Please fill in the form below to subscribe to our blog

The Week in Breach News: 01/18/23 – 01/24/23

January 25, 2023

Big breaches at T-Mobile and PayPal expose consumer data, more cybersecurity trouble for Costa Rica and essential insights for MSPs about SMB security priorities from the new Datto SMB Cybersecurity for MSPs Report.  

Explore SMB cybersecurity pain points and spending plans in the Datto SMB Cybersecurity for MSPs Report. READ IT>>

Riot Games

Exploit: Social Engineering

Riot Games: Video Game Company

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 1.776 = Moderate

Riot Games has experienced a data breach that has impacted its release schedule for game patches. Riot is the video game developer and publisher behind the popular games League of Legends and Valorant. A company spokesperson said that systems in their development environment had been compromised as the result of a social engineering attack. The company said that there’s no indication that player data or personal information was obtained. However, the incident has impacted its ability to deliver game content and may delay future game updates. The incident is under investigation.

How It Could Affect Your Customers’ Business: Intellectual property and proprietary data are also attractive targets for cybercriminals.

ID Agent to the Rescue: Social engineering is a hallmark of phishing. See how AI-enabled email security protects businesses against phishing traps that humans would fall for. GET EBOOK>>

NextGen Healthcare

Exploit: Ransomware

NextGen Healthcare: Medical Records Software Company

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.021 = Severe

NextGen Healthcare is the latest company to fall victim to a AlphV/BlackCat ransomware attack. The company, a major provider of electronic health record (EHR) software and practice management systems, was added to the AlphV/BlackCat group’s dark web leak site last week. NextGen serves hundreds of the biggest hospitals and clinics in the U.S., U.K., India and Canada. The company said that the incident is under investigation. No information was available about any ransom demands at press time.  

How It Could Affect Your Customers’ Business: The penalties that healthcare business services companies face for a data breach are just as steep as for a healthcare provider.

ID Agent to the Rescue: This infographic illustrates just how easy it is for a company to end up on The Ransomware Road to Ruin. GET INFOGRAPHIC>>   

Yum! Brands

Exploit: Ransomware

Yum! Brands: Fast Food Corporation

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.837 = Severe

Fast food giant Yum! Brands fell victim to a ransomware attack that caused the temporary closure of 300 locations in the United Kingdom. Yum! Brands oversees the KFC, Pizza Hut, Taco Bell, and The Habit Burger Grill fast-food restaurant chains. The company did not name the gang involved or offer details about any ransom demands. Yum! Brands said that upon discovery of the problem, it initiated an incident response that involved closing Uk stores briefly, but that the impacted UK stores have reopened. Yum! Brands disclosed that data was stolen in the attack but said that the company does not see evidence that customer information has been exposed. 

How It Could Affect Your Customers’ Business: Ransomware can lead to severe business impacts like closures and loss of business that cause major revenue damage.

ID Agent to the Rescue:  The Cybersecurity Risk Protection Checklist helps businesses make sure that they’re covering all of their security bases. GET CHECKLIST>> 


Exploit: Credential Stuffing

PayPal: Electronic Payments Processor 

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.981 = Extreme

PayPal is notifying thousands of users that their accounts may have been accessed through a credential stuffing attack. The company said that this attack occurred between December 6 and December 8, 2022. By December 20, 2022, PayPal’s investigation uncovered that unauthorized third parties logged into the accounts with valid credentials. The company maintains that this intrusion was not due to a breach on its systems and says that it has no evidence that the user credentials were obtained directly from Paypal. The company has notified 34,942 users that their accounts may have been impacted by the incident. Hackers may have had access to account holders’ full names, dates of birth, postal addresses, social security numbers and individual tax identification numbers. Transaction histories as well as connected credit or debit card details and PayPal invoicing data are also accessible on PayPal accounts and may have been exposed.  

How It Could Affect Your Customers’ Business: Even big companies can get into hot water over stolen or recycled credentials.

