The Week in Breach: 08/21/19 – 08/27/19
This week, malware makes networks unusable, gamers lose control of their personal data, and employees are stunningly resistant to improving their account passwords.
Dark Web ID Trends:
Top Source Hits: ID Theft Forums
Top Compromise Type: Domain
Top Industry: Education & Research
Top Employee Count: 501+ Employees
United States – Rhode Island Ear, Nose, and Throat Physicians Inc.
https://www.hipaajournal.com/rhode-island-healthcare-provider-hacked-3000-records-potentially-compromised/
Exploit: Unauthorized database access
Rhode Island Ear, Nose, and Throat Physicians Inc.: Specialty healthcare practice providing family care for diseases of the ears, nose, and throat
Risk to Small Business: 1.666 = Severe: Hackers accessed a patient database that contained personally identifiable information for patients served by the practice between May 1st and June 12th. Third-party forensic IT specialists determined that information wasn’t copied or downloaded. Regardless, the practice will incur the cost of updating their protocols, and also be subjected to regulatory scrutiny. This could eventually result in additional HIPAA fines, which will negatively affect their bottom line. | |
Individual Risk: 2.285 = Severe: For those impacted by the breach, personal information, including names, dates of birth, and clinical data was exposed. In some cases, patients had their Social Security numbers compromised as well. Since this information can quickly spread online and onto the Dark Web, identity monitoring services can help identify potential misuses in the future. |
Customers Impacted: 2,493
How it Could Affect Your Customers’ Business: Personal data can quickly make its way to the Dark Web marketplaces where it is often used to facilitate crippling attacks. Therefore, businesses bear the responsibility of protecting and informing their customers of what happens to compromised information. With the CCPA on the brink of being implemented, healthcare companies aren’t the only ones that face the threat of legal penalties.
ID Agent to the Rescue: Dark Web ID™ alerts MSPs when their customers’ employee emails and passwords have been compromised and are for sale to the highest bidder, before a breach occurs. Learn how you can partner up with us here: https://www.idagent.com/dark-web.
United States – Massachusetts General Hospital
https://www.bostonglobe.com/metro/2019/08/22/mgh-reports-data-breach-that-exposed-information-nearly-people/Cj7S671ykepHZdbSlRojaI/story.html
Exploit: Unauthorized database access
Massachusetts General Hospital: The largest teaching hospital of Harvard Medical School
Risk to Small Business: 1.555 = Severe: Massachusetts General Hospital (MGH) has begun notifying patients of a data breach in two of the hospital’s computer programs. The event first occurred in June, but the hospital waited more than two months before notifying patients, significantly restricting their opportunity to take precautionary measures before the data is further misused. Now, MGH is incurring the cost of third-party security analysts, and they will be subjected to additional regulatory scrutiny because of the sensitive nature of their business. | |
Individual Risk: 2.428 = Severe: The data breach exposed personal information for patients participating in select clinical trials. The information includes patient names, dates of birth, medical record numbers, and medical histories. However, Social Security numbers and financial data was not exposed to hackers. Despite the elongated timeframe, those impacted by the breach should review their accounts for suspicious activity, and they should enroll in identity monitoring services to ensure their information’s security moving forward. |
Customers Impacted: 10,000
How it Could Affect Your Customers’ Business: Especially for businesses operating in highly-regulated industries, protecting personal information is of the utmost importance. However, when a mistake is made, every business needs to supportive resources in place to hasten a full recovery and to begin repairing the intense reputational damage that accompanies a cybersecurity incident. In doing so, companies protect their customers, which could make a big difference when securing their loyalty in the future.
ID Agent to the Rescue: Backed by ID Agent’s $1 million identity theft restoration policy, SpotLight ID™ allows MSPs’ clients to protect customers while enhancing their overall cybersecurity awareness. Learn more: https://www.idagent.com/identity-monitoring-programs.
