The Week in Breach: 12/04/19 – 12/10/19
This week, online stores compromise customer credentials, ransomware cancels a holiday performance, and more than half of organizations acknowledge that they are not ready for a cyberattack.
Dark Web ID Trends:
Top Source Hits: ID Theft Forums
Top Compromise Type: Domain
Top Industry: Education & Research
Top Employee Count: 101 – 250 Employees
United States – McLaren Health Plan
https://www.beckershospitalreview.com/cybersecurity/michigan-insurer-alerts-members-of-data-breach.html
Exploit: Phishing scam
McLaren Health Plan: Health maintenance organization
 |
Risk to Small Business: 1.666 = Severe: A successful phishing attack on one of the company’s third-party vendors compromised patient data at McLaren Health Plan. The hackers used a compromised email account to send spam emails, putting patient data at risk. The exposure will inevitably lead to reputational damage, and the sensitive nature of the information breached will invite scrutiny from healthcare regulators along with the prospect of financial penalties. |
 |
Individual Risk: 2.571 = Moderate: The breach exposed patients’ personally identifiable information, including names, dates of birth, identification numbers, health plan information, providers, diagnosis, drug information, and authorization information. Notably, this information has been available since October, so those impacted by the breach should quickly examine their accounts for unusual activity and take precautions to ensure that their personal information remains secure. |
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Third-party partnerships represent an opportunity to expand your company’s capabilities but can also manifest themselves as cybersecurity risks. Given the increasingly onerous consequences of a data breach, cybersecurity standards should be top consideration when establishing such relationships. Better product or service offerings can be a boon, but not if they come at the expense of data security.
ID Agent to the Rescue: BullPhish ID™ simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime. Click the link to get started: https://www.idagent.com/bullphish-id.
United States – On The Border
https://www.restaurantbusinessonline.com/topics/border-reports-data-breach
Exploit: Malware attack
On The Border: Casual restaurant chain
|
Risk to Small Business: 1.888 = Severe: Hackers installed malware on the restaurant’s payment processing platform, which provided access to customers’ payment information from locations across 27 states. The attack occurred between April 10th and August 10th, and it did not include franchised restaurants or catering orders. Unfortunately, the breach wasn’t discovered until November 14th, giving hackers ample time to misuse customers’ personal information and financial data. Moreover, it’s unclear why the company waited several weeks to notify customers of the breach, a misstep that will certainly slow the recovery process. |
|
Individual Risk: 2.571 = Moderate: Customers at certain restaurant locations had their personal and financial information stolen, including their names, credit card numbers, credit card expiration dates, and security codes printed on the back of the cards. This information not only has a ready market on the Dark Web, but it can be used directly by hackers to commit financial crimes. Therefore, those impacted by the breach should immediately notify their financial institutions and enroll in identity and credit monitoring services to ensure that their information isn’t misused now or in the future. |
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Recovering from a data breach is a challenging process, as companies are tasked with demonstrating their data security improvements while also wooing back customers that inevitably abandon them after a breach. While the best option is to prevent a data security incident from occurring in the first place, companies can expedite the recovery process by supporting their customers at every turn. In this case, understanding what happened to payment data after it was stolen can go a long way toward mitigating the damage and restoring customer confidence.
ID Agent to the Rescue: Dark Web ID™ can find out how payment data is being used on the Dark Web, even in the case of a malware attack. We work with MSPs to strengthen their security suite by offering industry-leading detection. Find out more here: https://www.idagent.com/dark-web.
