Please fill in the form below to subscribe to our blog

The Week in Breach: Data Breach News 09/30/20 – 10/06/20

October 07, 2020
the week in breach in red under a stylized rendering of the UN IMO logo with 2 red nautical stars and a bag of money superimposed over it in the style of a treasure map.

This Week in Breach: Ransomware hits the high seas at the United Nations International Maritime Organization, Aussie Scouts staffers aren’t picking up a “Phishing Resistance” merit badge anytime soon, a look at rising ransomware costs and rates, plus two new webinars to teach you how to think like a hacker to defeat cybercrime!


Dark Web ID’s Top Threats


  • Top Source Hits: ID Theft Forum
  • Top Compromise Type: Domain
  • Top Industry: Education & Research
  • Top Employee Count: 501+

The Week in Breach – United States 


United States –  Arthur J. Gallagher & Co. 

https://securityaffairs.co/wordpress/108925/malware/ajg-ransomware-attack.html 

Exploit: Ransomware

Arthur J. Gallagher & Co.: Insurance Brokerage 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.119 = Severe

Ransomware struck at insurance giant Arthur J. Gallagher last week, according to the company’s Untied States Securities and Exchange Commission filing. The report went on to note that a limited portion of its internal systems were impacted and its operations were able to continue. Security researchers suspect that bad actors were able to exploit a known security flaw in the company’s servers to gain entry.

Individual Risk: So far, no personal data from clients or employees was noted as exposed in the breach, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Nowadays, ransomware operators aren’t just seeking ways to steal data – they also want to disrupt operations to cause damage.

ID Agent to the Rescue: Get Graphus, the powerful automatic phishing defender that evolves with your business, to protect your company from phishing-based email threats like ransomware. LEARN MORE>>


United States – Cache Creek Casino

https://www.dailydemocrat.com/2020/09/30/cyberattack-shuts-down-cache-creek-casino/

Exploit: Ransomware

Cache Creek Casino: Resort

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.492 = Extreme

Ransomware cleaned up at Cache Creek Casino in California, shutting down operations at the popular gambling destination just as it began recovering from a COVID-19 closure earlier this year. No reopening date has been set as the investigation and recovery continues. Other businesses including a golf club and shopping at the complex remain open. Cache Creek Casino is part of Cache Creek Casino Resort, one of Northern California’s largest casino-resort destinations, is owned and operated by the Yocha Dehe Wintun Nation.

Individual Risk: No individual information was reported as compromised in this incident.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business More than 60% of businesses that experience a damaging cyberattack close – and it’s even more dangerous now as businesses try to recover from COVID-19 closures.

ID Agent to the Rescue: BullPhish ID is the easy, cost-effective solution that helps companies train staffers to be aware of phishing (and ransomware) risks including “set it and forget it” campaign management and plug-and-play training kits. LEARN MORE>>


United States – District of Columbia Bar Association 

https://techcrunch.com/2020/09/30/district-columbia-bar-exposed-personal-data/

Exploit: Unsecured Database

District of Columbia Bar Association: Regulatory Body

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.077 = Severe

An unsecured Elasticsearch server appears to be at fault for a data breach involving the personal data of new lawyers applying to test before the bar at the District of Columbia Bar Association. A whistleblower complaint was first submitted to the association in August, but resolution was slow, and applicant data may have leaked for some time before it was fixed. The DC Bar claims that only one record was exposed, but researchers and applicants who discovered the breach dispute that claim.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 2.206 = Severe

Documents uploaded by applicants that may have been exposed include documents containing personal information like names, phone numbers, email addresses, Social Security numbers, the applicant’s full employment history, previous home addresses, and any disciplinary records provided.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Serious personal information deserves serious security. Any company that collects sensitive information about clients or applicants needs to do due diligence to determine that the information is properly secured.

ID Agent to the Rescue: Don’t let your business just walk into a preventable cybersecurity incident like the failure to secure a database. Make sure that staffers are adhering to basic security best practices with security awareness training from ID Agent. LEARN MORE>>


United States – Clark County School District

https://www.wsj.com/articles/hacker-releases-information-on-las-vegas-area-students-after-officials-dont-pay-ransom-11601297930

Exploit: Ransomware

Clark County School District: Education System

cybersecurity news represented by a gauge showing severe risk  &  Breach News This Week

Risk to Business: 1.871 = Severe

Cybercriminals have followed through on their threats to release the information that they’d snatched about students after officials refused to pay the ransom demanded to release it. Students in the Clark County School District, Las Vegas, Nevada discovered over the weekend that their school records had been dumped on the Dark Web,

cybersecurity news represented by a gauge showing severe risk  &  Breach News This Week

Risk to Individual: 1.660 = Severe

The leak included detailed personal and student record information including students’ names, social security numbers, addresses, and some financial information as well as grades, testing, awards, and disciplinary reports. Impacted students should be wary of spear phishing or identity theft attempts.

