Please fill in the form below to subscribe to our blog

The Week in Breach News: 01/19/22 – 01/25/22

January 26, 2022

A cyberattack impacting the International Red Cross endangers refugees, phishing costs a US city over $200K, more crypto and financial sector trouble and inside 2021’s data breach landscape to see who got hit and how it happened.


Help your clients start the new year off on the right foot with this checklist of smart cybersecurity practices. GET IT>>



RR Donnelly

https://www.bleepingcomputer.com/news/security/marketing-giant-rrd-confirms-data-theft-in-conti-ransomware-attack/

Exploit: Ransomware

RR Donnelly: Marketing & Communications Firm

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.227= Severe

Major marketing company RR Donnelly has disclosed that they had data stolen in a December cyberattack attributed to ransomware. The Conti ransomware group is suspected to be to blame. In the attack on December 27, 2021, the company experienced a systems intrusion that led it to shut down its network to prevent the attack’s spread. That led to disruptions for customers, with some unable to receive printed documents required for vendor payments, disbursement checks and motor vehicle documentation. The Conti ransomware gang claimed responsibility on January 15 and began leaking 2.5GB of the stolen data that has since been removed.  

Individual Impact: No specifics about consumer/employee PII or financial data loss were available at press time.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business: A recent rash of ransomware attacks against media and communications organizations should have everyone in that sector on notice.

ID Agent to the Rescue: Get an in-depth look at how ransomware is evolving and who profits from it in our hit eBook Ransomware ExposedGET THIS EBOOK>>   


Strategic Benefits Advisors, Inc

https://www.jdsupra.com/legalnews/data-breach-alert-strategic-benefits-8267696/

Exploit: Hacking

Strategic Benefits Advisors: Human Resources Consulting Firm

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.223 =Severe

 In a recent legal filing, Strategic Benefits Advisors disclosed that an unauthorized third party had gained access to its data and may have removed several files containing consumer information. The Georgia-based company provides full-service employee benefits consulting for companies in many industries. 

cybersecurity news represented by agauge showing severe risk

Individual Risk: 2.419=Severe

Strategic Benefits Advisors sent breach notification letters to more than 58,000 people to inform them of the exposure which the company says was limited to full names and Social Security numbers. 

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business Hackers have been especially interested in breaching companies that maintain large stores of data for other companies lately.

ID Agent to the Rescue: Cybersecurity horrors lurk around every corner, lying in wait for unwary organizations. Learn how to defeat them in our eBook Monsters of Cybersecurity. DOWNLOAD IT NOW>>


City of Tenino, Washington

https://www.govtech.com/security/washington-city-loses-280-309-to-successful-phishing-scam

Exploit: Phishing/BEC

City of Tenino, Washington: Municipality

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.717= Severe

The City of Tenino, Washington is down $280,309 in public funds according to the Washington State Auditor’s Office after a city employee fell for a phishing message that launched a business email compromise scam. Reports say that former Clerk Treasurer John Millard fell victim to a phishing message and paid cybercriminals a boatload of money, some without city council approval. The official reportedly initiated 20 automated clearing house payments from the city’s bank account to multiple out-of-state bank accounts. News outlets are also reporting that a warning was sent out to clerks about the phishing scam immediately but that didn’t stop this disaster from happening. 

Individual Impact: No specifics about any consumer/employee PII or financial data loss were available at press time.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business BEC is the most expensive cybercrime according to the FBI, 64X more expensive than ransomware – and it usually starts with phishing.

ID Agent to the Rescue:  Phishing is the gateway to disaster. Our eBook The Phish Files can help you gain a strategic edge to defend your clients against phishing. GET THE BOOK>> 




Switzerland – The International Red Cross

https://www.npr.org/2022/01/20/1074405423/red-cross-cyberattack 

Exploit: Third Party/Supply Chain

The International Red Cross: Humanitarian Aid Organization

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.719 = Severe

The International Committee of the Red Cross has revealed that hackers have stolen data from a Swiss contractor that stores it for them. The stolen data includes information about over 515,000 highly vulnerable people that it has served, recipients of aid and services from at least 60 affiliates of the organization worldwide. The Red Cross says it typically reunites 12 missing people with their families every day through that program. As a result of this cyberattack, The International Red Cross has been forced to temporarily halt a program that reunites families torn apart by violence, migration or other tragedies. A spokesperson for the ICRC told news outlets that there have been no demands from the hackers in exchange for stolen data and that they were working with specialized firms to recover.  