United States – New Jersey Shakespeare Theatre
https://www.bleepingcomputer.com/news/security/ransomware-writes-drama-at-shakespeare-theatre/
Exploit: Ransomware attack
New Jersey Shakespeare Theatre: Theatre company dedicated to Shakespeare and classical works
|
Risk to Small Business: 2.111 = Severe: A ransomware attack has disabled the company’s access to its ticketing system and patron database. The attack arrives as the company is scheduled to begin its holiday production, a significant draw for the theatre. The first showing was cancelled while the company developed an alternative ticketing method. Fortunately, customer data was fully encrypted and not viewable by hackers, but the Shakespeare Theatre also can’t access this information. In response, customers are being asked to bring confirmation emails or ticket stubs to the performance so that the show can go on. |
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware attacks are uniquely expensive, due to the upfront cost of restoring technical services along with opportunity costs associated with lost capability. The prevalence of this threat is increasing the impetus for companies to ensure that their IT infrastructure doesn’t provide a foothold for criminals to inflict financial and reputational damage on their platform. Often employee accounts serve as the easiest targets for hackers to execute phishing attacks against, making this a good place to start when securing against malware.
ID Agent to the Rescue: With AuthAnvil™, you can protect your employees’ password integrity. We offer integrated multi-factor authentication, single sign-on, and identity management solutions to protect your credentials and your data. Find out more at: https://www.idagent.com/authanvil-multi-authentication.
United Kingdom – Sweaty Betty
https://www.bleepingcomputer.com/news/security/uk-retailer-sweaty-betty-hacked-to-steal-customer-payment-info/
Exploit: Payment skimming malware
Sweaty Betty: Activewear retailer
|
Risk to Small Business: 1.555 = Severe: Hackers injected payment skimming malware into the company’s online store, compromising customers’ personal and financial information. The breach impacts customers shopping online between November 19th and November 27th who paid with a credit or debit card. However, shoppers using PayPal and Apple Pay did not have their information stolen. Sweaty Betty has contacted customers impacted by the breach, but they are not publicly acknowledging the compromise on their website. |
|
Individual Risk: 2.286 = Severe: Online shoppers impacted by the breach had their personal and financial information forwarded to a malicious third-party. This information includes names, passwords, addresses, email addresses, telephone numbers, payment card numbers, CVV numbers, and card expiration dates. Victims should immediately contact their financial institutions to notify them of the breach. Moreover, enrolling in credit and identity monitoring services can detect unusual or malicious activity, helping customers ensure that their information is secure. Finally, customers should change their passwords across other accounts that share similar login details because this information was compromised by hackers and will likely find its way to the Dark Web. |
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: As witnessed by this year’s holiday shopping frenzy, e-commerce comprises an increasingly larger slice of the retail pie. However, customers have demonstrated an unwillingness to do business with companies that can’t protect their data, and instances like this undermine the financial viability of businesses reliant on online sales to drive revenue. Ensuring that your IT infrastructure is fortified serves as an advantageous and necessary next step for any company hoping to build their business around online shopping.
ID Agent to the Rescue: We go into the Dark Web to keep you out of it. Dark Web ID is the leading Dark Web monitoring platform in the Channel. The award-winning platform combines human and sophisticated Dark Web intelligence with search capabilities to identify, analyze and proactively monitor for an organization’s compromised or stolen employee and customer data. Schedule a demo today: https://www.idagent.com/dark-web/#contact.
United Kingdom – Mixcloud
https://techcrunch.com/2019/11/29/mixcloud-data-breach/
Exploit: Exposed database
Mixcloud: Audio streaming platform
|
Risk to Small Business: 1.777 = Severe: The music streaming platform failed to secure a database containing customer data, and that information was quickly shared on the Dark Web. Embarrassingly, the company was notified of the error by the media who were contacted by the hackers who stole the information in early November. Now, Mixcloud has to contend with a deluge of public criticism as well as a cadre of angry customers who are upset that their personal information is available for purchase on the Dark Web. |
|
Individual Risk: 2.714 = Moderate: The stolen data includes usernames, email addresses, and encrypted passwords. In addition, the breach included sign in data, including IP addresses and links to profile photos. This information can be used in identity crimes or to execute other cybercrimes, such as phishing scams. Those impacted by the breach should be especially critical of unusual digital correspondence, while monitoring their accounts for unusual or suspicious activity. |
Customers Impacted: 20,000,000
How it Could Affect Your Customers’ Business: The cost of a data breach is enormous, and it’s continually climbing. Given that reality, an unforced error, like an exposed database, is an especially egregious way to diminish your business prospects. Indeed, companies that don’t adequately account for their data security will face harsh technical, consumer, and regulatory costs now and in the years ahead.
