The Week in Breach: 07/31/19 – 08/06/19
This week, students learn a harsh lesson about data security, law enforcement agencies are forced offline, and a creative new malware threatens Windows users.
Dark Web ID Trends:
Top Source Hits: ID Theft Forums
Top Compromise Type: Domain
Top Industry: High-Tech & IT
Top Employee Count: 501+ Employees
United States – Ameritas
https://journalstar.com/business/local/lincoln-based-ameritas-discloses-data-breach/article_d0ac4d30-7e26-59ad-8fed-7ffebb2d0835.html
Exploit: Phishing attack
Ameritas: Insurance company operating as a subsidiary of Ameritas Mutual Holding Company
Risk to Small Business: 1.777 = Severe: Several employees fell for a phishing scam and provided their credentials to hackers who used that information to access customer data. The insurance company disabled the affected accounts and issued a company-wide, mandatory password reset. The company’s quick actions certainly prevented the data breach from becoming more expansive, but even temporary access can allow hackers to inflict significant damage on a company’s data security. Because Ameritas failed to adequately prepare their employees for a phishing scam, they will now incur the significant cost of hiring an external security firm to shore up their data integrity, even as they face the less quantifiable reputational cost that always accompanies a data breach. | |
Individual Risk: 2.285 = Severe: Hackers accessed customers’ personally identifiable information, including names, addresses, email addresses, social security numbers, and policy numbers. Ameritas is offering one year of free credit and identity monitoring services, and anyone impacted by this data breach should enroll in these programs. At the same time, they should diligently monitor their accounts for unusual or suspicious activity. |
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: The cost of a data breach is higher now than ever before, which makes a preventable data breach even more egregious. Consequently, awareness training should be a top priority for every company. The expense of credit and identity monitoring services, reputational damage, and IT upgrades far exceeds the awareness training that can prevent phishing scams from compromising customer data.
ID Agent to the Rescue: Designed to protect against human error, BullPhish ID™ simulates phishing attacks and manages security awareness training campaigns to educate employees, making them the best defense against cybercrime. Learn more here: https://www.idagent.com/bullphish-id.
United States – Washoe County School District
https://www.kolotv.com/content/news/WCSD-warns-of-student-data-breach-513440991.html
Exploit: Unauthorized database access
Washoe County School District: Public school district providing educational services to students in Washoe County, Nevada
Risk to Small Business: 2.111 = Severe: A data breach at one of the district’s contractors, Pearson, compromised students’ personally identifiable information. Even though the district isn’t directly responsible for the data breach, they will still incur the cost of providing credit and identity monitoring services to thousands of victims, and their already strapped budgets will be further strained by the recovery efforts. | |
Individual Risk: 2.714 = Moderate Risk: The data breach impacts students who attended the school district between 2001 and 2016, and it includes student names and dates of birth. Some staff names and email addresses were also accessed during the breach. Those impacted by the breach should enroll in the district-provided credit and identity monitoring services to ensure their information’s long-term integrity. |
Customers Impacted: 144,000
How it Could Affect Your Customers’ Business: Even when an organization isn’t directly responsible for a data breach, they are still charged with helping victims recover from the episode and for strengthening the cybersecurity standards going forward. Especially when minors are involved, knowing what happens to people’s information after it leaves your network is a good place to start.
ID Agent to the Rescue: Dark Web ID™ monitors the Dark Web to find out if your employee or customer data has been compromised. We work with MSSPs to strengthen their security suite by offering industry-leading detection. Discover more at: https://www.idagent.com/dark-web.
United States – Georgia Department of Public Safety
https://www.govtech.com/security/Georgia-Public-Safety-Agency-Hit-with-Ransomware-Attack.html
Exploit: Ransomware
Georgia Department of Public Safety: Government agency overseeing state law enforcement divisions
Risk to Small Business: 2.111 = Severe: A ransomware attack on the Georgia Department of Public Safety forced the institution to take all of its computer servers offline. The department is responsible for several law enforcement agencies, which were unable to use their systems to conduct their day-to-day operations. Fortunately, the department was prepared with a ransomware response plan that will equip them to restore operations without paying the ransom. However, as other incidents in recent months revealed, that doesn’t mean that recovery is free or even cheap. The opportunity cost associated with network outages and the IT repairs costs can quickly exceed ransom demands. | |
Individual Risk: No personal information was compromised in the breach. |
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: This is the third ransomware attack on a Georgia-based government agency in the past month, costing precious public funds that could be spent on more beneficial projects. The pattern is certainly not restricted to Georgia, and organizations of every size and in every location should prioritize robust security awareness to address network vulnerabilities before an attack occurs.
ID Agent to the Rescue: BullPhish ID simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime. Click the link to get started: https://www.idagent.com/bullphish-id.