Individual Impact: No specifics about any consumer/employee PII or financial data loss were available at press time.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Once again, a service provider that maintains a large array of records full of PII was hit, gaining cybercriminals a data bonanza.

ID Agent to the Rescue: Building cyber resilience helps insulate organizations from trouble like this. Learn more about why cyber resilience is the ticket to a safer future for your clients. GET THIS EBOOK>>  


Italy – Montcler

https://www.bleepingcomputer.com/news/security/fashion-giant-moncler-confirms-data-breach-after-ransomware-attack/ 

Exploit: Ransomware

Montcler: Luxury Fashion & Outerwear

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.727= Severe

Luxury retailer Montcler has disclosed that it suffered a data breach in December 2021 after data began appearing on a cybercriminal leak site. The company confirmed that some data related to its employees, former employees, suppliers, consultants, business partners, and customers was stolen and subsequently leaked after they refused to pay the demanded $3 million ransom. The AlphaV (BlackCat) ransomware operation has claimed responsibility. The stolen data is said to include earning statements, spreadsheets with what appears to be customer information, invoices and other documents, but no specifics were provided.

Individual Impact: No information about exposed customer personal or financial data was available at press time.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business retailers have been steadily climbing the cybercriminal’s target hit list, especially luxury brands and specialty retailers.

ID Agent to the Rescue Employees are the most likely cause of a cybersecurity incident in any business. See how to spot and stop insider risks in our new Guide to Reducing Insider Risk. DOWNLOAD IT NOW>>



New Zealand- Kings Plant Barn

https://www.nzherald.co.nz/business/kings-plant-barn-the-latest-retailer-hit-by-click-and-collect-data-breach/HJ45OFWAJ7NGGICU4THWBEZYOI/ 

Exploit: Third Party/Supply Chain

Kings Plant Barn: Garden Retailer

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.677 = Severe

Kings Plant Barn is notifying customers that it has experienced a data breach after a data security incident at FlexBooker. The garden chain says that client names, email addresses and collection times were exposed but not passwords or other sensitive data. FlexBooker experienced an attack before the holidays that resulted in the theft of more than three million user records. The platform is used for scheduling and employee calendar management by small businesses like doctor’s offices, real estate companies, service sector businesses and similar companies.

Individual Impact: No specifics about consumer/employee PII or financial data loss were available at press time.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business In an increasingly interconnected world, SMBs need to be prepared for the security risks that they may face from a service provider’s security incident.

ID Agent to the Rescue Help your clients reduce the chance of a security incident and strengthen your clients’ security culture by giving them our Building a Strong Security Culture Checklist. GET THE CHECKLIST>> 


Make sure your clients have all the bases covered with the Computer Security To-Do Checklist! GET IT>>



Singapore – Crypto.com

https://www.vice.com/en/article/epxb8m/crypto-protocol-publicly-announces-flaw-users-relentlessly-owned-by-hackers

Exploit: Hacking

Crypto.com: Cryptocurrency Trading Platform

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.806 = Severe

Crypto.com, a platform that allows users to swap tokens between blockchains, publicly announced an incident in which a flaw in the platform’s security allowed cybercriminals to snatch an estimated $31 million in cryptocurrency. The company disclosed that 483 users were impacted by unauthorized cryptocurrency withdrawals on their accounts amounting to 4,836.26 ETH, 443.93 BTC, and approximately US$66,200 in other cryptocurrencies. In response to this incident, the company is adjusting its protocols to include safeguards like requiring all customers to re-login and set up their 2FA token to ensure only authorized activity would occur and a new policy where the first withdrawal to a whitelisted address must wait 24 hours among other measures. 

