The Week in Breach News: 04/07/21 – 04/13/21
Cybercriminals leak the PII of millions of professionals in a new LinkedIn breach, an unwelcome visit by nation-state hackers exposes data at BlueCross BlueShield DC and kicking off Supply Chain Security Month with fresh tips for mitigating two major third-party and supply chain risks plus handy resources to brush up on it!
United States – CareFirst BlueCross BlueShield Community Health Plan District of Columbia (CHPDC)
Exploit: Nation-State Hacking
CareFirst BlueCross BlueShield Community Health Plan District of Columbia (CHPDC): Insurer
Risk to Business: 1.761= Severe
CareFirst BlueCross BlueShield’s Community Health Plan District of Columbia (CHPDC) has announced a data breach carried out by what it described as a “foreign cybercriminal” group. The insurer confirmed that sensitive information about members was snatched and that they’ve notified authorities including the FBI and the Office of the Attorney General for the District of Columbia
Individual Risk : 1.603 = Severe
In a written notification to customers, CHPDC noted that the stolen information may have included names, addresses, phone numbers, dates of birth, Medicaid identification numbers, and other medical information. The company is offering free two-year credit and identity theft monitoring and a website with more information on help for consumers.
Customers Impacted: Unknown
How It Could Affect Your Customers’ Business: Nation-state cyberattack risks aren’t just a problem for government and military targets anymore. These clever cybercriminals will exploit any opening fast.
ID Agent to the Rescue: Make sure that everyone on the IT team is up to date on today’s threats and ready for tomorrow’s with the tips and tricks in “The Security Awareness Champion’s Guide“. GET THIS FREE BOOK>>
United States – Office Depot
https://www.websiteplanet.com/blog/office-depot-leak-report/
Exploit: Unsecured Database
Office Depot: Business Supply Retailer
Risk to Business: 1.803 = Severe
Security researchers discovered a non-password-protected Elasticsearch database belonging to Office Depot that contained just under a million records. The exposed records were labeled as “Production” and contained customer information, file logs and other internal records for European customers, primarily in Germany. The company has addressed the issue.
Individual Risk: 2.267 = Severe
The exposed data includes names, phone numbers, physical addresses (home and/or office), @members.ebay addresses, and hashed passwords. The leak also exposed Marketplace logs and order history, exposing the customers’ past purchases and costs from European customer records.
Customers Impacted: 533 million
How it Could Affect Your Customers’ Business Cybercriminals will benefit from this trove. Data like this is transacted every day on the dark web, providing ample ammunition for future cyberattacks and fraud.
ID Agent to the Rescue: Dark Web ID alerts businesses to credential compromise fast, giving them the edge to fix vulnerabilities before the bad guys even know they’re there. WATCH A VIDEO DEMO>>
United States – LinkedIn
Exploit: Hacking
LinkedIn: Social Media Network
Risk to Business: 1.612 = Severe
Bad actors have dropped notice that they’ve obtained an archive containing data purportedly scraped from 500 million LinkedIn profiles. A sample of data was posted on a popular hacker forum, with another 2 million records leaked as proof of the haul. More than 780,000 email addresses are associated with this leak. The initial listing contained 4 archives, but after LinkedIn denied the data breach, threat actors updated their ad to include 6 additional archives that allegedly include 327 million scraped LinkedIn profiles, putting the overall number of scraped profiles at 827 million including potential duplicates.
Individual Risk: 2.309 = Severe
This mass of leaked files contains PII about LinkedIn users including LinkedIn IDs, full names, email addresses, phone numbers, genders, links to LinkedIn profiles, links to other social media profiles, professional titles and other work-related data.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Following hard on the heels of last week’s Facebook breach social media risks are multiplying fast and growing serious for businesses.
ID Agent to the Rescue: Dark web danger is growing for businesses as millions of records scraped from social media dues land in dark web markets create new vulnerabilities. PROTECT YOUR BUSINESS>>
United States – Personal Touch Holding Corp. (PTHC)
Exploit: Hacking
Personal Touch Holding Corp. (PTHC): Home Healthcare Provider
Risk to Business: 1.241 = Extreme
New York based medical services provider PTHC has announced a data breach impacting patients. The conglomerate operates Medicare-certified home health agencies, licensed home care service agencies, hospice at home services and Early Intervention Programs, as well as a managed care plan in New York. Both patient data and Member information has been impacted. The incident is under investigation.
