The Week in Breach

by Kevin Lancaster

This week, ransomware puts contracts at risk, startups struggle to secure customer data, big security errors lead to big fines, and the rise of Coronavirus-related phishing scams.

Dark Web ID Trends:

  • Top Source Hits: ID Theft Forums
  • Top Compromise Type: Domain
  • Top Industry: Media & Entertainment
  • Top Employee Count: 251 – 500

United States – Visser Precision

https://techcrunch.com/2020/03/01/visser-breach/

Exploit: Ransomware.

Visser Precision: Parts manufacturer for space and defense contractors.

1.51 – 2.49 = Severe Risk

Risk to Small Business: 2.111 = Severe:

Visser Precision was infected with data exfiltrating ransomware that stole  proprietary information before encrypting IT systems. Based on documents published online, it appears that hackers obtained company data, including a list of clients, nondisclosure agreements, and some development plans. This incident reflects a growing trend in ransomware attacks – cybercriminals are increasingly stealing company data before encrypting critical IT systems, and organizations don’t detect it until it’s too late.

Individual Risk: No personal information was compromised in this breach.

Customers Impacted: Unknown.

How it Could Affect Your Customers’ Business: Ransomware attacks not only negatively impact productivity and manufacturing, they also negatively impact growth. Companies like Visser Precision have many high-profile and mission-critical clients. Cybersecurity incidents can put those organizations at risk, making them less likely to do business with companies that have data security issues.

ID Agent to the Rescue: Helping your SMB customers understand the importance of security is no easy task. With Goal AssistTM, we offer hands-on assistance with your direct sales interactions, setting you up for the win by providing the resources necessary to make a case for Dark Web monitoring. Learn more here: https://www.idagent.com/goal-assist.


United States – Riverview Health

https://www.beckershospitalreview.com/cybersecurity/indiana-hospital-alerts-2-600-patients-of-human-error-data-breach.html

Exploit: Accidental data sharing.

Riverview Health: Healthcare provider.

1.51 – 2.49 = Severe Risk

Risk to Small Business: 2.333 = Severe:

On January 14, 2020, an employee inadvertently sent notification letters that intermixed patients’ names and addresses. The messages were delivered to the appropriate addresses, but they included the incorrect patient name. In today’s digital landscape, even small clerical errors can have significant consequences as both customers and regulators look to punish companies that fail to secure personal information.

Individual Risk: 2.714 = Moderate:

Patients’ names and addresses were compromised in the breach. Riverview Health maintains that the risk of data misuse is very low, but victims should still be aware that this information can be used for nefarious purposes and take precautions to ensure that their information is secure.

Customers Impacted: 2,610

How it Could Affect Your Customers’ Business: The biggest threat to your data isn’t cybercriminals, its human error. With customer blowback and regulatory penalties increasing, every organization needs to take steps to mitigate the risk posed by staff mistakes. Implementing protocols and increasing training about the pitfalls presented by phishing attacks and data sharing errors can significantly reduce your organization’s exposure to a data breach.

ID Agent to the Rescue: With BullPhish IDTM, MSPs can provide a more complete picture of a company’s security posture and potential risk, transforming the weakest links of an organization into their strongest points of protection. Find out how you can get started with us here: https://www.idagent.com/bullphish-id.


United States – J Crew

https://www.retaildive.com/news/j-crew-reports-data-breach-of-customer-accounts/573543/

Exploit: Unauthorized database access.

J Crew: Clothing retailer.

Risk to Small Business: 2.111 = Severe:

J Crew identified a data breach that took place in April 2019. In response, the company has disabled all impacted accounts, and advised all customers to reset their account credentials. The incident follows cybersecurity lapses at other prominent retailers at a time in which many consumers are shunning companies that don’t secure their information. The lengthy identification and reporting time will likely open the organization up to additional regulatory scrutiny that could further erode its brand reputation and bottom line.

