Please fill in the form below to subscribe to our blog

The Week in Breach News: 10/28/20 – 11/03/20

November 04, 2020

This Week in Breach News: Phishing nets cybercriminals more than $2 million from the Republican Party, Google employee information is exposed in a third-party breach, healthcare targets get walloped again, data breach fines pack a punch, and should you just pay the ransom for stolen data? 


The Week in Breach News: Dark Web ID’s Top Threats This Week


  • Top Source Hits: ID Theft Forum
  • Top Compromise Type: Domain
  • Top Industry: Education & Research
  • Top Employee Count: 1 – 10

The Week in Breach News – United States 


United States –  Steelcase

https://www.fox17online.com/news/steelcase-experiences-cyberattack

Exploit: Ransomware

Steelcase: Furniture Manufacturer 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.311 = Severe

Furniture manufacturing giant Steelcase was hit with a nasty ransomware attack that forced a brief shutdown of all systems. The company was able to quickly contain the suspected Ryuk ransomware incident and says that no data was stolen. Recovery operations were fast and everything is back online.

Customers Impacted: Unknown

Individual Risk: No personal or consumer information was reported as impacted in this incident.

How it Could Affect Your Customers’ Business: These days, ransomware attacks aren’t just a threat to data – they’re being used to shut down production lines, impact infrastructure, and cause havoc.

ID Agent to the Rescue: Ransomware is generally the poisoned fruit of a phishing email. Protect your business from ransomware with BullPhish ID, phishing resistance training that’s both effective and cost-effective. LEARN MORE>>


United States – Wisconsin Republican Party

https://apnews.com/article/wisconsin-republican-party-hackers-stole-641a8174e51077703888e2fa89070e12

Exploit: Phishing

Wisconsin Republican Party: Political Organization 

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.337 = Extreme

The Wisconsin Republican Party had a suspected phishing incident that couldn’t have come at a worse time. An estimated $2.3 million was stolen by cybercriminals from the party’s reelection fund after at least one staffer interacted with a phishing email, impacting operations just as the races were coming down to the wire. The FBI and local officials are investigating the incident.

Individual Risk: No personal or consumer information was reported as impacted in this incident.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Phishing is about more than just credential compromise. Today’s most dangerous attack is used to do everything from steal money to deploy malware.

ID Agent to the Rescue: BullPhish ID has simple remote management tools and preloaded plug-and-play phishing simulation kits that make conducting phishing resistance training a snap anytime, anywhere. LEARN MORE>>


United States – Ledger

https://cryptobriefing.com/bitcoin-wallet-provider-ledger-compromised-again-malicious-phishing-attack/

Exploit: Unsecured Database

Ledger: Cryptocurrency Storage Platform

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.667 = Severe

Once again, Ledger is hot water for a cyberattack. This time, Ledger users received a phishing email that directed them to log in at a new address, allowing cybercriminals to steal both the victim’s login credentials and cryptocurrency. This is the company’s second incident this year, and information from that July 2020 incident is suspected to have played a part in this attack.

Customers Impacted: Unknown

Individual Risk: No personal or consumer information was reported as impacted in this incident.

How it Could Affect Your Customers’ Business: Cyberattacks can have cascading consequences, with information stolen in cyberattacks coming back to haunt businesses months or years later. Data like login credentials can live on in Dark Web data dumps to haunt you later.

ID Agent to the Rescue: Dark Web ID helps keep credentials safe with 24/7/365 human and machine monitoring using real-time data analysis. to find compromised credentials and alert you fast.  LEARN MORE>>


United States – Fragomen, Del Rey, Bernsen & Loewy 

https://techcrunch.com/2020/10/26/fragomen-data-breach-google-employees/

Exploit: Unauthorized Database Access

Fragomen, Del Rey, Bernsen & Loewy: Law Firm

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.801 = Moderate

Data theft at a top law firm that provides employment verification screening services for companies like Google exposed a small amount of sensitive data. An unauthorized intrusion into a database exposed the employment verification information for some current and past Google employees.

cybersecurity news represented by a gauge indicating moderate risk

Individual Risk 2.992 = Moderate

The firm has not disclosed exactly what data was stolen although an employment verification or I-9 file can contain very sensitive information. The firm has also not indicated how many employees were affected although they’ve stated that it is a “limited number”

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: When you’re storing sensitive data, that information needs extra protection in order to really serve your clients.

