a green 1050's style plane pulls a banner that says "The Week in Breach " while a small alien-looking drone flies underneath of it, beaming a ray of cybersecurity bugs into the plane.

by Kevin Lancaster

This Week in Breach News: Egregor ransomware is flying high in retail, manufacturing & staffing around the world, Amazon phishing scams are even more of a holiday menace than usual to businesses this year, and our 2020 eBook “bestseller” list.


The Week in Breach News – United States 


United States – Greater Baltimore Medical Center 

https://www.securityweek.com/greater-baltimore-medical-center-hit-ransomware-attack

Exploit: Ransomware

Greater Baltimore Medical Center: Hospital 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.622 = Severe

A ransomware attack left Greater Baltimore Medical Center (GBMC) scrambling after many of its systems were knocked offline, impacting patient care. Procedures scheduled for 12/07/20 had to be rescheduled. Backups and workarounds enabled the hospital to keep functioning as the attack was investigated and mitigated. Recovery is ongoing.

Individual Risk: No personal or consumer information was reported as impacted in this incident.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware is increasingly being used as a way to cause operational disruptions instead of just snatching data, complicating its impact.

ID Agent to the Rescue: BullPhish ID keeps staffers on alert for potentially ransomware-laced phishing email with engaging, easy-to-understand video training. LEARN MORE>>


United States – AspenPointe

https://www.bleepingcomputer.com/news/security/healthcare-provider-aspenpointe-data-breach-affects-295k-patients/

Exploit: Unauthorized Database Access

AspenPointe: Healthcare Non-Profit 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.613 = Severe

AspenPointe has disclosed a large data breach that exposed personally identifying information (PII) of patients working with non-profit organizations that it manages including participants in its mental health and substance misuse programs. The unauthorized access took place in early September 2020 and it’s unclear how much data was stolen. AspenPointe is a nonprofit funded by Medicaid, state, federal, and local government contracts, as well as donations, that manages 12 organizations providing care and counseling in Colorado.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.820 = Severe

Patients may have had extensive personal and private information exposed including PPI like their date of birth, Social Security number, Medicaid ID number, date of the last visit (if any), admission date, discharge date, and/or diagnosis code. AspenPointe is providing those affected by the data breach IDX identity theft protection services including “12 months of credit and CyberScan monitoring, a $1,000,000 insurance reimbursement policy, and fully managed identity theft recovery services.”

Customers Impacted: 295,617

How it Could Affect Your Customers’ Business Data breaches at any business are bad news, but at a business like this, it’s a nightmare. Not only will AspenPointe have to deal with the corporate fallout, but regulators are also going to come calling with fines as well, making this incident extra expensive.

ID Agent to the Rescue: Your customers need solutions that protect their data from risks like this one, but tough times and tight budgets may be standing in the way of closing that sale. With Goal Assist, you can tag in an ID Agent expert to help you seal the deal. LEARN MORE>>


United States – Philabundance

https://www.phillyvoice.com/philabundance-cyberattack-theft-1-million-dollars/

Exploit: Business Email Compromise

Philabundance: Hunger Relief Non-Profit

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.017 = Severe

Hunger relief charity Philabundance got bilked by BEC scammers at the worst possible time. The charity, which fed 54,700 Philadelphians weekly in 2019, is now feeding 134,800 people each week. This incident occurred when the organization paid a construction bill of over $923,000 for a new $12 million facility built in North Philly for its Community Kitchen program, only to discover that they’d paid scammers instead. It’s believed that the con was enabled by a hack on the charity’s computer systems in July that enabled scammers to divert legitimate email from the construction company and replace it with their own fakes. Philabundance says that daily operations will not be impacted by the incident, but it remains a huge problem for this organization at a time when so many Americans rely on programs like this to keep their families fed.

Individual Risk: No personal or consumer information was reported as impacted in this incident.

Customers Impacted: 134,800 Philadelphians daily

How it Could Affect Your Customers’ Business: Business email compromise scams are some of the thorniest problems that every business faces. Good regularly refreshed security awareness training will help employees spot and stop BEC scams.

