Please fill in the form below to subscribe to our blog

The Week in Breach News: 03/10/21 – 03/16/21

March 17, 2021

This Week in Breach News:

Molson Coors goes dry after a cyberattack impacts production, the premiere of The Global Year in Breach 2021, ransomware halts unemployment assistance in Spain and our especially timely eBook on third-party risk.



United States – Molson Coors

https://edition.cnn.com/2021/03/11/tech/molson-coors-cybersecurity-hack/index.html

Exploit: Hacking

Molson Coors: Brewing Conglomerate

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.727 = Severe

Molson Coors told regulators that they’ve experienced a serious cybersecurity incident. The hack has taken its systems offline, delaying and disrupting parts of Molson Coors’ operations, including its production and shipments.

Individual Impact: No sensitive personal or financial information was announced as impacted in this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Hacking that disrupts production is a big problem, and reassessing cybersecurity training is a good idea after a serious incident like this.

ID Agent to the Rescue: Grab our Security Awareness Champion’s Guide for a complete walkthrough of today’s nastiest cyberattacks and the tricks that cybercriminals use to conduct them. GET THE BOOK>>


United States – Premier Diagnostics

https://www.infosecurity-magazine.com/news/utah-company-unsecured-server/ 

Exploit: Unsecured Database

Premier Diagnostics: Medical Testing

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.872 = Severe

Utah medical testing company Premier Diagnostics has exposed the sensitive information of more than 50,000 customers by storing personally-identifying information on an unsecured server. The breach at Premier Diagnostics was discovered by researchers and contains sensitive customer data including scans of passports, health insurance ID cards, and driver’s licenses. Patients affected are from Utah, Nevada and Colorado.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.612 = Severe

Patients should be aware of this information being used for identity theft and spear phishing.

Customers Impacted: 50,000

How it Could Affect Your Customers’ Business Sensitive PII requires stong protection, esopecially in the medical sector, because failure to keep it safe incurs huge fines.

ID Agent to the Rescue: Make sure that all of your data is stored securely and improve compliance with regulations like HIPPAA with Passly. SEE PASSLY IN ACTION>>


United States – University of Texas at El Paso

https://www.infosecurity-magazine.com/news/hackers-target-texas-university/

Exploit: Hacking

University of Texas at El Paso: Institution of Higher Learning 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.212 = Severe

The computer network of the University of Texas at El Paso had to be shut down as technicians discovered a significant cyberattack in progress. Email and the server hosting the university’s website were affected by the incident, forcing faculty and students to communicate via Blackboard. The cyber-attack has also led to the closure of the university’s walk-up COVID-19 testing sites.

Individual Impact: No sensitive personal or financial information was announced as impacted in this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Hackers can disrupt large parts of an operation fast, leaving businesses scrambling to get back to work and causing lost revenue.

ID Agent to the Rescue: Get The Road to Cyber Resilience to learn strategies and solutions that can make your business bounce back faster from cybersecurity failures. READ THE BOOK>>


United States -Cochise Eye & Laser

https://www.infosecurity-magazine.com/news/ransomware-attack-on-arizona/

Exploit: Ransomware

Cochise Eye and Laser: Optometry

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.727 = Severe

A ransomware incident at an optometrist located in Sierra Vista, Arizona, has affected up to 100,000 patients. In a recent breach notice, Cochise Eye and Laser informed regulators that the practice has been hit by ransomware, encrypting the office’s patient scheduling and billing software.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.603 = Severe

Patient data stored in the billing software included names, dates of birth, addresses, phone numbers, and in some cases Social Security numbers. There is no evidence that data was exfiltrated, but customers of this practice sjould be ready for potential identity thefy or phishing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: This is a tremendous problem for businesses of every size, and even without confirmation that data was stolen the practice will be dinged with a substantial fine.

ID Agent to the Rescue: Ransomware risks are up by more than 100%. learn how to fight back in Ransomware 101. GET THIS BOOK>>




Canada – Canada Revenue Agency (CRA)

https://www.ctvnews.ca/canada/experts-call-on-cra-to-get-serious-about-cybersecurity-after-800k-users-locked-out-as-a-precaution-1.5346546

Exploit: Hacking

Canada Revenue Agency (CRA): National Taxation Authority

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.102 = Extreme

The CRA has locked down 800,000 online taxpayer accounts following an internal investigation that found user logins and other sensitive information may have been hacked. The agency noted that it could take until March 22 for the issues to be resolved.