Individual Impact: No specifics about consumer/employee PII or financial data loss were available at press time.

Customers Impacted: 483

How it Could Affect Your Customers’ Business The financial industry has been besieged by cybercriminals and nothing si taking more of a beating than cryptocurrency and DeFi.

ID Agent to the Rescue Capitalize on this trend with amazing marketing that gets your message out to companies at risk with the tools and tips in our eBook 5 Ways to Make Marketing Magic. GET IT NOW>> 


Indonesia – Bank Indonesia

https://www.bleepingcomputer.com/news/security/indonesias-central-bank-confirms-ransomware-attack-conti-leaks-data/ 

Exploit: Ransomware

Bank Indonesia: Financial Institution 

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.721 = Moderate

Bank Indonesia (BI), the central bank of the Republic of Indonesia, confirmed that a ransomware attack hit its networks last month. In a statement, BI said that their operational activities were not disrupted. CNN reported that the hackers made off with non-critical data belonging to Bank Indonesia employees before deploying ransomware payloads on over a dozen systems on the bank’s network. Conti has claimed responsibility. It claims to have 13.88 GB worth of documents and leaked a sample of files allegedly stolen from Bank Indonesia’s network as proof. 

Individual Impact: No specifics about any consumer/employee PII or financial data loss were available at press time.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Personal data is always a winner for cybercriminals who are looking to make a quick profit in the booming dark web data markets.

ID Agent to the Rescue Take a crash course in ransomware including today’s biggest threats and how to defend your clients against them with our Deep Dive Into Ransomware Resource Bundle. GET THE BUNDLE>>



1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.


Zero Trust security is a piece of cake when you’re sure you’re giving access to the right people at the right levels. SEE HOW TO DO IT>>



Go Inside the Ink to Get the Inside Scoop on Cybercrime


Are you up to date on the latest news that can impact your business and your customers? Here’s a recap:

Kaseya Patch Tuesday: Patch notes & bug fixes for December 2021: SEE PATCH INFO>> 


Take a deep dive into ransomware and learn to protect your clients affordably with this resource bundle! GET IT>>



New Year’s Resolutions Checklist Webinar – Are you and your clients determined to keep your cybersecurity-related New Year’s resolutions in 2022? We’re here to help. Join Amelia Paro to learn why you must be ready for unexpected cybersecurity challenges in an increasingly dangerous cyber threat landscape. WATCH NOW>>

Help your Clients Reduce Insider Risk

From accidental security incidents caused by employee errors and negligence to deliberate sabotage by malicious insiders, it’s important for yur clients to realize that sometimes the security risk that will bring down a company’s defenses is already inside the building. These tools will help you work with them to reduce insider risk!

eBook: Guide to Reducing Insider Risk
 – Everything you need to know about detecting and eliminating insider risks of every type. DOWNLOAD NOW>>

Checklist: Building a Strong Security Culture – Go over this checklist with your clients to show them exactly where they may need more protection fast: DOWNLOAD NOW>>

Infographic: 5 Red Flags That Point to a Malicious Insider at Work – Send this to your clients to help them spot and stop malicious insiders from harming their business. DOWNLOAD NOW>>

Did you miss this? Get the Cybersecurity New Year’s Resolutions Checklist now!  DOWNLOAD IT>>


See how cyber insurance is changing and how to protect your clients from trouble. WATCH NOW>>



2021 Sets New Data Compromise Record 


Risks Are Evolving for Hard-Hit Sectors


Cybercriminals had a very busy 2021, especially when it came to stealing data. According to the Identity Theft Research Center (ITRC), a new record number of data compromises exposed personal information for people around the globe. In their new 2021 Annual Data Breach Report, an analysis of those data compromises shows where bad actors are looking to score profitable troves of data and how successful they have been in what ITRC is designating as the year the world shifted from identity theft to identity fraud. 


