The Week in Breach: 12/18/19 – 12/24/19
This week, online stores can’t protect their customers, ransom causes chaos at school, and CCPA prepares to go into effect.
Dark Web ID Trends:
Top Source Hits: ID Theft Forums
Top Compromise Type: Domain
Top Industry: Education & Research
Top Employee Count: 501+ Employees
United States – Rooster Teeth Productions
Exploit: Malware attack
Rooster Teeth Productions: Entertainment production company
|Risk to Small Business: 2 = Severe: Hackers injected malware into the company’s online store that siphoned off customers’ payment details at checkout. The breach was first detected on December 2nd, and the company claims that the malware was removed on the same day. However, it’s unclear why they waited several weeks before notifying customers of the breach. Rooster Teeth Productions has sent breach notification letters to those impacted by the incident, but the episode will certainly have a negative impact on the brand’s reputation at a critical time of year for sales.|
Individual Risk: 2.285 = Severe: Those impacted by the breach had their names, email addresses, telephone numbers, physical addresses, and payment card information stolen in the breach. As a result, they should immediately contact their financial institutions to report the breach. Rooster Teeth Productions is offering a free year of identify monitoring services and enrolling in this service can offer long-term oversight of personal data.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: The timing of this data breach couldn’t be worse. Customers continually demonstrate that they aren’t willing to make purchases from platforms that can’t secure data, so Rooster Teeth Productions will almost certainly lose business during the busy holiday shopping season. Any company relying on e-commerce sales needs to understand cybersecurity risks and take necessary steps to ensure their revenue centers do not become liabilities.
ID Agent to the Rescue: Helping your SMB customers understand the importance of security is no easy task. With Goal Assist™, we offer hands-on assistance with your direct sales interactions, setting you up for the win by providing the resources necessary to make a case for Dark Web monitoring. Learn more here: https://www.idagent.com/goal-assist.
United States – Conway Medical Center
Exploit: Phishing attack
Conway Medical Center: Healthcare provider
|Risk to Small Business: 1.555 = Severe: Several employees fell for a phishing scam that provided hackers access to patients’ personal data. Although the healthcare provider quickly identified the intrusion and cut off access to those accounts, they can’t recover information already accessed by cybercriminals. As a result, Conway Medical Center will face regulatory scrutiny, which often results in fines and other penalties that can damage their reputation and profitability.|
Individual Risk: 2 = Severe: Hackers had access to patients’ personally identifiable information, including their names, dates of birth, Social Security numbers, phone numbers, dates of admission, account numbers, and account balances. Conway Medical Center is providing free identify and credit monitoring services to those impacted by the breach, and those affected should enroll in these services. In addition, they should be vigilant about monitoring their accounts for unusual or suspicious activity.
Customers Impacted: 2,250
How it Could Affect Your Customers’ Business: This major cybersecurity incident was entirely avoidable, since phishing scams are only effective if employees engage with malicious emails. Unfortunately, Conway Medical Center will now bear the cost of credit and identity monitoring services for thousands of patients, as well as the fines and penalties that often accompany a breach. In contrast, comprehensive employee awareness training is a bargain, protecting your company against the phishing attacks that will inevitably make their way to employee inboxes.
ID Agent to the Rescue: BullPhish ID™ simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime. Click the link to get started: https://www.idagent.com/bullphish-id.
United States – Central Square Technologies
Exploit: Malware attack
Central Square Technologies: Technology services provider for public sector agencies
|Risk to Small Business: 1.888 = Severe: Hackers compromised the Click2Gov payment system that allowed customers to pay their utility bills online, allowing them to siphon off payment details from customers. Specifically, the breach impacts the City of Marietta, as customers who entered payment information on the website between August 26th and October 26th may have had their credit card information stolen. However, the breach does not impact those paying in person, over the phone, or who are enrolled in the auto-pay system. Unfortunately, the company didn’t identify the breach until early December, which will complicate their recovery efforts and place customers at greater risk for data misuse.|
Individual Risk: 2.428 = Severe: The data breach compromised customers’ personal and payment details. Those impacted by the breach should contact their financial institutions to notify them of the breach, and they should carefully monitor their accounts for unusual activity both now and during the period when accounts were compromised.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Third-party partnerships are important business initiatives in today’s digital environment, but when they result in a cybersecurity incident, the repercussions often far outweigh the opportunities. Moreover, vendors with a track record for lax cybersecurity standards will likely find it difficult to find customers willing to work with them, making data security a critical component of any successful business model.