United States – City of Borger
http://abc7amarillo.com/news/local/city-of-borger-releases-update-on-restoration-efforts-following-ransomware-attack
Exploit: Ransomware
City of Borger: Local government administration serving Borger, Texas
Risk to Small Business: 1.666 = Severe: A ransomware attack on the city’s IT infrastructure has crippled their ability to conduct business. The attack was part of a targeted effort impacting 20 Texas municipalities, and it cut off access to basic city services like public records, bill payments, and communications systems were inaccessible. Fortunately, the city has been able to restore several functions without paying the ransom, but several services remain unavailable.
Individual Risk: No personal information was compromised in the breach. |
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware attacks increasingly afflict local governments and small businesses that often don’t have robust resources to devote to cybersecurity initiatives. However, cybersecurity experts that can identify and address potential vulnerabilities are a relative bargain compared to the tangible and less quantifiable costs associated with a ransomware attack.
ID Agent to the Rescue: Monitoring the Dark Web for stolen credentials is critical for MSPs who want to provide comprehensive security to their customers. BullPhish ID™ compliments that data with simulated phishing attacks and security awareness training campaigns to educate employees, making them the best defense against cybercrime: https://www.idagent.com/bullphish-id.
United States – Fargo Public Schools
https://www.valleynewslive.com/content/news/Fargo-Public-Schools-hit-by-nationwide-data-breach–557436201.html
Exploit: Unauthorized database access
Fargo Public Schools: Public school district serving students in Fargo, North Dakota
Risk to Small Business: 1.888 = Severe: An expansive data breach at a third-party vendor compromised students’ personally identifiable information. The breach is attributed to Pearson, but the cost of containment and restoration will fall squarely on the district’s shoulders. Consequently, the district will endure the cost of updating its data privacy protocols and the increased public and media scrutiny that often accompany a data breach. | |
Individual Risk: 2.285 = Severe: Hackers accessed students names, birthdates, and student ID numbers. However, Social Security numbers or payment information were not compromised. Unfortunately, even small amounts of personal information can be used to enact future identity or cybercrimes. Therefore, those impacted by the breach should enroll in the provided identity monitoring services while also being aware that their information could be used against them in future phishing or other cyber-attacks. |
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Today’s business environment often depends on third-party partnerships that can increase an organization’s capabilities. However, when it comes to data privacy, these relationships can also create vulnerabilities, so cybersecurity protocols need to be a top priority when entering into these relationships. Moreover, having customer protection services in place can help mitigate the risks of a data privacy event negatively impacting your customers.
ID Agent to the Rescue: SpotLight ID allows MSPs, Resellers and Channel Partners to deliver comprehensive personal identity protection for clients’ employees and customers, ultimately safeguarding corporate systems. Get started here: https://www.idagent.com/identity-monitoring-programs.
Denmark – Tivoli
https://news.cgtn.com/news/2019-08-18/Denmark-s-most-popular-amusement-park-Tivoli-hacked-Jg27uV6Ida/index.html
Exploit: Intelligent brute force attack
Tivoli: Popular European amusement park based in Copenhagen, Denmark
Risk to Small Business: 2 = Severe Risk: Hackers used an intelligent brute force attack to access the personal data for thousands of guests. The data breach impacted the amusement park’s My Tivoli website, a guest website providing information and payment opportunities for the park’s visitors. Not only does this breach bode poorly for the park’s customer relations, but these credentials are often acquired on the Dark Web, meaning Tivoli could be vulnerable to similar attacks in the future. | |
Individual Risk: 2.428 = Severe Risk: This extensive data breach impacted significant amounts of personal information. Those impacted by the breach could have their names, addresses, phone numbers, email addresses, dates of birth, and credit card information exposed. This information can quickly make its way to the Dark Web, and those impacted should take every precaution, including obtaining credit and identity monitoring services, to ensure their data’s integrity. |
Customers Impacted: 1,000
How it Could Affect Your Customers’ Business: Protecting customer data is critical for every company, and data breaches predicated on previously stolen information represent a real vulnerability for many platforms. To put it simply, preventing future data breaches often means determining the integrity of employee and customer credentials. By identifying compromised credentials, companies can take the necessary precautions to prevent a data breach before it occurs.
