Please fill in the form below to subscribe to our blog

The Week in Breach News 07/22/20 – 07/28/20

July 29, 2020
breach news

This Week in Breach News: Colleges wrestle with third party security risks, healthcare breaches pile up, billions of leaked credentials put business data at risk, and we take another trip behind the veil of the Dark Web.   

Breach News: Dark Web ID’s Top Threats

  • Top Source Hits: ID Theft Forum
  • Top Compromise Type: Domain
  • Top Industry: Education & Research
  • Top Employee Count: 501+

Breach News: United States 

United States –  CaptainU

Exploit: Unsecured Database

CaptainU: College Recruiter 

cybersecurity news gauge indicating extreme risk

Risk to Small Business: 1.117 = Extreme

Cybersecurity researchers recently uncovered an unsecured Amazon S3 (Simple Storage Service) bucket containing nearly 1 million records of sensitive high school student academic information. The exposed data included GPA, ACT, SAT, and PSAT scores, unofficial transcripts, student IDs, students’ and parents’ names, email addresses, home addresses, and phone numbers – plus pictures and videos of students’ athletic achievements, messages from students to coaches, and other recruitment materials. The files are still available.

cybersecurity news gauge indicating extreme risk

Individual Risk: 1.190 = Extreme

CaptainU is claiming that this information was always intended to be publically available, although that message differs from what parents and students were told about how information was shared by the company. Any student with a profile at this company should consider their information exposed and take appropriate measures against identity theft, spear phishing, fraud, and other criminal uses.

Customers Impacted: 1 million

How it Could Affect Your Customers’ Business: Handling sensitive data, especially for children, creates an extra level of responsibility. Companies that fail at taking that seriously will inevitably lose business. This incident also opens CaptainU up to regulatory scrutiny and lawsuits.

ID Agent to the Rescue: Control who has access to sensitive information efficiently and effectively with Passly to be sure that the right people have access to the right things at the right levels – and only the right people. LEARN MORE>>

United States – CouchSurfing

Exploit: Unsecured Database

CouchSurfing: Crowdsourced Hospitality 

cybersecurity & breach news represented by a gauge showing severe risk

Risk to Small Business: 2.177 = Severe

The San Francisco based housing and hospitality service is investigating a security breach that was recently discovered when hackers began selling the details of 17 million users on Telegram channels and hacking forums, with some priced at $700 USD. User details such as user IDs, real names, email addresses, and CouchSurfing account settings, were for sale, although no passwords or financial data were reported as available. The pilfered information is now available on RAID Forum, the go-to place for buying and selling stolen databases on the public internet.

cybersecurity news represented by a gauge indicating moderate risk

Individual Risk: 2.509 = Moderate

According to CouchSurfing’s release, no financial data was compromised in the incident. Users who think their accounts may have been compromised should consider this ammunition for possible spear phishing attacks.

Customers Impacted: 17 million

How it Could Affect Your Customers’ Business Unprotected databases are always trouble. Although no passwords were listed as compromised in this attack, these incidents often raise a company’s risk of credential compromise if a staffer has recycled their password or signed up for a service using their business email.

ID Agent to the Rescue: ID Agent’s digital risk protection platform raises a strong defense against cybercrime.  Our award-winning solutions come backed with full-0service marketing support – and many of our Partners realize ROI in 30days or less. LEARN MORE>> 

United States – Garmin

Exploit: Ransomware

Garmin: Navigation Hardware and Software Provider

cybersecurity news gauge indicating extreme risk

Risk to Small Business: 1.397 = Extreme

Garmin has had a difficult and damaging week. A ransomware attack wreaked havoc on its operations and manufacturing capability, encrypting its internal network and some production systems. The company plans to deal with the mess a multi-day maintenance operation including shutting down many essential business components for restoration and security updates. Those components include its official website, the Garmin Connect user data-syncing service, Garmin’s aviation database services, and some production lines in Asia. Garmin’s call centers were also impacted, rendering it unable to answer calls, emails, and online chats sent by users.

Individual Risk: No personal or financial data was reported as compromised at this time

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business:  Ransomware is typically the nasty payload of a phishing email. Even huge, multinational corporations can be humbled by something as small as one email, just like Twitter was last week.