The Guide to Reducing Insider Risk can help IT pros stop security incidents before they start! GET IT>>


2021 Set a New Record for Data Compromises


The biggest takeaway is the massive increase in data compromises notched in 2021. The overall number for 2021 is 1,862. That’s 68% more than recorded in 2020. That dramatic increase also sets a new record, up 23% from the previous all-time high, 1506, set in 2017. The number of breaches that included the exposure of sensitive information also increased slightly over 2020, from 80% in 2020 to 83% in 2021. That’s still well below the current record of 95% set in 2017. The number of victims impacted also dropped 5%, a decrease ITRC attributes to cybercriminals narrowing their focus when shopping for data to choose specific data types instead of just snatching up as much data as possible in every operation.


See how security awareness training grows your MRR + get tips for selling it! WATCH NOW>>


Some Attack Vectors Surged


There were some interesting shifts in the attack vectors that bad actors chose in 2021. Phishing is once again the leader for the third straight year, with ransomware taking second place and “unspecified” coming in third. It’s interesting to note that the “unspecified” number is much higher than it has been in prior years, an excellent illustration of how cybercriminals have evolved their tactics and attack vectors in the last year. As organizations have strengthened their defenses and security solutions have innovated to catch and stop more cyberattack threats, especially solutions that use AI and security automation, cybercriminals have had to up their game in their attempts to stay ahead of them. 

To no one’s surprise, ransomware led the pack with 321 ransomware-related data compromises in 2021, up from 158 in 2020 and just 83 in 2019. Today’s splashiest cybersecurity villain has earned its headlines and earned its practitioners huge sums of money from the vast quantities of data that they’ve stolen. Ransomware-related data breaches have doubled in each of the past two years, and that trend looks set to continue. Booming data markets on the dark web give the bad guys plenty of incentive to continue going after data treasure troves with ransomware. ITRC researchers predict that at the current rate, ransomware attacks will surpass phishing as the number one root cause of data compromises in 2022. 


Learn how to spot and stop malicious insiders and educate users with this handy infographic! GET IT>>


Negligence Leads to Data Disasters


When looking at vectors for a data compromise that are not attributable to cyberattacks, there are also not very many surprises. Human error is always the major driver and that stayed consistent in 2021. Breaches attributable to human and machine error increased at 179 breaches up from 152 in 2020. In the first place is correspondence by email or letter, the suspected fault in for 66 data breaches in 2021, up from 55 in 2020. In a spot of good news, while cloud security configuration error is still the second most prominent vector for a non-cyberattack data compromise incident, it’s down from 57 in 2020 to 54 in 2021. It’s not all good news on the misconfiguration front. Misconfiguration of firewalls was up to 13, triple 2020’s total of 4. 


Help your clients start the new year off on the right foot with this checklist of smart cybersecurity practices. GET IT>>


Significant Sector Shifts Show Risks Are Evolving Fast


There were some significant shifts in the sectors that had the most data compromises in 2021 when looking at a year-over-year comparison. Compromises ballooned in every primary sector except Military, which did not have any publicly reported data breaches in 2021. This year’s leader and still undisputed champion for the third straight year is Healthcare with 330 data compromise incidents in 2021, up from 306 in 2020 but still lower than its peak in 2019. Some of that rise in healthcare data breaches can be attributed to cybercriminals who are on the hunt for personal and financial data since healthcare records often yield both in one operation.  

The Financial Services sector also got creamed in 2021. Industry authorities and experts were sounding the alarm about FinTech danger and the increased risk that cryptocurrency brings to the table all year in 2021 with good reason: Financial Services companies reported 279 breaches last year, a sharp increase from the 138 recorded in 2020. Financial Services firms can expect that trend to continue in 2021, especially those dealing in or adjacent to NFTs and Cryptocurrency. Cybercriminals are continuing to hammer DeFi platforms and crypto wallets, stealing millions of dollars in cryptocurrency at a shot nearly weekly for the last few months. Cryptoming and other cryptocurrency-related pursuits are also a catalyst for malicious insider threats.


