The Week In Breach

by Kevin Lancaster

This Week in Breach News: medical providers aren’t just battling COVID-19, they’re also battling cybercrime, malicious insiders cause chaos, studies show how frequently customers break up with businesses that have a data breach, and details about making your plan to go phishing at a fun event with Graphus and Zeguro!


The Week in Breach News: Dark Web ID’s Top Threats This Week


  • Top Source Hits: ID Theft Forum
  • Top Compromise Type: Domain
  • Top Industry: Education & Research
  • Top Employee Count: 501+

The Week in Breach News – United States 


United States –  Boom! Mobile

https://securityaffairs.co/wordpress/108925/malware/ajg-ransomware-attack.html 

Exploit: Skimming (MageCart)

Boom! Mobile: Telecom 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.997 = Severe

Credit card skimming software has landed at Boom! Mobile, courtesy of the cybercriminal skimmers at Fullz House. The card skimmer code settled in, collecting payment card information from input fields every time it detects any changes and immediately exfiltrating the harvested data for a week. The company’s mobile payment system is still undergoing repairs.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.517 = Severe

Customers of Boom! Mobile who made electronic payments through the company’s website should consider their credit card information compromised and be alert to potential identity theft or fraud using that account.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Malware like this runs on a script that’s been grafted into the payment system, meaning cybercriminals have access to the nuts and bolts of that business.

ID Agent to the Rescue: Passly guards against intrusion with cracked, stolen, or compromised passwords by adding simple but effective secure identity and access management protection. LEARN MORE>>


United States – Friendemic

https://www.infosecurity-magazine.com/news/marketing-firm-spills-nearly-three/

Exploit: Unsecured Database 

Friendemic: Marketing Firm

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.227 = Severe

Digital marketing firm Friendemic committed a classic blunder that led to a nasty data breach. An unsecured Amazon S3 bucket resulted in the exposure of  2.7 million records including full names, phone numbers, and email addresses, alongside 16 OAuth tokens stored in plaintext. The company noted that the information was not current customer data and the OAuth tokens were not currently in use.

Individual Risk: No individual information was reported as compromised in this incident, although the potential is there. No details about the uncovered data are available.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Failing to secure a database, even an old one, shows a basic lack of attention to cybersecurity best practices, and that doesn’t build customer confidence.

ID Agent to the Rescue: BullPhish ID is an easy, cost-effective solution to help companies train staffers to be aware of cybersecurity risks including phishing with “set it and forget it” campaign management and plug-and-play training kits. LEARN MORE>>


United States – AAA Ambulance Service, Inc.

https://www.hattiesburgamerican.com/story/news/local/hattiesburg/2020/10/05/aaa-ambulance-service-hattiesburg-ms-reports-july-data-breach/3625304001/

Exploit: Ransomware

AAA Ambulance Service, Inc.: Ambulance Service 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.602 = Severe

Hattiesburg, Mississippi based AAA Ambulance Service, Inc. is just one of several medical sector targets impacted by ransomware this week. A ransomware attack was repelled by the company’s security in July, but it was recently discovered that some client data was obtained around August 2020.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 2.316 = Severe

Personal information about clients of the service was obtained by hackers, including client date of birth, Social Security number, driver’s license number, financial account number, diagnosis information, medical treatment information, patient account number, prescription information, medical record number, and health insurance information. Customers who may have been impacted have been contacted by the company and are also being offered complimentary credit monitoring services through TransUnion.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Serious personal information deserves serious security – and even a seemingly unsuccessful cyberattack can still result in data loss. Not only will healthcare sector companies have to pay recovery costs, but they’ll also be on the hook for regulatory penalties.

ID Agent to the Rescue: Ransomware is almost inevitably the nasty result of an employee falling for a phishing attack. BullPhish ID keeps staffers trained on current threats, with 4 new phishing resistance training kits added every month.  LEARN MORE>>


United States – Chowbus

https://www.businessinsider.com/chowbus-data-breach-leaked-information-hundreds-thousands-users-2020-10

Exploit: Accidental Insider Threat

Chowbus: Asian Food Delivery Service

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.267 = Moderate

A Chowbus staffer committed a blunder this week, resulting in a massive cybersecurity disaster. An email address registered with the company sent a link to files containing details of about 4,300 restaurants as well as information for 400,000 customers. So far, the incident appears to be a simple human error.

cybersecurity news represented by a gauge indicating moderate risk

Individual Risk: 2.660 = Moderate

The 400,000 customer accounts leaked included clients’ names, postal addresses, phone numbers, and email addresses. All of the impacted accounts may not be unique, and no payment data was compromised. The restaurant information included was not specified.