Customers Impacted: 320,000

How it Could Affect Your Customers’ Business: Failing to institute regular security awareness training including phishing resistance leaves organizations ripe for ransomware – and cybercriminals are more than willing to double down on ransom demands.

ID Agent to the Rescue: BullPhish ID enables organizations of any size to implement phishing resistance training quickly and easily, bringing staffers up to date on the latest threats without breaking the bank. LEARN MORE>>


United States – eResearch Technology

https://www.bleepingcomputer.com/news/security/uhs-hospitals-hit-by-reported-country-wide-ryuk-ransomware-attack/

Exploit: Ransomware

eResearch Technology: Medical Research Technology Provider

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.330 = Extreme

In a disturbing turn of events, eResearch Technology was severely impacted by a ransomware attack that slowed down progress on COVID-19 vaccine and treatment research. The provider of technology that enables clinical trials and data sharing at organizations including AstraZeneca, Oxford University, and Bristol Myers Squibb, reported that its employees could not access many systems. That in turn affected clinical trials in progress as researchers were forced to track patient data manually using pen and paper. Systems were down for several days for repair.

Individual Risk: No personal data has been reported as impacted in this incident.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware is a devastating weapon that bad actors are using to shut down essential services and attacks in the medical sector have been escalating – just last week healthcare giant Universal Health Services was walloped by ransomware and is still recovering.

ID Agent to the Rescue: Ransomware is almost always the nasty payload of a phishing email. Automate your company’s defense against phishing with Graphus to stop ransomware in its tracks. SEE HOW IT WORKS>>


United States – Oaklawn Hospital

https://www.beckershospitalreview.com/cybersecurity/michigan-hospital-email-phishing-attack-exposes-26-861-patients-info-4-notes.html

Exploit: Phishing

Oaklawn Hospital: Medical Care Provider 

cybersecurity news represented by agauge showing severe risk New This Week in Cybersecurity News Breach News This Week

Risk to Business: 2.126 = Severe

Multiple successful phishing forays at Michigan’s Oaklawn Hospital netted a wealth of information for cybercriminals. After gaining access to several employee email accounts, cybercriminals were able to exfiltrate patient data. The attack is believed to have occurred in April 2020 but was just disclosed in a filing.

cybersecurity news represented by agauge showing severe risk New This Week in Cybersecurity News Breach News This Week

Individual Risk: 1.811 = Severe

Patient information exposed as a result of the incident included names, passwords, dates of birth, addresses, phone numbers, medical and health insurance numbers, Social Security numbers, financial account information, and driver’s license numbers. Impacted patients should be alert to potential phishing and fraud attempts.

Customers Impacted: 26,861

How it Could Affect Your Customers’ Business: Not only does a data breach leave a huge mess of expensive cleanup behind, in many industries like healthcare, a data breach can also mean your organization will be paying big regulatory penalties and fines too.

ID Agent to the Rescue: Information like the patient data obtained in this breach is a hot seller on the Dark Web. Prevent leaked credentials from giving cybercriminals a route into your systems and data with 24/7/365 credential monitoring using Dark Web ID. SEE DARK WEB ID IN ACTION>>


United States – Piedmont Cancer Institute

https://www.beckershospitalreview.com/cybersecurity/piedmont-cancer-institute-email-phishing-incident-exposes-5-226-patients-info.html

Exploit: Phishing

Piedmont Cancer Institute: Specialty Medical Clinic

cybersecurity news represented by agauge showing severe risk New This Week in Cybersecurity News Breach News This Week

Risk to Business: 2.234 = Severe

Atlanta-based Piedmont Cancer Institute experienced a data breach exposing patient records and other sensitive information after an employee fell for a phishing attack. the incident occurred in a window stretching from mid April to early May and was just disclosed.

cybersecurity news represented by agauge showing severe risk New This Week in Cybersecurity News Breach News This Week

Individual Risk: 2.206 = Severe

Patient information exposed due to the email hack includes names, dates of birth, financial account information, and credit/debit card information. Patients who have been affected have been informed and should be alert for identity theft since payment card information was part of this breach.

