Please fill in the form below to subscribe to our blog

The Week in Breach News: 10/21/20 – 10/27/20

October 28, 2020
The Week in Breach

This Week in Breach News: Pharmaceutical companies have a tough week with hacking as manufacturing is disrupted at COVID-19 drug makers and huge patient databases are exposed, why selling access for profit is on the rise, and learn how to think like a hacker in our new ethical hacking webinar! 

The Week in Breach News: Dark Web ID’s Top Threats This Week

  • Top Source Hits: ID Theft Forum
  • Top Compromise Type: Domain
  • Top Industry: Education & Research
  • Top Employee Count: 1 – 10

The Week in Breach News – United States 

United States –  Maxex

Exploit: Unsecured Database

MAXEX: Loan Trading

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.772 = Severe

Georgia-based home loan trader MAXEX had a data disaster this week as an estimated 9GB of data leaked from a suspected insecure server. Some of the data is from backend software development for its loan-trading platform. But a substantial portion included confidential banking documents, system login credentials, emails, the company’s data breach incident response policy, and cybersecurity readiness reports. The breach also exposed complete mortgage documentation for at least 23 individuals in New Jersey and Pennsylvania. The incident investigation is ongoing.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 2.011 = Severe

Financial information for clients was leaked, opening customers up to identity theft concerns. Some impacted clients had no idea that MAXEX currently had their loan, creating complications for informing customers who may be affected. Consumers should check to see who is servicing their mortgage and take precautions against identity theft and spear phishing if that provider is MAXEX.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Sloppy security can mean that if you do have an incident like a data breach, you might not even know where to start looking for the cause, putting your business at risk for an expensive investigation in addition to a data disaster.

ID Agent to the Rescue: Streamline your secure identity and access management with Passly. Single-sign on LaunchPads reduce access points, reducing risk. LEARN MORE>>

United States – Made in Oregon

Exploit: Unauthorized Database Access

Made in Oregon: Specialty Gift Retailer

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.669 = Severe

Customers of gift retailer Made in Oregon got a little something extra when they purchased their treats – a side order of fraud. For more than 6 months, cybercriminals gained access to its e-commerce site, stealing payment information for transactions that occurred between the first week of February 2020 and the last week of August 2020.

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.669 = Severe

Customers who made an online purchase from Made in Oregon may have had their name, billing address, shipping address, email address, and credit card information compromised. The company has sent out notices to people who could be impacted, warning of identity theft and spear phishing dangers.

Customers Impacted: 7,800

How it Could Affect Your Customers’ Business Information that is stolen in incidents like this often ends up on the Dark Web in a data dump or information market where it powers cybercrime for years to come.

ID Agent to the Rescue: Guard against damage from credentials that end up in Dark Web data dumps with Dark Web ID. Keep your business credentials safe with our perfect blend of human and machine intelligence monitoring the Dark Web 24/7/365 to warn you of trouble. LEARN MORE>>

United States – Pfizer

Exploit: Unsecured Database

Pfizer: Drugmaker

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.401 = Extreme

In a monster week for pharma hacking, Pfizer leads the pack with a substantial data breach that it brought on itself. In a huge blunder, unsecured and unencrypted data containing logs, transcripts, and details of patient helpline conversations was leaked from a misconfigured Google Cloud storage bucket. The exposed data included detailed information regarding hundreds of conversations between Pfizer’s automated customer support software and patients using drugs including Lyrica, Chantix, Viagra, Ibrance, and Aromasin.

cybersecurity news gauge indicating extreme risk

Individual Risk: 1.412 = Extreme

The exposed call or chat transcripts had extensive PII and medical data for patients including full names, addresses, phone numbers, and details of health and medical conditions. The transcripts also contained detailed information about treatments, patient experiences, and questions related to products manufactured and sold by Pfizer.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Leaving this kind of information laying around is a hacker’s dream, and a security nightmare for your business as not only the recovery costs but the regulatory penalties for exposing this kind of data adds up.