ID Agent to the Rescue: Helping your SMB customers understand the importance of security is no easy task. With Goal Assist™, we offer hands-on assistance with your direct sales interactions, setting you up for the win by providing the resources necessary to make a case for Dark Web monitoring. Learn more here: https://www.idagent.com/goal-assist.
United Kingdom – British American Tobacco
https://www.securitymagazine.com/articles/91356-british-american-tobacco-suffers-data-breach-and-ransomware-attack
Exploit: Ransomware attack
British American Tobacco: Tobacco manufacturing company
|
Risk to Small Business: 1.888 = Severe: An exposed database was seized by hackers who encrypted 352 GB of company data and demanded a ransom payment to release the information. The specific exposed platform stored data from Romanian residents who supplied their information in an effort to win tickets to parties and events featuring famous local and international performers. British American Tobacco was first notified of the database on November on September 22nd, when cybersecurity researchers attempted to contact the company. Unfortunately, no action was taken, and now both the company and its customers will suffer the consequences. |
|
Individual Risk: 2.857 = Moderate: The exposed database included customers’ personally identifiable information, such as full names, email addresses, phone numbers, dates of birth, gender, source IP, and tobacco product preferences. It’s unclear if the hackers intend to use this information to target consumers, but personal data is often sold on Dark Web, so those impacted by the breach should enroll in identity monitoring services to ensure that their information isn’t misused. |
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Customers are fed up with companies that can’t protect their personal information, and many are choosing to take their business elsewhere after a data breach occurs. This sentiment is only amplified when SMBs demonstrate indifference or incompetence toward data security. In contrast, companies that actively prioritize data security position themselves to thrive in today’s cybersecurity landscape.
ID Agent to the Rescue: It’s critical that your SMB customers understand the importance of cybersecurity. Goal Assist is an expansion of our White Glove Support that includes hands-on assistance with your direct sales interactions. Let us help to ensure you are getting the most from your Partnership selling Dark Web ID. ID Agent’s Partner Success Team will set you up for the win! Learn more here: https://www.idagent.com/goal-assist.
New Zealand – Council of Licensed Firearm Owners
https://www.tvnz.co.nz/one-news/new-zealand/police-investigating-potential-privacy-breach-firearms-buy-back-database
Exploit: Accidental data exposure
Council of Licensed Firearm Owners: Volunteer shooting-related organization
|
Risk to Small Business: 1.666 = Severe: A buyback program for registered gun owners failed to protect its database, exposing participants’ information to the public. The error brought significant ridicule from the program’s critics, and it underscores the importance of ensuring that user data is locked down and secure at all times. As a result of this oversight, the organization was forced to take their website offline, which will undermine its goals and could hinder its long-term prospects. |
|
Individual Risk: 2.571 = Moderate: Internet users were able to view and take screenshots of participants’ personal details and financial information. Not only does this potentially produce a security concern because of the controversial nature of the program, but this information can quickly make its way to the Dark Web where it can be repurposed into other, more nefarious, cybercrimes. Those impacted by the breach should notify their financial institution of the event, and they should enroll in identify and credit monitoring services to ensure that their information remains secure. |
Customers Impacted: 70,000
How it Could Affect Your Customers’ Business: Today’s organizations face cyber threats on multiple fronts, so an unforced error is uniquely problematic and egregious. With the holistic cost of a data breach continually rising, every organization has millions of reasons to embrace this priority and to get it right. By evaluating your organization’s entire threat landscape, it’s possible to ensure that technological capabilities are an asset rather than a liability.
ID Agent to the Rescue: With BullPhish ID, MSPs can provide a more complete picture of a company’s security posture and potential risk, transforming the weakest links of an organization into their strongest points of protection. Find out how you can get started with us here: https://www.idagent.com/bullphish-id.
