The Week in Breach: 08/28/19 – 09/03/19
This week, customer loyalty programs are compromised, employees continue to fall for phishing scams, and data breach costs continue to increase.
Dark Web ID Trends:
Top Source Hits: ID Theft Forums
Top Compromise Type: Domain
Top Industry: Education & Research
Top Employee Count: 501+ Employees
United States – Lyons Insurance
https://finance.yahoo.com/news/lyons-companies-provides-notice-data-233000212.html
Exploit: Unauthorized email account access
Lyons Insurance: Independent insurance broker and employee benefits firm
Risk to Small Business: 1.333 = Extreme: An unauthorized party gained access to two employee email accounts that contained customers’ personally identifiable information. The data from one account was available between February 4th and March 12th, and information from the second account was available for several hours on March 12th. The company hired a third-party cybersecurity firm to audit their security standards, and they’ve made changes to prevent a similar breach in the future. However, it’s unclear why the company waited so long to notify customers, and future reparations will not be able to recover the damage of the data that’s already stolen. | |
Individual Risk: 2.143 = Severe: Impacted email accounts contained personal information, including customers’ names, dates of birth, contact information, drivers’ license information, financial information, medical record numbers, patient identification numbers, and treatment-related information. In addition, some users had their Social Security numbers compromised in the breach. Lyons is providing free credit monitoring and identity restoration services for everyone impacted by the breach. Since this information is incredibly valuable to cybercriminals on the Dark Web, breach victims should take advantage of these services to help ensure the integrity of their data. |
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Few things can cripple a business like a data breach, and post-breach security initiatives can’t help those whose personal information is already available on underground marketplaces. Consumers and employees are increasingly unwilling to associate with companies that cannot protect their information, making cybersecurity a bottom-line problem for every business. Identifying and addressing vulnerabilities before a breach occurs offers tangible benefits over waiting until after a data disaster to make changes.
ID Agent to the Rescue: Designed to protect against human error, BullPhish ID™ simulates phishing attacks and manages security awareness training campaigns to educate employees, making them the best defense against cybercrime. Learn more: https://www.idagent.com/bullphish-id.
United States – Presbyterian Healthcare Services
https://www.scmagazine.com/home/security-news/data-breach/almost-200k-affected-by-presbyterian-healthcare-services-data-breach/
Exploit: Phishing scam
Presbyterian Healthcare Services: Private not-for-profit healthcare system and provider
Risk to Small Business: 1.555 = Severe: An employee unwittingly opened a phishing email that provided hackers with access to a treasure trove of patients’ personally identifiable information. The breach occurred on or before May 9th, and it wasn’t discovered for nearly a month. While the healthcare provider began notifying those impacted by the breach in early August, the latest accounting reveals even more extensive damage than originally identified. Moreover, Presbyterian Healthcare Services expects that they still have to understand the full scope of the breach. Healthcare is a highly regulated industry, so Presbyterian Healthcare Services will endure a significant repair cost, along with increased scrutiny from regulatory bodies. | |
Individual Risk: 2.571 = Moderate: While hackers didn’t have access to electronic health records or billing information, they were able to access patient names, dates of birth, Social Security numbers, and health plan information. Although Presbyterian Healthcare Services hasn’t found the data on the Dark Web yet, those impacted by the breach should assume that it will be exploited for fraud in the near future. |
Customers Impacted: 183,000
How it Could Affect Your Customers’ Business: Companies that store copious amounts of sensitive personal information are sitting ducks for data thieves and have an obligation to take necessary precautions to protect their customers’ data. Fortunately, phishing scams are entirely defensible, and comprehensive awareness training can render such attacks useless. With phishing attacks on the rise, this training should be mandatory for every company storing personal data of employees or customers.
ID Agent to the Rescue: BullPhish ID simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime. Click the link to get started: https://www.idagent.com/bullphish-id.