Customers Impacted: 4,300 restaurants and approximately 400,000 customers.

How it Could Affect Your Customers’ Business: The number one cause of a data breach never really changes – human error is typically at fault, whether it’s giving up a phished password or making an email forwarding mistake.

ID Agent to the Rescue: The ID Agent digital risk protection platform enables organizations of any size to implement security awareness training quickly and easily, bringing staffers up to date on the latest threats without breaking the bank. LEARN MORE>>


United States – Daniel B. Hastings

https://www.freightwaves.com/news/ransomware-hackers-claims-attack-on-texas-customs-broker

Exploit: Ransomware

Daniel B. Hastings: Freight Forwarder

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.326 = Moderate

In the latest incident in a spate of recent trucking and freight transport industry cyberattacks, Laredo, Texas-based Daniel B. Hastings was hit with a ransomware attack. the Conti ransomware group posted a selection of the company’s files on Saturday, and sources say that they appear authentic. They include completed U.S. Customs and Border Protection documents for shipments involving multiple countries, companies, and modes of transport.

Individual Risk: No personal data has been reported as impacted in this incident.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware is a devastating weapon that bad actors are using to shut down essential services and attacks in the transportation and freight sectors have been increasing, with recent incidents involving several trucking and shipping companies.

ID Agent to the Rescue: Learn how to protect systems and data from ransomware in our eBook “Ransomware 101“. DOWNLOAD IT NOW>>


United States – Georgia Department of Human Services 

https://www.cbs46.com/news/cyber-attack-targets-georgia-department-of-human-services/article_57f9749e-0a72-11eb-a724-3b34ced6f18f.html

Exploit: Employee Email Account Compromise 

Georgia Department of Human Services: State Agency 

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.414 = Extreme

A massive breach at the Georgia Department of Human Services has left the highly sensitive data of adults and children in Child Protective Services (CPS) cases of the DHS Division of Family & Children Services (DFCS). The employee email account compromise ocurred in May 2020. Georgia DHS secured the account quickly, but damage included

cybersecurity news gauge indicating extreme risk

Individual Risk: 1.202 = Extreme

Extremely sensitive information about parens, children, and families that has contact with DFCS was stolen in this attack, including full names of children involved in those cases and household members, relationship to the child receiving services, county of residence, DFCS case numbers, DFCS identification numbers, date of birth, age, number of times contacted by DFCS, an identifier of whether face-to-face contact was medically appropriate, phone numbers, email addresses, Social Security numbers, Medicaid identification numbers, Medicaid medical insurance identification numbers, medical provider names and appointment dates, plus some psychological reports, counseling notes, medical diagnoses, or substance abuse information and bank information.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Not only does a data breach leave a huge mess of expensive cleanup behind, in many industries like healthcare, a data breach can also mean your organization will be paying big regulatory penalties and fines too.

ID Agent to the Rescue: Information like the personal and medical data obtained in this breach will be a hot commodity on the Dark Web. Protect your systems and data from Dark Web danger with 24/7/365 credential monitoring through Dark Web ID. SEE DARK WEB ID IN ACTION>>


The Week in Breach News – Canada


Canada – Unity Health Toronto

https://www.canadiansecuritymag.com/toronto-hospital-network-says-info-of-about-150-patients-allegedly-stolen/

Exploit: Unauthorized Database Access (Malicious Insider) 

Unity Health Toronto: Hospital

cybersecurity news represented by agauge showing severe risk New This Week in Cybersecurity News Breach News This Week

Risk to Business: 1.969 = Severe

A malicious insider caused a hubbub at a Canadian hospital. A disgruntled staffer at a third-party service provider stole patient information from Unity Health Toronto, which they then followed up with an attempt to extract payment from the organization for the return of the data. Unity Health Toronto disclosed that at least 150 patient records were impacted in this insider incident.

cybersecurity news represented by agauge showing severe risk New This Week in Cybersecurity News Breach News This Week

Individual Risk: 1.994 = Severe

The records exposed contained patient names, medical history, diagnoses and treatments, according to the network. The company noted that no financial or health insurance information was included.

Customers Impacted: 150

How it Could Affect Your Customers’ Business: Third party risk is a problem that every business faces in our increasingly interconnected world. When sensitive data is involved, the need to secure information that third party vendors have access to that could harm your business is paramount.