ID Agent to the Rescue: Learn more about defending against BEC and other damaging attacks when you become a Security Awareness Champion with the tips, tricks, and scam walkthroughs in our Security Awareness Champion’s Guide. READ IT>>


United States – Kmart

https://threatpost.com/kmart-egregor-ransomware/161881/

Exploit: Ransomware

Kmart: Retail Store Chain

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.802 = Severe

Already beleaguered retailer Kmart did not need the extra complications that came with the Egregor ransomware attack that was delivered to their door. The incident has encrypted devices and servers connected to the company’s networks, knocking out back-end services and corporate operations functions. Retail stores are operating normally and no consumer impact has been reported.

Individual Risk: No personal or consumer information was reported as impacted in this incident.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware is a disaster for any business, but it’s an especially cruel problem for a non-profit these days.

ID Agent to the Rescue: Many Business Email Compromise scams arrive as the cargo of a phishing attack, like this one. Learn how to defend your organization against them with BullPhish ID in our new eBook Phish Files. READ IT>>


United States – Alaska Division of Elections

https://www.juneauempire.com/news/113000-alaskan-voter-ids-exposed-in-data-breach/

Exploit: Hacking

 Alaska Division of Elections: State Agency 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.336 = Severe

An election-time data breach involving voter registration information was recently disclosed in Alaska. State and federal officials say that the election process was not impacted, but voter data was obtained for more than 100K Alaskan voters. Officials suspect nation-state hackers may be involved.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 2.114 = Severe

The database snatched included some PII like birth dates, driver’s license or state identification numbers, the last four digits of social security numbers, full legal names, party affiliation, and official mailing addresses.

Customers Impacted: 113,000 voters

How it Could Affect Your Customers’ Business: Nation-state hacking is an especially serious problem for government agencies and infrastructure targets. Adding extra security with MFA and similar tools helps combat this risk.

ID Agent to the Rescue: Protecting your data and systems with more than one layer of security keeps hackers out no matter where they’re from. Passly provides that extra protection immediately at an excellent price. LEARN MORE>>


The Week in Breach News – Canada


Canada – Metro Vancouver

https://securityaffairs.co/wordpress/111513/data-breach/ransomware-hits-us-fertility.html

Exploit: Ransomware

Metro Vancouver: Public Transportation Authority

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.229 = Severe

Egregor ransomware had a busy week as it disrupted operations for Metro Vancouver, impacting causing disruptions in services and payment systems for its TransLink payment service. Transportation service for riders was not otherwise impacted. The Egregor gang published a ransom demand and the incident is being investigated.

Individual Risk: No personal or consumer information was reported as impacted in this incident.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware is a huge threat to infrastructure targets right now, and it has been especially impactful in the transportation sector. Agencies need to be using their resources wisely to combat it.

ID Agent to the Rescue: Ransomware is almost always delivered as part of a phishing attack. Don’t let phishing shut your operations down. Train staffers to spot and stop phishing with BullPhish ID. LEARN MORE>>


a red envelope on a computer screen representing phsihing like ransomware threats up 33% in 2020

See how to enlist your staff in the fight against ransomware to transform them into your biggest security asset! WATCH THE WEBINAR>>


The Week in Breach News – United Kingdom & European Union


Switzerland – Kopter Group

https://securityaffairs.co/wordpress/111998/cyber-crime/lockbit-ransomware-kopter.html

Exploit: Ransomware

Kopter Group: Helicopter Manufacturer

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.662 = Severe

LockBit ransomware struck Swiss helicopter maker Kopter, disrupting operations. The attackers compromised its internal network and encrypted the company’s files. The ransomware gang revealed that it was able to access the company’s systems by utilizing a poorly protected VPN. Kopter manufactures civilian aircraft. Investigation and recovery are ongoing.

Individual Risk: No personal or consumer information was reported as impacted in this incident.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware is the fastest, easiest way for cybercriminals to score a big payday, and it’s only growing more popular – and more disruptive.

ID Agent to the Rescue: Don’t just hope that you’re not next – fight back against ransomware threats with our eBook “Ransomware 101”. See why you’re at risk and how to protect your business fast. GET THE BOOK>>


The Netherlands – Randstad

https://www.bleepingcomputer.com/news/security/largest-global-staffing-agency-randstad-hit-by-egregor-ransomware/

Exploit: Ransomware

Randstad: Staffing Agency

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.237 = Severe

The Egregor ransomware gang is getting its work done before the holidays, with yet another major strike this week, this time on the world’s largest staffing company. Randstad states that only a limited number of servers were impacted and that their network and business operations continued to operate without disruption. The company is still assessing what data exactly was stolen, but doesn’t expect that any client or employee data was impacted.

