Please fill in the form below to subscribe to our blog

The Week in Breach: 10/09/19 – 10/15/19

October 16, 2019

This week, hackers hijack a shoe company’s email list, patients are upset about healthcare data breaches, and Twitter comes under fire for data misuse.

Dark Web ID Trends:

Top Source Hits: ID Theft Forums 
Top Compromise Type: 
Top Industry:
Education & Research
Top Employee Count:
501+ Employees 

United States – UAB Medicine

Exploit: Phishing attack
UAB Medicine: Academic medical center based in Birmingham, Alabama

1.51 – 2.49 = Severe Risk Risk to Small Business: 1.666 = Severe: A phishing attack tricked several employees into providing their email credentials to hackers, which subsequently exposed the protected health information for thousands of patients. The email purported to originate from a hospital executive, asking employees to participate in a fake business survey. Executives believe that hackers were trying to access the healthcare provider’s payroll system, but they were prevented from reaching this information. Regardless, the August 7th breach will have significant impact on the patients whose data was compromised and on UAB Medicine, as they will bear the cost of credit monitoring and identity theft protection services as well as the increased regulatory scrutiny because of the nature of the information involved.
2.5 – 3 = Moderate Risk

Individual Risk: 2.571 = Moderate: Hackers had access to patients’ protected health information, including names, medical record numbers, dates of birth, dates of service, location of service, and other medical-related information. Some patients also had their Social Security numbers compromised. UAB Medicine is encouraging anyone impacted by the breach to closely monitor their accounts and benefit statements for fraudulent activity. In addition, they should enroll in the year of free credit and identity monitoring services provided by UAB Medicine.

Customers Impacted: 19,557
How it Could Affect Your Customers’ Business: Despite your best efforts, phishing attacks will likely make their way into your employees’ inboxes at some point. Fortunately, comprehensive awareness training can empower employees to sidestep ongoing efforts at gaining access to your network and compromising your data. Given the growing costs associated with a data breach, the ROI on cybersecurity best practices is remarkably clear, and should be required for every employee with an email account.

ID Agent to the Rescue: Designed to protect against human error, BullPhish ID™ simulates phishing attacks and manages security awareness training campaigns to educate employees, making them the best defense against cybercrime. Learn more here:

United States – Magnolia Pediatrics

Exploit: Ransomware
Magnolia Pediatrics: Full service pediatric medical provider

1.51 – 2.49 = Severe Risk Risk to Small Business: 1.555 = Severe: A ransomware attack on the clinic’s IT company allowed hackers to access Magnolia Pediatrics’ network and encrypt it with ransomware. The company paid an undisclosed fee and received a decryption code to retrieve their information. Now, the practice has reset all user passwords, and they installed new firewalls and spam filters to protect against similar threats in the future. Of course, such retroactive measures cannot undo the costs associated with ransom payments, bad press, and negative publicity that could encourage patients to take their business elsewhere.
1.51 – 2.49 = Severe Risk

Individual Risk: 2.428 = Severe: Hackers encrypted patient data, including names, dates of birth, Social Security numbers, addresses, phone numbers, insurance information, and medical records. Magnolia Pediatrics doesn’t believe that any patient data was misused in the breach, but they are encouraging all users to monitor their credit card statements for unusual activity.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Whether companies choose to pay a ransom or restore their IT infrastructure, ransomware attacks are undoubtedly expensive. With additional financial repercussions that can last indefinitely, every company has thousands of reasons to protect their networks from damaging malware. Taking preventative steps before a breach occurs can save time, money, and personnel resources, making defensive maneuvers the cost-effective, advantageous approach to addressing the threat of ransomware.

ID Agent to the Rescue: It’s critical that your SMB customers understand the importance of cybersecurity. Goal Assist™ is an expansion of our White Glove Support that includes hands-on assistance with your direct sales interactions. Let us help to ensure you are getting the most from your Partnership selling Dark Web ID. ID Agent’s Partner Success Team will set you up for the win!

United States – TOMS

Exploit: Unauthorized database access
TOMS: Designer and producer of shoes, eyewear, coffee, apparel, and handbags

1.51 – 2.49 = Severe Risk Risk to Small Business: 2.333 = Severe: In an unusual cybersecurity incident, a hacker hijacked the mailing list for TOMS and sent a message encouraging customers to log off their devices and enjoy the outdoors. The message was not malicious in nature, but the hacker admitted that he accessed the platform for a significant time period before sending the email. The hacker also ridiculed bad actors, describing their actions in obscene language sent to TOMS customers. Fortunately, the hacker didn’t disrupt any other elements of TOMS’ IT infrastructure, but his actions highlight the company’s weak cybersecurity standards, which could negatively impact the company on many fronts.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Today’s customers value cybersecurity as highly as any other component of a company. This incident broadly publicized the company’s shortcomings, inviting media and customer scrutiny and serving as a warning for other companies to protect their IT environment at every level. This time, the breach was merely embarrassing, but the next one could be devastating.