ID Agent to the Rescue: Passly packs essential secure identity and access management tools like multifactor authentication, single sign-on, secure shared password vaults, and more in one cost-effective package, helping you blunt the impact of a third party data breach. LEARN MORE>>


The Week in Breach News – United Kingdom & European Union


United Kingdom – Ardonagh Group 

https://www.theregister.com/2020/10/06/ardonagh_group_ransomware/

Exploit: Ransomware

Ardonagh Group: Insurance Broker 

cybersecurity news represented by agauge showing severe risk New This Week in Cybersecurity News Breach News This Week

Risk to Business: 2.319 = Severe

Top UK insurance broker Ardonaugh fell victim to a damaging ransomware attack that caused it to suspend 200 internal accounts, including accounts with admin privileges, as the infection progressed. Recovery operations are currently underway and a company spokeswoman noted that they’re working with third-party forensic and IT experts to manage the situation.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Phishing-based email threats are a danger for any company, and they’re only increasing as cybercriminals take advantage of a wealth of cheap data and software for conducting these attacks on the Dark Web.

ID Agent to the Rescue: Preventing ransomware attacks starts with improving security awareness training, especially around phishing resistance. Regularly updated training can prevent up to 70% of cybersecurity incidents. SEE OUR SOLUTIONS>>


United Kingdom – Wisepay 

https://news.yahoo.com/wisepay-school-payments-hit-cyber-155028223.html

Exploit: Skimming 

Wisepay: Student Payment Account Provider 

cybersecurity news represented by agauge showing severe risk New This Week in Cybersecurity News Breach News This Week

Risk to Business: 2.022 = Severe

Parents that use Wisepay to pay for their children’s ancillary school expenses experienced a shock this week when it was uncovered that the system had been breached by cybercriminal credit card skimming. The attacker was able to harvest payment details between October 2 and 5 via a spoof page. Attempted payments to about 300 schools have been affected by the scam.

cybersecurity news represented by agauge showing severe risk New This Week in Cybersecurity News Breach News This Week

Individual Risk: 2.312 = Severe

Any credit cards used to add money to student or school accounts during that window have likely been captured. Users should beware of fraudulent charges and identity theft attempts.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Payment skimmers are a fast and easy way for cybercriminals to make a quick profit, but disastrous for the merchants and services that are hit with skimming attacks, shaking customer confidence and exposing systems access weaknesses.

ID Agent to the Rescue: Passly prevents unauthorized users from getting into your systems by requiring multifactor authentication for access, reducing the risk of a stolen or cracked password giving cybercriminals the keys to the kingdom. SEE PASSLY IN ACTION>>


Ireland – University Hospital Limerick

https://www.informationsecuritybuzz.com/expert-comments/experts-on-gardai-investigate-major-data-breach-at-limerick-hospital/

Exploit: Information Theft/Malicious Insider

University Hospital Limerick: Medical Center

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.636 = Moderate

In a strange event, University Hospital Limerick suffered a data breach caused by a malicious insider that exposed patient information on social media. The culprit, a rogue non-HSE employee, leaked records obtained from the hospital pharmacy containing the details of treatment and personal information for more than 600 patients, including 95 children.

cybersecurity news represented by a gauge indicating moderate risk

Individual Risk: 2.822 = Moderate

The hospital has sent letters to notify those affected. The data exposed included the impacted patients’ names, dates of birth, and medicines dispensed from the hospital pharmacy between April 18 and April 22, 2020. No payment, insurance, or health record data was included.

Customers Impacted: 630

How it Could Affect Your Customers’ Business: While most insider threats are accidental incidents caused by carelessness or employee error, more than 20% of cybersecurity incidents are caused by malicious insiders.

ID Agent to the Rescue: Our digital risk protection platform offers businesses multiple tools for securing their systems and data, even from unexpected dangers like a malicious insider. LEARN MORE>>


Germany – Software AG

https://www.zdnet.com/article/german-tech-giant-software-ag-down-after-ransomware-attack/

Exploit: Ransomware

Software AG: Software Company 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.377 = Severe

German tech giant Software AG ran afoul of a ransomware gang that’s demanding more than $20 million for the encryption key to some of their sensitive data. The gang, identified as Clop, posted samples of the data to the Dark Web after negotiations hit an impasse, including sensitive business data like employee passport and ID scans, employee emails, financial documents, and directories from the company’s internal network.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 2.417 = Severe

The posted data shows that the gang obtained some employee personal data, and may have also obtained financial data. Employees should remain alert for potential identity theft, spear phishing, and fraud attempts

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Phishing is today’s biggest cybersecurity risk, and ransomware is one of the reasons why it’s an IT professional’s nightmare.