Be the hero that defeats a company’s security threats to declare victory over cybercriminals! GET THE GUIDE>>


Infrastructure & Manufacturing Has the Largest Sector Increase


Infrastructure attacks and concerns about security for potential targets in the world’s critical infrastructure also captured headlines, and this report supports the conclusion that attacks on infrastructure are rising fast. The Manufacturing & Utilities sectors reported 222 breaches in 2021, up from just 70 in 2020. Manufacturing & Utilities scored the largest percentage increase in data compromises for any sector this year at 217 percent over 2020. These are attractive sectors for cybercriminals becauseof the time-sensitive nature of those organizations, mang it more likely that a factory or a utility will quickly pay a ransom to get rolling again.

The strong increase in supply chain/ third party cyberattacks can be seen clearly in this survey. The number of data breaches that occurred at organizations in the Professional Services sector has steadily increased by more than 25% per year. Supply chain woes have haunted many businesses in many sectors this year, and cybercrime has been a big contributor to that stress. Cybercriminals have caused delays in manufacturing and shipping as well as using service providers as convenient back doors into other organizations and potentially profitable sources of data. These difficulties can mostly be chalked up to ransomware.  


Don’t let roadblocks trap you in the slow lane. Learn to overcome obstacles and put your MSP on the road to prosperity fast. SEE HOW>>


Are You & Your Clients Ready for a Wild Ride this Year?


This surge in data compromises elevates risk for organizations of every size as all of this fresh data makes its way to the dark web. Your clients will need powerful protection against credential compromise, phishing, BEC and other damaging cyberattacks that can get their start from data like this. ID Agent can help you secure them affordably while growing your revenue fast.  

Dark Web ID enables you to get a clear picture of your client’s credential compromise threats from dark web sources. Our 24/7/365 always-on monitoring alerts you when your clients’ credentials appear on the dark web automatically. Automation means that your team doesn’t need to spend time staring at a dashboard, and simple clear reports enable you to display the value of monitoring fast.  

BullPhish ID is the perfect security awareness training solution for companies of any size. You can provide an excellent client experience through personalization when you tailor the training to fit every client’s unique needs. Choose from our plug-and-play phishing simulations or customize the content. You’ll also be able to offer training in more than just phishing including compliance, password safety, ransomware threats and other topics to fulfill all of your client’s digital training needs under one roof.   

See what your peers have to say about the benefits of a relationship with ID Agent. SEE TESTIMONIALS>> 

Contact our solutions experts today


Can you spot a phishing email? This infographic shows you how to detect one! DOWNLOAD IT>>



Jan 27 – IT Trivia Masters Extravaganza REGISTER NOW>> 

Jan 27–28 – 7 Figure MSP Live REGISTER NOW>> 

Feb 01 – Insider Risk: Detection and Prevention of the Largest Cyberthreat REGISTER NOW>>

Feb 01 – Quarterly Passly Product Update REGISTER NOW>>

Jun 20-23 – Connect IT Global in Las Vegas REGISTER NOW>>  

Psst: Register now for Connect IT and get special early bird pricing. But hurry, it’s only available until 01/31!



Is Your Business in an At-Risk Industry?


2021 was a banner year for data compromises. The overall number of data compromises for 2021 was 1,862. That’s 68% more than recorded in 2020. While every sector was impacted by this data breach explosion, a few lead the pack. 

Businesses in the Healthcare, Financial Services and Manufacturing & Utilities sectors were hit hardest I 2021, with some sectors experiencing double-digit growth. But no industry is safe. Every industry experienced growth in data compromises. 

That’s bad news for your business in several ways, but one prominent problem is that the surge in data compromises means a surge in data going to the dark web, endangering your business through possible credential exposure and fueling phishing attacks.  

Invest in Dark web monitoring to keep that risk in check by uncovering your company’s currently compromised credentials and making sure you know right away if it happens again to help you stay a step ahead of the bad guys. 


Do you have comments? Requests? News tips? Compliments? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.

ID Agent Partners: Feel free to reuse this post (in part or in its entirety) When you get a chance, email [email protected] to let us know how our content works for you!


let us help secure you against passwords reuse with contact information and the ID Agent logo on grey.

Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!

LEARN MORE>>


Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>

See Graphus in action in an on-demand video demo WATCH NOW>>


Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!

SCHEDULE IT NOW>>