Individual Impact: No sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing.

Customers Impacted: 800,000

How it Could Affect Your Customers’ Business: Reports say that this hack was likely discovered by dark web monitoring, preventing a potential cybersecurity disaster.

ID Agent to the Rescue: Dark Web ID is the ideal dark web monitoring solution to guard against credential compromise for businesses. Get alerted to trouble fast. SEE IT IN ACTION>>


Our partners typically realize ROI in 30 days or less. See why nearly 4,000 MSPs in 30 countries choose to grow with ID AGENT solutions and support. BECOME A PARTNER>>



United Kingdom – West Ham Football Club

https://www.infosecurity-magazine.com/news/west-ham-supporters-personal/

Exploit: Unsecured Database

 West Ham Football Club: Professional Sports Team

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.775 = Moderate

English Premier League football club West Ham United appears to have accidentally leaked personal data of supporters on its official website. Cybersecurity experts believe it is likely the problem was caused by an internal error.

cybersecurity news represented by a gauge indicating moderate risk

Individual Risk: 2.802 = Moderate

Details of fan account profiles including full names, dates of birth, telephone numbers, address and email address were displayed when supporters attempted to log into the club’s ticketing website.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Human error is the top cause of cybersecurity incidents. Improve security awareness training for everyone in the organization to reduce it.

ID Agent to the Rescue: BullPhish ID now features customizable “set it and forget it” phishing simulation kits that include attachments, enabling you to simulate the real threats employees face every day. LEARN ABOUT THE NEW BULLPHISH ID>>


Scotland – University of the Highland and Islands (UHI) 

https://www.theregister.com/2021/03/08/uni_highlands_islands_cyber_incident/

Exploit: Ransomware

University of the Highland and Islands (UHI): Institution of Higher Learning 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.603 = Severe

The University of the Highlands and Islands (UHI) in Scotland has been hit with a suspected ransomware attack that has shut down its campuses. All 13 locations across were impacted as well as its Brightspace virtual learning environment.

Individual Impact: No sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware is almost always part of a phishing attack. Brush up on the latest phishing lures to spot and stop phishing in our eBook Phish Files. GET THIS BOOK>>


Spain – State Public Employment Service (SEPE)

https://www.cyberscoop.com/spain-ransomware-employment-agency-sepe/

Exploit: Ransomware

State Public Employment Service (SEPE): Government Agency 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.020= Severe

The cyberattack on Spain’s State Public Employment Service (SEPE) affected the agency’s offices around the country, forcing employees to use pen and paper to take appointments. The suspected ransomware attack disrupted operations at the authortity for unemployment assistance snarling progress for for hundreds of thousands of unemployed Spainiards. The incident is under investigation.

Individual Impact: No sensitive personal or financial information was declared as compromised immediately but the investigation is ongoing and more details may emerge.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware doesn’t discriminate, and even a narrow impact can have big consequences for operations, causing delays and dissatisfaction for clients.

ID Agent to the Rescue: Look at the ascension of this menace in 2020 to see where we think it’s headed in 2021. GET THE GLOBAL YEAR IN BREACH 2021 NOW>>


supply chain risk represented by a handshake overlaid with an image of a chain in green on a black background.

Is Your Biggest Security Threat Already Inside Your Business? Learn to spot and stop insider threats with this kit>> DOWNLOAD IT



1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.



Go Inside the Ink to Get the Inside Scoop on Cybercrime


Are you up to date on the latest news that can impact your business and your customers? Here’s a recap:


Insider threats include phishing. Explore cybercriminal tricks to stop phishing with our new book represented by a light blue comic panel of a phishing hook and old-fashioned comic book style in light blue on dark blue with facts about cybersecurity in 2020

Learn the Secret of How Cybercriminals Trick You Into Falling for Phishing Messages!