ID Agent to the Rescue: Phishing brings ransomware in its wake. Reduce the chance of your business falling prey to a ransomware gang with phishing resistance training powered by BullPhish ID. SEE A DEMO>>


The Week in Breach News – Australia & New Zealand


Australia – Snewpit

https://cybernews.com/security/australian-social-news-platform-leaks-80000-user-records/

Exploit: Unsecured Database

Snewpit: News Sharing Platform

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.411= Severe

Cybersecurity researchers discovered an unsecured and exposed data bucket that belongs to Snewpit, an Australian news sharing platform. The unsecured bucket contains close to 80,000 user records, including usernames, full names, email addresses, and profile pictures. The bucket has since been secured.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 2.301 = Severe

The exposed data included 256 video files filmed and uploaded by Snewpit users and developers, 23,586 image files of photos documenting local events that were uploaded by the users, and 4 CSV files, one of which contained 79,725 user records, including full names, email addresses, usernames, user descriptions, last login times, and total time spent in the Snewpit app, among other metrics.

Customers Impacted: 79,725

How it Could Affect Your Customers’ Business: Leaving user records and other proprietary data available in an unsecured database is a rookie move, and speaks to that company’s relationship with cybersecurity.

ID Agent to the Rescue: Data like this generally ends up in a Dark Web data dump. Protect your company from password compromise due to Dark Web data dumps and be alerted if any of your protected credentials appear in one with Dark Web ID. SEE THE POWER OF DARK WEB ID>>


The Week in Breach News Guide to Our Risk Scores


1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.



The Week in Breach: Added Intelligence


Go Inside the Ink to Get the Inside Scoop

Every weekday, our blog features timely cybersecurity and breach news, problem-solving advice, and expert analysis of today’s threats, plus insight that helps you plan for tomorrow. Don’t miss it!


cybersecurity news this week the state of the dark web after covid-19 represented by an iceberg that is small on top and big on the bottom password sharing is a data breach danger

COVID-19 has changed everything – including the Dark Web. See how it has evolved and how that impacts security in our eBook. DOWNLOAD IT>>


The Week in Breach: New Resources


NEW WEBINAR EVENT!

Gone Phishin’: How to Identify and Mitigate Phishing Attacks

Ready to take a deep dive into phishing threats? Join Ellen Zhang, Digital Marketing Manager at Zeguro and Phishing Expert Manoj Srivastava, Co-Founder and CEO of Graphus on 10/22/2020 at 11 AM eastern for an extraordinary opportunity to take a closer look at what makes phishing attacks so successful.

You’ll learn:

  • How to identify various phishing attacks (with real examples!)
  • The difference between phishing, whaling, and spearphishing
  • Why automated phishing defense is a must-have for 2021

Reserve your seat now to go phishing with experts!

SIGN UP FOR THIS WEBINAR>>


Are you up to speed on today’s biggest threat?


These resources about phishing can help you learn how to secure your clients, increase your MRR with phishing defense and resistance, and demonstrate to your clients exactly why cybersecurity spending is no place to make budget cuts in today’s increasingly dangerous landscape.

Get the facts about phishing and defensive tips in:

  • The new “Phishing Confidential: Offensive and Defensive Playbooks of a Phishing Attack Revealed” webinar WATCH IT>>
  • Our “Ransomware 101” eBook DOWNLOAD IT>>
  • Our “Fresh Phish; How Not to Become the Catch of the Day in the 2020 Phishing Boom” eBook DOWNLOAD IT>>
  • Our list of the 10 most important things to know about phishing in 2020 READ IT>>

In case you missed it last week: Take a deep dive into all of the business and marketing treasure that’s available for our Partners through Powered Services in this webinar that’s packed with tips to make the most of those abundant resources. SEE THE WEBINAR>>


The Week in Breach: Featured Briefing


COVID 19 Related Data Breaches Rocked Almost Half of Businesses


In 2020, cybercrime has skyrocketed. 80% of firms have seen an increase in cyberattacks. Phishing attempts have increased by more than 660%. Ransomware attacks jumped by more than 140% in March 2020 alone. And most disturbing of all, almost half of businesses were impacted by a COVID-19 related cyberattack in 2020, with 47% reported experiencing five or more attacks.