Customers Impacted: 5,226

How it Could Affect Your Customers’ Business: Securing access to sensitive data is essential. Piedmont Cancer Institute is adding multifactor authentication to combat future incursions, a must-have for every business.

ID Agent to the Rescue: Passly packs essential secure identity and access management tools like multifactor authentication, single sign-on, secure shared password vaults, and more in one cost-effective package. LEARN MORE>>


The Week in Breach – Canada


Canada – Telus/Medisys

https://globalnews.ca/news/7367127/medisys-data-breach/

Exploit: Ransomware

Medisys: Healthcare Provider 

cybersecurity news represented by agauge showing severe risk New This Week in Cybersecurity News Breach News This Week

Risk to Business: 2.391 = Severe

Medisys just disclosed that it had been impacted by ransomware, exposing 60,000 patient records. A division of Telus, Medisys operates clinics in British Columbia and Alberta providing preventive health-care services under the name Copeman Clinics. The company chose to retrieve the stolen data by paying the ransom.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.866 = Severe

The company estimates that the breach disclosed information for about 5% of its clients, but the investigation continues. Stolen information for impacted patients includes names, contact information, provincial health numbers, and test results. Clients’ financial information and social insurance numbers were not affected.

Customers Impacted: 60,000

How it Could Affect Your Customers’ Business: Phishing-based email threats are a danger for any company, and they’re only increasing as cybercriminals take advantage of a wealth of cheap data and software for conducting these attacks on the Dark Web.

ID Agent to the Rescue: In tumultuous times, every company needs to have a strong suite of solutions in place to protect their systems and data in an increasingly dangerous threat landscape. Our digital risk protection platform provides that power at a price you’ll love. SEE OUR SOLUTIONS>>


The Week in Breach – United Kingdom & European Union


United Kingdom –  International Maritime Organization (UN IMO) 

https://www.infosecurity-magazine.com/news/un-shipping-agency-offline/

Exploit: Ransomware

UN IMO: Shipping Safety Regulatory Authority  

cybersecurity news represented by agauge showing severe risk New This Week in Cybersecurity News Breach News This Week

Risk to Business: 2.071 = Severe

Ransomware chose UN IMO as it’s newest port of call last week, taking several key systems offline at the regulatory organization. in an announcement, UN IMO reported that its Global Integrated Shipping Information Systems (GISIS) database, document repository IMODOCS, and its Virtual Publications service had been knocked down by the attack. Restoration and recovery is underway, and most systems have been restored.

Individual Risk: No personal information was reported as impacted in this incident.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: The number one way for ransomware to land at your business is through a phishing email. Increasing security awareness training including phishing resistance training is essential for preventing cybercrime like ransomware from impacting your organization.

ID Agent to the Rescue: BullPhish ID makes your staffers more wary of suspicious messages. Featuring easy remote management and plug-and-play training kits in 8 languages, BullPhish ID is ideal for training an in-office or remote workforce. SEE BULLPHISH ID IN ACTION>>


Switzerland – Swatch

https://www.reuters.com/article/us-swatch-ch-cyber/swatch-shuts-down-some-technology-systems-after-cyberattack-idINKBN26K1F8

Exploit: Ransomware

Swatch: Watchmaker

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.301 = Severe

World-renowned watchmaker Swatch was hit with ransomware that impacted several of its systems, causing disruptions throughout its operations for several days. Some systems weren’t directly affected but were shut down to mitigate damage and stem the tide of the infection. The company did not identify the exact type of ransomware used but indicated in a statement that it was aware of the culprit and would be pursuing legal action accordingly.

Individual Risk: No individual information has been reported as compromised in this incident.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware doesn’t always allow thieves to steal data – sometimes cybercriminals want to shut a business down by stopping production or impacting other business operations to cause disruption.