Individual Impact: No personal data was reported as exposed in this incident, but that may change as the investigation progresses.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: No matter how big a company is, one ransomware-laden phishing email can bring it to its knees in a hurry. Phishing is the biggest risk every business faces today.

ID Agent to the Rescue: Don’t wait until ransomware creates a massive disruption in your organization’s ability to get the job done. Update phishing resistance and security awareness training for every staffer BullPhish ID. SEE BULLPHISH ID IN ACTION>>


The Netherlands – Royal Dutch Cycling Union 

https://portswigger.net/daily-swig/royal-dutch-cycling-union-refuses-to-pay-ransom-following-data-breach 

Exploit: Ransomware

Royal Dutch Cycling Union: Sport Governing Body 

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.869 = Moderate

The ransomware gang that decided to strike the Royal Dutch Cycling Union struck out this week after stealing a database from the agency and publishing their ransom demand with sample data as proof. It turns out that the governing body had already transferred that information to a new, more secure system and they aren’t interested in having the old data returned. There’s been no impact on operations, and no sensitive membership data was involved.

Individual Impact: No personal data was reported as exposed in this incident.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Data theft is the most typical goal of ransomware gangs. Even in a low-impact incident like this, data could still be exposed that could harm your business, like account credentials.

ID Agent to the Rescue: Remember, employees routinely recycle passwords between work and personal applications. Don’t miss the memo when your employee passwords are exposed on the Dark Web through incidents like this. LEARN MORE>>


Our partners typically realize ROI in 30 days or less. See why nearly 4,000 MSPs in 30 countries choose to grow with ID AGENT solutions and support. BECOME A PARTNER>>


The Week in Breach News – Australia & New Zealand


Australia – Loch Rannoch Highland Club 

https://www.thecourier.co.uk/fp/news/local/perth-kinross/1788115/probe-into-data-breach-at-highland-perthshire-resort-after-details-of-2400-members-leaked-online/

Exploit: Insider Threat (Employee Error)

Loch Rannoch Highlands Club: Private Resort

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.227 = Extreme

Administrators at the Lake Rannoch Highland club are in hot water after a suspected employee error exposed information about 2,400 members and visitors, including some very prominent people. Detailed personal information about people who don’t like that data circulating around was made available publically after it was posted to a publicly accessible portion of the club’s website in what the resort notes was an “employee error”.

cybersecurity news gauge indicating extreme risk

Individual Risk: 1.433 = Extreme

243 pages of sensitive information about the owners of holiday homes or timeshares at the club and their guests were exposed, including the personal emails and phone numbers of more than 2,400 members plus timeshare owners’ email addresses and phone numbers, alongside their club reference numbers.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Insider threats are always lurking just around the corner, ready to spring messy cybersecurity incidents on every business that can have terrible consequences for your company’s reputation and client goodwill.

ID Agent to the Rescue: Insider threats can be controlled with the right security precautions. Download our “Insider Threats” toolkit for an eBook and other tools to combat insider threats. GET THE FREE TOOLKIT >>


The Week in Breach News – South America


Brazil – Embraer

https://www.securityweek.com/brazilian-plane-maker-embraer-targeted-cyberattack

Exploit: Ransomware

Embraer: Airplane Manufacturer 

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.227 = Extreme

Embraer, the world’s third-largest manufacturer of commercial, executive, military, and agricultural aircraft, was grounded by a suspected ransomware attack. The company was able to limit the spread of the malware and recover quickly with only minimal disruptions to operations.

Individual Impact: No personal data was reported as exposed in this incident.

How it Could Affect Your Customers’ Business: Corporate data that includes plans and schematics for things like airplanes or security systems can fetch a pretty penny for criminals on the Dark Web. That kind of data needs extra protection.

ID Agent to the Rescue: Information from incidents like this inevitably makes its way to Dark Web data markets. Make sure your employee credentials are protected from Dark Web data risk when you have them monitored with Dark Web ID. SEE DARK WEB ID AT WORK>>



The Week in Breach News Guide to Our Risk Scores


1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.


