Please fill in the form below to subscribe to our blog

The Week in Breach News: 11/04/20 – 11/10/20

November 10, 2020
the wwek in breach illustrated by four gold bars that read "the week in breach."

This Week in Breach News: This week: Capcom discovers ransomware isn’t a game, Magecart hackers strike gold from JM Bullion, healthcare cyberattack warnings come to fruition, and we’ve put together a Dark Web crash course for you! 

The Week in Breach News: Dark Web ID’s Top Threats This Week

  • Top Source Hits: ID Theft Forum
  • Top Compromise Type: Domain
  • Top Industry: Finance & Insurance
  • Top Employee Count: 501+

The Week in Breach News – United States 

United States –  JM Bullion

Exploit: Skimming (Magecart)

JM Bullion: Precious Metals Dealer

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.772 = Severe

This Texas precious metals trader discovered that someone was cashing in on their clients’ transactions and it wasn’t them. In a recent regulatory filing, the company disclosed that malicious payment skimming code was present and active on their website from February 18, 2020, to July 17, 2020.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.624 = Severe

The information stolen in this attack includes customers’ names, addresses, and payment card information, including the account number, expiration date, and security codes. Customers should be alert to potential identity theft and spear phishing attempts.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Failing to notice a payment card skimmer operating on your site for 6 months does not speak well to your company’s commitment to keeping client data secure.

ID Agent to the Rescue: No business can afford to overlook regular cybersecurity awareness training and risk mitigation. Our digital risk protection platform has the solutions that you need to provide strong security for your business at a great price. LEARN MORE>>

United States – University of Vermont Medical Center

Exploit: Ransomware

University of Vermont Medical Center: Hospital System 

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.402 = Extreme

In the wake of recent warnings from US government agencies about increased ransomware risk for healthcare targets, University of Vermont Medical Center (UVM) has landed in that trap. A ransomware attack has led to significant, ongoing tech problems for the University of Vermont Health Network, affecting its six hospitals in Vermont and New York. The Vermont National Guard and the FBI have been working with the tech team at UVM to restore service since the attack first began affecting systems on October 30th. Damage assessment and recovery are ongoing, and some systems are still offline. The hospital says that urgent patient care was not impacted.

Individual Risk: No personal or consumer information was reported as impacted in this incident.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Healthcare targets are in increasing danger from money-hungry cybercriminals who know that medical targets don’t have time for a long, complex recovery procedure, but they do have money.

ID Agent to the Rescue: Ransomware is typically delivered as the nasty cargo of a phishing attack. Improve your staff’s phishing resistance to fight back against ransomware threats. LEARN MORE>>

United States – GrowDiaries

Exploit: Misconfiguration

GrowDiaries:  Industry Blogging Platform 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.237 = Severe

Leading cannabis industry blogging platform GrowDiaries may need to clear its head after a configuration error in Kibana apps left two Elasticsearch databases unlocked and leaking data. Those open gates allowed attackers to dive into two sets of Elasticsearch databases, with one storing 1.4 million user records and the second holding more than two million user data points.

cybersecurity news represented by a gauge indicating moderate risk

Individual Risk: 2.612 = Moderate

One open database exposed usernames, email addresses, and IP addresses for platform users, and the other exposed user articles posted on the GrowDiaries site and users’ account passwords. Users should be aware of spear phishing and blackmail risks.

Customers Impacted: 1.4 million

How it Could Affect Your Customers’ Business: Cyberattacks can have cascading consequences, with information stolen in cyberattacks coming back to haunt businesses months or years later. Data like login credentials can live on in Dark Web data dumps to haunt you later.

ID Agent to the Rescue: Dark Web ID helps keep credentials safe with 24/7/365 human and machine monitoring using real-time data analysis. to find compromised credentials and alert you fast.  LEARN MORE>>

United States – Mattel

Exploit: Ransomware

Mattel: Toymaker

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.327 = Severe

In a recent regulatory filing, Mattel told regulators that it suffered a ransomware attack in July 2020 that shut down some systems but did not include a significant data loss. Only business systems were impacted, production and distribution were not affected. Experts believe that TrickBot ransomware was used in the incident.