United States – Oregon Judicial Department
https://www.sfgate.com/news/article/Oregon-Judicial-Department-hit-by-phishing-attack-14400481.php
Exploit: Phishing scam
Oregon Judicial Department: Judicial branch of the state of Oregon
Risk to Small Business: 1.444 = Extreme: A phishing campaign effectively duped five employees into opening malicious emails that compromised the personal information of thousands of people. The attack occurred on July 15th, and it left affected accounts exposed for four hours before IT admins could disable access to personal data. Consequently, the department is responsible for providing credit monitoring services to impacted individuals, an expense that will hinder the efforts of an already cash strapped organization. |
Individual Risk: 2.286 = Severe: The data breach exposed personally identifiable information, including names, full and partial dates of birth, financial information, health data, and Social Security numbers. Anyone impacted by the breach should enroll in the provided credit monitoring services to keep tabs on their financial data. Meanwhile, they should be vigilant about monitoring their personal accounts for suspicious or unusual activity. |
Customers Impacted: 6,607
How it Could Affect Your Customers’ Business: Phishing scams may be incredibly prevalent, but they are also entirely preventable. Despite the best efforts of automated detection services, businesses should assume that some phishing emails will make their way to your employees’ inboxes, making comprehensive awareness training a critical component of holistic data security. By training employees to spot and respond to phishing campaigns, it’s possible to mitigate persistent attacks while demonstrating cybersecurity prowess.
ID Agent to the Rescue: Monitoring the Dark Web for stolen credentials is critical for MSPs who want to provide comprehensive security to their customers. BullPhish ID compliments that data with simulated phishing attacks and security awareness training campaigns to educate employees, making them the best defense against cybercrime: https://www.idagent.com/bullphish-id.
United States – Wisconsin Diagnostic Laboratories
https://www.hipaajournal.com/amca-data-breach-total-nears-25m-as-wisconsin-diagnostic-laboratories-confirms-115k-record-breach/
Exploit: Unauthorized database access
Wisconsin Diagnostic Laboratories: Medical laboratory and testing service provider
Risk to Small Business: 1.556 = Severe: A June 2019 data breach at one of the company’s partners has compromised the personal information of patients at Wisconsin Diagnostic Laboratories. The company has severed the relationship with their third-party vendor, and they are taking steps to retrieve and secure compromised patient data. Of course, retrieving information once it reaches the web is extremely difficult, and Wisconsin Diagnostic Laboratories will certainly face regulatory scrutiny that will cost time and resources. | |
Individual Risk: 2.857 = Moderate: The data breach revealed personal data including patient names, dates of birth, dates of service, and other medical information. In some cases, payment information, including credit card numbers and bank account details, was exposed. Social Security numbers and payment data were excluded in the breach. Since this type of information is frequently exchanged on the Dark Web, those impacted by the breach should monitor their accounts closely. |
Customers Impacted: 114,985
How it Could Affect Your Customers’ Business: Today’s business environment often requires partnering with third-parties to provide the best experiences for your customers. Unfortunately, this also increases your company’s exposure to various cybersecurity risks, and every business needs to have effective recovery protocols in place to respond to these incidents. In this way, companies can benefit from relationships with strategic partners with cybersecurity expertise in order to proactively secure sensitive information.
ID Agent to the Rescue: Dark Web ID™ can find out how payment data is being used on the Dark Web, even in the case of a malware attack. We work with MSPs to strengthen their security suite by offering industry-leading detection. Find out more here: https://www.idagent.com/dark-web.
United Kingdom – Teletext Holidays
https://www.verdict.co.uk/teletext-holidays-data-breach-customer-call/
Exploit: Exposed database
Teletext Holidays: Travel company offering short- and long-term beach vacation planning services
Risk to Small Business: 1.778 = Severe: In a data breach that is relatively unprecedented in today’s digital environment, Teletext Holidays exposed their customers’ personal information collected from recorded call center interactions. The calls, which took place on April 10, 2016, were exposed on an unsecured database, and they include information from customers speaking with service representatives with recorded dialogue while customers were on hold. The breach will likely spark customer backlash, and Teletext Holidays must work to improve its cybersecurity stance even as they navigate the negative customer dynamics that will almost certainly accompany the breach. | |
Individual Risk: 2.571 = Moderate: The recordings revealed customer data including names, dates of birth, partial payment information, and other sensitive details. In addition, recordings that were made of customers on hold contain personal conversations that constitute a serious breach of privacy for Teletext Holidays’ customers. This data can be used to compile more comprehensive profiles that can proliferate even more extensive cybercrimes, and those impacted need to guard themselves against the risk of identity or financial fraud. |
Customers Impacted: 212,000
How it Could Affect Your Customers’ Business: Privacy is becoming a prominent concern for many consumers, and they are demonstrating an unwillingness to work with companies that can’t protect their data. Especially when data breaches reveal private details, every business will face an uphill battle to restore their customers’ confidence. Therefore, preparing a robust response effort can help curtail some of the reputational costs that negatively impacts businesses’ bottom line.
