The Week in Breach: 02/26/20 – 03/04/20
This week marks the 100th issue of the Week in Breach! The ID Agent team thanks you for joining our community and working together to keep your credentials off the Dark Web. In this special edition, C-suite executives are compromised, failure to password protect customer data leads to breach, and phishing scam awareness begins to improve.
Dark Web ID Trends:
- Top Source Hits: ID Theft Forums
- Top Compromise Type: Domain
- Top Industry: Media & Entertainment
- Top Employee Count: 1-10
United States – Slickwraps
Exploit: Unprotected database.
Slickwraps: Producer and distributor of hardware skins.
Risk to Small Business: 2 = Severe:
The company’s databases lacked basic protections that exposed customer data to the internet. Slickwraps cited the long-term trust of its customers as a vital component of its business model, making this episode an especially problematic event for the business. The problem is compounded by the fact that an internet user tried to alert the company about the breach multiple times. Ultimately, Flickwraps discovered the breach after it was posted on Twitter.
Individual Risk: 2.428 = Severe:
The company’s unsecured database exposed customer details to the internet. This included names, email addresses, physical addresses, phone numbers, and purchase histories. The breach does not extend to customers who accessed the online store as a guest, and it did not include financial data. Those impacted by the breach should be aware that this information can be used in spear phishing attacks or for other malicious purposes. They should be especially vigilant in monitoring online communications.
Customers Impacted: 850,000
How it Could Affect Your Customers’ Business: Slickwraps has been extremely apologetic after the breach. However, this contrite posture is no replacement for simple steps that they could have taken to secure company and customer data from day one. Customers and regulatory authorities expect companies to follow basic best practices when dealing with sensitive data, and the company’s apologetic tone is unlikely to help avoid a negative fallout from the incident.
ID Agent to the Rescue: With Compliance ManagerTM, any company can automate data privacy standards and documentation responsibilities, making compliance a simple, intuitive process for everyone. Click the link to get started today: https://www.idagent.com/compliance-manager
United States – NRC Health
Exploit: Ransomware
NRC Health: Management service provider.
Risk to Small Business: 2.333 = Severe:
A ransomware attack has encrypted critical IT infrastructure and forced the company to shut down its remaining systems to prevent the malware from spreading. The company expects to restore its operations from backups, but the ransomware attack is significantly prohibiting productivity until this can be accomplished. Currently, no personal or company data was compromised, but clients are expressing concerns to the media about the possibility of a future breach because of this incident. Collectively, NRC Health is experiencing a drop in productivity, a damaged brand reputation, and, because of the nature of their business, regulatory scrutiny.
Individual Risk: At this time, no personal information was compromised in the breach.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: In 2020, companies are well aware of the risk posed by third-party partnerships, as these helpful affiliates are often a gateway to serious data breaches. In this case, NRC Health’s clients are openly expressing concern about the company, which could disrupt their work now while also diminishing opportunities in the future.
ID Agent to the Rescue: Helping your SMB customers understand the importance of security is no easy task. With Goal AssistTM, we offer hands-on assistance with your direct sales interactions, setting you up for the win by providing the resources necessary to make a case for Dark Web monitoring. Learn more here: https://www.idagent.com/goal-assist
United States – Pacific Specialty
Exploit: Phishing scam.
Pacific Specialty: Insurance provider.
Risk to Small Business: 1.444 = Extreme:
Several employees fell for a phishing scam that compromised customers’ personal data. The attack allowed hackers to access some employee accounts between March 20, 2019 and March 30, 2019. However, the insurance provider wasn’t aware of the breach until November 7, 2019 and did not identify details until January 14, 2020. In response, the company has hired a cybersecurity team to update its data privacy practices, and reset all employee login credentials while enabling two-factor authentication on its accounts. Nevertheless, the company will end up paying much more than they would have if they had invested in basic security solutions.
Individual Risk: 1.857 = Severe:
Personally identifiable information was compromised in the breach. This includes customers’ names, Social Security numbers, drivers’ licenses or government-issued IDs, financial information, payment card data, medical details, and health insurance credentials. Pacific Specialty is offering 12 months of credit and identity monitoring service to victims.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Phishing scams are a known threat to every company, and organizations that are committed to data security will take steps to prevent this common attack methodology from negatively impacting customer data. Selecting strong, unique passwords for every account and enabling two-factor authentication can thwart cybercriminals, even when employees act upon a phishing scam, making them an obvious security feature for every organization. Of course, they can only prevent a breach if they are implemented before an incident occurs.
ID Agent to the Rescue: With PasslyTM, you can guard against cyberattacks by implementing two-factor authentication. We offer integrated multi-factor authentication, single sign-on, and identity management solutions to protect your credentials and your data. Find out more at https://www.idagent.com/passly.
United States – Clearview AI
Exploit: Unauthorized database access.
Clearview AI: Facial recognition software provider.