Individual Risk: No personal or consumer information was reported as impacted in this incident.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Cybersecurity awareness starts with phishing resistance. It’s the most likely delivery system for ransomware, but training only sticks if it’s refreshed at least every 4 months.

ID Agent to the Rescue: Don’t get caught in cybercriminal nets by ransomware lures. BullPhish ID had more than 80 plug-and-play phishing simulation campaigns ready to train your staff to spot and stop phishing now, with 4 new ones added every month. SEE HOW IT WORKS>>

United States – GEO Group

Exploit: Ransomware

GEO Group: Private Prison Developer 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.066 = Severe

GEO Group has begun informing impacted individuals and facilities that the Florida-based prison developer was struck by ransomware in July 2020. The company notes that some personally identifiable information and protected health information for some inmates and residents was exposed in the incident. The impacted people connected to the South Bay Correctional and Rehabilitation Facility in Florida, a youth facility in Marienville Pennsylvania, and an unnamed defunct facility in California. Employee data was also obtained in the incident.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 2.221 = Severe

Residents and former residents of the impacted facilities should be alert to spear phishing, identity theft, or blackmail attempts using the stolen data. Employees of GEO group should also be on the lookout for similar activity.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: failure to stop ransomware attacks from landing on your business is a fast track to a long, messy, and expensive recovery.

ID Agent to the Rescue: Don’t set yourself up for disaster by failing to train everyone in your organization. From interns to the C-suite, everyone’s a potential phishing target. BullPhish Id uses fast, effective training tools like engaging videos to make sure everyone is up to speed. LEARN MORE>>

The Week in Breach News – Canada

Canada – Saskatchewan Polytechnic

Exploit: Ransomware

Saskatchewan Polytechnic: Institution of Higher Learning 

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 1.317 = Extreme

Classes were canceled for a week at Saskatchewan Polytechnic after a suspected ransomware attack on October 30th rocked the school’s systems. Students and staff lost access to O365 functions, Zoom, and learning platforms. Online classes have been partially restored, but the recovery for impacted systems is ongoing with law enforcement involved. Saskatchewan Polytechnic operates campuses in 4 locations.

Individual Risk: No personal or consumer information was reported as impacted in this incident so far, but it is still being remediated.

Customers Impacted: 14,176 students, unknown staff

How it Could Affect Your Customers’ Business: Ransomware isn’t just about capturing data anymore, it can also be intended to shut down your business. Security awareness training prevents up to 70% of cybersecurity incidents.

ID Agent to the Rescue: Phishing resistance training is one of the most important ways that businesses can protect their systems and data. Not only does it improve your staff’s phishing resistance, but it also boosts their overall cybersecurity awareness too. LEARN MORE>>

The Week in Breach News – United Kingdom & European Union

United Kingdom –  Flagship Group

Exploit: Ransomware

Flagship Group: Rental Housing Facilitator 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.862 = Severe

Social housing platform Flagship Group got an unwelcome visitor – REvil ransomware. The company announced that one of their data centers was infected by the ransomware, “compromising some personal staff and customer data”. Operations were not impacted. The attack took place on November 1, 2020, and authorities are investigating as recovery continues.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.613 = Severe

Clients and employees should be aware of the possibility that their personally identifiable or financial data was compromised and be alert to spear phishing and identity theft attempts.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: As the company noted in their report, REvil came calling as part of a phishing email, the biggest cybersecurity threat your business is facing in 2020.

ID Agent to the Rescue: Don’t just hope that you’re not next – fight back against ransomware threats with our eBook “Ransomware 101”. See why you’re at risk and how to protect your business fast. GET THE BOOK>>

Sweden- Folksam Insurance Group

Exploit: Accidental Data Sharing

Folksam Insurance Group: Insurance Company

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.801 = Moderate

Swedish insurer Folksam made a misstep last week, when employees accidentally shared access to sensitive client data with Facebook, Google, Microsoft, LinkedIn, and Adobe. There are no indications that the data was used. The data was generated as part of an internal marketing analysis.

cybersecurity news represented by a gauge indicating moderate risk

Individual Risk: 2.654 = Moderate

Folksam has not said precisely what data was shared, but data they maintain includes financial, personal, and professional information about clients.

