Please fill in the form below to subscribe to our blog

The Week in Breach News: 01/13/21 – 01/19/21

January 20, 2021

This Week in Breach News:

Capcom’s breach hits 40K players, keep your clients from making the list here with the NEW BullPhish ID full of features that MSPs have been requesting, and new phishing statistics for your customers to show them why they need to invest in phishing resistance training with BullPhish ID!


Dark Web ID’s Top Threats This Week


Top Source Hits: ID Theft Forum
Top Compromise Type: Domain
Top Industry: Health & Medical Research
Top Employee Count: 501+



The Week in Breach News – United States 


United States – Parler

https://cybernews.com/news/70tb-of-parler-users-messages-videos-and-posts-leaked-by-security-researchers/

Exploit: Hacking

Parler: Social Media Application 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.619 = Severe

Now-defunct social media site Parler had a wild ride to the finish, including a hacking incident. Hackers were able to exploit security weaknesses in engineering and security to gain access to the membership-restricted content, scraping at least 70 TB of data. The data scrape also includes deleted posts, meaning that Parler stored user data after users deleted it. The hackers also obtained URLs for over a million video URLs, some deleted and private.

cybersecurity news gauge indicating extreme risk

Individual Risk: 1.221 = Extreme

Data was taken from Parler’s “Verified Citizens,” users of the network who verified their identity by uploading photographs of government-issued IDs, such as a driver’s license. The scrape includes user profile data, user information, and which users had administration rights for specific groups within the social network. Data like this could be used to mount spear phishing attacks, or as blackmail material, as it contains details that could connect users to criminal acts or membership in extremist groups.

Customers Impacted: 10 million

How it Could Affect Your Customers’ Business: Data like this often makes its way to the Dark Web, enabling it to be used to power cybercrime like phishing and credential compromise.

ID Agent to the Rescue: Watch for threats from the Dark Web without lifting a finger using Dark Web ID, 24/7/365 credential monitoring that alerts you to trouble fast. LEARN MORE>>


United States – Taylor Made Diagnostics

https://www.freightwaves.com/news/hackers-leak-trucker-rail-worker-medical-records

Exploit: Ransomware

Taylor Made Diagnostics: Occupational Healthcare Provider 

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.612 = Moderate

A Conti ransomware attack at this Virginia-based healthcare provider led to some unpleasant consequences for employees of the Norfolk Southern Railroad and UPS after 3K patient records were snatched. The stolen data included health records for employees from both firms, in addition to multiple smaller trucking companies, U.S. government agencies and defense contractors from as recently as December 2020.

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.722 = Moderate

The leaked data included completed U.S. Department of Transportation (DOT)-mandated medical exams, as well as drug and alcohol testing reports for truckers and rail workers at multiple companies. Many documents contained detailed personal information such as full names, addresses, social security numbers and scans of driver’s licenses. This information could be used for identity theft and spear phishing attacks.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Ransomware is almost always the result of a successful phishing attack. It’s an expensive nightmare for any business, especially one in the healthcare sector.

ID Agent to the Rescue: Learn how to protect businesses from ransomware without breaking the bank in our eBook Ransomware 101. DOWNLOAD IT>>


United States – Ubiquiti Networks

https://www.securitymagazine.com/articles/94336-ubiquiti-suffers-data-breach-and-alerts-customers-to-change-passwords

Exploit:  Ransomware

Ubiquiti Networks: Communications Technology Firm 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.979 = Severe

Ubiquiti Networks announced that an intruder made its way into that company’s servers. The hacker was able to access stored data on UI.com users, such as names, email addresses, and salted and hashed passwords. It is currently unclear how many users have been affected. The company says there is no indication that there has been unauthorized activity with respect to any user’s account, and the incident is still under investigation.

Individual Risk: No personal or consumer data was reported as impacted in this incident.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Hacking can come from many directions, but one common source is credential compromise. By adding strong access point protection, companies can add extra security against hackers like this.

