Please fill in the form below to subscribe to our blog

The Week in Breach: 05/13/20 – 05/19/20

May 20, 2020
The words "the week in breach " in red over a black background also showing a red world map

This week, ransomware disrupts remote work, accidental data sharing compromises customer data, and cybersecurity events reach an all-time high.  

  • Top Source Hits: ID Theft Forums
  • Top Compromise Type: Domain
  • Top Industry: Education & Research
  • Top Employee Count: 501+

United States – Sparboe

Exploit: Ransomware 

Sparboe: Egg producer

gauge showing severe risk

Risk to Small Business: 2.351 = Severe

Cybercriminals have targeted a vulnerable food supplier with ransomware that encrypted files and exfiltrated data. In addition to product-related information, cybercriminals also obtained personal data on current and former employees. Now, the company faces an arduous recovery process that will involve resuscitating its reputation as it grapples with the high cybersecurity costs associated with ransomware attacks.  

2.5 – 3 = Moderate Risk

Individual Risk: 2.829 = Moderate

Although it’s unclear what data was compromised, current and former employees should assume the worst. Since companies collect and store employees’ most sensitive personal and financial data, all of this information could be available to bad actors. Those impacted should notify their financial institutions while taking care to monitor their accounts and communications for unusual or suspicious activity.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: A cybersecurity incident is a permanent stain on an organization’s reputation that can impact customer loyalty, employee retention, and future capability. Cybersecurity has implications for every facet of a business, as the investment in defensive capabilities will far outweigh the collective costs of a data loss event.

ID Agent to the Rescue: It’s critical that your SMB customers understand the importance of cybersecurity. Goal Assist is an expansion of our White Glove Support that includes hands-on assistance with your direct sales interactions. Let us help to ensure you are getting the most from your Partnership selling Dark Web ID. ID Agent’s Partner Success Team will set you up for the win! Learn more here:  

United States – Grubman Shire Meiselas & Sacks

Exploit: Ransomware

Grubman Shire Meiselas & Sacks: Law firm  

gauge indicating extreme risk

Risk to Small Business: 1.409 = Extreme

A ransomware attack has compromised the highly sensitive personal data of dozens of high profile clients including tech giants, A-List celebrities, and sports stars. The law firm lost 756GB of client data in the attack. Cybercriminals are threatening to release the information in nine installments unless the firm pays a ransom, believed to exceed $20 million. This attack reflects a ransomware trend: hackers steal company data and demand payment. Until now, many were content to simply encrypt an organization’s network in hopes of being paid for a decryption key. Unfortunately, this new methodology is much more expensive, which could undermine the organization’s long-term reputation and viability.  

gauge indicating extreme risk

Individual Risk: 1.560 = Extreme

Cybercriminals obtained extremely detailed private information about high-profile clients including names, contract details, phone numbers, email addresses, personal correspondence, legal filings, and non-disclosure agreements. This information is often used to perpetuate blackmail, spear phishing attacks, identity theft, and other crimes. Those impacted by the breach should enroll in credit and identity monitoring services. In addition, Dark Web monitoring offers insights into the spread of personal information, bolstering their ability to respond to misuse.   

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware attacks are increasingly becoming data loss events, as cybercriminals steal data before encrypting critical IT. This compounds the cost and consequences of an attack, and it should encourage every organization to assess its defensive posture in relation to this threat.

ID Agent to the Rescue: Dark Web ID monitors the Dark Web to find out if your employee or customer data has been compromised. We work with MSSPs to strengthen their security suite by offering industry-leading detection. Discover more at

Canada – Orchard Villa

Exploit: Unauthorized data release

Orchard Villa: Retirement community

gauge showing severe risk

Risk to Small Business: 1.975 = Severe

Orchard Villa, a retirement community that’s been ravished by COVID-19, endured a data breach after employees inadvertently released residents’ personal details and protected health information. The breach has brought continued blowback from residents and families already frustrated by a lack of transparency and communication. Now, the facility is enduring harsh media scrutiny and a data privacy investigation from Ontario’s privacy commission, both of which could have costly repercussions for the care facility.

gauge showing severe risk

Individual Risk: 2.177 = Severe

Although Orchard Villa didn’t provide a comprehensive disclosure of compromised data, the facility indicated that personal data and protected healthcare information was shared. Those impacted by the breach should carefully monitor their accounts and communications, as this information could be used to facilitate spear phishing campaigns or other forms of fraud. 