ID Agent to the Rescue:  Managed SOC helps overtaxed security teams detect and address security issues without spending on additional equipment or expanding the payroll. LEARN MORE>>

Nissan North America

Exploit: Supply Chain Attack

Nissan North America: Carmaker

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.973 = Severe

Nissan North America has begun informing an estimated 17,998 customers that it has experienced a data breach as a result of a security incident at an unnamed third-party service provider. Nissan said that it had provided the third party real customer data from Nissan to use in developing and testing software solutions for the automaker, but that data was exposed due to a poorly configured database. The exposed data includes full names, dates of birth, and NMAC account numbers but not credit card details or Social Security numbers.

How it Could Affect Your Customers’ Business: Cybersecurity flubs by service providers can cause a cascade of supply chain problems that impact other businesses too.

ID Agent to the Rescue:  A strong security culture reduces the risk of an incident. Build one with The Building a Strong Security Culture Checklist! DOWNLOAD IT>>   


Exploit: Hacking

T-Mobile: Telecommunications Company

cybersecurity news gauge indicating extreme risk

Risk to Business: 2.223 = Extreme

Major wireless communications provider T-Mobile disclosed last week that a hacker had accessed a trove of personal data for 37 million of the company’s customers. A bad actor apparently had access to T-Mobile’s customer data from November 25, 2022, until the company discovered the intrusion on January 5, 2023. T-Mobile says that the hacker obtained access through an API. The stolen data includes a customer’s name, billing address, email, phone number, date of birth, T-Mobile account number and information such as the number of lines on the account and plan features.  

How it Could Affect Your Customers’ Business: Cybercriminals are always on the hunt for fresh stores of valuable personal information like the data stolen from T-Mobile.

ID Agent to the Rescue:  Security awareness training helps prevent costly cybersecurity nightmares. This infographic demonstrates why training is a smart move for every business. GET INFOGRAPHIC>>

Go inside nation-state cybercrime to get the facts and learn to keep organizations safe from trouble! GET EBOOK>>

Qulliq Energy Corporation (QEC)

Exploit: Hacking

Qulliq Energy Corporation (QEC): Energy Compan

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.702 = Severe

 A cyberattack on the Qulliq Energy Corporation (QEC), an energy provider in Canada’s Nunavut territory, has had a major impact on the company’s administrative offices. The attack started on January 15 and took down computer systems at the corporation’s customer care and administrative offices. QEC was quick to assure customers that power plants are still operating normally. The company has cautioned consumers that it currently cannot accept bill payments through credit cards, but customers can pay using cash or through bank transfers. QEC is still trying to determine what information may have been stolen or accessed during the attack while cautioning customers that they should monitor accounts for suspicious activity and change their QEC account password. 

How it Could Affect Your Customers’ Business: Infrastructure like utilities have been increasingly endangered by cybercriminals, especially ransomware gangs.

ID Agent to the Rescue: Security awareness training helps employees avoid security errors. Learn to create a great program with How to Build a Security Awareness Training Program. DOWNLOAD IT>> 

Learn to identify and mitigate fast-growing supply chain risk with this eBook. DOWNLOAD IT>>

Costa Rica – Ministry of Public Works and Transport (MOPT)

Exploit: Ransomware

Ministry of Public Works and Transport (MOPT): Government Agency

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.831 = Extreme

Costa Rica’s Ministry of Public Works and Transport (MOPT) said in a statement that 12 of its servers were encrypted last Tuesday as the result of a successful ransomware attack by an unnamed group. All of MOPT’s computer systems were knocked offline. MOPT reassured citizens that driving tests are still being conducted in person, although license issuance services were briefly disrupted. Costa Rica’s agency responsible for road safety, The Road Safety Council was quick to inform the public that its computer infrastructure is separate from MOPT, and it was not affected by the ransomware attack.  No ransomware group has claimed responsibility and no information about any ransom demand was available at press time. The Costa Rican government dealt with a widespread and crippling ransomware attack by the Conti group in mid-2022 that ultimately resulted in the country’s refusal to pay the $10 million ransom. 

How it Could Affect Your Customers’ Business: Although this attack did not have an impact on public safety, it could have created a very dangerous circumstance.