1.51 – 2.49 = Severe Risk

Individual Risk: 2.428 = Severe:

Hackers accessed customers’ account login credentials, email addresses, and passwords. Partial payment card data and order information was also compromised. The company has closed the impacted accounts, but all J Crew customers should take steps to protect their personal information.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: With threats coming from multiple directions, every organization must enact strong cybersecurity defenses to ensure that they are ready to address potential threats and keep their clients’ data safe – and avoid the brand-eroding fallout that comes from a cybersecurity disaster. In doing so, they can minimize the consequences of a breach, keep customer data off the Dark Web, and promote a rapid recovery.

ID Agent to the Rescue: We go into the Dark Web to keep you out of it. Dark Web IDTM is the leading Dark Web monitoring platform in the channel. Our award-winning platform combines human and sophisticated Dark Web intelligence with search capabilities to identify, analyze, and proactively monitor for an organization’s compromised or stolen employee and customer data. Schedule a demo today: https://www.idagent.com/dark-web/#contact.


Canada – Charlottetown, P.E.I.

https://www.thetelegram.com/news/canada/data-breach-follows-pei-ransomware-attack-418350/

Exploit: Ransomeware.

Charlottetown, P.E.I: Provincial government.

1.51 – 2.49 = Severe Risk

Risk to Small Business: 1.666 = Severe:

One week after this provincial government experienced a ransomware attack, internal government documents began appearing online. Specifically, financial reports, bank statements, and payment details related to its Agriculture Stability Program. Unfortunately, hackers noted that the released information represents just a portion of a 200 GB cache stolen from the government. This tactic is increasingly common with a ransomware attack and multiplies the damage done by the incident.

1.51 – 2.49 = Severe Risk

Individual Risk: 2.285 = Severe:

Hackers released program documents that included sensitive data like names, SIN numbers, contact information, and business details. This information can be used to execute spear phishing scams, sold on the Dark Web or tapped to perpetuate other malicious activities. Those impacted should carefully scrutinize digital communications and monitor accounts for unusual or suspicious activity.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business:  Ransomware attacks were already one of the most costly and devastating cyberattacks. Hackers are upping the stakes by stealing data before encrypting critical digital infrastructure. Now the cost and impact of lost data is part of the equation when considering the recovery expenses, productivity decline, and reputational damage that already accompanies a ransomware attack. 

ID Agent to the Rescue: All of that stolen data can end up on the Dark Web, leading to even more serious consequences. Dark Web ID monitors the Dark Web to find out if your employee or customer data has been compromised. We work with MSSPs to strengthen their security suite by offering industry-leading detection. Discover more at https://www.idagent.com/dark-web/.


Canada – Simon Fraser University

http://globalnews.ca/news/6620351/sfu-data-breach/

Exploit: Ransonware.

Simon Fraser University: Public academic institution.

1.51 – 2.49 = Severe Risk

Risk to Small Business: 1.555 = Severe:

A ransomware attack provided hackers access to personal data that they then exfiltrated from the university’s network before encrypting certain IT elements. The breach effects some faculty, staff, students, alumni, and retirees who had a relationship with Simon Fraser University before June 20, 2019. Although the breach was limited in scope, the school recommends that users reset their account passwords. The incident was discovered on February 27, 2020 and contained within 24 hours, but the university will still face regulatory scrutiny and possible public backlash due to the sensitive nature of the event.

1.51 – 2.49 = Severe Risk

Individual Risk: 2.142 = Severe:

Before encrypting the school’s network, hackers accessed student and employee names, numbers, birth dates, email addresses, mail list memberships, course enrollments, and encrypted passwords. This information can be used to craft convincing phishing scams that, if acted upon, can compromise even more personal data. Those impacted should carefully evaluate incoming messages requesting confirmation of personal data and take steps to ensure that their information isn’t being misused.

 Customers Impacted: Unknown.

How it Could Affect Your Customers’ Business: Already a major menace, hackers have upped their game when executing ransomware attacks, making incidents even more costly, invasive, and destructive. Every company needs to review its defensive posture to ensure that it is taking the basic steps necessary to mitigate the risk of ransomware. Since this malware always requires a foothold, every company can actively take steps to prevent it from being the next victim.