Customers Impacted: Unknown.

How it Could Affect Your Customers’ Business: As we explained in last week’s newsletter, customers are more ready than ever to walk away from companies that can’t protect their personal data. In 2020 and beyond, it’s clear that every organization’s competitive advantage is predicated on its ability to protect customer data. When they fail, customers are more than happy to find an alternative platform for their business.

ID Agent to the Rescue: We go into the Dark Web to keep you out of it. Dark Web ID is the leading Dark Web monitoring platform in the channel. The award-winning platform combines human and sophisticated Dark Web intelligence with search capabilities to identify, analyze, and proactively monitor for an organization’s compromised or stolen employee and customer data. Schedule a demo today:

Canada – Workers’ Compensation Board of Nova Scotia

Exploit: Accidental data exposure 

Workers’ Compensation Board of Nova Scotia: Province-level workplace safety organization

gauge showing severe risk

Risk to Small Business: 2.027 = Severe

An employee inadvertently posted unredacted claims online, exposing personal information from several compensation claims made to the board. The organization was notified of the privacy breach by the media and removed the documents from the internet. However, the information was readily available online, making it unclear who could have accessed this information and what they will do with the data. This isn’t the organization’s first data privacy breach, making its inability to guard against a data breach especially problematic.   

gauge showing severe risk

Individual Risk: 2.201 = Severe

The breach exposed the names, personal information, and case details for an unknown number of claimants. Since these filings often include information that could be embarrassing or problematic if exposed to the public, and the information could be used in future fraud attempts. Those affected should carefully monitor their accounts for unusual or suspicious communications.   

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Insider threats frequently pose a risk to data security. Both accidental and malicious data misuse can have steep consequences for companies and consumers, making internal data management standards an essential component of your cybersecurity strategy. The Workers’ Compensation Board has promised to update their practices to eliminate this threat in the future, and organizations should learn from their mistakes by guarding against insider threats before an incident occurs. 

ID Agent to the Rescue: Helping your SMB customers understand the importance of security is no easy task. With Goal Assist, we offer hands-on assistance with your direct sales interactions, setting you up for the win by providing the resources necessary to make a case for Dark Web monitoring. Learn more here:

Spain – Mobifriends

Exploit: Unauthorized database access  

Mobifriends: Dating app    

gauge indicating severe risk

Risk to Small Business: 2.313 = Severe

Customer data has been uploaded to the Dark Web after cybercriminals compromised the data app in January 2019. Fortunately, the data doesn’t include private messages, images, or sexual-related content, but users’ personal information and account passwords are readily available. In addition to the logistical and PR implications of the breach, Mobifriends could face regulatory penalties under Europe’s General Data Protection Regulation.   

gauge indicating severe risk

Individual Risk: 2.091 = Severe

Users’ personal details, including names, email addresses, phone numbers, dates of birth, gender information, user names, passwords, and app activity, were compromised. This information can be used to craft targeted spear phishing campaigns or to execute other forms of fraud. Those impacted by the breach should immediately update their Mobifriends account information and any other accounts using the same credentials. In addition, they should consider enrolling in an identity monitoring service to ensure the long-term integrity of their information.   

Customers Impacted: 3,688,060

How it Could Affect Your Customers’ Business: Thousands of account credentials are compromised every day. Businesses that are serious about protecting company and customer data will add an extra level of defense against bad actors by requiring strong, unique passwords and enabling two-factor authentication on all accounts.