ID Agent to the Rescue: Don’t let ransomware shut down your operations. Put 3 layers of protection against email threats like ransomware and your business with Graphus, the automated phishing guardian that’s on duty 24/7/365. LEARN MORE>>


The Week in Breach – Australia & New Zealand


Australia – Scouts Victoria

https://portswigger.net/daily-swig/scouts-victoria-reports-data-breach-after-employee-duped-by-phishing-campaign

Exploit: Phishing

Scouts Victoria: Youth Organization

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.227 = Severe

Someone needs to spend more time working on their “Phishing Defense” merit badge at Scouts Victoria after an employee fell for a phishing attack exposing the personally identifiable data of thousands of members. The youth organization provides empowerment, community support, and job training for young people. The incident happened in late July and August 2020. Scouts Victoria said it has notified the victims of the breach and has contacted relevant government authorities, including the Office of the Australian Information Commissioner (OAIC) and the Department of Human Resources.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 2.317 = Severe

Sensitive information including names, phone numbers, credit card information, ID documents including passport information and driver’s license details, and bank details were exposed ion the breach, but it’s unclear if that data belongs to youth members, parents of members, or adult volunteers.

Customers Impacted: 900 estimated at this time, but the organization’s full membership includes 17,000 youth members and 5,000 adult volunteers.

How it Could Affect Your Customers’ Business: Phishing is a dangerous proposition that every business faces daily, but businesses who store sensitive information, especially about children, need to be sure that their data is protected even if a staffer falls for a phishing attack.

ID Agent to the Rescue: Add an essential second layer of protection between the bad guys and your data with secure identity and access management controls like multifactor authentication with Passly. SEE A DEMO>>


The Week in Breach – Asia & Pacific


India – Edureka

https://inc42.com/buzz/edureka-suffers-server-breach-data-of-2-mn-users-exposed/

Exploit: Unsecured Database

Edureka: Education Technology Provider

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.866= Severe

Cybersecurity researchers discovered an unsecured Elasticsearch server belonging to Indian education technology service Edureka that was overflowing with information for bad actors to savor – 25 gigabytes of fresh data, containing more than 45 million breached records of personal data from users. Many of the records were duplicates or fragments, obfuscating the real impact. After informing the company and not receiving a response, the researchers informed the Indian Computer Emergency Response Team (CERT-In) and the server was secured.

cybersecurity news represented by a gauge indicating moderate risk

Individual Risk: 2.661 = Moderate

The exposed server contained names, addresses, and phone numbers for users primarily located in India, although some US users were also impacted.

Customers Impacted: 2 million estimated

How it Could Affect Your Customers’ Business: Failing to secure a server is a rookie move and an indication that a company may not be using cybersecurity best practices elsewhere in the organization.

ID Agent to the Rescue: Data like this generally ends up in a Dark Web data dump, the fuel that empowers cybercrime with millions of PII records, email addresses, and passwords. Protect your company from password compromise due to Dark Web data dumps and be alerted if any of your protected credentials appear in one with Dark Web ID. SEE THE POWER OF DARK WEB ID>>


The Week in Breach Risk Levels


1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.



The Week in Breach: Added Intelligence


Go Inside the Ink to Get the Inside Scoop

Every weekday, our blog features timely cybersecurity and breach news, problem-solving advice, and expert analysis of today’s threats, plus insight that helps you plan for tomorrow. Don’t miss it!


The Week in Breach: New Resources


Phishing Confidential: Offense and Defense Playbooks of a Phishing Attack

To win any war, you need to be able to understand both sides – what they’re after, what tools they can use, and how to stop them. In this webinar, we bring together two experts in phishing to demonstrate the offensive and defensive sides of a phishing attack, as well as show you innovative ways to protect your clients from today’s biggest threat.  

  • Renowned Hacking Expert & ID Agent Security Analyst Duncan Miller will demonstrate live how phishing-related cyberattacks endanger businesses
  • Phishing Defense Master & CEO of Graphus Manoj Srivastava will show you how to defend your businesses from phishing-related cyberattack danger
  • Go inside phishing attacks with a court-side view and learn the tricks of the trade to plan an effective phishing defense

A Cybersecurity Trilogy – Predict: A New Idea 

Take a deep dive into the reasons why social engineering attacks can be so successful as you learn how hackers use psychological tricks to influence user behavior and get that fatal click on a malicious link in a phishing email. Get insight into puzzles like how bad actors capitalize on fear and confusion around subjects like COVID-19 to land more effective attacks. 

