk to Small Business: 2.222 = Severe: A Metrix Consulting employee fell for a phishing scam that compromised the personal data for visitors of the Perth Mint. The data was provided by visitors who completed a survey that was stored on Metrix Consulting’s servers. This is the second data breach at Perth Mint in the past two years, and it could have significant implications for Matrix Consulting, as they may have a difficult time maintaining contracts if they can’t protect their customers’ data.
1.51 – 2.49 = Severe Risk

Individual Risk: 2.285 = Severe: The personal data included visitors’ names, email addresses, home addresses, and telephone numbers. This information can be used in everything from identity fraud to spear phishing campaigns, so those impacted by the breach should carefully monitor their online accounts for suspicious activity. In addition, The Perth Mint is providing identity monitoring services to all victims and enrolling in this program can help provide long-term identity protection.

Customers Impacted: 1,480
How it Could Affect Your Customers’ Business: Companies that can’t or won’t protect their customers’ data face a serious competitive disadvantage in today’s breach-fatigued environment. As we often report here, many companies terminate contracts with businesses that fail to secure their information, making data security a bottom-line issue for any organization collecting and storing personal data.

ID Agent to the Rescue: BullPhish ID simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime. Click the link to get started: https://www.idagent.com/bullphish-id.

Australia – Yarra Tram
https://www.theage.com.au/national/victoria/yarra-trams-data-breach-commuters-email-addresses-exposed-20200203-p53xci.html

Exploit: Accidental data exposure
Yarra Tram: Melbourne-based tram network

2.5 – 3 = Moderate Risk Risk to Small Business: 2.555 = Moderate: A Yarra Tram officer email to 91 commuters rejected their compensation requests, but the employee failed to conceal the email addresses, exposing them to the other recipients. Embarrassingly, in a follow-up email that attempted to recall the initial message, the sender once again failed to conceal recipient names. Victims took to social media, complaining about the error. Despite being entirely avoidable, this unforced error will result in a reputational black eye for the company, which will have to work with its customer base to restore trust after this incident.
2.5 – 3 = Moderate Risk

Individual Risk: 2.714 = Moderate: Recipients’ email addresses were exposed in the message. While this information doesn’t pose a significant threat to data security, it could be used to send phishing emails, and users should carefully evaluate any unusual incoming messages.

Customers Impacted: 91
How it Could Affect Your Customers’ Business: Companies face cybersecurity threats from every direction, making internal, unforced errors especially egregious. Often, accidental data sharing is the result of a careless approach to data privacy. Therefore, every organization has an obligation to train their employees in the importance of data security and implement defensive best practices to reduce the risk of an embarrassing and costly data breach.

ID Agent to the Rescue: It’s critical that your SMB customers understand the importance of cybersecurity. Goal Assist is an expansion of our White Glove Support that includes hands-on assistance with your direct sales interactions. Let us help to ensure you are getting the most from your Partnership selling Dark Web ID. ID Agent’s Partner Success Team will set you up for the win! Learn more here: https://www.idagent.com/goal-assist.

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.



In Other News:

More than Half of British Consumers Endured a Data Breach in 2019 

Globally, data breaches are increasing in both frequency and scope, a reality that is acutely felt by users in the United Kingdom. According to a new study, 58% of UK citizens experienced a data breach in the past twelve months. While today’s cyber threats are complicated and multifaceted, the study attributed the rise of increasingly complicated phishing attacks as a primary vector for data compromise.

Not too long ago, we reported on four phishing attack trends that were impacting the data security landscape, and it’s clear that those methodologies were astonishingly effective at compromising user data in the past year.

However, the report didn’t just identify the troubling trend. It recommends that users ditch their redundant, simplistic, and overly-personal passwords for strong, unique passwords across all of their accounts. Also, it encouraged users to adopt two-factor authentication as an effective way to prevent cybercriminals from gaining account access.

While business email compromise is enabling data breaches with stunning frequency, companies and consumers are not powerless. Contact ID Agent today to learn about our industry-leading tools for repelling phishing scams and protecting account integrity with two-factor authentication.

https://www.techradar.com/news/over-half-of-british-consumers-faced-a-data-breach-last-year


Where in the World is ID Agent:

Feb. 12 – 14 – Franklin, TN: Robin Robins Rapid Implementation
Feb. 19 – Tampa, FL: ID Agent Roadshow
Feb. 20 – Raleigh, NC: Kaseya Connect IT Local
Feb. 27 – Virtual: MSP Growth Summit 2020
Feb. 26 – 27 – Long Beach, CA: ASCII City Tour
Feb. 27 – 28 – San Diego, CA: TAG MTSP West
Feb. 27 – 28 – Tampa, FL: TAG MTSP East
Feb. 27 – 28 – Dallas, TX: TAG MTSP Central


A Note for Your Customers:

Phishing Scam Invokes Executive to Trick Employees 

An employee of Village Care Rehabilitation and Nursing Center (VCRN), a non-profit healthcare provider, fell for a complicated phishing scam that compromised patients’ protected health information. The fraudulent message was purportedly sent from a company executive, a scenario that inherently elicited the employee’s trust to provide authority for sharing data via email.

The episode is indicative of how phishing scams have evolved to become more personal and difficult to detect. With data breaches only becoming more expensive and consequential, every business should review and update its security awareness training to ensure that it accounts for the latest threats and trends.

In other words, identifying unsophisticated spear phishing emails with a spam filter won’t be enough to combat today’s phishing scam trends. However, comprehensive employee awareness training, like that offered by ID Agent, can ensure that your company is protecting against phishing scams.

https://www.infosecurity-magazine.com/news/fake-exec-tricks-new-york-city/

 


Data Breach Lists by State:

There are a lot of U.S. state agencies that publish lists of reported data breaches in their respective states. We created a chart of published lists and will keep this updated:

STATE BREACHES
California 1,806 (2012-present)
Delaware 47 (2018-present)
Hawaii 61 (2007-present)
Indiana 5,207 (2014-present)
Iowa 223 (2011-present)
Maine 2,653 (2010-present)
Maryland 4,487 (2015-present)
Massachusetts 14,298 (2007-present)
Montana 1,695 (2015-present)
New Hampshire 2,786 (2007-present)
New Jersey 152 (2017-present)
North Carolina 6,230 (2005-present)
North Dakota 56
Oregon 377 (2015-present)
South Carolina 568
Vermont 536 (2017-2020)
Virginia 3,244 (2012-2018)
Washington 342 (2015-2019)
Wisconsin 166 (2012-2019)


 Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in entirety) for your own social media and marketing efforts! Just send an email to [email protected] to let us know!

Not a Partner? Learn more about Dark Web ID™ and the benefits it holds for your Business. Contact us today!