ID Agent to the Rescue:  Updated phishing resistance training with BullPhish ID can stop ransomware attacks from landing by training staffers to be wary of suspicious emails and report them instead of interacting with them. SEE A DEMO>>

United States – GEDmatch

Exploit: Unauthorized Database Access 

GEDmatch: Genealogy and Genetic Testing Service

cybersecurity news gauge indicating extreme risk

Risk to Small Business: 1.331 = Extreme

GEDmatch is famous for being the site used to catch and effectively prosecute the notorious Golden State Killer. But they weren’t able to secure their data effectively, because hackers were able to gain access to the company’s internal storage, obtain some user information, and change account permissions last week. About 280,000 of the 1.45 million profiles on the site had agreed to share their information with law enforcement agencies. In the recent breach, attackers scooped up information and also changed users’ settings so that all 1.45 million DNA profiles were available to law enforcement searches – twice. The hack was then compounded as information purportedly gained in the incident was used to mount a phishing attack on the clients of an Israeli partner of GEDmatch, MyHeritage. The GEDmatch site has been taken down for maintenance and recovery with no ETA on restoration.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 2.172 = Severe

While no genetic data or financial information has been reported as compromised, the investigation is still ongoing. Users of GEDmatch should be cautious that personal information may have been compromised and made available to law enforcement officials.

Customers Impacted: 1 million 

How it Could Affect Your Customers’ Business: Not only can a cybersecurity incident lead to an embarrassing and expensive breach for one company, it can also open that company’s partners up to cybercrime risks, like the phishing campaign mounted against MyHeritage users.

ID Agent to the Rescue: Convincing your clients that they really do need to upgrade their cybersecurity to avoid a problem like this can be arduous in today’s economy. That’s another reason to Partner with us – through Goal Assist, you can tag in one of our experts if you need a little back up on a call to seal the deal. LEARN MORE>> 

United States – Family Tree Maker

Exploit: Unauthorized Database Access

Family Tree Maker: Genealogy Software 

cybersecurity news represented by agauge showing severe risk

Risk to Small Business: 2.137 = Severe

An unsecured Elasticsearch server is to blame for Family Tree Maker’s leak of more than 25GB of user data. User information that was leaked includes email addresses, geolocation data, IP addresses, system user IDs, support messages, and technical details. The leak apparently also included technical details about the system’s backend.

cybersecurity news represented by a gauge indicating moderate risk

Individual Risk: 2.503 = Moderate

No personally identifiable or financial data was reported as compromised in this breach, but users should be aware of spear phishing attempts using this compromised data.

Customers Impacted: 60,000

How it Could Affect Your Customers’ Business: An unsecured database is an unnecessary foul. Overlooking basic security measures like this is an indicator that cybersecurity best practice isn’t being enforced actively and corners are being cut by careless staffers without repercussions.

ID Agent to the Rescue: Security awareness training is essential for every employee and executive, and it pays to keep that training up to date to avoid embarrassing and expensive cybersecurity blunders like this. Our training and testing tools can help make sure everyone is taking information and system security seriously. LEARN MORE>>

United States – Instacart

Exploit: Unauthorized Database Access

Instacart: Grocery Delivery Service

cybersecurity news represented by a gauge indicating moderate risk

Risk to Small Business: 2.571 = Moderate

Instacart suffered a data breach last week. Maybe. Multiple reliable news outlets are reporting that Instacart had a breach, with records for hundreds of thousands of users in the US and Canada discovered as exposed on the Dark Web. Instacart denies that it had a security breach. Instead, Instacart said in a corporate statement that third-party bad actors were able to use “a few” usernames and passwords that were compromised in previous data breaches of other websites and apps to log in to some Instacart accounts and access basic customer account information such as first name, address, last order, total order number, and in some cases, the last four digits of a customer’s credit card.

cybersecurity news represented by a gauge indicating moderate risk

Individual Risk: 2.823 = Moderate

No financial information was reported stolen, but sensitive health data may have been compromised. Affected users should be alert for potential spear phishing attempts or blackmail using this data. 

Customers Impacted: 278,531

How it Could Affect Your Customers’ Business: Credential compromise from other sources is a problem for every business. With so many login and password combinations to keep track of these days, password recycling is common – and dangerous.

ID Agent to the Rescue: Dark Web ID keeps data and systems safer by alerting companies if their protected user passwords appear in Dark Web markets quickly to head potential cyberattacks from those compromised credentials off at the pass. SEE IT IN ACTION>>

United States – Lorien Health

Exploit: Ransomware 

Lorien Health: Nursing and Rehabilitation Center Operator 

cybersecurity news represented by agauge showing severe risk

Risk to Small Business: 1.883 = Severe

Maryland-based Lorien Healthcare admitted that it was the victim of a Netwalker Ransomware attack after cybercriminals released their data online when the ransom as not paid. Upon investigation, Lorien Healthcare determined that patient information had been accessed by the hackers including names, Social Security numbers, dates of birth, addresses, and health diagnosis and treatment information. Employee data was also accessed.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 2.074 = Severe

The company has informed affected clients of the details about the attack and their options for protecting their personal information, along with complimentary credit monitoring and identity protection services.