ID Agent to the Rescue: It’s critical that your SMB customers understand the importance of dynamic cybersecurity in response to today’s evolving threats. Goal Assist is an expansion of our White Glove Support that includes hands-on assistance with your direct sales interactions. Let us help you get the most from your Partnership selling Dark Web ID. ID Agent’s Partner Success Team will set you up for the win! Learn more here: https://www.idagent.com/goal-assist.


United Kingdom – Loqbox

https://www.infosecurity-magazine.com/news/hackers-steal-customer-data-uk/

Exploit: Data compromise.

Loqbox: Credit score builder.

1.51 – 2.49 = Severe Risk

Risk to Small Business: 1.777 = Severe:

A cyberattack on February 20, 2020 compromised customers’ personal data and payment information but didn’t impact customer funds. The company admitted that the breach occurred because of a known vulnerability, raising questions about the priority of data security at the fintech startup. Now Loqbox is poised to experience significant customer blowback and regulatory scrutiny as it falls under the purview of Europe’s GDPR.

1.51 – 2.49 = Severe Risk

Individual Risk: 2 = Severe:

The breach included personal information that could be used to target customers with highly convincing spear phishing emails. In addition to customer names, hackers acquired their dates of birth, addresses and phone numbers, plus financial data like partial credit card numbers, expiration dates, and bank account numbers. Those impacted by the breach should immediately notify their financial institutions and strongly consider enrolling in credit and identity monitoring services.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Over the past several years, data breaches have compromised billions of login credentials, giving hackers front-door access to your data and systems. Every company should add improved security to its login process by enabling simple, efficacious measures like two-factor authentication to keep accounts secure.

ID Agent to the Rescue: With PasslyTM, integrated multi-factor authentication, single sign-on, and identity management solutions protect your users’ login credentials and your data. Find out more at http://www.idagent.com/passly


United Kingdom – Cathay Pacific

https://www.darkreading.com/attacks-breaches/cathay-pacific-hit-with-fine-for-long-lasting-breach/d/d-id/1337232

Exploit: Unauthorized database access.

Cathay Pacific: International airline.

1.51 – 2.49 = Severe Risk

Risk to Small Business: 2 = Severe:

Cathay Pacific was recently hammered with a fine totaling £500,000 as a result of its failure to identify and address a data breach that lasted for more than four years. While the ruling offers a 20% discount if Cathay Pacific pays the penalty by March 12, the penalty is still a significant financial hit to the international airline. The company was cited for multiple “security inadequacies” including failing to encrypt databases containing customers’ personal data, a slow response to a known security vulnerability, and lengthy communication delays that further jeopardized customer information. 

1.51 – 2.49 = Severe Risk

Risk to Small Business: 2.428 = Severe:

The data breach included a treasure trove of Cathay Pacific customers’ personal data, including names, nationalities, birthdates, phone numbers, email addresses, mailing addresses, passport information, and other company-specific information. Those impacted by the breach should be sure to reset their airline account credentials and any other accounts using similar information. In addition, they should be aware that this kind of data is often used to develop sophisticated, personalized spear phishing attacks that further compromise personal information.

Customers Impacted: 9,400,000

How it Could Affect Your Customers’ Business: Regulatory penalties are on the rise as regulators and legislators seek to punish companies that incur a data breach without having adequate data security protocols or incident response plans in place. In this case GDPR’s governing body issued the fine, but governments around the world are imposing substantial fines on companies that fail to protect their customer data – and those fines are climbing every day.

ID Agent to the Rescue: With Compliance ManagerTM, any company can automate data privacy standards and documentation responsibilities, making compliance a simple, intuitive process for everyone. Click the link to get started today: https://www.idagent.com/compliance-manager


Australia – Alinta Energy

https://www.abc.net.au/radionational/programs/breakfast/alinta-energy-accused-of-endangering-privacy/12015496

Exploit: Unauthorized data sharing.

Alinta Energy: Private energy and gas company.

1.51 – 2.49 = Severe Risk

Risk to Small Business: 1.777 = Severe:

Alinta Energy is under intense scrutiny after a whistleblower exposed the company’s improper storage of customers’ personal information in overseas storage. This possible violation of Australia’s privacy laws could have a significant impact on its bottom line. At the same time, the brand erosion and degradation of customer trust engendered by this situation could magnify the consequences for Alinta Energy.