ID Agent to the Rescue: Dark Web ID monitors the Dark Web to find out if your employee or customer data has been compromised. We work with MSSPs to strengthen their security suite by offering industry-leading detection. Discover more at: https://www.idagent.com/dark-web/.
Germany – Mastercard Priceless Specials Loyalty Program
https://www.bleepingcomputer.com/news/security/mastercard-reports-data-breach-to-german-and-belgian-dpas/
Exploit: Unauthorized database access
Mastercard Priceless Specials Loyalty Program: Customer loyalty program for Mastercard users
Risk to Small Business: 1.667 = Severe: Two extensive spreadsheets containing customer data were published online, an event that led Mastercard to uncover a data breach of its loyalty program. The Priceless Specials loyalty program is managed by a third-party, but this data breach will have profound implications for the credit company. Notably, because the incident falls under the purview of GDPR regulators, Mastercard could be responsible for fines and penalties that will directly impact their bottom line. In addition, Mastercard has taken its loyalty program completely offline, which could erode their reputation. Along with incurring the immediate costs of trying to remove customer data from the internet and for providing credit monitoring services to those impacted by the breach. | |
Individual Risk: 2.429 = Severe: Although the data breach did not impact customers payment details, it did expose significant amounts of personally identifiable information. This data includes names, payment card numbers, email addresses, home addresses, phone numbers, gender, and dates of birth. Mastercard is providing free credit monitoring services to those impacted by the breach. Since this information can quickly spread on the Dark Web, everyone should be especially careful to monitor online correspondences and accounts for unusual activity. |
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Mastercard is working diligently to have the information removed from the internet, an approach that is unlikely to yield long-term success. However, that doesn’t mean that companies can’t strive to locate their customers’ information after it’s stolen. In doing so, they can help ensure that it is not sold on the Dark Web nor being used to promulgate additional cybercrimes. At the same time, these initiatives can help restore customer confidence and affinity, which can help businesses recover from brand erosion and customer attrition.
ID Agent to the Rescue: Dark Web ID alerts MSPs when their customers’ employee emails and passwords have been compromised and are for sale to the highest bidder, before a breach occurs. Learn how you can partner up with us here: https://www.idagent.com/dark-web.
Lithuania – Hostlinger
https://techcrunch.com/2019/08/25/web-host-hostinger-data-breach/
Exploit: Unauthorized database access
Hostlinger: Employee-owned web hosting provider and internet domain registrar
Risk to Small Business: 2 = Severe: Unauthorized database access was detected on one of Hostinger’s servers, prompting the platform to reset all of its user passwords. Hackers obtained an access token that allowed them to view customer data without entering a username or password. The customer data was scrambled using the SHA-1 algorithm, an outdated approach that the company has since updated. In total, the breach impacts nearly half of the company’s customers, and they face an uphill battle to repair the IT infrastructure and to restore their customers’ confidence. | |
Individual Risk: 2.571 = Moderate: Sensitive data, including usernames, email addresses, and passwords, was exposed in the breach. Fortunately, financial data was spared in the breach, but that doesn’t mean that victims are safe. Personal information like this can be used to perpetuate additional cybercrimes, and those impacted by the breach need to be especially vigilant about examining digital communications and monitoring their accounts for suspicious activity. |
Customers Impacted: 14,000,000
How it Could Affect Your Customers’ Business: Among the many repercussions of a data breach, companies have to manage the blowback that inevitably comes from customers impacted by the breach. In the case of Hostlinger, customers are already waging a social media campaign against the company, which is worsening the company’s recovery efforts. Companies can help mitigate this type of PR disaster by identifying what happens to their data after it is hacked and by providing supportive services for customers and employees.
ID Agent to the Rescue: We go into the Dark Web to keep you out of it. Dark Web ID is the leading Dark Web monitoring platform in the Channel. The award-winning platform combines human and sophisticated Dark Web intelligence with search capabilities to identify, analyze and proactively monitor for an organization’s compromised or stolen employee and customer data. Schedule a demo today: https://www.idagent.com/dark-web/#contact.