Customers Impacted: 47,754

How it Could Affect Your Customers’ Business: Ransomware is the bane of every IT professional, and it’s only getting worse. By increasing phishing resistance training, businesses can keep ransomware at bay, since the majority of ransomware arrives as part of a phishing attack.

ID Agent to the Rescue: BullPhish ID’s constantly updated phishing resistance training features complete, plug-and-play training campaigns including engaging videos in 8 languages for users at every level of tech knowledge, with online quizzes to test retention. LEARN MORE>>

Breach News: Canada

Canada – Wattpad 

Exploit: Unauthorized Database Access

Wattpad: Entertainment Platform

cybersecurity news represented by agauge showing severe risk

Risk to Small Business: 1.883 = Severe

Wattpad has announced that it is investigating claims of a breach that occurred during the first week of July of approximately 270 million user records after they were discovered being sold on the Dark Web.  The cybersecurity researchers who discovered the information say that the stolen users’ records included login credentials, full names, contact numbers, dates of birth, password hashes, Facebook identifications, Tumblr passwords, and email addresses.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 2.224 = Severe

Wattpad users should immediately reset their account credentials and be aware of the potential for spear phishing and identity theft using this information.

Customers Impacted: 271 million

How it Could Affect Your Customers’ Business: This kind of incident is messy and expensive to recover from in every way, from forensics to public relations. Adding strong protections like Multifactor Authentication to database access points helps keep data safe by putting an extra roadblock between your data and the bad guys.

ID Agent to the Rescue: Passly adds powerful protection for your data and systems through the combined power of multifactor authentication, single sign-on user access points, and easy remote access management that works anytime, anywhere. SEE PASSLY’S FEATURES >>

Breach News – United Kingdom & European Union

United Kingdom – University of York

Exploit: Third Party Data Breach

University of York: Institution of Higher Learning

cybersecurity news represented by agauge showing severe risk

Risk to Small Business: 2.227 = Severe

Last week we reported on a data breach at fundraising services provider BlackBaud, and this week we’re starting to see the fallout from that ransomware incident. Information that was breached for University of York students and alumni who have participated in fundraising events includes name, title, gender, date of birth, student number, home address, phone numbers, email addresses, LinkedIn profile details, course and educational attainment details, fundraising activities, fundraising event participation, fundraising volunteering, donations made, and professional details.

cybersecurity news represented by a gauge indicating moderate risk breach news

Individual Risk: 2.804 = Moderate

No financial information was reported as breached, and the personal information taken was generally publically available. Alumni will need to be especially cautious of possible spear phishing attempts made using this information.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: A vendor or service provider’s cybersecurity failures could cause a data breach that not only affects another company, it also affects its customers. This is especially dangerous when that third party handles sensitive personal or financial data.

ID Agent to the Rescue: Offer your customers the peace of mind that comes with ID Agent’s dynamic digital risk protection platform. Our solutions help protect data and systems with improved security intelligence and security awareness training that really works. LEARN MORE>>

Spain – ADIF

Exploit: Ransomware 

ADIF: Railway Operator and Authority

cybersecurity news represented by agauge showing severe risk

Risk to Small Business: 2.092 = Severe

REvil ransomware is at work again in an incident at Spanish national railway controller ADIF. As the Administrator of Railway Infrastructure, ADIF is a state-owned operation that manages rail traffic and infrastructure and collects fees from railway operators that has been in hot water before – this is the third recent incident. Two previously successful REvil ransomware campaigns enabled attackers to grab an estimated 800 GB of data including internal correspondence and accounting figures.

Individual Risk – No personal information or financial data was reported as compromised in this breach, although the attackers do claim to have sensitive corporate data that they will release if their demands are not satisfied.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: REvil ransomware has been involved in many recent incidents, and as ransomware continues to present a growing problem for cybersecurity professionals, companies have to take security awareness training seriously. This information was the 3rd incident for ADIF, and one is too many for many companies to survive. Most ransomware is delivered through email, and improved phishing resistance training helps users spot it.