The Week in Breach: Added Intelligence


Go Inside the Ink to Get the Inside Scoop on Cybercrime

Every weekday, our blog features timely cybersecurity and breach news, problem-solving advice, and expert analysis of today’s threats, plus insight that helps you plan for tomorrow. Don’t miss it!


2020 election cybersecurity fears represented by a man in a hoodie is shown with a login screen superimposed to represent passwords for sale on the Dark Web

You probably thought you were being smart when you made your password – but cybercriminals are smart too. Read “Is This Your Password?” to see how yours stacks up. GET THE BOOK>>


The Week in Breach: Resource Spotlight


Fill Your Holiday Book Reserve With Our Cybersecurity Bestsellers


The holiday season is a wonderful time full of fun and family. Maybe too much family. Whether it’s a long, inevitably delayed flight or another exciting evening of listening to your Great Aunt argue with your Grandma over something that happened in 1976, you might need a few things to read to pass the time. We’ve got you covered. These eBooks were our most popular downloads in 2020. And if anyone asks what you’re doing, you can say “working” and not end up on the naughty list!

1. Is This Your Password? Our top download of 2020 shows you the best (and worst) ways to generate a passwordREAD IT>>

2. Ransomware 101 The 2020 runner-up is chock full of data about the ransomware scourge and how to avoid it. READ IT>>

3. State of the Dark Web 2020 COVID-19 changed everything including the Dark Web – here’s what you need to know now. READ IT>>

4. The Phish Files Get the intelligence you need including clear descriptions of threat scenarios and how to defend your clients! READ IT>>

4. Security Awareness Champion’s Guide Let us walk you through every danger you’ll face on your quest to become a Security Awareness Champion! READ IT>>



The Week in Breach: Featured Briefing


Are Your Clients Getting the Results That They Need from Phishing Resistance Training?


Phishing is today’s biggest cybersecurity threat, bringing everything from malware to business email compromise in its wake. More than 90% of incidents that end in a data breach start with a phishing email. The precipitate increase in phishing messages that’s occurred this year has made headlines, with Google announcing that it’s blocked over 600% more phishing messages in 2020. The impact of ransomware has made headline news as it’s used to disrupt critical operations worldwide.

For the most part, companies are aware that security awareness training matters. Since engaging in regularly updated security awareness training that includes phishing resistance can reduce their chances of having a cybersecurity incident by up to 70%, regularly engaging in training programs is a business essential. But how effective is their security awareness training program, especially when it comes to phishing?

For some companies, the answer to that question is “not really”. Employees believe all sorts of odd things about phishing, and many training programs don’t disabuse them of those fallacies. Some employees believe that only big corporations get hit by phishing. Many know that causing a cybersecurity incident like a data breach could get them fired, but they aren’t sure what to look for to spot one and that lack of confidence can be their undoing.

In some cases, training is so lackluster that it’s completely ineffective. Companies that are regularly engaging in security awareness training that includes phishing resistance are still having cybersecurity incidents that involve phishing. The training is simply not doing any good, and staffers are just checking off the boxes to complete requirements without the content having any effect on their cybersecurity practices.


 a man in a hoodie silhouetted against a world map with "hacked" stamped on it representing records on the dark web.

COVID-19 has changed everything – including the Dark Web. See how it has evolved and how that impacts security in our eBook. DOWNLOAD IT>>


In a recent survey of employee behavior around cybersecurity, a few facts stick out. A survey of 1,000 employees found that while 96% of employees are aware of digital threats, 45% still interact with emails that they consider suspicious. In just the surveyed US worker pool, more than 75% of respondents said they’d taken security awareness training, yet 60% were still opening emails that they knew were probably phishing attempts.

Just engaging in security awareness training alone isn’t enough to provide real protection. A shocking 96% of respondents responded that they were aware that links in email, on social media sites, and on websites can carry danger, but it still wasn’t stopping them from engaging in unsafe behavior. Effective security awareness and phishing resistance training has to hit home for staffers because even one phished password can be an epic disaster. Training content needs to connect with people in a way that makes the message sink in: phishing is a big problem, and you can stop it.

That’s one reason why we’re passionate about providing fresh, memorable content with BullPhish ID. Our engaging animated video lessons in 8 languages meet staffers where they are to help them learn about phishing threats in bite-sized pieces. We make it easy for them to grasp the concepts and understand the danger no matter how tech-savvy or tech-challenged they may be. Online testing follows that up with an accurate measurement of retention, letting you know who’s ready to graduate and who may need more help.