ID Agent to the Rescue: We go into the Dark Web to keep you out of it. Dark Web ID™ is the leading Dark Web monitoring platform in the Channel. The award-winning platform combines human and sophisticated Dark Web intelligence with search capabilities to identify, analyze and proactively monitor for an organization’s compromised or stolen employee and customer data. Schedule a demo today: https://www.idagent.com/dark-web/#contact.
Germany – Fanatec
https://www.pcmag.com/news/370363/peripheral-maker-fanatec-hacked-customer-details-stolen
Exploit: Unauthorized database access
Fanatec: Maker and distributor of gaming peripherals
Risk to Small Business: 1.777 = Severe Risk: Hackers infiltrated the company’s global online store, gaining access to customers’ personal data along the way. The breach occurred on August 16th, and it’s unclear how long the hackers had access to customer data before Fanatec resolved the issue. In response, the company has reset all customer account passwords. The company hired a third-party IT security company to audit their protocols to prevent a similar breach in the future, but there is no way to retrieve the information now that it is available online. | |
Individual Risk: 2.142 = Severe Risk: Fanatec didn’t disclose the specific information compromised in the breach, but because hackers infiltrated the online store, users should assume that all relevant personal information and financial data could be compromised. In addition to contacting credit lenders, users should carefully monitor their accounts for suspicious activity, and they should enroll in monitoring services that can provide long-term oversight of their credentials. |
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Online shopping is a critical outlet for many companies, allowing them to embrace a global consumer base while limiting their on-the-ground presence. Data breaches undermine customers’ confidence in these services, and many won’t return to an online store after it was compromised in a breach. Therefore, cybersecurity should be top-of-mind for every business with an online store, and a strong defense posture is the most beneficial expression of this priority.
ID Agent to the Rescue: With BullPhish ID, MSPs can provide a more complete picture of a company’s security posture and potential risk, transforming the weakest links of an organization into their strongest points of protection. Find out how you can get started with us here: https://www.idagent.com/bullphish-id.
Australia – New Payments Platform Australia
https://au.finance.yahoo.com/news/payid-data-breach-expose-big-bank-customer-details-044612621.html
Exploit: Exposed database
New Payments Platform Australia: National payment platform for Australia
Risk to Small Business: 1.888 = Severe Risk: An exposed database related to the platform’s PayID lookup function inadvertently exposed users’ personal information. The national payment platform is mutually owned by 13 of the country’s major financial institutions, and this data breach is its second cybersecurity incident this summer. Australians in particular have shown that they are often unwilling to return to platforms that compromise their personal data, which means that New Payments Platform Australia will need to launch a concerted effort to restore their damaged reputation while also working to repair the significant cybersecurity lapses impacting their platform. | |
Individual Risk: 2.285 = Severe Risk: Although officials are quick to assert that hackers can’t use stolen information to access or withdraw customer money, personally identifiable information was made available. Specifically, hackers accessed customer names, PayID usernames, phone numbers, and BSBs. While this information will not allow hackers to directly withdraw funds, it still has a long shelf life on the Dark Web where it can be used to perpetuate additional cybercrimes. Therefore, everyone impacted by the breach needs to be critical of digital communications, and they should enroll in the credit and identity monitoring services that can provide long-term oversight of their personal information. |
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Today’s consumers are increasingly wary of dealing with companies that can’t protect their customers’ data. Consequently, data breaches have cascading consequences that include IT repair costs, growing recovery expense, and the less-understood obligation to restore their customers’ confidence in their cybersecurity protocols. Rather than waiting to respond, every business should prioritize threat identification and response as a must-have priority.
ID Agent to the Rescue: With BullPhish ID, MSPs can provide a more complete picture of a company’s security posture and potential risk, transforming the weakest links of an organization into their strongest points of protection. Find out how you can get started with us here: https://www.idagent.com/bullphish-id.