Individual Risk: 1.412 = Extreme
Exposed patient information may include medical treatment information, insurance card and health plan benefit numbers, medical record numbers, first and last name, address, telephone numbers, date of birth, Social Security number, and financial information, including check copies, credit card numbers, and bank account information. Leaked Member information may include Medicaid ID number, ID number, provider name, clinical/medical information, first and last name, address, telephone number, date of birth, Social Security numbers, and credit card numbers and/or banking information if members paid their Medicaid surplus through credit card or check.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: This breach isn’t just going to cost a fortune to fix now – it’s also likely to incur a hefty regulatory penalty from state and federal authorities.
ID Agent to the Rescue: Make sure that you’re covering all of the bases to avoid breaches and nasty regulatory action with our Cybersecurity Risk Protection Checklist. GET THE CHECKLIST>>
Ireland – National College of Ireland (NCI)
Exploit: Ransomware
National College of Ireland (NCI): Institution of Higher Learning
Risk to Business: 2.463 = Severe
Ransomware shut down operations briefly at the National College of Ireland (NCI). School officials announced significant disruption to IT services that has impacted a number of college systems, including Moodle, the Library service and the current students’ MyDetails service. Access to NCI’s IT systems was suspended and the campus building is also currently closed to both students and staff until IT services are restored. The Tallaght campus of the Technological University Dublin (TU Dublin) was also impacted in a similar attack.
Individual Impact: No sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware has been an increasingly popular tool for cybercriminals to use against targets in the education sector. Preventing it from hitting systems is just as important as protecting data.
ID Agent to the Rescue: Stopping ransomware starts with stopping phishing. in “The Phish Files“, you’ll learn strategies to spot and stop phishing attacks fast. READ THIS BOOK>>
France – Pierre Fabre
Exploit: Ransomware
Pierre Fabre: Pharmaceutical & Cosmetics Maker
Risk to Business: 1.772 = Severe
REvil ransomware is to blame for an attack at leading French pharmaceutical group Pierre Fabre. The threat actors initially demanded a $25 million ransom, but that number doubled the REvil ransom to $50 million when the company missed the attackers’ deadline for contact. The nature of the information stolen is unclear, and the company is working to restore its systems and data from backups.
Individual Impact: No sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware isthe weapon of choice for cybercrie, and ransoms have been skyrioocketing as criminals grow more brazen.
ID Agent to the Rescue: Don’t let cybercriminals steal your profits – learn to mitigate the risk in Ransomware 101. DOWNLOAD FREE EBOOK>>
India – Upstox
Exploit: Ransomware
Upstox: Stock Trading App
Risk to Business: 1.755 = Severe
Popular stock trading app Upstox has alerted users of a security breach that exposed some PII for an estimated 2,500,000 customers. The company was careful to note that funds and securities were not impacted. Upstox notified users that it had received messages that claimed unauthorized access to its database along with the breach of its data and KYC details from third-party data-warehouse systems.
Risk to Business: 2.055 = Severe
Upstox has not been specific about the exact customer data stolen but admits that contact data and some identification details may have been exposed. The company has initiated a secure password reset via OTP (one-time password) for all accounts.
Customers Impacted: 2,500,000 customers
How it Could Affect Your Customers’ Business: Cybercrime is around every corner. It’s no longer acceptable to just survive a cyberattack – businesses have to be prepared to endure challenges and still keep going.
ID Agent to the Rescue: Is your organization ready to repel cyberattacks and keep on going? You are if you’re cyber resilient. Learn how to transform your business in “The Road to Cyber Resilience” today. GET THIS BOOK>>
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.
Go Inside the Ink to Get the Inside Scoop on Cybercrime
Are you up to date on the latest news that can impact your business and your customers? Here’s a recap:
- Save Time and Money with Automated Password Resets
- Low Cybersecurity Standards Lead to Disaster
- The Week in Breach: 03/24/21 – 03/30/21
- Even Low-Level Malicious Insider Threats Cause High-Level Damage
- Get the Facts About the Global Year in Breach 2021 & What’s Next
- Lessons Learned from The Global Year in Breach: Multifactor Authentication Beats Cybercrime
- 10 Things You Need to Know About MVP Growthfest 2021
- The Week in Breach 03/17/21 – 03/23/21
It’s Supply Chain Integrity Month – Are Your Clients Protected?