ID Agent to the Rescue: With Passly, you can protect your employees’ digital identities and your data. We offer integrated multi-factor authentication, single sign-on, and password management solutions to protect your credentials and your data. Find out more at

Germany – Ruhr University   

Exploit: Ransomware 

Ruhr University: Academic institution  

gauge showing severe risk

Risk to Small Business: 1.652 = Severe

A ransomware attack forced the academic institution to take most of its IT infrastructure offline. Consequently, staff can’t access email or the VPN tunnel, which is required for accessing remote services. Now, the university is warning students not to open any email attachments and to limit the usage of Windows-based applications. This disruption is a significant inconvenience for students and staff who are already working remotely because of the COVID-19 pandemic.  

Individual Risk: At this time, no personal information was compromised in the breach. However, these events frequently result in data exfiltration. Students and staff should look for updates as the situation evolves. 

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware attacks are always costly, but the implications are enhanced as many people work and learn remotely during the COVID-19 outbreak. Not only does ransomware come with costly recovery costs, but inaccessible networks can bring productivity to a veritable standstill, further exacerbating the crisis. Learn more in our remote work cybersecurity solutions information resource package

ID Agent to the Rescue: Passly protects your systems and your data. With multi-factor authentication to provide a crucial second line of defense against cybercriminals, you can add a game-changing barrier between bad actors and your data. Find out more at

Australia – Localsearch  

Exploit: Accidental data exposure

Localsearch: Internet marketing service

a gauge indicating extreme risk

Risk to Small Business: 1.363 = Extreme

Localsearch published a directory of unlisted numbers, running afoul of the country’s data privacy laws. The move resulted in a formal warning from the Australian Communications and Media Authority (ACMA) after it conducted an investigation into the mishap, which occurred when the company failed to remove unlisted numbers when culling information from the Integrated Public Number Databases. It was the first warning issued by the ACMA, and it serves as a reminder that businesses that don’t comply with data privacy standards can expect that there will be repercussions for their actions.

gauge showing severe risk

Individual Risk: 1.602 = Severe

An unspecified amount of unlisted phone numbers were published in the company’s directory. Although Localsearch has taken steps to remove this information, it’s possible that private information is already in the hands of bad actors. Those impacted should carefully scrutinize unexpected or unusual communications, as this information could be used in phishing scams or other fraud attempts.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Adhering to the growing list of data privacy standards can be challenging, even for companies with vast financial and personnel resources to address the problem. However, now more than ever, it’s clear that businesses will need to adopt policies and practices to secure sensitive or regulated data as a part of their day-to-day operations and watch carefully for Dark Web threats to that data.

ID Agent to the Rescue: Get Dark Web ID to find out if your trade secrets, research, employee records or customer data has been compromised so you can mitigate the threat and stay a step ahead of the bad guys. Discover more at  

Australia – The West Australian

Exploit: Phishing scam

The West Australian: News organization   

1.51 – 2.49 = Severe Risk

Risk to Small Business: 1.809 = Severe

Several employees fell for a phishing scam that compromised subscribers’ personal information. The attack, which occurred on March 23rd, wasn’t identified until April 21st. Unfortunately, it took the company months to complete its investigation, costing victims critical time to secure their information. The news organization has apologized for the breach, but many consumers have little patience for these overtures, preferring instead that companies take steps to protect their information before a breach occurs. 

gauge indicating moderate risk

Individual Risk: 2.541 = Moderate

Hackers accessed customer’s names, phone numbers, and email and home addresses for anyone who contacted the newspaper through its [email protected] email address. Those impacted by the breach should carefully scrutinize incoming messages, as this information is often used in spear phishing attacks that compromise even more sensitive information. 

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: The number of phishing scams has exploded since the COVID-19 pandemic began. These easy-to-execute attacks carry little risk for cybercriminals, but they can have enormous implications for companies that fall for these scams. It’s clear that cybercriminals will continue to rely on this attack methodology as an easy way to steal company data, making employee awareness training a critical component of every organization’s defensive posture.

ID Agent to the Rescue: BullPhish ID simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime – and training is available in 8 languages. Click the link to get started:  

Risk Levels:

1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk

Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.

In Other News

Our Bigger, Better Blog is Buzzworthy   

Have you been reading our blog? We’ve revamped it to offer more news, problem-solving advice, and expert analysis of today’s threats, plus fresh cybersecurity insight that helps you plan for tomorrow. 