A perfect storm of factors combined to make that happen. The shattered global economy quickly created a greater hunger for data in Dark Web markets, especially COVID-19 related medical data. Stay-at-home orders brewed up a sudden influx of pandemic-stressed, newly remote workers. Plus, everyone was hunting for reliable information about the crisis.

Conditions in 2020 have been ideal for cybercrime, and bad actors have been quick to take advantage of that. It’s not even completely clear yet just how many organizations have been hit – 63% of security leaders in a recent survey admit it’s likely their systems suffered an unknown compromise over the past year.



One important lesson to learn from the COVID-19 related cybercrime bonanza is the importance of simple security tools. They may not be full of bells and whistles, but they’re full of value. That’s why secure identity and access management has moved to the head of the class as a cybersecurity superstar in a rapidly-shifting risk landscape, and that’s good news for MSPs.

Our award-winning secure identity and access management solution Passly is the perfect multifunctional solution for your clients. Like a pocket multitool, Passly addresses multiple essential functions at once. Customers love the value that Passly offers by including multifactor authentication, single sign-on, secure shared password vaults, and simple remote access management in one cost-effective package.

Remote identity and access management is a key priority for many CISOs this year for good reason – it protects businesses from many dangers without killing IT budgets. Let us help you get your clients set up with Passly to improve their cybersecurity posture fast at a price they’ll love.


skout rebound 2020 exclusively sponsored by ID Agent in white on a lime and turquoise sunburst and news about DIY Dark Web Monitoring

Don’t let this year’s non-stop chaos get you down – get ready for your business REBOUND with Channel Experts!


Reserve your seat for REBOUND 2020 >>>


Exclusively sponsored by ID Agent



The Week in Breach: A Note for Your Customers


Customers Are Ready to Break Up With Businesses That Have Breaches

While data breach can be an expensive and complex recovery proposition for your company, there’s one area that you may never fully repair: customer trust. Customers are indicating that they’re more motivated than ever to terminate their relationships with firms that can’t keep their data safe – and that’s bad news for the 49% of companies that will experience a data breach this year.

While that number is high (and continues growing) there’s one sure-fire way to reduce your risk of joining the club. That’s good news for your business because a recent cybersecurity poll determined that customers are 84% less likely to do business with a company that’s been breached.

The secret? Security awareness training. Engaging in regularly updated security awareness training including phishing resistance training is crucial for reducing your risk of having a cybersecurity incident. Adequate cybersecurity awareness training reduces your chance of a disaster like a data breach by up to 70%.

That’s why we make sure that we’re constantly updating the content in BullPhish ID, like adding 4 plug-and-play phishing training kits every month. Studies show that the maximum length of time for employees to retain cybersecurity training is about 4 months, which means that we’ll have plenty of campaign kits (including COVID-19 threats) available for your staff when you launch your next cybersecurity awareness training initiative.

Watch this 10-minute technical demonstration video of our digital risk protection platform including Graphus, Dark Web ID, BullPhish ID, and Passly.


Catch Up With Us at These Virtual Events


  • OCT 14 -15: Robin Robins Recession Rescue Road Show (Wilmington, DE) REGISTER>>
  • OCT 14: A Cybersecurity Trilogy: PROTECT – The Dark Side Strikes Back Webinar REGISTER>>
  • OCT 19 – 22: nextgen + 2020 REGISTER>>
  • OCT 20 – 22: Kaseya Connect IT Europe REGISTER>>
  • OCT 22-23: Robin Robins Recession Rescue Road Show (Orlando, FL) REGISTER>> 
  • OCT 28: REBOUND 2020 REGISTER>>
  • OCT 29- 30: Robin Robins Recession Rescue Road Show (Scottsdale, AZ) REGISTER>> 
  • NOV 10: A Cybersecurity Trilogy: PLAN – The Rise of Technology Webinar REGISTER>>

biggest ransomware attacks of 2020 represented by the word ransomware on a red background with bitcoins and a lock remote work phishing threats

Take a crash course in ransomware threats!

Download the eBook “Ransomware 101” now >>

Jump to our “10 Ransomware Statistics You Need to See” list!>>


Get high-quality marketing tools to help you connect with your customers with our free resources for marketing and education like eBooks, webinars, social media graphics, infographics, and more!.


Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in its entirety) for your own social media and marketing efforts. Just send an email to marketing@idagent.com to let us knowwe welcome your feedback and we love to hear about how our content works for you!

Ready to become an ID Agent Partner or learn more about our remote-ready suite of cybersecurity solutions including the award-winning DarkWeb ID? Contact us today!


Share This Post!