ID Agent to the Rescue: BullPhish ID creates security awareness and increases phishing resistance with comprehensive training and testing campaigns that include engaging video lessons and COVID-19 threat content in 8 languages. LEARN MORE>>

Breach News – Australia & New Zealand

Australia – Western Australia Department of Health (WA Health)

Exploit: Third Party Data Breach

Western Australia Department of Health: Government Agency 

cybersecurity news gauge indicating extreme risk breach news

Risk to Small Business: 1.327 = Extreme

The saga continues for WA Health. Cascading complications have increased the severity and the damage from the data breach that we reported on last week. New information has come to light, making this incident involving the agency and its paging service one of the state’s biggest privacy breaches. Thousands of state government communications were published on a public website, including confidential health data like COVID-19 test results for scores of people. More than 400 records including confidential doctor/patient communications, official doctor/health department messages, personal details of patients in quarantine, and extensive case management information were publically exposed. The rapidly expanding incident has grown to impact other health-related state services including St. John Ambulance, the Department of Fire and Emergency Services, and the Department of Justice.

cybersecurity news represented by agauge showing severe risk breach news

Individual Risk: 1.889 = Severe

While no financial information was reported stolen, a great deal of very specific and highly sensitive personal health data has been compromised. This is especially troubling as COVID-19 anxiety runs high, and may lead to public personal ramifications for patients that were affected as well as lending itself to spear phishing and blackmail attempts.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: The ripple effect of one breach can sometimes be felt throughout an industry, as many services and companies are intertwined. By adding a solid digital risk protection platform to their security plan, businesses can gain a more holistic view of their risks to start patching up holes in security before a problem becomes a disaster.

ID Agent to the Rescue: Get expert advice on how to position your clients for maximum protection against digital risk – and how to position yourself for greater success and increased MRR all in one powerful webinar. DOWNLOAD IT>>

The Week in Breach News Risk Levels

1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

The Week in Breach News: Added Intelligence

Go Inside the Ink to Get the Inside Scoop on Breach News 

Every weekday, our blog features timely cybersecurity news, problem-solving advice, and expert analysis of today’s threats, plus insight that helps you plan for tomorrow. Don’t miss it!

Catch up on what you need to know now: 

Free eBook of the Week

Take a deeper dive into the post-pandemic Dark Web

Dark Web danger is growing for every company as the fallout of the global pandemic and worldwide economic uncertainty come together to create a banner year for cybercrime. Don’t let your clients get caught up in the tide.

Get the facts about how the Dark Web has changed since the beginning of the year, and explore the dangers that your clients are facing in our eBook, “State of the Dark Web 2020”. We’re here to help you grow your security business by analyzing the threats that are coming from the Dark Web in 2020 – and giving you expert advice about how to boost both your clients’ protection and your bottom line.

Download “State of the Dark Web 2020” now. GET THE BOOK>>


MSPs Are Lifting the Veil of the Dark Web

Gain insight into today’s Dark Web in this webinar hosted by Suzanne Parent from Veriato and Matt Solomon from ID Agent. You’ll get a look at what goes on in Dark Web markets plus expert analysis of the best ways for you to protect your clients and your business from Dark Web threats. You’ll learn:

  • Dark Web 101 to see the current state of the Dark Web
  • How to spot and stop Dark Web threats
  • What to do if you suspect a staffer may be engaging in cybercrime
  • Excellent sales tips from a Channel All-Star!

Get the inside scoop with “MSPs Are Lifting the Veil of the Dark Web” now! DOWNLOAD IT>>

The Week in Breach News Spotlight

Billions of Leaked Credentials Create New Risk 

Two huge data dumps of leaked credentials in recent weeks have drawn attention in breach news this week raising questions about the risk posed by these treasure troves of information for cybercriminals. These batches of information from past breaches demonstrate the danger of a third party data breach and how that can create a cascade effect that damages other companies.

In early July, Dark Web researchers found over 15 billion credentials from more than 100,000 data breaches on the Dark Web, including everything that a bad actor might need for unrestricted access to everything from streaming services to banking accounts and financial services.

Later in the month, cybersecurity analysts found another giant cache of sensitive information on the Dark Web, this time including personally identifiable information including names, addresses, dates of birth, Social Security numbers, and other sensitive personal information for an estimated 40,000 Americans.

This is far from a rare occurrence. As time goes on, more data dumps of this type will happen regularly as data accumulates from a constant spate of breaches, putting even more peoples’ personally identifying information on the Dark Web – and putting the companies that they work for in danger.