ID Agent to the Rescue: We go into the Dark Web to keep you out of it. Dark Web ID™ is the leading Dark Web monitoring platform in the Channel. The award-winning platform combines human and sophisticated Dark Web intelligence with search capabilities to identify, analyze and proactively monitor for an organization’s compromised or stolen employee and customer data. Schedule a demo today: https://www.idagent.com/dark-web/#contact.
United States – Nexus Mods
Exploit: Unauthorized database access
Nexus Mods: Game modification website
|Risk to Small Business: 2.111 = Severe: Hackers exploited a legacy codebase on the platform to access user credentials. Although the company discovered the breach in November, they just revealed it this week, a move that will likely increase the customer blowback from the incident. While Nexus Mods moved up the development of new software and worked to mitigate the risks posed by their outdated code base, the incident reflects a lack of attention to detail and breach response plan.|
Individual Risk: 2.428 = Severe: A subset of users had their account information accessed, including names, email addresses, usernames, and passwords. The platform recommends that victims carefully scrutinize digital communications, as this data is often used to create authentic-looking phishing scams that can further compromise customers’ information.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Exposed user account details can be a serious vulnerability to your customer and company data. Even if your platform isn’t breached, many customers reuse their credentials, allowing hackers to easily deploy phishing scams and gain front-door access to user accounts. However, when equipped with security features like two-factor authentication, customer accounts remain secure even when credentials fall into the wrong hands.
ID Agent to the Rescue: With AuthAnvil™, you can promote account security. We offer integrated multi-factor authentication, single sign-on, and identity management solutions to protect your credentials and your data. Find out more at: https://www.idagent.com/authanvil-multi-factor-authentication.
Canada – Life Labs
Life Labs: Laboratory diagnostics and testing service
|Risk to Small Business: 2.222 = Severe: Hackers accessed Life Labs’ IT, stealing copious amounts of customer information and demanding a ransom for the data’s return. In a notice to customers, Life Labs notes that it identified the breach in October, but waited until December to notify customers, a concerning timeframe that will make it more difficult for victims to protect their credentials against misuse. According to the company, they paid the ransom and their data was returned. Now they are declaring the incident a “low risk” to customers”, but given their poor communication so far, this is unlikely to assuage anyone’s concerns anytime soon.|
Individual Risk: 2.285 = Severe: Hackers stole customers’ personally identifiable information, including their names, home addresses, email addresses, usernames, passwords, and health card numbers. Those impacted by the breach should monitor their accounts for unusual or suspicious activity, while being mindful that this information is often reused to commit other cybercrimes, including phishing attacks, that attempt to extract even more sensitive personal information.
Customers Impacted: 15,000,000
How it Could Affect Your Customers’ Business: Life Labs had a number of missteps in their handling of this data breach. However, the company did deploy Dark Web monitoring to ensure that their customers’ information wasn’t for sale to the highest bidder. These services can provide peace-of-mind to customers while also helping companies mitigate the often cascading consequences of a data breach.
ID Agent to the Rescue: Dark Web ID monitors the Dark Web to find out if your employee or customer data has been compromised. We work with MSSPs to strengthen their security suite by offering industry-leading detection. Discover more at: https://www.idagent.com/dark-web.
Canada – Andrew Agencies
Andrew Agencies: Insurance and financial services provider
|Risk to Small Business: 2.222 = Severe: A ransomware attack has encrypted hundreds of the agency’s computers, rendering them unusable and leaving the company searching for a solution. The company first discovered the attack back in October but has declined to pay the ransom. However, the hackers are continuing to set new payment deadlines with promises to publish the company’s data if they don’t comply. The group claims to have 1.5GB of customer data, but that claim has gone unverified by hackers and the media.
Individual Risk: At this time, no personal information was compromised in the breach.
Customers Impacted: 876
How it Could Affect Your Customers’ Business: While ransomware attacks are incredibly expensive, they often don’t result in a data breach, as hackers merely encrypt a company’s IT while trying to extract a payment. However, this event illustrates the potential for ransomware attacks to become data breaches, a progression that will become more costly and concerning as it inevitably becomes more widespread.
ID Agent to the Rescue: It’s critical that your SMB customers understand the importance of cybersecurity. Goal Assist is an expansion of our White Glove Support that includes hands-on assistance with your direct sales interactions. Let us help to ensure you are getting the most from your Partnership selling Dark Web ID. ID Agent’s Partner Success Team will set you up for the win! Learn more here: https://www.idagent.com/goal-assist.
