Please fill in the form below to subscribe to our blog

Categories

Tags

Australia BullPhishID BullPhish ID Canada commercial credential stuffing cyberattack cybercrime cybersecurity Dark Web dark web credential loss Dark Web ID dark web monitoring dark web threat Data Breach Data Breach Alerts data compromised data loss prevention data theft France hacking healthcare insider threats Japan MSPs MSP Solutions MSP Space nation-state hackers Passly passwords phishing phishing resistance phishing resistance training ransomware remote working retail security security awareness training SMB cybersecurity stolen credentials supply chain risk The Week in Breach third party risk United Kingdom United States

The Week in Breach: 12/21/18 – 12/28/18

January 03, 2019

Breach news to share with your customers!

This week, an alcohol retailer in the United States had a few too many, a Canadian city has problems with Click2Gov, and business email compromises are ravaging the globe.

Dark Web ID Trends:
Top Source Hits: ID Theft Forums (99%)
Top Compromise Type: Domains (99%)
Top Industry: High-Tech & IT 
Top Employee Count: 11-50 employees (40%)

United States – BevMo

https://www.scmagazine.com/home/security-news/data-breach-hits-15000-bevmo-e-commerce-customers/

Exploit: Malicious code inserted into e-commerce checkout page.
BevMo: Alcohol retailer.

1.51 – 2.49 = Severe Risk Risk to Small Business: 2 = SevereAs payment security continues to rise in importance to online shoppers, such an attack can strike a crushing blow to sales and bottom-line profits. Competition in the online retail landscape is cutthroat as is, so a newsworthy breach like this has the potential to turn customers away by shining a spotlight on personal and payment information concerns.
1.51 – 2.49 = Severe Risk Individual Risk: 2.428 = SevereThe malicious code placed on the checkout page was able to siphon customer names, credit/debit card numbers, expiration dates, CVV2 codes, billing addresses, shipping addresses, and phone numbers. Visitors who entered payment details into the website are at a high risk for account fraud.

Customers Impacted: Nearly 15,000 customers who used the online portal.
How it Could Affect Your Customers’ BusinessDue to an increased level of vigilance surrounding data breaches, especially those involving payment data, it is crucial that companies place greater importance on preventing breaches from happening in the first place.
ID Agent to the Rescue: Spotlight IDTM by ID Agent offers comprehensive identity monitoring that can help minimize the fallout from a breach of this type.
Learn more: https://www.idagent.com/identity-monitoring-programs

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that takes into account a wide range of factors related to the assessed breach.

Canada – The City of Saint John, N.B.
https://www.cbc.ca/news/canada/new-brunswick/saint-john-parking-data-breach-1.4957310
https://www.ctvnews.ca/canada/saint-john-n-b-reports-data-breach-in-parking-payment-system-1.4228874

Exploit: Compromise in third-party software product ‘Click2Gov’.
City of Saint John: Large municipality that manages online parking payment systems.

1.51 – 2.49 = Severe Risk Risk to Small Business: 2.111= SevereThe breach does not pose a great threat to the city itself, but it does signal a much larger concern for the service provider CentralSquare Technologies. It remains to be seen if the company was aware of the breach, and if the compromise may have impacted many more cities across North America. A recent report from the Gemini Advisory firm discovered that nearly 300,000 payment records were stolen from 46 North American cities since 2017, including 6,000 from Saint John, and may be directly linked to the Click2Gov vulnerability.
2.5 – 3 = Moderate Risk Individual Risk: 2.571= ModerateAs many as 6,000 people who used the online parking system could have had their personal information exposed. However, the investigation is underway and more details will emerge in the weeks ahead.

Customers Impacted: 6,000 parking customers since 2017.
How it Could Affect Your Customers’ BusinessThe everyday consumer is growing increasingly hesitant in trusting online legacy payment systems. By showcasing a comprehensive security solution that protects identities proactively, your customers can come out on top and distinguish themselves in the marketplace.
ID Agent to the Rescue: Spotlight ID by ID Agent offers comprehensive identity monitoring that can help minimize the fallout from a breach of this type. Learn more at: https://www.idagent.com/identity-monitoring-programs.

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that takes into account a wide range of factors related to the assessed breach.

Australia – Nova Entertainment

Company announcement: https://www.novaentertainment.com.au/dataincident

https://theworldnews.net/au-news/nova-warns-listeners-of-data-breach-affecting-250-000-australians

Exploit: Public disclosure of legacy dataset.
Nova Entertainment: Entertainment network with broad interests across the media industry.

1.51 – 2.49 = Severe Risk Risk to Small Business: 2.111 = SevereSince the breach was discovered to date back to 2011, customers may feel that the company knew about the breach much earlier yet chose to disclose at a later time. This could potentially lead to an erosion of trust and customer churn. Also, those affected could realize that their compromised PII was used to hack payment-related accounts, causing them to place their blame on Nova.
1.51 – 2.49 = Severe Risk Individual Risk: 2.4286 = SevereAlthough the disclosed information varied among customers, everything from biographical information (name, gender, date of birth) and user account details (usernames and passwords) to contact information (addresses and phone numbers) was leaked. The information gleaned may have been used by hackers to orchestrate damaging identity theft schemes.

Customers Impacted: Over 250,000 listeners between 2009 and 2011.
How it Could Affect Your Customers’ Business: With the recent introduction of mandatory notification laws in Australia earlier this year, awareness surrounding data breaches is growing exponentially. Companies must protect their reputations in order to foster loyalty with customers, but should avoid withholding information as it can degrade consumer confidence even further.
ID Agent to the Rescue: Spotlight ID by ID Agent offers comprehensive identity monitoring that can help minimize the fallout from a breach of this type. Learn more at: https://www.idagent.com/identity-monitoring-programs.

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that takes into account a wide range of factors related to the assessed breach.

In Other News:
Keep your email in check!
According to the FBI, business email compromise (BEC) schemes have amounted to $12.5B in losses to companies in 2018 alone. From Q1 to Q3, there was a 46% lift in the number of attempts recorded, signaling that hackers are doubling down on email fraud due to its simplicity and effectiveness.

The top three countries most often targeted by email scammers? The United States, Australia, and United Kingdom.
https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/year-end-review-business-email-compromise-in-2018?_ga=2.247212739.610572746.1545969639-1192772846.1545969639

What We’re Listening To
Know Tech Talks
The Continuum Podcast
Security Now
Defensive Security Podcast 
Small Business, Big Marketing – Australia’s #1 Marketing Show!
TubbTalk – The Podcast for IT Consultants
Risky Business
Frankly MSP
CHANNELe2e

A Note for Your Customers:

Cybercrime: A Self-Sustained Economy
Imagine virtual, hyper-connected marketplaces across the globe where you can purchase the latest round of stolen payment card information, malware toolkits, and keyloggers for sale.

Bad news: They already exist. Cybercrime has evolved into its own ecosystem, offering licensing models, 24/7 support, anonymous payment methods, free trials, and more. Although this is certainly meant to alarm and keep you aware, it’s not how we want you to ring in the New Year. Rest assured that you can keep your business far from the reaches of modern cybercrime by focusing on three key pillars: protection, prevention, and detection: https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/examining-the-thriving-underground-software-business?_ga=2.247212739.610572746.1545969639-1192772846.1545969639

The good news is, we can help! Work with us to protect your employees and get back to focusing on your business.

Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in entirety) for your own social media and marketing efforts! Just send an email to [email protected] to let us know!

Not a Partner? Learn more about Dark Web ID™ and the benefits it holds for your Business. Contact us today!