ID Agent to the Rescue: Protect every door that hackers could use to slip into your systems and steal your data with secure identity and access management tools like single sign-on and multifactor authentication for less with Passly. SEE PASSLY IN ACTION>>


United States – South Country Health Alliance

https://www.beckershospitalreview.com/cybersecurity/email-phishing-attack-on-minnesota-health-plan-exposes-info-of-66-000-members.html

Exploit: Phishing

South Country Health Alliance: Health Plan Provider

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.812 = Severe

South Country Health Alliance, a county-owned health plan based in Owatonna, MN, experienced a data breach after a successful phishing attack let cybercriminals access the protected health data and personal information of more than 60K members. The incident has been under investigation since the attack was first confirmed in September 2020, and the filing made with HIPPA regulators noted that affected patients were informed starting 12/30/20.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 2.006 = Severe

The exposed information included names, Social Security numbers, addresses, Medicare and Medicaid numbers, health insurance information, diagnostic or treatment information, death dates, provider names and information about treatment costs. The health plan is offering complimentary credit monitoring and identity protection service to impacted members.

Customers Impacted: 66,874

How it Could Affect Your Customers’ Business: Phishing attacks on healthcare targets have been increasing, as the demand for healthcare information and the opportunity afforded to cybercriminals by an overstressed healthcare system creates fresh opportunities.

ID Agent to the Rescue: Don’t be surprised by the tricks that cybercriminals are using these days to trick employees. Get the skinny on today’s common lures in our eBook Phish Files. GET THE EBOOK>>



The Week in Breach News – Canada


Canada – Government of Saskatchewan Hunting, Angling & Fishing Licensing (HAL)

https://globalnews.ca/news/7573195/saskatchewan-privacy-commissioner-hunting-licence-breach/ 

Exploit: Human Error

Government of Saskatchewan HAL: Regional Regulatory System

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.775 = Moderate

The Government of Saskatchewan is informing citizens that an information security incident occurred on 01/07/20 when an email regarding Hunter Harvest surveys was sent to HAL customers from a third-party agency called Aspira. That contractor sent an email that contained the wrong customer name and HAL account identification number to about 33,000 email addresses, scrambling information to the wrong people.

cybersecurity news represented by a gauge indicating moderate risk

Individual Risk: 2.833 = Moderate

The only information that has been reported as compromised at this time was the name and HAL identification number of affected parties. No payment or other personal information was declared impacted in this breach.

Customers Impacted: 33,000

How it Could Affect Your Customers’ Business: The number one cause of a data breach is always the same: human error. By building cyber resilience, organizations can make sure that they’re ready for challenges brought on by employee mistakes.

ID Agent to the Rescue: Get in the fast lane to creating a cyber resilient organization that’s ready for tomorrow’s challenges with our new eBook and resource package The Road to Cyber Resilience. GET THIS RESOURCE>>



The Week in Breach News – United Kingdom & European Union


United Kingdom – Nohow International

https://www.constructionnews.co.uk/contractors/amey/amey-hit-by-cyber-attack-05-01-2021/

Exploit: Unsecured Database

Nohow International: Staffing Firm 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.411 = Extreme

In a devastating blunder, unsecured Microsoft Azure Blob exposed deeply sensitive documents of more than 12,000 construction workers. The treasure trove contained 12,464 images, PDF documents, and email messages presumably sent by the exposed workers to Nohow International in the course of gaining and changing employment with the staffing firm.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.221 = Severe

Employee data impacted in this breach includes scans of passports, national IDs, birth certificates, and tax returns. This data also contained MSG files of email messages sent by construction workers to Nohow’s email address used specifically for receiving documents. The email messages include the workers’ personal and payment information, such as taxpayer reference and national insurance numbers, as well as banking details. This extremely sensitive information can be used to facilitate spear phishing attacks and identity theft.

Customers Impacted: 12,000

How it Could Affect Your Customers’ Business: Failure to secure an average database is a ding to a company’s reputation for trustworthiness, but failing to secure a database full of extremely sensitive information like this could be devastating.

ID Agent to the Rescue: Are your customers covering all of their security bases? Get the Cybersecurity New Year’s Resolutions Checklist and go over it with them to make sure! DOWNLOAD THE CHECKLIST INFOGRAPHIC>>


The Netherlands – Eneco

https://hotforsecurity.bitdefender.com/blog/dutch-energy-supplier-blames-cyber-intrusion-on-data-breaches-suffered-by-other-companies-25098.html

Exploit: Credential Stuffing

Eneco: Energy Company 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.827 = Severe

Dutch energy supplier Eneco has warned tens of thousands of clients, including business partners, to change their passwords after a recent data breach following a suspected credential stuffing attack. The company reported that hackers accessed approximately 1,700 private and small business accounts. A separate group of approximately 47,000 customers is also being informed by email about the incident “as a precaution”. The investigation is still ongoing.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.717 = Severe

The company stated that affected customers may have had their data “viewed and possibly changed by third parties,” but was unspecific about the exact impact.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Credential stuffing is a popular attack because it’s cheap, effective, and it’s been made so easy due to an abundance of Dark Web data to fuel it.