Read Phish Files Now>>



NEW RELEASE! The Global Year in Breach 2021


2020 was certainly a wild ride – and packed with learning experiences. See how cybercrime transformed in the face of a global pandemic with a newly remote quarantined workforce, and explore the trends that we see continuing into 2021. In “The Global Year in Breach 2021” you’ll learn:

  • 5 key trends that impacted cybersecurity in 2020 and what they tell us for the future.
  • How the dark web economy drove cybercrime and emerging dark web trends.
  • What cybersecurity professionals can do to stay ahead of the curve.

Download “The Global Year in Breach 2021” and see everything. GET THIS BOOK>>


LAST DAY! Grab & Share Our St. Patrick’s Day Infographic


Remind your customers that they need strong security solutions to secure their systems and data, not just good luck. This infographic includes 10 tips to protect businesses from data-snatching leprechauns in an adorable St. Patrick’s Day theme. get it today and share it with your customers!

Download the infographic “Don’t Believe in Luck” today! DOWNLOAD THE INFOGRAPHIC>>


Don’t Make a Date with Third-Party Risk!

Third-party and supply chain risk is growing more dangerous for every business as cybercriminals maximize on past breaches to create new ones. Find great ways to reduce third-party and supply chain risk in our new eBook “Breaking Up with Third Party and Supply Chain Risk”. You’ll discover:

  • Examples that demonstrate third-party and supply chain data risks to businesses
  • A winning formula for solutions to secure companies
  • Statistics about how and why threats are heating up in the third-party and supply chain risk landscape

Download the NEW eBook “Breaking Up with Third Party and Supply Chain Risk” now. DOWNLOAD THIS EBOOK>>


Grow Your MSP in Just 1 Hour Thanks to the MSP Cybersecurity Webinar

Springtime means growth time for everything – including your MSP. As you get ready to kick your sales into high gear, we’re bringing you a one-hour seminar that can make a world of difference to speed you on your way to success. You’ll learn:

  • How to put a strong foundation under your security business
  • Why adding more security to your menu is a smart move
  • Expert insight into exactly what today’s Multi-Function IT Professional should have in place to succeed

Listen to the “MSP Cybersecurity Webinar” Now! ENJOY THIS WEBINAR>


Don’t let supply chain and third-party risk rain on your parade in 2021! Learn how to protect your business (and your profits) in the eBook “Breaking Up with Supply Chain & Third-Party Risk“! GET IT NOW>>



Third-Party Data Breaches Bring Trickle Down Trouble


As another huge bomb hits the cybersecurity world in the form of the recent Microsoft Exchange hack, it’s a good time to take a look at third-party and supply chain risk to see how it can impact businesses and how it can be mitigated. Over 90% of US businesses experienced a cybersecurity incident like a data breach in 2020 because of a third party or supply chain fault.

It’s important to prepare for this risk because it’s less of a possibility and more of an eventuality in today’s ever more connected world. Those connections are one of the reasons why it has ramped up so steadily. As more and more information about people and businesses accumulates in dark web markets and data dumps, that provides fuel for cyberattacks that perpetuate the cycle, feeding the market. More than 60% of the information available now on the Dark Web could damage businesses, and data breaches exposed 36 billion records in just the first half of 2020.  


See how automated, affordable phishing defense with Graphus can save your business a fortune! GET THE EBOOK>>


More than 60% of data breaches are a result of exposure through third party or supply chain risk. Unfortunately, any business partner, supplier, or service provider with sloppy cybersecurity practices can put an innocent business at risk by doing things that make it easy for data to walk out the door, like the 17% of companies that have all of their sensitive files accessible to all of their employees – or the 41% of US companies that allow employees unrestricted access to sensitive data. 

Also included in that risk calculus, the siren song of making money on the dark web in a challenging economy has increased the possibility of data being snatched for nefarious purposes. An estimated 30% of data breaches involve internal actors with ill intent, including employees moonlighting by selling data or access on the Dark Web.

2020 was not a friendly year for businesses when it came to cybersecurity, especially in the supply chain. About 80% of firms responding to a recent survey said that they’d experienced an increase in cyberattacks in 2020. Supply chain cybersecurity risk warnings increased right along with surging cybercrime, up by 80% in Q2 2020 alone. Two in five SMBs were impacted by a cyberattack in 2020.