Malaysia – Astro Malaysia Holdings
https://themalaysianreserve.com/2019/08/23/astro-hit-by-2nd-data-breach-in-14-month-period/
Exploit: Unauthorized database access
Astro Malaysia Holdings: Media and entertainment holding company
Risk to Small Business: 2 = Severe Risk: Hackers gained access to the company’s Mykap database, compromising the customer data for 0.2% of the company’s millions of users. Although the company took immediate action to constrain the event, it’s their second data breach in 14 months, which raises serious questions about their data security standards while giving customers a reason to take their business elsewhere. | |
Individual Risk: 2.285 = Severe Risk: Customer’s financial information was not disclosed in the breach, but hackers still accessed personal details in their Mykad accounts. This includes names, dates of birth, addresses, gender, race, and NRIC numbers. Victims of the previous Astro breach had their data sold on the Dark Web, and those impacted by this week’s breach should assume that their personal information will be made available as well. Consequently, they need to enroll in identity monitoring services to know if this information is being deployed by bad actors to perpetuate other crimes. |
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Surveys suggest that customers are often unwilling to work with a company after they are victimized by a data breach, and those prospects don’t improve when a company endures multiple cybersecurity lapses in a short time period. To put it simply, cybersecurity is a bottom-line issue for every business. What’s more, since stolen data can have long-term consequences for both the company and its customers, understanding what happens to data after it’s stolen data can help mitigate some of the consequences.
ID Agent to the Rescue: Dark Web ID monitors the Dark Web to find out if your employee or customer data has been compromised. We work with MSSPs to strengthen their security suite by offering industry-leading detection. Discover more at: https://www.idagent.com/bullphish-id.
Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
In Other News:
The First Half of 2019 Sees Precipitous Rise in Data Breaches
A recent report by Risk Based Security confirmed what many people already knew: data breaches are increasing in frequency and scope.
In the first half of 2019, there were 3,816 data breaches, a 54% increase from the same period in 2018. In total, more than 4 billion records were stolen. While the majority of these records, 3.2 billion were stolen as part of eight high-profile breaches, more than one billion records were taken in lesser known data heists from smaller organizations.
The healthcare sector led all industries with 224 data breaches while retail and finance accounted for 199 and 183 breaches respectively. Meanwhile government and education have collectively endured nearly 300 data breaches.
According to the report, email addresses and passwords were the most sought after data, occurring in more than 70% of data heists. In contrast, only 11% of data breaches contained financial information like credit card numbers.
Email addresses and passwords can be used to promulgate additional cybercrimes, and companies need to train their employees to protect this information as phishing scams and other attacks threaten the integrity of these credentials and business’ entire cyber infrastructure. For starters, implementing comprehensive awareness training can help strengthen the security of your company’s email addresses and passwords.
What We’re Listening to:
Know Tech Talks
Security Now
Defensive Security Podcast
Small Business, Big Marketing – Australia’s #1 Marketing Show!
IT Provider Network – The Podcast for Growing IT Service
TubbTalk – The Podcast for IT Consultants
Risky Business
CHANNELe2e
A Note for Your Customers:
Google Estimates 1.5% of All Internet Passwords Vulnerable to Spearphishing
Sometimes cybercriminals get too much credit for their ability to infiltrate businesses’ IT infrastructure. In many cases, employees’ bad password practices actually cause the vulnerability, a reality that was confirmed in a Google study released this week.
In the report, Google estimates that 1.5% of all logins used on the internet are a vulnerability to credential stuffing attacks because they were disclosed in previous data breaches. What’s more, even when companies or employees were notified of this vulnerability, only 26% of people changed their passwords to secure their accounts.
However, there is one silver lining. For those who did update their information, 94% created a password that was as strong or stronger than the original password. Ultimately, it’s a reminder that many security vulnerabilities are fixable, and partnering with qualified cybersecurity experts can help you identify these vulnerabilities before they create a catastrophe.
Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in entirety) for your own social media and marketing efforts! Just send an email to [email protected] to let us know!
Not a Partner? Learn more about Dark Web ID™ and the benefits it holds for your Business. Contact us today!