ID Agent to the Rescue: Secure identity and access management with Passly helps prevent intrusions by requiring multifactor authentication to let anyone access information. LEARN MORE>>


United States – Nitro Software Inc.

https://securityaffairs.co/wordpress/110025/data-breach/nitro-pdf-data-breach.html

Exploit: Unauthorized Database Access

Nitro Software Inc.: Software Developer

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.071 = Severe

A massive data breach at Nitro, home of Nitro PDF, may have an impact on some major players. Nito serves clients including Google, Apple, Microsoft, Chase, and Citibank. The software maker announced that an unauthorized third party gained limited access to a company database. The stolen information has already made its debut on the Dark Web, including about 1TB of documents.

Individual Risk: No personal or consumer information was reported as impacted in this incident.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: A data breach at a third-party service provider for your business is just as dangerous as a data breach at your company and smart companies take precautions against supply chain risk.

ID Agent to the Rescue: Stolen data damage businesses by giving cybercriminals huge troves of passwords to mine. Keep your company’s credentials secure with Dark Web ID’s Channel-leading credential monitoring. LEARN MORE>>


United States – Gaming Partners International

https://www.forbes.com/sites/leemathews/2020/10/31/ransomware-gang-claims-international-casino-equipment–supplier-as-latest-victim/?sh=7529ed2c68b2

Exploit: Ransomware

Gaming Partners International: Casino Equipment Provider

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.211 = Severe

REvil ransomware caused havoc at one of the world’s leading casino suppliers, shutting down systems for several days. The hackers also extracted more than 500 gigabytes of data during the breach. Among the files were casino contracts, banking information and technical documents. The company was quickly able to restore operations.

Individual Risk: No personal or consumer information was reported as impacted in this incident.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Every time your employees interact with a phishing email, your business is at risk for ransomware. Security awareness training prevents up to 70% of cybersecurity incidents.

ID Agent to the Rescue: Phishing resistance training is one of the most important ways that businesses can protect their systems and data, as long as it’s refreshed at least every 4 months. You’ll never run short of fresh, updated training material with BullPhish ID. LEARN MORE>>


The Week in Breach News – Canada


Canada –  Stelco

https://www.itworldcanada.com/article/canadian-steelmaker-stelco-hit-by-cyberattack/437503

Exploit: Hacking

Stelco: Steel Manufacturer 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.332 = Severe

Major Canadian steel manufacturer Stelco experienced a nasty ransomware attack that brought its operations to a halt. All manufacturing and business operations were briefly shut down, but the company was quickly able to restore its systems.

Individual Risk: No personal data has been reported as impacted in this incident.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: A robust cybersecurity defensive strategy adds extra protections that prevent hackers from slipping through the cracks to devastate your business.

ID Agent to the Rescue: ID Agent’s digital risk protection platform provides multiple cost-effective solutions that add strong protection against cybercrime. SEE OUR SOLUTIONS AT WORK>>


The Week in Breach News – United Kingdom & European Union


Sweden- Gunnebo

https://portswigger.net/daily-swig/data-breach-at-swedish-security-company-leaks-38-000-sensitive-documents

Exploit: Unauthorized Database Access

Gunnebo: Security Consulting

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.227 = Severe

Security system design consulting firm Gunnebo has had its own security incident, as cybercriminals were able to gain access to some of its stored data. Bad actors were able to pilfer the security system plans and blueprints for many important buildings including bank vaults and government buildings.

Individual Risk: No individual information has been reported as compromised in this incident.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Protect your essential blueprints, formulas, and plans as carefully as you would protect financial data because industrial espionage is a hot category on the Dark Web.

ID Agent to the Rescue: Passly adds extra protections between cybercriminals and your data with single sign-on launchpads for each employee, allowing security to quickly cut off access if an account is compromised. SEE PASSLY IN ACTION>>


Italy – The Enel Group

https://securityaffairs.co/wordpress/110067/malware/enel-group-netwalker-ransomware.html

Exploit: Ransomware

The Enel Group: Energy Manufacture & Distribution 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.909 = Severe

Multinational energy conglomerate Enel was the latest victim of Netwalker ransomware, as cybercriminals demand a $14 million ransom. The ransomware gang claims to have several terabytes of data. The company was also hit with Snake ransomware in July. Investigation and recovery are ongoing.

Individual Risk: No personal or financial data is reported as stolen or compromised in this incident.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Attacks on infrastructure targets have been escalating, including energy, logistics, and industrial transportation companies. While cybercriminals are still out for data, they’re also looking to disrupt essential services.

ID Agent to the Rescue: BullPhish ID enables you to transform your employees from your largest attack surface to your largest defensive asset with training delivered in bite-sized pieces that’s accessible for tech and non-tech employees alike. LEARN MORE>>



The Week in Breach News – Asia Pacific


India – Mithaas Sweets

https://ciso.economictimes.indiatimes.com/news/after-haldirams-now-mithaas-hit-by-ransomware/78883999

Exploit: Hacking

Mithaas Sweets: Snack Manufacturer 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.806 = Severe

On the heels of a cyberattack at another popular Indian snack company, Mithaas Sweets has been hit by a ransomware attack. The company reported that its file storage and many systems had been encrypted, seriously impacting business. Investigation and recovery is ongoing.