The tide of supply chain risk is rising for every business. It pays to be ready for today’s risk and in a strong position to prevent tomorrow’s threats from becoming successful cyberattacks.
Go inside third-party and supply chain risk (TPR/SCR) scenarios in our essential guide Breaking Up with Third-Party and Supply Chain Risk to learn more about how this danger keeps growing for businesses and things that you and your clients can do right now to mitigate it. This 2021 publication includes fresh TPR/SCR statistics! GET THIS BOOK>>
Are your clients agile enough to keep operating in adverse conditions when unexpected cybersecurity incidents arrive at their door through third-party and supply chain enabled attacks? Building cyber resilience is key to powering through challenges, and our eBook The Road to Cyber Resilience can help. GET THIS BOOK>>
Make sure your clients are covering all of the bases to protect systems and data with the Cybersecurity Risk Protection Checklist! GET THIS CHECKLIST>>
LAST CHANCE! MVP Growthfest is Just Around the Corner!
This is your final opportunity to register for the most energetic, growth-focused virtual event of the spring, MVP Growthfest. April 20 from 12 pm to 4:45 pm ET featuring the legendary Wayne Gretzky and MSP Growth All-Stars.
Don’t miss:
- Four power-packed MSP building panels
- Exclusive keynote with Wayne Gretzky
- Over 15K in cash & prizes
- Unbeatable networking opportunities
- Inspiration and fun!
Hurry, there are only a few spaces left! REGISTER NOW>>
Secure Your Clients Against Third Party/Supply Chain Risk Fast
CISA has declared April National Supply Chain Integrity Month. But you don’t have to be a US-based business to benefit from this helpful reminder! No business is an island and third-party/supply chain risk is snowballing for every organization. As a flood of records stolen in data breaches continues to fuel cybercrime from the dark web, your clients are at an increased risk for BEC, ransomware, spear phishing, impersonation scams and so much more. this problem isn’t going away anytime soon. In fact, expect it to continue getting worse. You’ll want to review your clients’ security posture against third-party and supply chain risk today (TPR/SCR) – and we’re here to help you address vulnerabilities fast!
Almost Every Business Experienced a TPR/SCR Risk in 2020
In an increasingly interconnected world, companies are more intertwined than ever before. MasterCard’s Risk Recon unit reported on the proliferation of risk factors that businesses face today in The State of Third-Party Risk. Their survey respondents said that when it came to the necessity of checking vendors for cybersecurity risks, one-third assessed fewer than 25 vendors annually, another third checked between 25 and 100 and the last third dealt with more than 100 vendors. About 5% of respondents were in charge of assessing more than 750 third per year! Even a highly reputable major vendor like Microsoft could saddle businesses with an unexpected vulnerability.
Just because they’ve reached out to assess cybersecurity procedures and policies at a potential third party or supply chain connection, that doesn’t mean that the connection is safe. While 81% of respondents claimed that 3/4 of their vendors pass their security questionnaires, only 14% of those surveyed trust those responses. 31% of respondents stated that they have vendors they considered to be a material risk in the event of a data breach. That tracks with other industry data indicating that an astonishing 98% of monitored organizations clocked a threat from a supplier domain in 2020.
More Dark Web Data = More TPR/SCR
Why are organizations facing more relationship risk than ever before? An enormous amount of data hit the dark web last year, including an estimated 22 million new records. Experts already estimated that 65% of the information on the dark web at the start of 2020 could harm businesses. Those new records and other scraped or stolen information provide abundant fresh fuel for cybercrime, increasing everyone’s risk. Threats from suppliers’ jacked domains are also a huge problem. Cybercriminals piggybacking on legitimate business domains has increased risk in every sector. About 74% of those threats are phishing attempts or impostor schemes, and almost 30% were malware-related.
Newly ascendant supply chain and third-party risks have had a profound impact on business security. When looking at the fallout, another survey reported that 80% of respondents had suffered at least one breach via the supply chain, a majority had suffered at least two breaches and one in ten had suffered more than six. The manufacturing sector was especially beleaguered, with 57% of survey respondents saying they have suffered breaches related to supply chain exposure in the past 12 months. Visibility is a major concern – 29% of the executives said they had no way of knowing if a risk was spawned at a vendor until it became a cyberattack on their business.