Risk to Small Business: 2.111 = Severe:
Hackers obtained a copy of the company’s entire client list, which, given the sensitive nature of their work, is an especially egregious breach of data. In addition to the client list, hackers also obtained information identifying the number of accounts that clients set up and the number of searches conducted on the platform. In response, the company cited the inevitability of data breaches in the 21st Century, a platitude that is unlikely to placate the company’s clients. Indeed, Clearview AI is already enduring significant media scrutiny and customer blowback that could have significant implications for the company’s bottom line and future prospects.
Individual Risk: At this time, no personal data was compromised in the breach.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Data breaches may be an unfortunate reality in the 21st Century, but that doesn’t mean that they have to be inevitable. Adjusting your defensive posture to address the most probable threats can significantly lessen the likelihood of a breach. At the same time, having the right policies and procedures in place to respond to a breach will mitigate the damage, allowing your company to meet any cybersecurity challenge.
ID Agent to the Rescue: Dark Web IDTM monitors the Dark Web to find out if your employee or customer data has been compromised. We work with MSSPs to strengthen their security suite by offering industry-leading detection. Discover more at https://www.idagent.com/dark-web/
Canada – Quebec Treasury Board
http://globalnews.ca/news/6582061/personal-information-quebec-teachers-data-breach/
Exploit: Unauthorized database access.
Quebec Treasury Board: Government agency.
Risk to Small Business: 2 = Severe:
Hackers obtained a user code and password for Quebec’s Treasury Board, which they used to collect the personal information of thousands of teachers. It’s unclear how hackers received the user code and password, but this information is often acquired when employees respond to phishing emails. While the agency doesn’t believe that their IT is holistically compromised, it reveals a stunning lack of account security for an agency charged with securing peoples’ sensitive information.
Individual Risk: 2 = Severe:
The agency has not released the specific data sets that were compromised in the breach, but they did note that it pertains to personal data for thousands of public teachers. Victims can take advantage of a free year of credit and identity monitoring services to ensure that their personal or financial data isn’t misused by hackers.
Customers Impacted: 360,000
How it Could Affect Your Customers’ Business: There are many ways that hackers can access account login credentials, giving bad actors front-door access to critical IT infrastructure. By enabling two-factor authentication, organizations can ensure that cybercriminals can’t access these systems, even with login credentials in their hands.
ID Agent to the Rescue: With Passly, you can protect your employees’ password integrity. We offer integrated multi-factor authentication, single sign-on, and identity management solutions to protect your credentials and your data. Find out more at https://www.idagent.com/passly
The Netherlands – Transavia
https://simpleflying.com/transavia-data-breach/
Exploit: Phishing scam
Transavia: Low-cost airline.
Risk to Small Business: 2.111 = Severe:
A phishing scam provided hackers with access to an employee’s inbox that contained customers’ personal data. Strangely, the data was five years old, containing passenger information for flights between January 21, 2015 and January 31, 2015. The breach did not extend to passengers flying to Egypt, the Canary Islands, or Lopland. The episode raises questions about the company’s data management standards and the effectiveness of their defensive efforts to combat today’s cyber threats.
Individual Risk: 2.285 = Severe:
The breach compromised personal data, including names, dates of birth, luggage reservations, and accommodation details. Even though this information is more than five years old, it can still be used to facilitate additional phishing scams or cybercrimes. Victims should carefully monitor their accounts for unusual or suspicious communications. In addition, identity monitoring services can help ensure that compromised data isn’t being misused now or in the future.
Customers Impacted: 80,000
How it Could Affect Your Customers’ Business: Email accounts are a significant cybersecurity vulnerability. Despite their best efforts to keep these accounts secure, phishing scams will inevitably make their way into employee inboxes. However, comprehensive awareness training can equip employees to identify these threats and to render them ineffective.
ID Agent to the Rescue: Designed to protect against human error, Bullphish IDTM simulates phishing attacks and manages security awareness training campaigns to educate employees, making them the best defense against cybercrime. Learn more here: https://www.idagent.com/bullphish-id.
United Kingdom – Ordnance Survey
https://www.infosecurity-magazine.com/news/ordnance-survey-breach-hits/?&web_view=true
Exploit: Phishing Scam
Ordnance Survey: Mapping agency.
Risk to Small Business: 1.888 = Severe:
A successful phishing scam compromised employee data. The phishing attack targeted the company’s CFO, and hackers used his credentials to access and exfiltrate the company’s payroll files. Fortunately, no customer information was compromised in the breach, but that doesn’t mean that the company will escape consequences. In addition to recovery expenses, the company may have a more difficult time attracting or retaining talented employees if they can’t secure their private information.
Risk to Small Business: 2 = Severe:
It’s unclear what information was explicitly compromised in the breach, but payroll-related information often contains peoples’ most sensitive personal and financial data. In addition to enrolling in the provided credit and identity monitoring services offered by the company, victims should notify the financial companies of the breach and closely monitor their accounts for suspicious activity.