Individual Impact: No personal data was exposed in this incident.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ensnaring critical systems and dataa

ID Agent to the Rescue: Our digital risk protection platform offers businesses multiple tools for securing their systems and data, even from unexpected dangers. LEARN MORE>>


Japan – Nuclear Regulatory Authority

https://securityaffairs.co/wordpress/110284/hacking/nuclear-regulation-authority-cyber-attack.html

Exploit: Unauthorized Systems Access

Nuclear Regulatory Authority: Government Agency

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.771 = Moderate

In a small but troubling incident at NRA, an unauthorized intruder gained access to the email system and the agency was forced to shut it down. The incursion affected both internal and external communications, snarling applications for hearings and impacting other business. Communications are limited to phone calls and in-person meetings. No data was stolen and access to any operations or research systems is through a separate, more secure system.

Individual Risk: No individual information was reported as impacted in this incident.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Adding extra protections for sensitive systems and data is a smart move, especially when those systems and data can impact public welfare.

ID Agent to the Rescue: Secure yout ,most sensitive data with the award-winning secure identiity and access management tools that you get when you choose Passly. SEE PASSLY AT WORK>>


The Week in Breach – Australia & New Zealand


Australia – Isentia

https://www.theguardian.com/technology/2020/oct/27/cyberattack-strikes-media-monitoring-company-used-by-australian-government

Exploit: Ransomware

Isentia – Media Monitoring Firm

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.775 = Severe

Analytics and media monitoring firm Isentia, the company that provides media services for much of the Australian government, has been hit by a cyberattack, likely ransomware. Customers lost access to the company’s service portal that connects them with media reporting on them, issues of interest to them, and journalists. The incident is under investigation, with no clear diagnosis of what if any data was stolen. Isentia holds sensitive information for powerful public figures as part of its media services operations.

Individual Risk: Isentia has not released information about potentially stolen personal information or customer data exposure.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Stolen personal data including exposed credentials is readily available in Dark Web markets and data dumps, opening victims of data theft up to future cybercrime.

ID Agent to the Rescue: Dark Web ID is the perfect choice to ensure that your company’s credentials haven’t been exposed in a dark corner of the Dark Web SEE A DEMO>>


The Week in Breach News Guide to Our Risk Scores


1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.



The Week in Breach: Added Intelligence


Go Inside the Ink to Get the Inside Scoop on Cybercrime

Every weekday, our blog features timely cybersecurity and breach news, problem-solving advice, and expert analysis of today’s threats, plus insight that helps you plan for tomorrow. Don’t miss it!



The Week in Breach: Resource Spotlight


Get Ready to Start 2021 Off Right By Bringing In New Business!

2020 has been a rollercoaster ride for MSPs, but we’re rounding the final turn into a fresh start in 2021. Are you ready to shake off those 2020 blues, get motivated to land new deals, and position your business to springboard into 2021 success? We’re here to help get you started off right. These resources are packed with great advice on closing new business, selling more to your current clients, and getting your MSP growing fast!

5 Proven Practical Steps to Close New Security Business

Get the secret to landing and closing more new security business from a sales expert and Channel All-Star, ID Agent VP of Business Development Matt Solomon. See how you can use the selling tools in Dark Web ID to reel in new clients fast! Watch this webinar>>

Power Up: Supercharge Your Sales and Marketing With Powered Services

Put your best foot forward into 2021 with fresh marketing and sales campaigns from Powered Services. Find out how access to this treasure trove can transform your business with effective sales collateral, smart marketing campaigns, professionally designed content for your social media, and more! Watch this webinar>>

Grow Where You’re Planted: 10 Expert Tips to Jumpstart MSP Growth Now

This eBook features 10 of the best growth tips that we’ve received in 2020. Gathered from experts in sales and marketing, you’ll learn how to make the most of your social media connections, find the right people to build your team, and sell more security more easily. Get ready to get growing now! Get this eBook>>


how to define insider threats represented by two men shaking hands, but one has the shadow of the a devil behind him.

Insider threats are today’s scariest business cybersecurity risk. Learn to spot and stop them with the eBook and other tools in this resource package!

Get “Stop Insider Threats” now>>


The Week in Breach: Featured Briefing


Growing Breach Fines Create Growing Alarm


In an increasingly connected electronic world, customers have an expectation that companies will take appropriate action to secure any sensitive data that they provide when purchasing goods and services. However, as we grow more dependent on electronic transactions in every facet of life, cybercriminals have become very good at worming their way into company systems to steal that data.