ID Agent to the Rescue: With BullPhish ID, MSPs can provide a more complete picture of a company’s security posture and potential risk, transforming the weakest links of an organization into their strongest points of protection. Find out how you can get started with us here:

United States – Methodist Hospitals

Exploit: Phishing attack
Methodist Hospitals: Community-based healthcare system located in Gary, Indiana

1 – 1.5 = Extreme Risk Risk to Small Business: 1.222 = Extreme: A successful phishing attack against two employees compromised the private health data for thousands of patients. The incident occurred in June, but the healthcare provider didn’t finish investigating the breach until August. It’s unclear why the company waited two months before making the breach public. Regardless, Methodist Hospitals will face intense regulatory scrutiny due to the nature of information involved.
1.51 – 2.49 = Severe Risk Individual Risk: 2.142 = Severe: The compromised data was accessed on June 12th or between July 1st and July 8th. It included patient names, addresses, health insurance information, Social Security numbers, government ID information, passport numbers, financial account numbers, payment card information, electronic signatures, usernames, and passwords. This incredibly expansive data set has great value on the Dark Web, as it can be used to perpetuate additional cybercrimes. Therefore, those impacted by the breach should take every precaution to protect their data, including contacting their financial institutions and enrolling in credit and identity monitoring services

Customers Impacted: 68,039
How it Could Affect Your Customers’ Business: Today’s digital landscape is replete with threats, but companies are not defenseless. Phishing scams require employees to actively compromise their credentials, and comprehensive awareness training can equip team members to identify and report fraudulent communications, effectively rendering them useless and creating a safe environment for your customers’ data.

ID Agent to the Rescue: BullPhish ID simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime. Click the link to get started:

Canada – PAL Airlines

Exploit: Unauthorized database access
PAL Airlines: Economy airlines serving multiple locations

1.51 – 2.49 = Severe Risk Risk to Small Business: 1.777 = Severe: A single employee email account was compromised, giving hackers access to sensitive customer and employee data. In response, the company is working with the federal authorities to determine the exact cause and scope of the incident. In the meantime, the airline is making efforts to contact customers, a necessary next step but one that is also unlikely to reduce the blowback resulting from lax cybersecurity standards.
2.5 – 3 = Moderate Risk Individual Risk: 2.571 = Moderate: Although hackers only accessed limited amounts of personal information, they did have access to customer and employee names, dates of birth, and credit card information. This data can quickly spread on hacker forums and Dark Web marketplaces, so those impacted by the breach should notify their financial institutions of the breach while also monitoring their accounts for unusual or fraudulent activity.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Customers and regulatory bodies are increasingly unwilling to overlook companies that can’t protect their data. Therefore, even relatively small data breaches can have an outsized bottom-line impact that can far outlast the actual data loss event. In today’s digital landscape, minimizing risk exposure and ensuring appropriate defenses is a critical component of any successful business.

ID Agent to the Rescue: Helping your SMB customers understand the importance of security is no easy task. With Goal Assist, we offer hands-on assistance with your direct sales interactions, setting you up for the win by providing the resources necessary to make a case for Dark Web monitoring. Learn more here:

Canada – TransUnion

Exploit: Unauthorized database access
TransUnion: Consumer credit reporting agency

1.51 – 2.49 = Severe Risk Risk to Small Business: 2.111 = Severe: Using compromised user credentials, hackers accessed the personal information of Canadian TransUnion customers. The breach, which occurred between June 2019 and July 2019 and detected in August, shines a spotlight on the company’s delayed breach response and notification process. Although the company’s IT infrastructure wasn’t at fault, their inability to account for a holistic vulnerability that allowed hackers using stolen credentials to access their customers’ information, will bring negative media scrutiny and public attention to the company.
2.5 – 3 = Moderate Risk Individual Risk: 2.857 = Moderate: TransUnion did not release a specific overview of the compromised data; however, the sensitive nature of their business means that personally identifiable information was likely included in the event. Notably, the company acknowledged that credit report data was exposed in the breach. This can include individuals’ names, dates of birth, current and former addresses, information on existing card and loan obligations, social insurance numbers, and other sensitive data.

Customers Impacted: 37,000
How it Could Affect Your Customers’ Business: The deluge of data breaches in the past several years have made login credentials widely available to bad actors. Therefore, today’s companies should be proactive about identifying compromised credentials and taking intentional steps to limit accessibility using this information.

ID Agent to the Rescue: Dark Web ID™ monitors the Dark Web to find out if your employee or customer data has been compromised. We work with MSSPs to strengthen their security suite by offering industry-leading detection. Discover more at:

United Kingdom – Norfolk and Norwich University Hospital

Exploit: Accidental data exposure
Norfolk and Norwich University Hospital: Healthcare provider issuing services in Norfolk, England

1.51 – 2.49 = Severe Risk Risk to Small Business: 2 = Severe: A clerical error stemming from the hospital’s IT infrastructure resulted in eleven people receiving letters containing personal information from other patients. The breach was identified when a patient returned one of the letters to the hospital. Administrators are reaching out to those affected, but their efforts haven’t satiated the victims’ concerns. Instead, they are taking to the media to express their displeasure with the healthcare provider’s data security standards.