Catch up on what you need to know now: 

Sales & Marketing Tools You Can Use 

Get a FREE PowerPoint Deck with Dark Web screenshots when you download this webinar! Take a behind-the-curtain tour of the Dark Web and see what really goes on in Dark Web markets with insiders in “Unveiling Cybercrime Markets on the Dark Web”  DOWNLOAD IT>>  

NEW WEBINAR! Is your marketing post-COVID-19 ready? Hear from  experts on how to maximize your opportunities and how the dramatic shift in IT priorities affects MSPs in “Digital Risk: Threats, Opportunities, and Strategies to Position Yourself for Success DOWNLOAD IT>>   

USE THESE FREE TOOLS to educate your clients about the growing menace of phishing attacks. Our phishing report “One Phish, Two Phish” details the trends. Plus, Bullphish ID has been updated to include COVID-19 threats and offers training materials available in 8 languages!  

DID YOU KNOW? In-person demos might not be on the table right now, but you can still demo our solutions with these 10-minute tech demonstration videos

2/3 of Consumers Reuse Their Passwords on Multiple Platforms     

Despite years of advocacy for strong, unique passwords for each digital service, most people continue to reuse their credentials across various online platforms, a risk that is warned against in our password security information package

It looks to be more attributable to a desire for convenience than ignorance – a recent consumer survey found that 91% of consumers recognize the risk of reusing their passwords across multiple platforms, but 66% continue to use the same passwords anyway.

People are still making weak and easily guessed passwords in popular categories too. At the same time, 53% have not changed their passwords in the past year, leaving multiple platforms vulnerable to the treasure trove of login credentials available on the Dark Web.

Users who reuse passwords are primarily concerned with the hassle of a reset – 60% are worried about forgetting their login credentials, and 52% want more control over their passwords. Today’s businesses need to understand that this trend impacts their employees and their customers, putting their critical IT at risk along the way. 

Using tools and services that support good password hygiene, offering things like single sign-on, two-factor authentication, and other password-oriented enhancements, and enforcing stricter password reuse and sharing policies can help mitigate the risk of password compromise through password reuse and weakness.    

Catch Up With Us at These Virtual Events

MAY 27: Grow Walletshare and Improve Client Stickiness in Uncertain Times Webcast REGISTER>> 


AUG 24-27: Connect IT Global in Las Vegas REGISTER >> 


A Note for Your Customers

COVID-19 Leads to Record-Breaking Cybercriminal Activity    

As the world grapples with the far-reaching implications of the COVID-19 pandemic, cybercriminals are capitalizing on the chaos to unleash an unprecedented number of attacks against businesses and individuals. Bad actors have unleashed an onslaught of phishing scams, 30% of which are directly related to COVID-19.  

These malicious messages are joined by 854,411 phishing or counterfeit websites, four million suspicious websites, and an unprecedented surge in corporate cyberespionage, especially in healthcare. In addition, cybercriminals are hawking unproven cures, fraudulent charities, and other troubling trends. For instance, researchers found 1,092 websites pushing hydroxychloroquine as a cure for COVID-19.   

Experts note that cybercriminals are relying on peoples’ desire for insight in an unstable information landscape, concerns about economic instability, and generalized anxiety as prominent factors that make these scams so effective. In response, every organization needs to prepare its employees for this new reality, making employee awareness training an essential defensive strategy in today’s rapidly changing digital ecosystem.–abc-news-topstories.html?&web_view=true

Do you need high-quality marketing tools to help you connect with your customers? Our marketing team is here to help with free resources for marketing and education like eBooks, web9inars, social media graphics, infographics, and more!.

Follow us on social media to find out about upcoming events, new blog posts, eBooks, white papers, webinars, product updates, marketing tools, and other cybersecurity news!

Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in its entirety) for your own social media and marketing efforts. Just send an email to [email protected] to let us knowwe welcome your feedback and we love to hear about how our content works for you!

Not a Partner Yet? Let’s talk about how your business can benefit from our remote-ready suite of cybersecurity solutions including the award-winning DarkWeb ID and our newest addition Passly. Contact us today!