That expectation of data privacy has led to a raft of legislation securing data privacy rights for consumers and punishing companies that fail to maintain adequate security, especially when handling medical information. Many of those statutes involve fines – and regulators haven’t been shy about imposing big fines on companies that fail to comply.

Failure to secure customer information is growing extremely costly. Even powerful companies are feeling the sting of regulatory ire as record-breaking fines have been levied against them for data breaches. Recently, several international giants have been hit with news-making fines after major cyberattacks that exposed customer data including:

  • Aetna settled multiple HIPPA violations dating back to 2017 for $1 million
  • British Airways was fined an eye-popping £20 million
  • Marriott International was also fined in excess of £20 million
  • Texas Department of Health and Human Services was fined more than $1.6 million
  • Of course, Google leads the pack with a mind-boggling €50 million fine

As your clients assess their compliance needs in 2021, especially as new regulations are added in California and Japan, this is a great time to talk to them about why secure identity and access management with Passly and security awareness and phishing resistance training with BullPhish ID are data compliance superstars.



In many industries, multifactor authentication isn’t just smart cybersecurity, it’s a must-have that provides protection against compromised credentials and ransomware. With Passly, your clients not only get dynamic multifactor authentication with several options for token delivery, they also get secure shared password vaults that allow for extra safety precautions for essential server and system credentials and offer extra protection against cybercrime.

The biggest cybersecurity risk that your customers are facing today is phishing. Ransomware, spear phishing, business email compromise, and other pitfalls are all variants of phishing. So boosting phishing resistance with BullPhish ID is a key security enhancement that boosts a company’s overall security awareness. But only if companies engage in regular training – studies show that security awareness and phishing resistance training is extremely effective as long as it’s refreshed about every 4 months.

This is a great time to reach out to your clients to review their compliance posture – and do some outreach to prospects who may need a little help to improve their data compliance as well. The ID Agent digital risk protection platform has all the right tools to secure your clients and grow your business, and our experts are ready to help you make all the right choices.


cybercrime as a service depicted as a hand on a mouse in a shadowy stream of information

Find out why Dark Web danger is just around the corner for every business in the post-pandemic world.

READ STATE OF THE DARK WEB 2020>>


The Week in Breach: A Note for Your Customers


Ransomware Recovery is Long and Expensive. Should You Just Pay the Ransom to Make it Easier?


Ransomware has been the story of the year in cybersecurity, as attacks have boomed by more than 40% since March 2020. This slippery, dangerous foe is a nightmare that can wreak havoc on your business and cost a fortune in restoration and recovery on top of the lost business and general damage.

No one wants to deal with ransomware. But since you’re already looking at an expensive proposition, can you save yourself the money, time, and headaches of undertaking a ransomware incident response by paying the ransom and getting the encryption key to unlock your systems and data – and will you get in legal trouble for doing it?

The answer is complicated. While paying the ransom may not be expressly prohibited by law, legal officials are not fans of the practice. The US Treasury issued new guidance this month urging people not to pay hackers, and noting that businesses could face civil penalties if they pay ransoms to hacker groups affiliated with sanctioned nation-states, a particular concern for the healthcare sector.

The better approach to protecting your business from phishing danger including ransomware is increased security awareness and phishing resistance training. Ransomware is most likely to arrive at your doorstep as the cargo of a phishing email, as well as other dangerous cyberattacks like business email compromise, spear phishing, and whaling.

Regular phishing resistance training and testing with a solution like BullPhish ID is extremely effective – security awareness training including phishing resistance can reduce your cybersecurity incident rate by up to 70%. No matter how you slice it, increased security awareness training is the best way to ensure that your employees are ready for the threats they face ahead to keep ransomware from taking your profits hostage.



Catch Up With Us at These Virtual Events


  • NOV 5-6: Robin Robin’s Recession Rescue Virtual Roadshow REGISTER>>
  • NOV 10: A Cybersecurity Trilogy: PLAN – The Rise of Technology Webinar REGISTER>>
  • DEC 7-11: The TruMethods MSP Success Summit REGISTER>>

Get high-quality marketing tools to help you connect with your customers with our free resources for marketing and education like eBooks, webinars, social media graphics, infographics, and more!.


Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in its entirety) for your own social media and marketing efforts. Just send an email to marketing@idagent.com to let us knowwe welcome your feedback and we love to hear about how our content works for you!

Ready to become an ID Agent Partner or learn more about our remote-ready suite of cybersecurity solutions including the award-winning DarkWeb ID? Contact us today!