BullPhish ID’s simple remote management makes it easy for you to sort training groups and run training programs that are perfectly suited to the employees taking them, increasing a company’s overall cyber resilience quickly. With more than 80 pre-loaded, plug-and-play phishing resistance training kits including phishing simulation emails and web pages available right now, you can quickly get your clients engaged in training anytime, anywhere whether they’re back in the office or still working from home.

BullPhish ID also provides consistently updated content that includes the latest threats to protect your clients from phishing-related cybercrime like ransomware – in Q2 2020 alone IBM reported a 33% increase in ransomware threats and that number just keeps climbing. Of course, BullPhish ID covers COVID-19 phishing scams too, Google’s #1 phishing topic in history that’s still luring in unwary workers every day.

Ask your clients how effective they think their current security awareness training program is if they’re not already using BullPhish ID. Then show them the value that they get from not just more training, but better training with clear measurements of its effectiveness and consistently updated content using BullPhish ID. With phishing attack danger on the rise, it’s the perfect time for them to give themselves the gift of a safer 2021 with better training now.


The Week in Breach: A Note for Your Customers


Amazon Brings Unwanted Holiday Gifts to Businesses 


Everyone loves giving and getting gifts – it’s part of what makes this season special. It’s the most wonderful time of the year for cybercriminals too. As you and your staffers buy everything from business essentials to toys on Amazon this holiday season, you’re opening your business up to extreme risk from phishing.

While an increase in holiday-time phishing attacks isn’t unusual, the combination of people shopping from home because of the pandemic plus a huge increase in overall cybercrime spells trouble for your company in 2020. A recent report shows that Amazon-related phishing messages have more than doubled this year, and they’re continuing to climb, with a more than 60% increase in November alone.

So how can you protect your business? By making sure that all of your employees are well-versed in the types of phishing schemes that cybercriminals are bringing to the table this year. Up-to-date training that’s regularly refreshed can lower your incidence of a cybersecurity problem by up to 70%, making it a smart investment in your business.


insider threats like human error represented by the silhouette of a woman with her head in her hands in front of a laptop.

Is your company’s biggest security threat a member of your team? Learn to spot insider threats with this free resource package! GET IT>>


BullPhish ID is perfect for training your employees to be vigilant about the latest threats. We constantly update the plug-and-play phishing resistance training kits that are available to use for your business, including adding 4 new ones per month covering all the latest scams like COVID-19 threats.

Get your business a gift this holiday season – improved cyber resilience with a commitment to security awareness training with BullPhish ID that reduces your chances of becoming a victim of cybercrime. Your IT team will thank you when your well-trained staff avoids major cybersecurity blunders that would have caused huge problems – and your accounting department will thank you too because BullPhish ID is cost-effective and it could save you a fortune if you avoid even one cybersecurity disaster.



Catch Up With Us at These Virtual Events


Have you reserved your seat for ‘Twas the Night Before Krampus? Join Krampus and the ID Agent elves on December 15 from 3 pm ET – 5:30 pm ET featuring plenty of sugar and spice including a keynote by a former cybercrime king Brett Johnson, The Original Internet Godfather, tales of amazing sales secrets from Channel leaders, and OVER $5K in cash and prizes like a celebrity Zoom, an Apple gadget, a VR headset, or a grand prize of $1,000 cash REGISTER NOW>>

  • DEC 1 – DEC 25: EverythingMSP Presents “A Very Merry MSP Christmas” Giveaway REGISTER>>
  • DEC 9: Phish and Chips (EMEA Edition) REGISTER >>
  • DEC 7-11: The TruMethods MSP Success Summit REGISTER>>
  • DEC 15: ‘Twas the Night Before Krampus REGISTER>>

Get high-quality marketing tools to help you connect with your customers with our free resources for marketing and education like eBooks, webinars, social media graphics, infographics, and more!.


Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in its entirety) for your own social media and marketing efforts. Just send an email to marketing@idagent.com to let us knowwe welcome your feedback and we love to hear about how our content works for you!

Ready to become an ID Agent Partner or learn more about our remote-ready suite of cybersecurity solutions including the award-winning DarkWeb ID? Contact us today!


Share This Post!