Australia – Monash IVF
https://www.smh.com.au/national/fears-over-patient-data-breach-after-cyber-attack-on-monash-ivf-20191203-p53gj0.html
Exploit: Phishing scam
Monash IVF: Cash logistics and private security company
|
Risk to Small Business: 1.666 = Severe: A widespread phishing scam at Monash IVF was more effective than originally thought. While the group reported the breach in early November, the original assessment did not account for patient data that was compromised in the breach. The company’s confidential patient databases were unharmed in the attack, but many of the compromised staff emails contained patient data, which could have been accessed by hackers. Monash IVF stores peoples’ highly sensitive personal data, and it’s likely that this updated assessment will bring further customer and regulatory scrutiny to their business, a development that will slow the recovery process and could increase costs. |
|
Individual Risk: 2.142 = Severe: Monash IVF stressed that many of those impacted by the breach only had their email addresses accessed, but some patients had more sensitive information compromised. This includes names, contact information, partner details, dates of birth, nationality, occupation, financial details, medical insurance details, health information, drivers’ license or passport numbers, and medical history. Victims should be aware that this data is often repurposed to compile authentic-looking phishing scams that, if acted upon by recipients, can further compromise personal data. |
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: When employees fall for phishing scams, everyone loses. While these malicious messages will inevitably make their way into employees’ inboxes, they don’t have to lead to a breach. Instead, employee awareness training is a proven way to reduce the risk of phishing scams leading to costly data breaches that negatively impact your company’s reputation and customers’ well-being.
ID Agent to the Rescue: Designed to protect against human error, BullPhish ID simulates phishing attacks and manages security awareness training campaigns to educate employees, making them the best defense against cybercrime. Learn more here: https://www.idagent.com/bullphish-id.
Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
In Other News:
More Than Half of All Organizations Admit They Aren’t Ready for Cyberattack
Data security incidents continue to make headlines (and fill Week in Breach newsletters) every week. Even so, a recent survey found that most organizations still aren’t prepared for the veritable inevitability of a data breach.
Indeed, more than 800 CISOs from three continents expressed similar sentiments about their data security standards. Notably, 51% do not believe that they are ready to respond to a data breach, while nearly a third have untested response plans in place.
Meanwhile, the vast majority believe that the cybersecurity landscape will worsen or stay the same in the year ahead. Perhaps that’s why 76% plan to increase their cybersecurity budgets in 2020. When establishing their priorities, CISOs identified security software and employee awareness training as their top priority. As it stands, too many companies aren’t responding to the real and escalating threat of a data loss event.
What We’re Listening to:
Know Tech Talks
Security Now
Defensive Security Podcast
Small Business, Big Marketing – Australia’s #1 Marketing Show!
IT Provider Network – The Podcast for Growing IT Service
TubbTalk – The Podcast for IT Consultants
Risky Business
CHANNELe2e
A Note for Your Customers:
60% of Digital Businesses Will Suffer Service Interruption by 2020
For many businesses, an online presence is a vital part of their competitive strategy. Unfortunately, it’s also creating their most prescient vulnerability. According to a recent study by Gartner, by next year, more than half of all digital businesses will incur one or more cyber threats that will significantly disrupt their business.
The report notes that cybercriminals are aware of the increasingly critical and valuable data sets that companies are bringing online, and they are targeting that information to turn a profit. It also found that products for perpetuating cybercrime such as pre-packaged ransomware and phishing capabilities, have never been more prevalent, with an underground marketplace fueled by the Dark Web.
In response, companies with a digital agenda have a responsibility to audit their defensive posture, ensuring that they are prepared to meet the moment by identifying and addressing the latest cyber trends. Notably, most cyber threats can be addressed in-house by ensuring that employees are able to identify risks and implement best practices, like strong unique passwords, and two-factor authentication across all their accounts.
Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in entirety) for your own social media and marketing efforts! Just send an email to [email protected] to let us know!
Not a Partner? Learn more about Dark Web ID™ and the benefits it holds for your Business. Contact us today!