Customers Impacted: 1.000,000

How it Could Affect Your Customers’ Business: Accidental data sharing is often a result of sloppy data handling and security practices. Clients will lose trust in companies that promise to secure their sensitive data and fail.

ID Agent to the Rescue: Passly adds extra protections between outsiders and your data with a robust suite of secure identity and access management tools at a price that’s also sweet. SEE PASSLY IN ACTION>>

Spain – Prestige Software

Exploit: Misconfiguration

Prestige Software: Travel Industry Software Developer 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.613 = Severe

International booking software provider Prestige is in hot water for a misconfiguration incident that led to the exposure of personally identifiable data for potentially millions of travelers worldwide. An AWS S3 bucket was left open with free access to 24.4 GB of information, about 10 million files. Clients of Prestige Software include, Expedia, Agoda, Amadeus,, Hotelbeds, Omnibees, Sabre, and several others. Credit card data for businesses including travel agents and hotel customers was also stored in this database without any security measures.

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.624 = Severe

Travelers from as far back as 2013 who have used, Expedia, Agoda, Amadeus,, Hotelbeds, Omnibees, Sabre, and smaller service providers may be impacted. The information exposed includes travelers’ full names, NIC numbers, email addresses, phone numbers, hotel reservation number, date and duration of stay, credit card numbers including owner’s name, CVV code, and card expiration date. 

Customers Impacted: Unknown, 10 million files were exposed

How it Could Affect Your Customers’ Business: This egregious data handling and security error isn’t just a PR disaster – it’s also going to cost a pretty penny in fines and penalties once regulators get finished, including an anticipated large GDPR bill.

ID Agent to the Rescue: Compliance is a major concern in many industries. Are you checking off the boxes on your industry’s compliance checklist? We can help make sure that you’re on the ball. LEARN MORE>>

Italy – Campari Group

Exploit: Ransomware

Campari Group: Beverage Vendor 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.607 = Severe

The Ragnar Locker ransomware gang stopped by Italian beverage maker Campari Group, leaving a sticky situation in its wake. The company, creators of brands including Campari, Cinzano, and Appleton, had a large part of its IT systems encrypted leading to a business disruption. Campari has announced that it was able to restore affected systems and no sensitive data was impacted. The ransom demand is currently set for $15 million

Individual Risk: No personal or consumer information was reported as impacted in this incident

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Backup and restoration is an important tool in ransomware recovery – but training your staff to not be fooled by the phishing email that launches a ransomware attack is an effective mitigation strategy.

ID Agent to the Rescue: BullPhish ID is available in 8 languages to keep worldwide staff up to date to spot and stop the latest phishing threats, including COVID-19 scams. LEARN MORE>>

The Week in Breach News – Asia Pacific

India – Lupin

Exploit: Ransomware

Lupin: Drugmaker

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.806 = Severe

As the race to find a vaccine or treatment for COVID-19 heats up, Mumbai-based Lupin became the second major Indian pharmaceutical company to be hit by a suspected ransomware attack in the last few weeks. The company was forced to shut down operations and production at several of its facilities for a brief period, but systems have been restored.

Individual Impact: No personal data was exposed in this incident.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Snarling systems and impacting production are two goals that we’re seeing on the rise on cybercriminal hit lists, and frequently ransomware is the tool that they prefer to shut down businesses.

ID Agent to the Rescue: Don’t get locked out of your business by ransomware. Phishing resistance training with BullPhish ID transforms your staffers from your largest attack surface to your largest defensive asset. . LEARN MORE>>

Japan – Capcom Inc. Ltd.

Exploit: Ransomware

Capcom Inc. Ltd.: Videogame Company

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.070 = Severe

Ragnar Locker ransomware is on the case again, this time in an incident at legendary Japanese game company Capcom. The gang claims to have scored 1TB of sensitive data from Capcom, including data from corporate networks in the US, Japan, and Canada. Industry sources report that Ragnar Locker claims to have encrypted 2,000 devices on Capcom’s networks and are demanding $11,000,000 in bitcoins for the key.