ID Agent to the Rescue: Managed SOC helps businesses detect and mitigate sophisticated cyberattacks before they can wreak havoc. READ THE PRODUCT BRIEF>>

What worries security pros? The Kaseya Security Insights Report 2022 tells you. GET YOUR REPORT>>

Norway – DNV

Exploit: Ransomware

DNV: Ship Software Provider

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.103 = Severe

Norwegian maritime classification company DNV was hit by a successful ransomware attack that impacted about 1,000 vessels around the world. The company is the maker of the ShipManager software platform that is used to manage crewing and maintenance schedules. The problem emerged on January 7, 2022, forcing DNV to take its servers offline. DNV said that the company’s other functions, including setting standards for the construction and operation of ships, are unaffected. An estimated 7,000 vessels owned by 300 customers use ShipManager. The name of the ransomware group responsible and any ransom demand was unavailable at press time.

How it Could Affect Your Customers’ Business: Ships and ports have been high on cybercriminal hit lists, creating ripples of danger that can impact businesses worldwide.

ID Agent to the Rescue: See the dollars and cents benefits of security awareness training in our eBook The Business Case for Security Awareness Training. DOWNLOAD EBOOK>>

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident

managed SOC traveling to Connect IT represenetd by a branded backpack

Don’t miss the industry’s best event, Connect IT Global April 24 – 27, 2023, in Las Vegas! REGISTER NOW>>

See how today’s biggest threats may impact businesses in our security blogs.

See how Managed SOC gives businesses an essential edge against cyberattacks. DOWNLOAD INFO SHEET>>

BullPhish ID’s Dashboard Has a New Look

The Dashboard page for BullPhish ID has been completely redesigned to offer a better user experience. Several significant UI enhancements and functional adjustments have been made to the Dashboard page under the Dashboard module including: 

Newly added License Consumption cards for MSPs to see how many Phishing and Training licenses have been consumed or remain. 

A new widget feature has been added to the Dashboard page. These currently available widgets are graphs that have been updated to a new horizontal format. 

  • Phishing Simulation Campaigns 
  • Training & Awareness Campaigns 
  • Phishing Simulation Results 
  • Training & Awareness Course Results 

Learn more about other BullPhish ID dashboard enhancements on the BullPhish ID Release Notes page.

To learn more about these features and more, please review this Kaseya Knowledge base article that guides you through a detailed walk-through of the Dashboard & Organization pages. READ IT>>

Set businesses on the zero trust path with the 6 Tips for Implementing Zero Trust Security infographic! GET IT>>

The Datto SMB Cybersecurity Survey for MSPs Report

Go inside SMB cybersecurity goals, plans and needs in-depth in our new cybersecurity report focused on SMB security priorities. Specially developed to benefit MSPs, this report is packed with useful data to inform your planning and decision-making. We explore: 

  • What cyberattacks SMBs are most worried about 
  • The biggest pain points for SMBs 
  • Strategies and “ins” you can use to close more deals 
  • What SMBs are spending their money on 
  • How to meet your customers where they are for maximum benefit for both of you 


Did you miss… Our Security Awareness Training: How it Prevents the Biggest SMB Security Threats infographic? GET IT>>

Go inside BEC scams & get tips to keep businesses safe from today’s most expensive cyberattack. DOWNLOAD EBOOK>>

Bearded Male technician showing digital tablet to a white female coworker in server room.

4 Things MSPs Need to Know About SMB Security Spending  

The Datto SMB Cybersecurity for MSPs Report has just been released and it offers MSPs valuable insight into the minds and motivations of business IT professionals. This report was created from a subset of data collected in a survey of 2,913 IT decision-makers conducted in July and August 2022. Respondents were required to be an IT decision-maker at an SMB with 10–300 employees. The markets chosen for analysis were North America (U.S. and Canada), the U.K., Germany, the Netherlands, Australia and New Zealand, and Singapore.   

Is it time to update your security awareness training policy – or create one? These 6 tips can help! DOWNLOAD NOW>>

4 Insights into SMB Cybersecurity Priorities for MSPs 

These four findings can give MSPs a look inside what SMB cybersecurity decision-makers have on their minds in 2023. 