You’ll learn:

  • What makes cybercriminal traps so enticing with Cybersecurity & Human Behavior expert Jessica Barker (named one of the Top 20 Most Influential Women in Cyber Security in the UK)
  • How social engineering drives cybercrime like phishing with Minoj Srivastava, CEO of Graphus
  • Easy ways to secure your clients against phishing-related cybercrime

In case you missed it last week: Brush up on 2020 phishing facts and new tools to boost your clients’ protection: Download “Fresh Phish: How Not to Become the Catch of the Day in the 2020 Phishing Boom



Cybersecurity Awareness Training is a Win for You and Your Clients


In a challenging economy, every client is looking for a way to save money – and every corner of the budget is on the table. That makes it hard to convince them of the importance of things like security awareness and phishing resistance training when intangibles always look like a good place to economize.

In 2020, 80% of firms have seen an increase in cyberattacks, and phishing attempts have increased by more than 660% since March 1, 2020. In these tumultuous times, companies can’t afford to ignore the benefits of training to save money. Businesses that engage in regular security awareness training like phishing resistance training have up to 70% fewer expensive, damaging cybersecurity incidents, making security awareness training a clear cost-benefit proposition.



Phishing resistance training definitely provides measurable value. Today, 90% of incidents that end in a data breach start with a phishing email. It’s just smart to increase phishing resistance training to mitigate that risk. Plus, since more than 80% of all reported cybercrime is phishing-based, it’s a smart bet to invest resources in phishing resistance training.

The damage related to cybercrime is projected to hit $6 trillion annually by 2021, and the average cost of a data breach in 2020 is $3.86 million. Anything that a company can do to avoid similar costs should be right at the top of their essential expenses list, and that includes security awareness and phishing resistance training.

Are you an ID Agent Partner that could use a hand closing a tricky deal like demonstrating the value of security awareness training? With Goal Assist, we’ve got your back. Get the helping hand you need to notch that win. LEARN MORE>>



The Week in Breach: A Note for Your Customers


Ransomware Incidents and Expenses Are on the Rise – and No Business is Safe  

Ransomware is a terrifying threat that every business is facing these days and a favored tool of cybercriminals. Ransomware incidents are becoming more frequent, and both ransoms and recoveries are growing more expensive. Here are our best tips for avoiding getting caught up by expensive, damaging ransomware. 

Add an automated phishing defense solution. Your employees can’t click on a ransomware-laden email if they never get it. Automated phishing protection using a smart solution like Graphus reduces the chances of a dangerous email reaching your employees and also provides warnings to call out unusual communications.

Never stop training. Cybercriminals are constantly updating their phishing attack playbooks. Shouldn’t you be constantly updating your phishing resistance training to fight back? When you use BullPhish ID for phishing awareness training, you have access to more than 100 plug-and-play phishing simulation kits, with new kits added every month to ensure that you’re training for the latest threats.

Lock your doors. Take the sting out of a stolen, phished, or cracked password by adding secure identity and access management to your defenses. It’s a recommended mitigation for cybercrime by the FBI. Choose a multifunctional solution like Passly to get all of the features that you need like multifactor authentication, secure shared password vaults, and easy remote management, in one affordable package.

By making a few simple and affordable tweaks to your defensive security plan, you can add several shields to protect your systems and data (and your bottom line) from the devastating effect of a ransomware disaster.

Watch this 10-minute technical demonstration video of our digital risk protection platform including Graphus, Dark Web ID, BullPhish ID, and Passly.


Catch Up With Us at These Virtual Events


  • OCT 14 -15: Robin Robins Recession Rescue Road Show (Philadelphia) REGISTER>>
  • OCT 14: A Cybersecurity Trilogy: PROTECT – The Dark Side Strikes Back Webinar REGISTER>>
  • OCT 19 – 22: nextgen + 2020 REGISTER>>
  • OCT 20 – 22: Kaseya Connect IT Europe REGISTER>>
  • OCT 28: REBOUND 2020 REGISTER>>
  • OCT 29- 30: Robin Robins Recession Rescue Road Show (San Diego) REGISTER>> 
  • NOV 10: A Cybersecurity Trilogy: PLAN – The Rise of Technology Webinar REGISTER>>


Get high-quality marketing tools to help you connect with your customers with our free resources for marketing and education like eBooks, webinars, social media graphics, infographics, and more!.


Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in its entirety) for your own social media and marketing efforts. Just send an email to [email protected] to let us knowwe welcome your feedback and we love to hear about how our content works for you!

Ready to become an ID Agent Partner or learn more about our remote-ready suite of cybersecurity solutions including the award-winning DarkWeb ID? Contact us today!