Breach news shows that 90% of cyberattacks that end in a data breach start with a phishing email. Learn more about defending any organization against phishing in our eBook “One Phish, Two Phish”. GET THE BOOK>>

Two major concerns about how cybercriminals may use this information to damage other companies are credential stuffing attacks and spear phishing. With a bit of research and a big enough list of email addresses and potentially associated passwords, cybercriminals can mount dangerously accurate credential stuffing operations that can quickly bypass many data protections. They can also use personal details collected from other breaches to craft extremely convincing phishing emails touse against targeted companies that lure in unwary staffers to unwittingly deploy ransomware or give up access credentials, passwords, and data.

What’s the first thing to do to throw up a roadblock against attacks that make use of these huge data dumps? Deploy a secure identity and access management solution like Passly. It seems like an easy fix because it is. Passly is simple yet effective protection that goes to work immediately to mitigate the consequences of things like staff credential compromise from a third party data breach – because they’re almost inevitably recycling passwords.

In one affordable tool, Passly adds peace of mind for businesses that their entry points are protected as it uses the combined security power of MFA, single sign on, and easy remote management to add crucial layers of protection between cybercriminals and company systems and data fast, while making sure that the right people have access to the right things at the right level – and only the right people.

Watch this 10-minute technical demonstration video of Passly.



breach news

Registration is now open for CONNECT IT GLOBAL 2020! Get ready to explore this year’s theme “Vision, Innovation, and Execution”. We’ve got a lineup of Channel All-Stars ready to host amazing virtual panels and workshops to educate and inspire you.

Registration is now open for CONNECT IT GLOBAL. Get ready to explore this year’s theme “Vision, Innovation, and Execution” as you join other MSPs and industry leaders for four days of learning and fun. We’ve got a lineup of Channel All-Stars ready to host amazing virtual panels and workshops to educate and inspire you. Learn sales, marketing, product, and business secrets to success. Here’s a taste of what’s planned:


We’ll have product announcements, certifications, training opportunities, workshops and so much more. Network with Channel leaders including ID Agent’s Kevin Lancaster and Natasha Boyko. Plus, plenty of fun activities, contests, and opportunities to get to know other Channel influencers as you gain insight into growing your MSP. See you there!

Reserve your virtual seat for the 4-day event for only $99. See you at CONNECT IT GLOBAL! REGISTER NOW>> 

Catch Up With Us at These Virtual Events

AUG 4 – 6: CompTIA ChannelCon REGISTER>>
AUG 24 – 27: Connect IT 2020 REGISTER >>
SEPT 27 – 29: GlueX 2020 REGISTER>>

A note about cybersecurity and breach news for your customers:

In Breach News: Cybercrime Boom Means Data Breach Risks are Rising 

In a challenging economy, even cybercriminals have to work a little bit harder – and they’re working overtime. A 23% overall increase in cybercrime in 2020 so far (and a more than 600% increase in phishing attacks) means that your data is at greater risk than ever before. So what can you do right now to improve data security immediately, and add additional protection that keeps your data safer in the future?  

For the quickest security upgrade, a secure identity and access management solution like Passly has the most immediate bang for your buck. Passwords are a thorny problem for IT departments, but they don’t have to be. By combining multifactor authentication, single sign-on, and secure password vaults with easy management, Passly immediately puts an extra layer of protection between bad actors and your business – and it seamlessly integrates with the business applications that you use every day to start working from day 1.

For a longer term solution, increase security awareness training, especially phishing resistance. Many of today’s most dangerous cyberattacks, like ransomware, have an element of phishing – and the lastest breach news shows that over 90% of incidents that end in a data breach start with a phishing email. Phishing attacks aren’t always attempted with an email attachment either; they can be links, PDfs, even SMS messages. BullPhish ID has simple, plug-and-play phishing training that’s constantly updated to keep your staff ready for the latest threats, including COVID-19 bait.

By taking an approach that combines both a fast fix and continuous improvements in security awareness, businesses can reduce their risk of falling victim to cybercrime like a potentially disastrous data breach and be ready for future threats as they crop up.

Get high-quality marketing tools to help you connect with your customers with our free resources for marketing and education like eBooks, webinars, social media graphics, infographics, and more!.

Follow us on social media to find out about breach news, upcoming events, new blog posts, eBooks, white papers, webinars, product updates, marketing tools, and other cybersecurity news!

Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in its entirety) for your own social media and marketing efforts. Just send an email to [email protected] to let us knowwe welcome your feedback and we love to hear about how our content works for you!

Ready to become an ID Agent Partner or learn more about our remote-ready suite of cybersecurity solutions including the award-winning DarkWeb ID? Contact us today!