ID Agent to the Rescue: Maintaining compliance with many data privacy regulations requires multifactor authentication, just one of the suite of security boosting features that are included with Passly. LEARN MORE>>

United States – City of Shafter

Exploit: Ransomware

City of Shafter: Municipal Government

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.714 = Severe

Cyberattacks against city governments and municipal services have been climbing worldwide, and Shafter, CA just joined the list after a ransomware attack took it’s systems offline for several days. The attack impaired the operations and delivery of city services, a common hallmark of recent municipal cybercrime.

Individual Risk: No personal or consumer information was reported as impacted in this incident.

Customers Impacted: 20,000

How it Could Affect Your Customers’ Business: Ransomware has been a menace to municipal governments large and small. Just last week, the Hackney Borough Council in London was rocked by ransomware, and the risk is growing for governments as incidents pile up.

ID Agent to the Rescue: Spotting and stopping phishing attacks is key to guarding your business against ransomware. BullPhish ID transforms staffers from a company’s biggest attack surface to it’s biggest asset with dynamic phishing resistance training. LEARN MORE>>

The Week in Breach News – Canada

Canada –  The Société de transport de Montréal

Exploit: Ransomware

The Société de transport de Montréal: Municipal Transportation Agency 

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.502 = Moderate

Getting around Montréal got a bit more complicated at The Société de transport de Montréal (STM) fell victim to a ransomware attack last week. While métro and bus service were not disrupted, after-sales service was not available and reservations for paratransit services were impacted.

Individual Risk: No personal data has been reported as impacted in this incident.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware attacks on municipal infrastructure and transportation sector targets have been growing more frequent, and businesses that service those industries are also at risk, creating a need for better ransomware protection.

ID Agent to the Rescue: Learn how to protect systems and data from ransomware in our eBook “Ransomware 101“. DOWNLOAD IT NOW>>

The Week in Breach News – United Kingdom & European Union

UK – Foxtons 

Exploit: Malware

Foxtons: Property Management 

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.671 = Moderate

UK estate agency Foxtons was hit with a malware attack that impacted agency services, including a temporary shutdown of its MyFoxtons customer portal. The company describes the incident as a limited malware incident that infected a small part of the business but did not cause the loss of any data about its clients.

Individual Risk: No individual information has been reported as compromised in this incident.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware can steal data, but it can also just shut a business down. Even a partially successful attack that doesn’t exfiltrate data or infect the entire network is a headache.

ID Agent to the Rescue: Phishing is up by more than 600% in 2020. As the favored delivery system of ransomware, preventing phishing attacks from hitting your business with strong phishing resistance training using BullPhish ID is critical for stopping ransomware. SEE BULLPHISH ID IN ACTION>>

France – Sopra Steria

Exploit: Ransomware

Sopra Steria: IT Services and Data Center Operator

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.009 = Severe

French tech services giant Sopra Steria was slammed with a potential new variant of Ryuk ransomware, causing a disaster that could take months to clean up. The company, a member of France’s Cyber Campus, operates data centers for Britain’s NHS as well as operating software development, fintech, and consulting services. The investigation and recovery are expected to take months, and some systems are still not fully operational.

Individual Risk: No personal or financial data is reported as stolen or compromised in this incident.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Attacks on large IT services targets that operate data centers, especially if they have medical information, have been ramping up as the search for a vaccine for COVID-19 makes patient and research data a hot seller in Dark Web data markets.

ID Agent to the Rescue: A new ransomware variant is always a problem, but it’s still most likely to arrive at your business via a phishing email. BullPhish ID has 4 new plug-and-play phishing kits added every month to keep you up to date on the latest threats. LEARN MORE>>

Finland – Vastaamo

Exploit: Ransomware

Vastaamo: Mental Health Clinic Operator 

cybersecurity news represented by agauge showing severe risk New This Week in Cybersecurity News Breach News This Week

Risk to Business: 2.702 = Severe

In a bizarre incident, a ransomware gang has snatched up the patient records of a mental healthcare clinic chain in Finland and is demanding ransom payments from the patients instead of the business. Vastaamo had not initially publically disclosed the breach due to the sensitive nature of the information stolen but has been working with authorities to investigate the incident and mitigate the damage.

cybersecurity news gauge indicating extreme risk

Individual Risk: 1.327 = Extreme

The cybercriminals have been contacting the patients whose information they’ve obtained, demanding that recipients must pay 200 euros within 24 hours, or if they don’t meet that deadline, 500 euros within 48 hours, to prevent the public release of their therapy records.