1. IT pros know that cybersecurity has to be an investment priority   

Business leaders have seen the growth in cyberattacks, especially headline-makers like ransomware and business email compromise and found it alarming enough to take action.  Small and midsize businesses (SMBs) recognize that their organizations face mounting cybersecurity challenges, and those challenges will only continue to expand. That has resulted in many SMBs increasing their commitment to security and their security budgets. There’s room for MSPs to realize revenue growth in many areas including secure identity and access management, endpoint security, business continuity and disaster recovery (BCDR), and phishing protection. Today’s world of growing cyber threats for SMBs is a world of increasing security business opportunities for MSPs everywhere. 

Top IT security areas SMBs plan to invest in the next 12 months 

Area of Investment Response 
Network security 47% 
Cloud security 45% 
Cyber insurance 36% 
Email/ collaboration tools security 29% 
Endpoint security 27% 
Vulnerability assessment 26% 
Business continuity & disaster recovery (BCDR) 25% 
Don’t know 5% 

Source: Datto

See how security awareness training stops the biggest security threats! GET INFOGRAPHIC>>

2. SMBs have money to spend 

Companies are investing in their future success by investing in security. IT professionals are very concerned about security and the damage that a cyberattack could do to their companies. Business decision-makers are ready to make investments to keep their organizations safe. SMBs continue to experience significant security challenges and they recognize that they need to spend to solve them, with about half of our survey respondents planning to spend on email security, backup and antivirus protection. Few SMBs are cutting back on security spending, instead, they’re investing in security. Four in 10 of our survey respondents said that their organization is increasing their cybersecurity spending, and most expect that to continue – excellent news for MSPs on today’s challenging economy. 

Increased 42% 
Stayed the same 40% 
Decreased 6%  

Source: Datto

Find the right dark web monitoring solution for your customers & your MSP with this checklist! DOWNLOAD IT>>

3. Security is a hefty chunk of most IT budgets 

Most SMBs have got the message that cybersecurity has to be a major IT spending category, and they’re adjusting their budgets to match. Almost one-third of SMBs devote 20% to 50% of their IT budget to security. A small fraction of companies plan to devote 10% or less of their yearly IT budget to cybersecurity. This speaks to business leaders’ understanding that their company’s cybersecurity success is a significant factor in their company’s overall success or failure. Almost 60% of SMBs go out of business within six months of a data breach or cyberattack, according to the United States Securities and Exchange Commission (SEC). 

SMBs have money to spend on security   

% of total IT budget Response  
Less than 1% 1% 
1% –5% 10% 
6% –10% 19% 
11%–15% 19% 
16%–20% 20% 
21%–30% 15% 
31%–40% 8% 
41% –50% 5% 
More than 50% 3% 

Source: Datto

Can you spot a phishing message? This infographic points out red flags to watch for to sniff them out! DOWNLOAD IT>>

4. SMBs trust MSPs & MSSPs as security partners

While more businesses are investing in security these days, they’re not necessarily making that investment in-house. Our survey revealed that SMBs tend to rely on outsourced IT security, with one in four business It decision-makers saying that they outsource their company’s security to an MSP. A smaller percentage, one in six businesses, responded that they outsource their cybersecurity needs to an MSSP. Building a security team and a viable security operations center (SOC) in-house is an expensive proposition that requires a substantial upfront investment. Businesses can’t always swing that, so they need outside help to maintain and enhance their security. Overall, almost half of the IT professionals that we surveyed said that their organization relies on an MSP or MSSP to get the job done. 

Who manages your IT security? Response 
Partial internal IT   47% 
Dedicated internal IT   50% 
Individual outsource IT   28% 
Company outsource IT that is IT service provider or MSP 26% 
Company outsource IT that is an MSSP 16% 
Company outsource IT, but not sure what type it is considered to be   5%  

Source: Datto

Find the perfect training solution for your clients & your MSP with our MSP-focused buyer’s guide. DOWNLOAD IT>>

What can MSPs do to reduce their risk?