ID Agent to the Rescue: Businesses that protect their data with Passly gain essential protection against attacks like credential stuffing with tools like multifactor authentication at an excellent price. LEARN MORE>>



The Week in Breach News – Asia Pacific


Japan – Capcom

https://threatpost.com/data-breach-resident-evil-gaming/162977/

Exploit: Ransomware

Capcom Co. Ltd.: Videogame Developer 

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.332 = Extreme

Recent data breach damage at Capcom was significantly worse than they thought. Capcom has announced that their investigation has uncovered that the personal data of up to 400,000 customers was compromised in the attack — 40,000 more than the company originally estimated. The announcement added that its investigation is ongoing and that new evidence of additional compromise could still come. The Ragnar locker ransomware group also captured  1TB of corporate data, including banking details, contracts, proprietary data, emails and more.

cybersecurity news represented by a gauge indicating moderate risk

Individual Risk: 2.623 = Moderate

It’s uncertain if any further client data was impacted. Capcom was quick to note that no customer credit-card data was exfiltrated during the breach, saying that it’s currently safe to play and purchase the company’s games online since those transactions are handled by a third-party service provider.

Customers Impacted: 400,000 and growing

How it Could Affect Your Customers’ Business: No business is too big or too small to fall prey to cybercrime. Ransomware can strike companies of any size and deliver an impact that resounds for months.

ID Agent to the Rescue: Protect clients from ransomware by protecting them from its source: phishing. Our newly revamped phishing resistance training solution BullPhish ID makes managing campaigns easy with new, user-friendly training portals. LEARN MORE>>



The Week in Breach News Guide to Our Risk Scores


1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.


The Week in Breach: Added Intelligence


Go Inside the Ink to Get the Inside Scoop on Cybercrime

Every weekday, our blog features timely cybersecurity and breach news, problem-solving advice, and expert analysis of today’s threats, plus insight that helps you plan for tomorrow. Don’t miss it!



The Week in Breach: Resource Spotlight



Introducing the NEW BullPhish ID


Phishing is the number one cybersecurity threat. Your customers need extraordinary security awareness and phishing resistance training to fight back – but it has to have all the right features, and the price has to be right too. We heard you loud and clear. That’s why we’re grabbing the bull by the horns and making changes to BullPhish ID that incorporate those needs to make it the perfect phishing resistance training solution for every client.

Meet the new BullPhish ID:

  • All of the training capabilities of the original BullPhish ID plus…
  • NEW! A user-friendly training portal that makes it a snap to assign, deliver and monitor training
  • NEW! Customization capability for phishing messages 
  • NEW! An option to add attachments to phishing messages
  • NEW! Training portal white-labeling capabilities
  • NEW! The BullPhish ID Certified Administrator Course

Ready to get started building your security awareness training business with the amazing new updated and upgraded BullPhish ID? Contact one of our experts today to get down to business! SET UP A DEMO>>

Looking for more resources to support your phishing resistance training push? Here you go!

Phish Files – A deep dive into phishing threats including statistics about the benefits of phishing resistance training. GET IT>>

The Security Awareness Champion’s Guide – Get a broad overview of cybersecurity threats and how to beat them. GET IT>>

How Phishing and Security Awareness Training Will Reduce Your Largest Attack Surface – Get expert advice on demonstrating the value of training in this webinar. WATCH IT>>




2021 Phishing Danger Meets Its Match in the Newly Revamped BullPhish ID 


No doubt, 2020 was a record year for phishing – phishing risks skyrocketed by more than 600%, and COVID-19 was named Google’s biggest phishing topic in history. , making it the favorite tool of cybercriminals. Phishing has damaged businesses of every size from mom-and-pop shops to corporate giants.

As 2021 gets started, this is the perfect time to talk to your clients about phishing dangers, especially spear phishing threats, because these facts about spear phishing in 2020 really speak for themselves.

  • More than 90% of data breaches start with a phishing attack 
  • Small businesses receive 94% of their attack threats via email
  • An estimated 80% of firms saw an increase in cyberattacks in 2020
  • Spear phishing has grown by more than 660% since the start of 2020 
  • Over 80% of all 2020 business cyberattacks were phishing attacks

We’ve tabulated our data from BullPhish ID’s 2020 activity, and we’ve made some interesting conclusions. One striking thing that we noticed was that users across the board were most likely to enter their credentials in response to lures that were disguised as routine security messages (like suspicious activity inquiries) or COVID-19 information.