Customers Impacted: 400,000

How it Could Affect Your Customers’ Business: This is this company’s second major data breach – the CEO was just terminated for the first one a week ago. Failing to implement strict security awareness and data handling policies after an incident, especially when your company keeps sensitive information, is a recipe for disaster.

ID Agent to the Rescue: Start using Passly to secure the points of access to all of your databases and files, especially highly sensitive data. Multifactor authentication puts an affordable extra roadblock between cybercriminals and your data. SEE PASSLY AT WORK>>

Germany – Scalable Capital

Exploit: Malicious Insider

Scalable Capital: Online Financial Advice

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.227 = Extreme

At least one malicious insider is to blame for a cybersecurity disaster at fintech firm Scalable Capital. The firm said in a statement that it had discovered the incident on October 16 and taken action to prevent further damage, but a large amount of sensitive client data including financial information was snatched. It also concluded that it was clear that the attack was the work of someone with extensive insider knowledge of their systems.

cybersecurity news gauge indicating extreme risk

Individual Risk: 1.411 = Extreme

Clients impacted in the breach had what the company characterizes as general information exposed including names, residential addresses, and email addresses.

Customers Impacted: 20,000

How it Could Affect Your Customers’ Business: Insider incidents are incredibly devastating, but also preventable. Whether you’re dealing with a malicious insider like this case or just a careless employee, learning to spot and stop insider threats pays off.

ID Agent to the Rescue: Can you detect an insider threat fast? Don’t let staffers cause your business harm whether they mean to or not. Learn to spot and stop insider threats with our Stop Insider Threats resource package. DOWNLOAD THIS RESOURCE>>

The Week in Breach News – Asia Pacific

India – Dr. Reddy’s

Exploit: Hacking

Dr. Reddy’s: Drugmaker

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.206 = Extreme

In yet another attack on a pharmaceutical industry giant, India’s Dr.Reddy’s was crippled by a nasty hacking incident. The producer of vital COVID-19 treatments like remdesivir and favipiravir and expected manufacturer of Russia’s future Sputnik-V COVID-19 vaccine, Dr.Reddy’s was forced to shut operations at several global facilities, just as it was granted permission to begin a second round of human trials for Sputnik-V.

Individual Impact: No personal data was exposed in this incident.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Healthcare targets have been getting nailed with a blizzard of attacks recently. Increasing protection like security awareness training and adding secure identity and access management is a smart move.

ID Agent to the Rescue: Our digital risk protection platform offers businesses multiple tools for securing their systems and data, even from unexpected dangers. LEARN MORE>>

Japan – Shionogi & Company Limited

Exploit: Ransomware

Shionogi & Company Limited: Drugmaker 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.211 = Severe

Healthcare and pharmaceutical targets were on every cybercriminal’s menu this week, including Japanese medical giant Shionogi & Company Limited. The company’s Taiwanese subsidiary experienced a data breach that included sensitive information but did not impact its COVID-19 vaccine development programs. Data including import licenses for medical equipment and employee residency permits was exposed on the Dark Web as proof of the attack by the hacking gang to support a ransom demand.

Individual Risk: No individual information was reported as impacted in this incident.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware typically arrives as the nasty cargo of a phishing email. Phishing is today’s biggest cybersecurity risk, and this kind of damage is exactly what makes it every IT professional’s nightmare.