Mitigating This Risk Isn’t Impossible
TPR/SCR may be growing, but there’s no reason why your clients can’t gain some peace of mind against it when you guide them into taking a few practical, affordable steps to minimize their exposure and keep their data safe. The best part is that not only will these moves protect them from TPR/SCR, they’ll also gain additional protection against other cyberattacks that they might be faced with, increasing their overall cyber resilience.
Password Compromise
This huge pitfall is one of the top ways that companies gain risk exposure through the supply chain because password reuse is endemic and at least 65% of people reuse passwords across the board, including for business or enterprise accounts. But two solutions are strong defenders in the fight against password compromise risk from these sources.
- Multifactor authentication stops 99% of password-based cybercrime including an employee’s often-recycled password, and it’s just one of the many tools that boost security through Passly.
- Dark web monitoring with Dark Web ID gives IT teams crucial time to respond if a company’s passwords hit dark web markets or dumps no matter where they’re snatched from enabling companies to react before the bad guys do.
Spear Phishing & Ransomware
Exponential growth in phishing risk has put every business solidly in cybercriminal sights. Bad actors are using the data gleaned from breaches at service providers, manufacturers, wholesale suppliers, transportation companies, business services firms and more to mount phishing-based cyberattacks on companies in every industry.
- Reduce the chance of a phishing attack from harming a business by up to 70% with security awareness and phishing resistance training through BullPhish ID
- Repeat that training at least quarterly using preloaded phishing simulation kits or customize the content to reflect industry-specific dangers including attachments and URLs
Securing your clients against the escalating risk that comes from third parties or the supply chain immediately is crucial – 72% of compliance leaders expect the number of TPR/SCR risk that companies face to increase in 2021. By acting now to take sensible precautions, you and your clients can feel confident that you’re insulated against this growing threat vector. Contact the experts at ID Agent to find the perfect combination of solutions to defeat this risk.
Apr 13 – The Ultimate Customer Retention Blueprint for MSPs REGISTER NOW>>
Apr 20 – MVP Growthfest featuring Wayne Gretzky REGISTER NOW>>
Apr 20 – 21 Managed Services Summit Live (EMEA) REGISTER NOW>>
May 11 – 14 Robin Robins Boot Camp REGISTER NOW>>
Third-Party Risk Brings Danger to Your Door Daily
Even if you’re making all the right cybersecurity moves, can you be certain that every organization that your business has a relationship with is doing the same thing? 98% of organizations have had a threat arrive at their doorstep because of a data breach or security incident a third party or supply chain source in the last 12 months – and that’s a vector for incoming cyberattacks that you may not even know about.
Third-party and supply chain risk can come from any vendor or service provider that you do business with. Are you outsourcing file transfers or information storage? That’s how more than a dozen universities were hacked using information gained in a breach at transference and collaboration specialist Accellion. Using specialized software for fundraising? Hundreds of leading charitable organizations and trusts were too – and many of them were hacked because of a data breach at software provider BlackBaud.
No business can exist without others. Any organization that has information about your business could be putting your systems and data at risk. As the world becomes more interconnected and cloud-based, that risk is growing every year. New cyberattacks fueled by dark web data are adding to that risk too. At the start of 2020, an estimated 65% of the information already on the dark web could harm businesses, and 22 million more new records were added by the end of that year.
Reduce your company’s chance of damage from a third party or supply chain based attack by taking a few simple precautions. Add multifactor authentication to every account – Microsoft says that it stops 99% of password-based attacks. Increase phishing resistance training too. Much of the data that bad actors gain is used for spear phishing. Dark web monitoring helps reduce risk too by alerting you if any of your company’s protected credentials are exposed.
How about some good news? By following these tips, you’re not just increasing your company’s protection against third party and supply chain risk. You’re also boosting your organization’s overall cybersecurity posture against many other damaging risk like ransomware and account takeover as well as increasing your cyber resilience – and that delivers you some much-needed peace of mind.
Get high-quality tools to help you connect with your customers with our free resources for marketing and education like eBooks, webinars, social media graphics, infographics, and more!
Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in its entirety) for your own social media and marketing efforts. Just send an email to [email protected] to let us know – we welcome your feedback and we love to hear about how our content works for you!
Ready to become an ID Agent Partner or learn more about our remote-ready suite of cybersecurity solutions including the award-winning DarkWeb ID? Contact us today!