United States – Los Angeles Police Department
https://www.zdnet.com/article/thousands-of-los-angeles-police-caught-up-in-data-breach-personal-records-stolen/
Exploit: Unauthorized database access
Los Angeles Police Department: Local police department serving Los Angeles, California
Risk to Small Business: 1.666 = Severe: A hacker gained access to the department’s database housing information on thousands of recruits, compromising sensitive personal information for thousands of potential officers in the process. While the department is taking steps to protect their network going forward, they neither knew they were breached nor accounted for their officers’ data security before the incident occurred. Consequently, their officers’ personal information is available to untold bad actors. | |
Individual Risk: 2.428 = Severe: When hackers contacted the department, they revealed that the personal information included names, partial social security numbers, dates of birth, email addresses, and application credentials. The breach extends to officers, trainees, recruits, and applicants, and those impacted by the breach should attain the credit and identity monitoring services necessary to ensure that their information isn’t being used for nefarious purposes. |
Customers Impacted: 20,000
How it Could Affect Your Customers’ Business: Data breaches are a veritable PR nightmare for any company, and this is especially true when prized community members, like police officers, are victimized by the incident. Since this information can quickly make its way to the Dark Web, organizations can begin repairing the damage by verifying that this information isn’t being used to perpetuate further crimes. Moreover, offering supportive services, like comprehensive identity theft restoration, provides the support that victims need to recover from a data breach.
ID Agent to the Rescue: Backed by ID Agent’s $1 million identity theft restoration policy, SpotLight ID™ allows MSPs’ clients to protect customers while enhancing their overall cybersecurity awareness. Learn more: https://www.idagent.com/identity-monitoring-programs.
United States – Poshmark
https://www.nbcdfw.com/news/tech/Poshmark-Announces-Data-Breach-513532461.html
Exploit: Unauthorized database access
Poshmark: Social commerce marketplace for buying and selling clothing, shoes, and accessories
Risk to Small Business: 2.222 = Severe Risk: Hackers gained access to the company’s database where they accessed customers’ personal information. The company hashed and salted users’ passwords, making it difficult for hackers to use this information to directly access user accounts. However, similar breaches at online retailers eventually saw their customers’ data sold on the Dark Web, giving Poshmark a heavy responsibility to identity the stolen information and to ensure its long-term integrity. In addition, the company is paying the expense of hiring a third-party cybersecurity team to update their protocols in the wake of the breach. | |
Individual Risk: 2.714 = Moderate Risk: Poshmark is used by customers in Canada and the United States, but only US-based accounts were impacted by the breach. For those impacted by the breach, their usernames, passwords, names, gender, and city of residence are compromised. In addition, some platform-related content, like clothing size, was also made available. Ensuring this data’s security is a long-term process that doesn’t have an easy solution. Therefore, users should attain the monitoring services necessary to secure their information. |
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Research shows that customers are unlikely to return to a platform that compromises their personal data, making cybersecurity not just a technological issue but a bottom-line priority. Providing comprehensive care to those impacted by a breach allows companies to put their best foot forward toward restoring the customers’ confidence, and, hopefully, retaining their business.
ID Agent to the Rescue: Monitoring the Dark Web for stolen credentials is critical for MSPs who want to provide comprehensive security to their customers. BullPhish ID compliments that data with simulated phishing attacks and security awareness training campaigns to educate employees, making them the best defense against cybercrime: https://www.idagent.com/bullphish-id.
United States – Lodi, California
https://www.govtech.com/security/Lodi-Calif-Confirms-Ransomware-Behind-Computer-Troubles.html
Exploit: Ransomware
Lodi, California: City located in San Joaquin County, California
Risk to Small Business: 1.888 = Severe Risk: Ransomware was delivered to city employees as an email attachment that appeared to be an invoice. The malware ultimately disabled the city’s phone lines, financial data systems, and other computer systems. Hackers demanded a $400,000 ransom in Bitcoin, which officials have declined to pay. The ransomware was first discovered in April, and, after several attempts to remove it from their system, it’s continued to plague their systems months later. While the city has cybersecurity insurance, it includes a $50,000 deductible, which means that there are only bad options for restoring network functionality. | |
Individual Risk: No personal information was compromised in the breach.. |
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: This incident illustrates the complicated debate surrounding ransomware attacks. $400,000 is an expensive ransom, but local municipalities can quickly spend more as they endure the arduous process of recovering their systems. As Lodi demonstrates, this process can take months, and success isn’t a guarantee. Consequently, government agencies and organizations need to prioritize cybersecurity initiatives to strengthen their defensive posture before an attack occurs. In this case, a single malicious email will have significant financial consequences for the local government.
ID Agent to the Rescue: With BullPhish ID, MSPs can provide a more complete picture of a company’s security posture and potential risk, transforming the weakest links of an organization into their strongest points of protection. Find out how you can get started with us here: https://www.idagent.com/bullphish-id.