ID Agent to the Rescue: Refresh your security awareness and phishing resistance training regularly with BullPhish ID to reduce the chance of your business falling prey to a cyberattack by up to 70%. SEE BULLPHISH ID AT WORK>>

The Week in Breach – Africa

South Africa – Nando’s Peri-Peri

Exploit: Credential Stuffing

Nando’s Peri-Peri – Restaurant Chain

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.775 = Moderate

A credential stuffing incident gave customers of this popular high street restaurant chain a little more than they bargained for after several customers discovered that huge orders had been placed using their online accounts. to comply with COVID-19 operating regulations, Nando’s customers who are getting takeout are required to scan a QR code with their phone to order their food online, which opened up a vulnerability that cybercriminals were more than happy to exploit.

cybersecurity news represented by a gauge indicating moderate risk

Individual Risk: 2.802 = Moderate

Some customers have had their accounts hijacked with large food orders places, but the company is working with them to restore any funds snatched from pre-paid carryout orders while encouraging customers to reset their account credentials if they suspect that they may have been impacted.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Credential stuffing is a favorite because it’s easy and cheap. Huge repositories of passwords in Dark Web data dumps give cybercriminals plenty of ammunition and produce results with little investment.

ID Agent to the Rescue: Credential stuffing attacks are pretty easy to mitigate too. Add multifactor authentication with Passly to mount a strong defense that stops credential stuffing attacks cold. SEE A DEMO>>

The Week in Breach News Guide to Our Risk Scores

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

The Week in Breach: Added Intelligence

Go Inside the Ink to Get the Inside Scoop

Every weekday, our blog features timely cybersecurity and breach news, problem-solving advice, and expert analysis of today’s threats, plus insight that helps you plan for tomorrow. Don’t miss it!

The Week in Breach: New Resources


PROTECT: The Dark Side Strikes Back

To beat hacking, learn to think like a hacker. In part 2 of A Cybersecurity Trilogy, “PROTECT: The Dark Side Strikes Back“, we’ve brought on a renowned hacking expert to take you inside the mind of a cybercriminal as he reveals the secrets of planning and executing cyberattacks – and how you can protect your clients from hackers!

  • World-renowned Ethical Hacker Brian Seely (the only person to wiretap the United States Secret Service & FBI) takes you into the secret world of hacking
  • See how you can secure your clients and increase your MRR fast

Watch “PROTECT: The Dark Side Strikes Back” now>>

Did you miss part 1 of A Cybersecurity Trilogy? That’s okay! Watch “PREDICT: A New Idea” now>>

Don’t miss part 3, the exciting conclusion of A Cybersecurity Trilogy, “PLAN – The Rise of Technology” on November 10! Reserve a seat>>

National Cybersecurity Awareness Month Wrapup

As National Cybersecurity Month comes to a close in the US, take a look back at the state of cybersecurity in 2020 from many different angles to get the full picture with our essential Top 10 Facts Lists:

The Week in Breach: Featured Briefing

Access for Sale & As-a-Service Cybercrime Scored Big Bonanzas for Cybercriminals in September 

Insider threats are a menace that every business faces daily. In a challenging economy, companies hope to see their teams pulling together to drive revenue and create new opportunities. But that’s not always the case – a flood of malicious insiders is opening pathways into businesses in every sector, and they’re making a pretty penny doing it.

According to a recent report, the number of ads selling “as-a-service” cybercrime including network and database access, data laundering, and similar services tripled in September 2020. What was the total estimated value of just network access listings on cybercrime forums last month? Around $505,000.

how to define insider threats represented by two men shaking hands, but one has the shadow of the a devil behind him.

Insider threats are today’s biggest business cybersecurity risk. Learn to spot and stop them with the eBook and other tools in this resource package!

Get “Stop Insider Threats” now>>

By far, the largest category of “service” provided by malicious insiders is network access. Compromised credentials that open the door to data and systems sell fast, especially for privileged or administrator accounts – one recent sale of a highly prized credential fetched more than $100K. The average reported price for network access on hacker forums is around $4,960, but credentials can be obtained for as little as $25.