Here are the top 3 phishing simulation emails that enticed end users to submit their credential or other sensitive data in 2020:

  • Fraud Warning: Suspicious Login Detected. – 1827
  • An unusual Google Chrome sign in detected – 1594
  • COVID-19 Mandatory Seminar – 846

The total number of credentials submitted by users in training in 2020: 14,103

Total number of credentials submitted by industry in 2020: 14,103

Industry breakdowns:

  • Energy & Transportation – 197 submitted
  • Service Provider – 772 submitted
  • Manufacturing – 848 submitted
  • Education & Research – 1586 submitted
  • State/Local Government – 221 submitted
  • Finance & Insurance – 458 submitted
  • Business & Professional services – 660 submitted
  • Wireless Industry – 10 submitted
  • Construction & Engineering – 1503 submitted
  • Aerospace & Defense – 165 submitted
  • Systems Integrator – 81 submitted
  • Federal Government – 64 submitted
  • Legal – 386 submitted
  • Medical & Healthcare – 2762 submitted
  • High-Tech & IT – 1779 submitted
  • Non-Profit Organization – 1056 submitted
  • Retail & eCommerce – 336 submitted
  • Pharmaceutical – 29 submitted
  • Other – 1190 submitted

As this data demonstrates, phishing danger is around every corner for every business in every industry. Your clients need help fighting back against this rising tide of risk – and BullPhish ID is the perfect solution for you to recommend to secure your clients in businesses of any size.

Contact the experts at ID Agent and let’s talk about how we can help you grow your business and secure your clients against today’s biggest threat with the amazing new features that are now available from BullPhish ID.


Join Us at These Events!


Jan 21 – MSP Mastered® Level 1: Understanding Your Financials REGISTER NOW>>
Jan 26 – Customer Experience Confidential REGISTER NOW>>
Jan 27 – 5 Proven, Practical Steps to Close New Security Business REGISTER NOW>>
Jan 28 – MSP Mastered® Level 1: Determining Your True Cost of Service Delivery and Profit REGISTER NOW>>
Feb 4, 11, & 18 – Making a Battle Plan for Profit (choose from 3 regions) REGISTER NOW>>
Feb 11 – MSP Mastered® Level 1: Staffing, Hiring and Designing High-Performing Compensation Plans REGISTER NOW>>
Feb 25 – MSP Mastered® Level 1: Pricing and Bundling for Profit REGISTER NOW>>
Mar 11 – MSP Mastered® Level 1: Developing Effective Master Service Agreements and SOWs REGISTER NOW>>
Mar 25 – MSP Mastered® Level 1: Optimizing and Integrating Your Business Platforms REGISTER NOW>>



The Week in Breach: A Note for Your Customers


Can Your Staff Really Spot Phishing Messages? Can You? 


Phishing is a threat that looms large for every business. In 2020, phishing threats grew by more than 600% as cybercriminals took advantage of a perfect storm of factors that gave them great advantages: a newly remote workforce, world unrest, the COVID-19 pandemic and a crashing economy.

That’s definitely a growth category for cybercrime in 2021. Damage related to cybercrime including phishing-related threats like ransomware and business email compromise is projected to hit $6 trillion annually in 2021 as a new cyberattack is launched every 39 seconds.

One of the best investments that you can make to protect your business from today’s worst cyberattack threats is security awareness training featuring phishing resistance. We’re making that easier than ever before with the newly updated BullPhish ID.

Featuring user-friendly training portals, customizable training materials, and simple remote management, BullPhish ID is the top-flight training solution that includes everything that you need to get your team ready to face down phishing at an excellent price.

Don’t wait to start your 2021 security awareness and phishing resistance training program. Act now to start protecting your business from cybercrime before one click on one phishing email costs you a fortune.



Get high-quality tools to help you connect with your customers with our free resources for marketing and education like eBooks, webinars, social media graphics, infographics, and more!

Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in its entirety) for your own social media and marketing efforts. Just send an email to [email protected] to let us knowwe welcome your feedback and we love to hear about how our content works for you!

Ready to become an ID Agent Partner or learn more about our remote-ready suite of cybersecurity solutions including the award-winning DarkWeb ID? Contact us today!