Individual Risk: No individual information was reported as impacted in this incident, although the extent and type of the stolen data is still unclear.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Even giant corporations can become victims of the humble phishing attack, and huge amounts of data like what was captured here help fuel the spear phishing attacks that often lead to ransomware events.

ID Agent to the Rescue: Information from attacks like this frequently makes its way to Dark Web data markets and dumps, including stolen password lists. Make sure your employee credentials are protected from unexpected risk when you have them monitored with Dark Web ID SEE DARK WEB ID AT WORK>>

The Week in Breach – South America

Brazil – Superior Court of Justice

Exploit: Ransomware

Superior Court of Justice: Judiciary Body 

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.227 = Extreme

A ransomware attack savaged the Brazilian judiciary system last week, encrypting or disrupting all major services including the official website. Outlets are also reporting that the system cannot be easily restored because the backups have also been encrypted, which squares with the demands made by cybercriminals for a ransom payment. The Court is collaborating with the Brazilian Army’s Cyber ​​Defense Command and other relevant authorities for investigations. Court actions are suspended pending the restoration of required services.

Individual Risk: While it’s clear that a great deal of information has been stolen or encrypted, there are no specifics on the type.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware is also becoming a favored weapon of nation-state hackers, and is being more frequently used to disrupt government and essential service operations.

ID Agent to the Rescue: Are nation-state hackers a threat to your business? Many essential services are at risk, especially in healthcare. Find out more about what they’re going after and how to protect your business. LEARN MORE>>

The Week in Breach News Guide to Our Risk Scores

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

The Week in Breach: Added Intelligence

Go Inside the Ink to Get the Inside Scoop on Cybercrime

Every weekday, our blog features timely cybersecurity and breach news, problem-solving advice, and expert analysis of today’s threats, plus insight that helps you plan for tomorrow. Don’t miss it!

The Week in Breach: Resource Spotlight

Dark Web Danger Isn’t Decreasing – Here’s the Crash Course You Need to Keep Up

Are you up to speed on today’s Dark Web? Take this crash course in Dark Web threats to get ready to learn more about how the Dark Web economy really works to confidently sell more Dark Web monitoring and effectively secure your clients.

  • COVID-19 changed everything – including the Dark Web. See how it could impact your business in the eBook “State of the Dark Web 2020“. Download it now>>
  • In our webinar “MSPs Are Lifting the Veil of the Dark Web”, MSP experts will show you everything an MSP needs to know about today’s Dark Web. Watch the webinar>>
  • Go deep into Dark Web data markets with experts and get a free deck of Dark Web screenshots in the webinar Unveiling Cybercrime Markets on the Dark Web. Watch this webinar>>

how to define insider threats represented by two men shaking hands, but one has the shadow of the a devil behind him.

Insider threats are today’s scariest business cybersecurity risk. Learn to spot and stop them with the eBook and other tools in this resource package!

Get “Stop Insider Threats” now>>

Credential Stuffing Attacks Disproportionately Target Certain Industries

Many types of cyberattacks are more common in some industries than others, while ransomware has been a consistently dangerous across-the-board offender, things like business email compromise scams and corporate espionage tend to cluster. That seems to be the case with credential stuffing attacks in 2020, as certain industries have seen more than their share.

In recent reporting, cybersecurity researchers have uncovered a trend that doesn’t bode well for three already beleaguered industries. In the analysis period, July 1 2018 to June 30, 2020, researchers counted over 100 billion credential stuffing attempts against myriad targets. and discovered that cybercriminals are playing favorites.

More than 60% of the credential stuffing attacks recorded in the last 12 months have targeted businesses in the retail, hospitality, and travel sectors, led by 64 billion attempts at cracking open user accounts in just those verticals. While every company carries some risk for credential stuffing, retail is the clear favorite of cybercriminals, with more than 80% of credential stuffing attacks directed at retail targets.

Analysts suspect that additional online shopping traffic spurred on by worldwide COVID-19 lockdowns added as an extra incentive to go after retailers this year. That explosion in shopping brought some users who hadn’t been shopping online much back into the fold, enabling cybercriminals to get new mileage out of old lists of compromised credentials in Dark Web data dumps.