1.51 – 2.49 = Severe Risk

Individual Risk: 2.428 = Severe:

According to the whistleblower, customer information including addresses, credit card information, and phone numbers are being stored overseas. Customers should be aware of this compliance oversight, taking special care to review their accounts and to advocate for their personal information to be adequately protected and managed.

Customers Impacted: 1,100,000

How it Could Affect Your Customers’ Business: Today’s global data privacy landscape is expansive and convoluted, making it challenging for any company to adhere to the many new laws hitting the books. But this challenging landscape isn’t an excuse for companies to fail at compliance. Instead, they need to attain the resources and support necessary to ensure that they have the infrastructure in place to adhere to the flurry of emerging data privacy regulations.

ID Agent to the Rescue: Compliance Manager automates data privacy standards, eliminating guesswork and ensuring efficiency at every stage. Learn more at https://www.idagent.com/compliance-manager


Risk Levels:

1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.


In Other News

60% of UK Consumers Impacted By a Data Breach in 2019

As expected, 2019 was a devastating year for data breach victims. As more year-end studies are completed and released, we’re learning more about who was effected the most. According to a recent report, nearly 60% of UK consumers were impacted by a data breach last year, a staggering total that underscores the personal implications of the more than 7,000 data breaches that affected UK companies in 2019.

The report noted the potential consequences of such an extensive breach environment, including cybercriminals using the sensitive personal and financial information that they collected from users as a gateway to deploy other cyberattack tactics like spear phishing that can compromise sensitive information, data, and systems even more severely.

Although the number of breaches hasn’t increased significantly, the amount of compromised records has escalated. The number of records that have been compromised has tripled since 2018, surpassing 15 billion this year. This 300% year-over-year increase should encourage companies to seek solutions that can monitor the Dark Web for their data to preempt further hacking attempts. At the same time, training employees to identify and neutralize increasingly sophisticated spear phishing campaigns is an absolute prerequisite for a capable defensive posture in 2020. https://securityboulevard.com/2020/02/almost-60-of-uk-consumers-affected-by-data-breaches-in-2019/


Where in the World is ID Agent

Mar 10 Kaseya Connect IT Local – Vianen, Netherlands
Mar 11  ID Agent Roadshow – Houston, TX
Mar 11  Kaseya Connect IT Local – Dusseldorf, Germany
Mar 11  Kaseya Connect IT Local – Columbia, SC
Mar 11-13  CharTec Quarterly – Bakersfield, CA
Mar 19  ChannelSec – London, UK
Mar 25-26  ASCII City Tour – Houston, TX
Mar 31 Kaseya Connect IT Local – Philadelphia, PA


A note for your customers:

Coronavirus Phishing Scams Capitalizing on Fear & Urgency

As concern over the Coronavirus (COVID-19) spreads around the globe, hackers are exploiting the  atmosphere of panic and fear created by the pandemic to steal peoples’ personal information. According to a recent report, more than 4,000 Coronavirus-related domains have been registered since the beginning of the year. Experts consider 3% to be outright malicious, and 5% are categorized as suspicious – more than double the usual number. Hackers are likely to target organizations with phishing attacks in an attempt to steer employees toward these malicious sites where they can steal critical data.

The World Health Organization has already issued a warning about Coronavirus-related phishing attacks that purport to be from to their organization, and CISA has released several warnings about the emerging threat of COVID-19 related phishing scams. Taken together, it’s a reminder that while phishing scam awareness training is an effective defense against cybercrime, security education isn’t a static endeavor. It must always adapt to address today’s shifting threats in order to keep your organization a step ahead of tomorrow’s bad actors.

https://www.vox.com/recode/2020/3/5/21164745/coronavirus-phishing-email-scams

Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in entirety) for your own social media and marketing efforts! Just send an email to marketing@idagent.com to let us know!

Not a Partner? Learn more about Dark Web ID™ and the benefits it holds for your Business. Contact us today!