Australia – TGI Fridays
https://threatpost.com/tgi-fridays-data-exposure/147849/
Exploit: Exposed database
TGI Fridays: Restaurant chain operating as a unit of the Sentinel Capital Partners and TriArtisan Capital Partners
Risk to Small Business: 2.111 = Severe: A database for TGI Fridays’ Australia customer loyalty program was left exposed to the internet, revealing sensitive customer data. The database included back-up files that contained personally identifiable information but did not include payment elements. The company is encouraging users to change their passwords, and they are partnering with cybersecurity experts to prevent similar problems in the future. However, those efforts won’t be able to reclaim customer data, and the company will face an uphill battle to restore customer confidence. | |
Individual Risk: 2.857 = Moderate: TGI Fridays has not disclosed the specific information exposed in the breach, but users should assume that some degree of personally identifiable information was exposed to the internet. Previous breaches of similar programs saw usernames and passwords compromised, and that information was used to facilitate credential stuffing attacks. Therefore, those impacted by this event should be especially careful to monitor their personal accounts for suspicious activity. |
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: When it comes to protecting customer data, companies are at a significant disadvantage. Hackers can try innumerable approaches to steal personal information, and businesses are tasked with protecting their infrastructure against all of them. However, rather than waiting for a breach to identify vulnerabilities, businesses should prioritize regular cybersecurity assessments to spot problems before they are exploited by bad actors.
ID Agent to the Rescue: With BullPhish ID, MSPs can provide a more complete picture of a company’s security posture and potential risk, transforming the weakest links of an organization into their strongest points of protection. Find out how you can get started with us here: https://www.idagent.com/bullphish-id.
Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
In Other News:
Data Breaches Expected to Cost Businesses $5 Trillion by 2024
By now, every business should be aware of the costs associated with a data breach. Unfortunately, such damages are not being contained. Instead, they are rising steadily, culminating in a $5 trillion price tag by 2024, according to the latest report from Juniper Research.
A recent report, “The Future of Cybercrime & Security,” found that regulatory fines and lost business will be the primary drivers of this expense.
Consumers continually demonstrate a disdain for platforms that can’t protect their data, making opportunity cost one of the most arduous, often immeasurable consequences of a data breach.
At the same time, the report notes that cybercrimes are likely to accelerate as hackers deploy increasingly sophisticated technology, like AI, to perpetuate even more disruptive cybercrimes.
However, Juniper Research found that cybersecurity-related expenditures are only expected to increase by 8% over the next four years, meaning that enterprises are turning to other methodologies to protect their data. Most prominently, the report concluded, employee awareness training is seen as the most efficient and cost-effective way to protect a company’s data.
Regardless of the technique, one truth is certain. The cybersecurity landscape will not look the same in four years, and every business needs to be prepared to adapt and meet the shifting challenges of its time.
https://finance.yahoo.com/news/business-losses-cybercrime-data-breaches-060000378.html
What We’re Listening to:
Know Tech Talks
Security Now
Defensive Security Podcast
Small Business, Big Marketing – Australia’s #1 Marketing Show!
IT Provider Network – The Podcast for Growing IT Service
TubbTalk – The Podcast for IT Consultants
Risky Business
CHANNELe2e
A Note for Your Customers:
Ransomware Attacks Have Doubled in 2019
The scourge of ransomware attacks around the world are well documented, appearing in front-page headlines and disrupting everything from SMBs to local municipalities.
Even so, the scope of the problem is even more extensive than many people realize. The latest McAfee Labs Threat Report found a 118% rise in ransomware attacks in the first quarter of 2019.
The precipitous increase follows years of decline for malware as it appeared to fall out of vogue with cybercriminals. However, in 2019, the practice has been monetized by targeting SMBs and local governments, soft targets that don’t often have the resources to effectively update their defenses against ransomware.
The report found that three ransomware strains – Dharma, Ryuk, and GandCrab – are used in the vast majority of attacks, and McAfee notes that a large number of organizations are willing to pay six-figure payments to help ensure that such strategies will continue to adapt and remain relevant well into the future.
Given the high cost of recovering from a ransomware attack, the cybersecurity services that can fortify a company’s defenses are a relative bargain. Especially for SMBs, a strong defensive posture comes with the cost of doing business, and it’s more affordable than cybersecurity failure.
https://www.zdnet.com/article/cyber-crime-ransomware-attacks-have-more-than-doubled-this-year/
Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in entirety) for your own social media and marketing efforts! Just send an email to [email protected] to let us know!
Not a Partner? Learn more about Dark Web ID™ and the benefits it holds for your Business. Contact us today!