So, how can you secure your clients and your business against credential stuffing threats? It turns out that a few simple tools pave the way to enhanced protection from this growing threat:

  • Find exposed credentials that could put your clients at risk. Millions of passwords from millions of sources are easily acquired on the Dark Web, even for free. Make sure that employee credentials aren’t floating around on any of those lists with Dark Web ID. Our 24/7/365 Channel-leading Dark Web monitoring uses real-time, validated data and real human analysts as well as machine intelligence to spot compromised protected credentials and alert you to trouble immediately.
  • Eliminate flimsy barriers that let cybercriminals walk right in. One of the universally recommended mitigations for credential stuffing risk is multifactor authentication for a good reason – it works. Add Passly to your arsenal to give your clients enhanced access point protection that goes to work in days, not weeks – without the enhanced price point.

Protecting your clients from credential stuffing attacks isn’t a magic trick, and it’s not an expensive proposition. It’s a smart move that will prevent data breaches, enhance your MRR, and build your clients’ trust in your expertise. By adding efficient, affordable protection, your clients can have confidence that you’re making sure they’ve got their shield in place against credential stuffing.

phishing awareness represented by a lady with a cellphone showing a suspicious message

See Passly and Dark Web ID in action. WATCH IT>>

Book a live demo with an ID Agent expert to see how Passly and Dark Web ID can grow your business! BOOK IT>>

cybercrime as a service depicted as a hand on a mouse in a shadowy stream of information

Find out why Dark Web danger is just around the corner for every business in the post-pandemic world.


The Week in Breach: A Note for Your Customers

Compliance Essentials Save You Money in More Ways Than One

As we head into the last weeks of 2020 (finally!), businesses are starting to take stock of what they’ve accomplished this year and what they need to get done in Q1 2021. When you’re making your review list, don’t forget to include “compliance”, because failing to maintain data and system security is a nasty misstep that no business can afford.

Take a moment to review how compliance requirements may have changed in your industry. Japan’s 2005 Protection of Personal Information law received a major update in 2020. Plus, new GDPR updates and clarifications can add additional complications and additional penalties for failure. India and Hong Kong are also set to enact and enforce updated data privacy regulations.

In the US, data privacy bills were put before legislatures in at least 30 states and Puerto Rico in 2020, and new regulations were enacted in Virginia and Michigan. The newly enacted California Consumer Privacy Act could also impact your business, California voters also just passed Proposition 24 on November 3, 2020, allowing consumers to stop businesses from selling or sharing their personal information, including race, religion, genetic details, geographic location, and sexual orientation.

One data security best practice that is required or encouraged in many industry compliance regulations is multifactor authentication (MFA), and Passly is an ideal choice. Protect your data with more than one lock: a password and MFA. With Passly’s MFA feature, a separate code or token is also needed to gain access to your systems and data, guarding you from the impact of a compromised employee password.

Compliance is a tricky field, and it’s always best to consult with an expert to ensure that you’re safe. Your managed services provider can help you find out exactly what you need to do to ensure that your company’s data handling and storage are on track with industry best practices and compliance requirements, giving you peace of mind as you head into the end of a challenging year.

Catch Up With Us at These Virtual Events

  • NOV 12: Best Practice Tips for Building Even Better Client Relationships Webinar REGISTER>>
  • NOV 18: Securing Your C-Suite; a Cybersecurity Panel Discussion REGISTER>>
  • DEC 7-11: The TruMethods MSP Success Summit REGISTER>>
  • DEC 15: ‘Twas the Night Before Krampus REGISTER>>

Get high-quality marketing tools to help you connect with your customers with our free resources for marketing and education like eBooks, webinars, social media graphics, infographics, and more!.

Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in its entirety) for your own social media and marketing efforts. Just send an email to [email protected] to let us knowwe welcome your feedback and we love to hear about how our content works for you!

Ready to become an ID Agent Partner or learn more about our remote-ready suite of cybersecurity solutions including the award-winning DarkWeb ID? Contact us today!