United Kingdom – University of York
https://www.bbc.com/news/uk-england-york-north-yorkshire-49182179
Exploit: Unauthorized database access
University of York: Public research university based in York, England
Risk to Small Business: 2 = Severe Risk: A malicious data breach at the University of York compromised the personal data of thousands of students. In total, 88 students had their entire records accessed and another 4,400 had “very basic data” accessed and downloaded in the attack. While the university has contacted the National Crime Agency to report the attack, they insist that student data hasn’t been used to instigate additional cybercrimes, an expansive statement that undermines the risk of data access on the Dark Web. Moving forward, the university will be responsible for upgrading the IT infrastructure while navigating the increased scrutiny from media, students, and governing bodies. | |
Individual Risk: 2.142 = Severe Risk: Those impacted by the breach likely had their most sensitive personal information compromised. This information can have long-term consequences as cybercriminals often use stolen data to pull off future identity or financial crimes. Therefore, the victims should enroll in credit and identity monitoring services to ensure that their information is secure, and they should pursue any assistance necessary help protect their personal information. |
Customers Impacted: 4,488
How it Could Affect Your Customers’ Business: In many ways, the university’s response is cavalier, presuming that the damage from a data breach is limited to the immediate aftermath of the attack. Data breaches can have long-term consequences for victims, and impacted institutions have a responsibility to minimize the risk by providing the supportive services necessary to provide tangible identity protection and peace of mind.
ID Agent to the Rescue: SpotLight ID allows MSPs, Resellers and Channel Partners to deliver comprehensive personal identity protection for clients’ employees and customers, ultimately safeguarding corporate systems. Get started here: https://www.idagent.com/identity-monitoring-programs.
France – Sephora
https://www.infosecurity-magazine.com/news/sephora-warns-users-of-data-breach/
Exploit: Unauthorized database access
Sephora: Paris-based multinational chain of personal care and beauty stores
Risk to Small Business: 2 = Severe: Data breaches have ongoing consequences for businesses and their customers and mitigating the damage for all parties is a top priority after a breach is discovered. In this case, Sephora needs to protect their customers from additional cybercrime, which includes providing credit or identity monitoring services to proactively spot malicious activity. At the same time, detecting their customers’ data on the Dark Web can mitigate a threat by giving people a chance to respond before another attack occurs. | |
Individual Risk: 2 = Severe: The breach exposed customers’ names, dates of birth, gender, email addresses, encrypted passwords, and other cosmetic-related information. While the company believes that the information hasn’t been misused, personally identifiable information can quickly make its way to the Dark Web where it can be used for everything from fraud to account takeovers. Therefore, those impacted by the breach should change their account passwords, especially those that are the same as their Sephora account, and they should monitor their accounts for suspicious or unusual activity. |
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Data breaches have ongoing consequences for businesses and their customers and mitigating the damage for all parties is a top priority after a breach is discovered. In this case, Sephora needs to protect their customers from additional cybercrime, which includes providing credit or identity monitoring services to proactively spot malicious activity. At the same time, detecting their customers’ data on the Dark Web can mitigate a threat by giving people a chance to respond before another attack occurs.
ID Agent to the Rescue: We go into the Dark Web to keep you out of it. Dark Web ID is the leading Dark Web monitoring platform in the Channel. The award-winning platform combines human and sophisticated Dark Web intelligence with search capabilities to identify, analyze and proactively monitor for an organization’s compromised or stolen employee and customer data. Schedule a demo today: https://www.idagent.com/dark-web/#contact.
Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
In Other News:
Capital One Data Breach Impacts US and Canadian Customers
An expansive data breach at the credit card juggernaut, Capital One Financial, has compromised the personal information for more than 100 million US and Canadian customers.
The breach exposed the personal data for more than six-million Canadians, making it one of the most significant data breaches in the country’s history. Capital One, which provides Mastercard credit cards for retailers like Costco Wholesale and Hudson Bay Company, noted that the data is primarily restricted to consumers and small businesses who applied for a credit card between 2005 and 2019.
The data includes names, addresses, postal codes, phone numbers, dates of birth, and incomes. For US customers, the stolen data also includes 80,000 linked bank account numbers and 140,000 social security numbers.
The incident is just the latest wide-spread data breach impacting small businesses and consumers, making their preemptive data protection a must-have element of personal or organization data security. For example, ID Agent’s Dark Web monitoring services can identify if an organization’s data is made available on the Dark Web, providing them with an opportunity to enhance their security posture before an attack takes place.
What We’re Listening to:
Know Tech Talks
Security Now
Defensive Security Podcast
Small Business, Big Marketing – Australia’s #1 Marketing Show!
IT Provider Network – The Podcast for Growing IT Service
TubbTalk – The Podcast for IT Consultants
Risky Business
CHANNELe2e
A Note for Your Customers:
New Malware Strain Targets Windows Users
A new malware strain, SystemBC, targets Windows computers with a multifaceted attack that can wreak havoc on their users.
In addition to infecting computers with the primary strain of malware, SystemBC contains an on-demand proxy component that allows other malware stains to integrate with infected computers. Bad actors can use this arrangement to install trojans, ransomware, and other malware on users’ computers.
This iterative approach to malware illustrates the ever-changing cybersecurity landscape that threatens every organization. With the cost of a data breach growing each year, companies have every incentive to protect their IT infrastructure. Although the challenges are immense, partnering with qualified professionals (Like us!) can ensure that your organization is always ready to combat the latest threats.
Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in entirety) for your own social media and marketing efforts! Just send an email to [email protected] to let us know!
Not a Partner? Learn more about Dark Web ID™ and the benefits it holds for your Business. Contact us today!