Password security statistics represented by an old fashioned lock and key

Would you trust a flimsy old lock for your front door? Why trust one on your data? Learn to Build Better Passwords. GET IT>>


Mitigating Supply Chain & Third-Party Risk Doesn’t Have to Be an Expensive Proposition


Lock Cybercriminals Out Fast


Secure identity and access management with Passly is the gift that keeps on giving when it comes to third-party and supply chain risk. Multifactor authentication (MFA) alone tops 99% of password-related cybercrime. Passly packs MFA into a neat package with all of the best tools to control access and permissions like sign-on (SSO), secure shared password vaults. Now it even eliminates a huge headache for IT teams with automated password resets. Get a huge amount of security for a very small price! LEARN MORE ABOUT HOW PASSLY FIGHTS CYBERCRIME>>


Do Your Homework


Study up on how third-party and supply chain risk has evolved through the pandemic to have an outsized impact on cybersecurity in 2021. In our new eBook Breaking Up with Third Party and Supply Chain Risk, we’ll take you on a journey into the heart of this threat and how it can impact every business – plus we’ll give you strategies and solutions that can be put into place quickly and affordable to secure systems and data. GET THIS EBOOK>>

There are many options to increase security against third-party and supply chain risk. We’re here to help you find the perfect combination for your business. Book a demo of the ID Agent digital risk protection platform now and let’s explore the possibilities. BOOK IT>>




Mar 3 & 9 – MSP Cybersecurity Certification Webinar REGISTER NOW>>

Mar 11 – The MSP Lounge (EMEA Special) REGISTER NOW>>

Mar 11 – MSP Mastered® Level 1: Developing Effective Master Service Agreements and SOWs REGISTER NOW>>

Mar 23 – Xaas Summit: Innovation on Demand Via the Channel (EMEA Special) REGISTER NOW>>

Mar 24 – Lessons Learned from the Pandemic REGISTER NOW>>

Mar 25 – MSP Mastered® Level 1: Optimizing and Integrating Your Business Platforms REGISTER NOW>>

Mar 31 – Apr 1 – Zero Trust World (MSP Edition) REGISTER NOW>>

Apr 20 – MVP Growthfest featuring Wayne Gretzky REGISTER NOW>>




Protect Your Business From Third-Party and Supply Chain Cybersecurity Disasters 


As was recently illustrated by the Microsoft hack, third-party and supply chain risk is a threat that every business is vulnerable to in our interconnected world. But not all of your vendors, service providers, or partners take information security seriously, and that creates risk for your business.

Over 90% of US businesses experienced a cybersecurity incident like a data breach in 2020 because of a third-party or supply chain risk. These businesses didn’t make a cybersecurity misstep themselves – another company created vulnerabilities for them. Often these are vulnerabilities that you won’t even know about until it’s too late.

Third-party and supply chain risk will continue to be a growing problem in 2021 and beyond. The data that cybercriminals glean from data breaches inevitably makes its way into dark web markets and data dumps, providing ample fuel for future cyberattacks. Data breaches exposed 36 billion records in the first half of 2020 alone, feeding plenty of cybercrime. 

Are you positioned to gain the kind of intelligence that helps you get a clear picture of how stolen data may put your business at risk? If you’ve got Dark Web ID, you are. Dark Web ID sends up a red flag to warn you when your company’s credentials make an appearance on the dark web, enabling your security team to take care of that vulnerability before cybercriminals can exploit it.

This is just one increasing risk factor in 2020. As the fallout from the global pandemic settles, more risk from dark web sources will become a problem for businesses. Even cybercriminals have to work a little harder these days to make ends meet. Don’t let them snatch your piece of the pie – add dark web monitoring today to stay in the know about your company’s risk.


Get high-quality tools to help you connect with your customers with our free resources for marketing and education like eBooks, webinars, social media graphics, infographics, and more!

Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in its entirety) for your own social media and marketing efforts. Just send an email to [email protected] to let us knowwe welcome your feedback and we love to hear about how our content works for you!

Ready to become an ID Agent Partner or learn more about our remote-ready suite of cybersecurity solutions including the award-winning DarkWeb ID? Contact us today!