Protecting credentials is crucial in this environment. Better security around business credentials can protect businesses from malicious insiders by delivering intelligence and protection from two vantage points to give companies exactly the edge that they need That’s why the combined power of Passly and Dark Web ID is perfect for mitigating these threats.

Passly makes it hard for staffers to sell their credentials right off the bat by providing a robust suite of secure identity and access management tools, including multifactor authentication, at a great price. The single sign-on feature means that every user has an individual launchpad that connects them to the business applications and systems that they need to use. This enables IT teams to respond quickly if an employee credential is compromised to isolate that LaunchPad and mitigate damage.

Dark Web ID is the essential flip side of this mitigation. Our analysts use human and machine intelligence to gather real-time data from every corner of the Dark Web 24/7/365. That means that if an employee credential is spotted in a Dark Web market or for sale on a Dark Web forum, we send up a red flag immediately so that IT teams can take care of the problem before it becomes a disaster

While everyone wants to believe that their staff is just as dedicated and hard-working as they are, every business is at risk of damage from a malicious insider. By putting protections in place that make it easy to spot and stop malicious insiders, avoiding that damage becomes a little bit easier.

a woman sits at her desk working on a computer while someone observes her through binoculars

See video demos of Passly & Dark Web ID in action!

Book a live demo with one of our experts and get a free assessment of your risk.

The Week in Breach: A Note for Your Customers

Dark Web Data Powers Impersonation & Business Email Compromise Scams 

Dark Web danger doesn’t just come to your company’s doorstep from compromised passwords – it also comes from data dumps full of email addresses, employee information, website user logs, supplier records, medical data, and more that can provide cybercriminals with exactly what they need to lure your staffers into a nasty (and expensive) trap. 

Every kind of data about your employees that you can think of is available on the Dark Web – sometimes for free. As the 2020 US elections race to the finish, voting registration data and records from special interest groups have fueled extremely dangerous spear phishing attacks including impersonation scams.

General business email compromise attempts are landing in employee inboxes every day too. A recent survey reported that over 30% of respondents reported receiving one every day. Running the gamut of impersonations including scary vendor notices, fake unpaid invoices, spoofed supplier communications, and even fake emails from colleagues, cybercriminals are pulling out all the stops to trick your staffers into falling into a business email compromise scam.

The most efficient and effective way to put the brakes on business email compromise risks is to mitigate the foundation that they’re built on: phishing email. With a more than 600% increase in phishing attacks clocked in 2020, making sure that your staff is ready to defend against phishing attacks is crucial to protecting your business from cybercrime like business email compromise.

BullPhish ID can help with that. Regular security awareness training including phishing awareness can reduce your company’s risk of falling prey to a cyberattack by up to 70%. The key is regularity though – research shows that employees only retain security awareness training for about 4 months unless it’s regularly refreshed.

That’s not a problem with BullPhish ID. Featuring a huge library of more than 80 plug-and-play phishing simulation campaign kits in 8 languages, we also add 4 new kits every month to make sure that your staffers are getting the training that they need to be on guard against the latest threats.

Regular training doesn’t mean expensive either – BullPhish ID is affordable and effective. Improved cybersecurity awareness and phishing resistance training isn’t something that can wait. Protect your systems and data from impersonation and business email compromise scams now to avoid a mess tomorrow. Contact us today for a live demo of BullPhish ID to see how it can secure your customers and grow your business.

Catch Up With Us at These Virtual Events

  • OCT 29- 30: Robin Robins Recession Rescue Road Show (Scottsdale, AZ) REGISTER>> 
  • NOV 10: A Cybersecurity Trilogy: PLAN – The Rise of Technology Webinar REGISTER>>

Get high-quality marketing tools to help you connect with your customers with our free resources for marketing and education like eBooks, webinars, social media graphics, infographics, and more!.

Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in its entirety) for your own social media and marketing efforts. Just send an email to to let us knowwe welcome your feedback and we love to hear about how our content works for you!

Ready to become an ID Agent Partner or learn more about our remote-ready suite of cybersecurity solutions including the award-winning DarkWeb ID? Contact us today!