Customers Impacted: 1,000
How it Could Affect Your Customers’ Business: Phishing scams are becoming more common but also more sophisticated. People can’t rely on tell-tale signs of a phishing scam, like incorrect grammar or spelling, to identify a fraudulent message. At the same time, this incident is a reminder that phishing scams can impact employees at every level, and today’s companies need top-to-bottom initiatives to prevent phishing scams from compromising company data.
ID Agent to the Rescue: BullPhish ID simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime. Click the link to get started:https://www.idagent.com/bullphish-id.
France – Decathlon
https://www.infosecurity-magazine.com/news/sports-giant-decathlon-leaks-123/?&web_view=true
Exploit: Unprotected database
Decathlon: Sporting goods retailer
Risk to Small Business: 1.777 = Severe:
A misconfigured company database exposed the personal information of millions of customers and employees. The 9GB database was discovered by security researchers and pertains to the company’s Spanish and UK operations. The breach contained all the information that hackers would need to access user accounts and company IT, which means that Decathlon will have to balance the responsibility of helping customers recover with the urgency to repair and secure its accounts. The database was secured within five days of discovery, but it’s unclear how long hackers could access the information before researchers identified the flaw.
Individual Risk: 1.85 = Severe:
The exposed database contained sensitive customer and employee data. This includes employee usernames, unencrypted passwords, names, Social Security numbers, addresses, phone numbers, and birth dates. For customers, their email addresses and login credentials were available. This information can be misused in a litany of cybercrimes, and victims need to reset their Decathlon account credentials and any other accounts using that same information. In addition, they should enroll in a credit and identity monitoring service to ensure that this information isn’t being misused.
Customers Impacted: 123,000,000
How it Could Affect Your Customers’ Business: Data breaches have far-reaching, long-lasting consequences for every victim, which makes avoidable incidents especially problematic. In 2020, cybersecurity might be a company’s most significant priority, as a failure in this regard can eliminate profits, put organizations out of business, and cause extensive damage to peoples’ lives.
ID Agent to the Rescue: It’s critical that your SMB customers understand the importance of cybersecurity. Goal Assist is an expansion of our White Glove Support that includes hands-on assistance with your direct sales interactions. Let us help to ensure you are getting the most from your Partnership selling Dark Web ID. ID Agent’s Partner Success Team will set you up for the win! Learn more here: https://www.idagent.com/goal-assist.
Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
In Other News
A New Scam Targets Data Breach Victims
The costs associated with a data breach are well-documented, but they carry unique implications for each individual impacted by a data loss event. Now, a new scam is targeting data breach victims who are looking to recoup financial losses or exact justice. This scam originates from a website claiming to be run by the US Trade Commission, and it promises to provide financial compensation for data breaches involving personal data.
Unfortunately, the US Trading Commission does not exist, and the fraudulent website is collecting personal information, including names, credit card numbers, and Social Security numbers, which the website claims will be used for identification purposes. While the website boasts many hallmarks of a phishing scam, it can be enticing for victims to provide this information out of desperation or frustration.
Unfortunately, there isn’t a magic cure after a data breach hits. Instead, companies need to focus on their defensive strategies before an attack. For instance, securing accounts using two-factor authentication, training employees to spot phishing scams, and assessing your network for unseen vulnerabilities are all steps that companies can take to help ensure that a breach doesn’t occur in the first place.
Where in the World is ID Agent
Mar 10 Kaseya Connect IT Local – Vianen, Netherlands
Mar 11 ID Agent Roadshow – Houston, TX
Mar 11 Kaseya Connect IT Local – Dusseldorf, German
Mar 11 Kaseya Connect IT Local – Columbia, SC
Mar 11-13 CharTec Quarterly – Bakersfield, CA
Mar 19 ChannelSec – London, UK
Mar 25-26 ASCII City Tour – Houston, TX
A note for your customers:
Phishing Scam Awareness is On the Rise. So Are Phishing Scams.
This week marks the 100th issue of our Week in Breach newsletter. From the beginning, we’ve provided a weekly rundown of the most prescient cyber threats impacting SMBs, and phishing scams always make the top of the list.
Phishing scams, and their various iterations, including pharming, smishing, and vishing, account for a growing number of cybercrimes, according to the FBI’s latest Internet Crime Report. The latest iteration found a 59% increase since 2015. Similarly, business email compromise, which often includes elements of phishing scams, is up 160%.
However, the report doesn’t only include bad news. It found that 96% of people are aware of the possibility of a phishing scam, and 88% were able to accurately explain the threat. Unfortunately, many people only view phishing scams as an email threat, which, as we explained in a blog post last year, only accounts for one attack vector among many.
Ultimately, it appears that phishing scam awareness training is proving to be an effective tool to educate people on a growing threat category that impacts everyone. https://www.digitalinformationworld.com/2020/02/something-smells-phishy-how-well-can-people-catch-phishing-scams.html
Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in entirety) for your own social media and marketing efforts! Just send an email to [email protected] to let us know!
Not a Partner? Learn more about Dark Web ID™ and the benefits it holds for your Business. Contact us today!