United Kingdom – Missoma
Exploit: Malware attack
Missoma: Jewelry retailer
|Risk to Small Business: 1.888 = Severe: An attack on the company’s online store has compromised customers’ payment details. The heist, which was quickly resolved by the jeweler, allowed hackers to make off with customer data. The breach is likely to negatively impact the company’s online sales during the holiday shopping season. Moreover, the company may face regulatory fines or penalties under Europe’s privacy regulation, GDPR.|
|Individual Risk: 2 = Severe: Customers impacted by the breach had personally identifiable information and financial data compromised. This includes names, addresses, payment card numbers, and CVVs. Those impacted by the breach should immediately notify their financial institutions of the incident, and they should take every necessary step to ensure that this information isn’t misused now or in the future.|
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Any company expecting to thrive in today’s digital-first shopping experience has to have their cybersecurity standards locked down. Today’s customers will not put up with retailers that can’t protect their personal or payment data, which could have serious implications for the company’s viability.
ID Agent to the Rescue: With BullPhish ID, MSPs can provide a more complete picture of a company’s security posture and potential risk, transforming the weakest links of an organization into their strongest points of protection. Find out how you can get started with us here: https://www.idagent.com/bullphish-id.
Germany – Justus Liebig University
Justus Liebig University: Public university
|Risk to Small Business: 1.777 = Severe: A ransomware attack on the university has crippled their digital operations and instigated several time-intensive recovery procedures. Notably, 38,000 students were asked to stand in line with their ID cards and a piece of paper to receive new email account passwords. At the same time, university staff was individually scanning every computer for malware, using more than 1,200 USB flash drives equipped with scanners to complete the job. The bizarre image of thousands of students standing in line for passwords created a buzz on social media, which placed a spotlight on the university’s cybersecurity incident.
Individual Risk: No personal information was compromised in the breach.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: This ransomware attack is complete with absurd images and time-consuming recovery initiatives. However, such peculiarities underscore the opportunity cost that always accompanies a ransomware attack. These attacks extract concessions from their victims on many fronts, and they are a scourge on a brand’s bottom line and reputation. Often, ransomware attacks are instigated through open vectors like compromised employee accounts, and companies can readily address these avenues by putting proper account security protocols in place.
ID Agent to the Rescue: With AuthAnvil, you can protect your employees’ password integrity. We offer integrated multi-factor authentication, single sign-on, and identity management solutions to protect your credentials and your data. Find out more at: https://www.idagent.com/authanvil-multi-factor-authentication.
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
In Other News:
New Ransomware Strain Targets Healthcare Sector
Each week, our newsletter has examples of companies devastated by ransomware attacks that carry an incredible cost and inflict reputational damage. Unfortunately, these attacks have become more pervasive this year, and hackers are not content to rest on their laurels.
Instead, a new variant of ransomware called Zeppelin is being deployed throughout the US, Canada, and Europe to target healthcare companies and IT organizations. In addition, the ransomware is using MSPs to further infect companies via their management software. Notably, the ransomware is being deployed through remote desktop servers that are publicly exposed to the internet.
The incident is a reminder that SMBs can’t afford to leave cybersecurity up to chance. These attacks can have devastating financial consequences for any organizations, which means that a robust defensive posture is a bottom line issue that will continue to become more critical in the year ahead.
What We’re Listening to:
Know Tech Talks
Defensive Security Podcast
Small Business, Big Marketing – Australia’s #1 Marketing Show!
IT Provider Network – The Podcast for Growing IT Service
TubbTalk – The Podcast for IT Consultants
A Note for Your Customers:
CCPA Goes Into Effect on January 1st
While many people are counting down the days to their new year’s celebrations, another countdown is underway that will have significant implications for companies around the world. California’s new data privacy law, the California Consumer Privacy Act, officially goes into effect on January 1, 2020.
The law gives consumers new rights to their personal data, and, like Europe’s General Data Protection Regulation that came before it, CCPA promises financial penalties for companies that can’t comply with its standards. For companies of all sizes, it’s evident that the next year will be marked by new compliance measures both in the US and abroad. Fortunately, nobody has to tackle this issue alone. ID Agent is ready to provide a comprehensive assessment of your cybersecurity posture. Our products, like phishing scam awareness training and account security protocols, can help ensure that cybersecurity incidents don’t impede your 2020 goals and aspirations.
Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in entirety) for your own social media and marketing efforts! Just send an email to [email protected] to let us know!
Not a Partner? Learn more about Dark Web ID™ and the benefits it holds for your Business. Contact us today!