Our security solutions can help keep businesses out of trouble effectively and affordably. 

Security awareness and compliance training plus phishing simulation         

BullPhish ID is the ideal security and compliance awareness training solution for companies of any size.  This powerhouse is the channel leader in phishing simulations.   

  • An extensive library of security and compliance training videos in eight languages       
  • Plug-and-play or customizable phishing training campaign kits       
  • New videos arrive 4x per month and new phishing kits are added regularly          

Dark web monitoring           

Dark Web ID offers best-in-class dark web intelligence, reducing credential compromise risk.          

  • 24/7/365 monitoring using real-time, machine and analyst-validated data            
  • Fast alerts of compromises of business and personal credentials, including domains, IP addresses and email addresses          
  • Live dark web searches find compromised credentials in seconds       
  • Create clear and visually engaging risk reports          

Automated, AI-powered antiphishing email security      

Graphus AI-enabled, automated email security that catches 99.9% of sophisticated phishing threats and offers amazing benefits.       

  • Forget old-fashioned safe sender lists. Graphus analyzes the content of messages using more than 50 points of comparison to suss out fakes fast         
  • Cloud-native security harnesses machine learning to inform AI using a patented algorithm.        
  • 3 layers of powerful protection at half the cost of competing solutions        
  • Don’t waste time on fussy configurations or adding threat reports. AI does that for you, getting everything up and running with just a few clicks and minimal maintenance    

Managed SOC  

Get the top Managed SOC that leverages our Threat Monitoring Platform to give you access to an elite team of security veterans hunt, triage and work with your team when actionable threats are discovered  

  • Detect malicious and suspicious activity across three critical attack vectors: Endpoint, Network & Cloud  
  • Patent-pending cloud-based technology eliminates the need for on-prem hardware  
  • Discover adversaries that evade traditional cyber defenses such as Firewalls and AV 

See cybercrime trends & the results of thousands of phishing simulations in The Global Year in Breach 2022. DOWNLOAD IT>>

January 25: Q1 Security Suite Product Update: BullPhish ID, Dark Web ID, Passly & Graphus REGISTER NOW>>

January 26: Cybersecurity Frameworks: What You Need to Know to Stay Secure REGISTER NOW>>

January 31: Kaseya + Datto Connect Local Dallas REGISTER NOW>>

February 7: Kaseya + Datto Connect Local Orlando REGISTER NOW>>

February 9: Kaseya + Datto Connect Local Washington D.C. REGISTER NOW>>

February 14: Cybersecurity Jeopardy! REGISTER NOW>>

February 14: Kaseya + Datto Connect Local Atlanta REGISTER NOW>>

February 16: Kaseya + Datto Connect Local Miami REGISTER NOW>>

February 21 – 22: Kaseya + Datto Connect Local Charlotte REGISTER NOW>>

February 23: Kaseya + Datto Connect Local Glendale, AZ REGISTER NOW>>

February 28: Kaseya + Datto Connect Local New York REGISTER NOW>>

March 2: Kaseya + Datto Connect Local New Jersey REGISTER NOW>>

March 7 – 8: Kaseya + Datto Connect Local Pittsburgh REGISTER NOW>>

March 9: Kaseya + Datto Connect Local Philadelphia REGISTER NOW>>

March 14: Kaseya + Datto Connect Local Chicago REGISTER NOW>>

March 16: Kaseya + Datto Connect Local Dallas REGISTER NOW>>

March 21: Kaseya + Datto Connect Local Washington D.C. REGISTER NOW>>

March 23: Kaseya + Datto Connect Local Denver REGISTER NOW>>

March 28: Kaseya + Datto Connect Local Boston REGISTER NOW>>

April 24 – 27, 2023: Connect IT Global in Las Vegas REGISTER NOW>>

dark web threats

Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>

Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.

ID Agent Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!

let us help secure you against passwords reuse with contact information and the ID Agent logo on grey.

Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!


Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>

See Graphus in action in an on-demand video demo WATCH NOW>>

Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!