Individual Risk: No personal information was compromised in the breach.

2.5 – 3 = Moderate Risk Individual Risk: 2.571 = Moderate: The letters contained patients’ names, addresses, dates of birth, and reason for attendance. Because of the small scope of data exposure, patients’ carry little risk of identity theft or other related crimes, but they should be mindful that their information was accessible by unintended third parties.

Customers Impacted: 11
How it Could Affect Your Customers’ Business: Data exposure is a big deal to today’s consumers, and, regardless of the breach methodology, they will hold companies accountable. In this case, patients spoke directly with the media, expressing their displeasure with Norfolk and Norwich University Hospital’s data security protocols. This negative publicity can have far-reaching consequences that can reach much further than the initial damage of the data breach.

ID Agent to the Rescue: We go into the Dark Web to keep you out of it. Dark Web ID is the leading Dark Web monitoring platform in the Channel. The award-winning platform combines human and sophisticated Dark Web intelligence with search capabilities to identify, analyze, and proactively monitor for an organization’s compromised or stolen employee and customer data. Schedule a demo today:

Netherlands –

Exploit: Unauthorized database access Adult entertainment website

1.51 – 2.49 = Severe Risk Risk to Small Business: 1.888 = Severe: Hackers accessed a database for the adult website, attaining the personal details for thousands of users. Making matters worse, the bad actor is actively trying to sell this information on the Dark Web. While the sensitive nature of the information is somewhat unique, the incident underscores the robust market for personal details that can be used for everything from extortion schemes to spear phishing attacks.
2.5 – 3 = Moderate Risk Individual Risk: 2.714 = Moderate: Personally identifiable information, including email addresses, user names, IP addresses, and scrambled passwords were compromised. Those impacted by the breach should be especially leery of sextortion attempts that seek a cryptocurrency ransom in exchange for concealing embarrassing personal details from publication.

Customers Impacted: 250,000
How it Could Affect Your Customers’ Business: Consumers trust digital platforms to protect their personal information, and failure to do so can be detrimental to any business’s success. Simply put, any relevant business plan needs to include an intentional approach to data security that actively protects users’ information, and companies that can’t achieve these objectives are unlikely to remain competitive as consumers take their business elsewhere and regulatory consequences eat away at their profits.

ID Agent to the Rescue: Monitoring the Dark Web for stolen credentials is critical for MSPs who want to provide comprehensive security to their customers. BullPhish ID compliments that data with simulated phishing attacks and security awareness training campaigns to educate employees, making them the best defense against cybercrime:

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

In Other News:

Twitter Uses Two-Factor Data for Targeted Advertising 

Implementing cybersecurity best practices are critical for today’s companies, especially in regards to securing infrastructure throughout an increasingly complicated threat environment. Unfortunately, in many cases, organizations rely on their customers to adopt these priorities in order to effectively protect their data. 

These protocols include initiatives such as using strong, unique passwords to secure accounts and implementing two-factor authentication to further secure this information. Of course, companies undermine user adoption when they use that information to serve up targeted advertising.

This week, Twitter acknowledged that it used the phone number and email address data from its two-factor authentication protocol to developing targeted advertisements. The information was used by the company’s tailored audiences program that allows companies to create targeted advertisements by matching their own marketing lists with Twitter user data. The company resolved the issue on September 17th, but it’s unclear how long companies benefit from this security-centered information.

More importantly, this misuse of personal data might discourage users from adopting these security protocols in the future, a decision that would put both parties at risk for a data breach.

What We’re Listening to:

Know Tech Talks
Security Now
Defensive Security Podcast
Small Business, Big Marketing – Australia’s #1 Marketing Show!
IT Provider Network – The Podcast for Growing IT Service
TubbTalk – The Podcast for IT Consultants
Risky Business

A Note for Your Customers:

20,000 E-commerce Sites Could Be Compromised by Magecart 

Providing an online shopping experience is increasingly critical for SMBs looking to stay ahead of the competition. Unfortunately, malware attacks are infecting the checkout page of many stores, compromising customer payment data and undermining companies’ efforts to attract business through their websites. 

This reality became even more prescient this week when the notorious Magecart malware infected Volusion, a cloud hosting platform for online stores. Already, more than 6,500 stores have been compromised, and Volusion boasts a customer base of more than 20,000 companies, so the number of infected web stores might continue to grow.

Most prominently, Volusion hosts the Sesame Street Live online store, which was brought offline after the attack was revealed.

Now thousands of companies will be left grappling with the consequences of lost sales both now and in the future. Notably, this underscores the importance of understanding the specific cyberthreat landscape that most prominently impacts your business. If necessary, get third-party support from cybersecurity experts to adequately identify your risks and to establish best practice responses that ensure that your business benefits because of your IT environment.


 Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in entirety) for your own social media and marketing efforts! Just send an email to [email protected] to let us know!

Not a Partner? Learn more about Dark Web ID™ and the benefits it holds for your Business. Contact us today!