Please fill in the form below to subscribe to our blog

The Week in Breach News: 03/08/23 – 03/14/23

March 15, 2023

 This week: big breaches at AT&T and Acer, bad actors have some unusual demands for a Ukrainian video game company, Cerebral’s expensive tracking pixel disaster and a look at our previously unpublished data about incident response and recovery plans around the world. 

Give your clients 7 lucky tips to secure their data & remind them that they can’t rely on luck to stay safe! GET THE INFOGRAPHIC>>


Exploit: Supply Chain Attack

AT&T: Communications Conglomerate

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.802 = Severe

AT&T is notifying roughly 9 million customers that some of their information was exposed after a marketing vendor was hacked in January 2023. The company did not name the vendor, and they were quick to reassure customers that financial data and Social Security numbers were not involved. Impacted customers have been informed that some or all of their Customer Proprietary Network Information (CPNI) has been exposed, including customer first names, wireless account numbers, wireless phone numbers and email addresses. The company said that a small percentage of customers also had additional data exposed including their rate plan name, past due amount, monthly payment amount, minutes used and various other monthly charges. AT&T said that the data was several years old but didn’t specify a time period.  

How It Could Affect Your Customers’ Business: Supply chain risk is spinning out of control for businesses, and IT professionals need to be ready to mitigate it fast.

ID Agent to the Rescue:  Learn more about how our Security Suite can help MSPs protect their clients from expensive and damaging cyberattacks and other information security trouble. GET IT>>

Exploit: Hacking

DC Health Link: Health Insurance Marketplace

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.702 = Severe

The U.S. Federal Bureau of Investigation (FBI) is investigating a cyberattack on DC Health Link that Left some information exposed for more than 56,000 people including members of Congress. The health insurance marketplace became aware it had been hacked last Wednesday. People whose information was leaked include small business owners, uninsured District residents and lawmakers, including members of Congress and their staff. The data stolen includes names, Social Security numbers, dates of birth, health plan information and other personal information, including home addresses, phone numbers, email addresses, ethnicity and citizenship status. 

How It Could Affect Your Customers’ Business: This kind of information security disaster will be a big, expensive and painful mess to clean up.

ID Agent to the Rescue: Learn how security awareness training can help businesses combat security risks from phishing to employee mistakes in an infographic. LEARN MORE>>


Exploit: Human Error

Cerebral: Telehealth Provider

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.267 = Extreme

Mental health platform Cerebral is informing 3.8 million customers that it has experienced a data breach. The company recently admitted that it had been using invisible pixel trackers from Google, Meta (Facebook), TikTok and other third parties on its online services since October 12, 2019. Those pixels had data logging features, resulting in the exposure of sensitive medical information of people who used the provider’s platform to third parties without the customer’s knowledge. Exposed patient information includes a client’s full name, phone number, email address, date of birth, IP address, client ID number, demographic information, self-assessment responses and associated health information, subscription plan type, appointment dates, treatment details, clinical data, and health insurance and pharmacy benefit information. Social Security numbers, credit card information, and bank account information have not been impacted. 

How It Could Affect Your Customers’ Business: This debacle is a disaster for Cerebral and will end up costing the company a fortune after regulators get finished with it.

ID Agent to the Rescue: See the biggest SMB security challenges and attitudes toward security, training and more in the Kaseya Security Insights Report. DOWNLOAD IT>>

Group 1001 Insurance

Exploit: Ransomware

Group 1001: Financial Services Company

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.779 = Moderate

New York-based financial services and insurance holding company Group 1001 has announced that it was the victim of a ransomware attack that impacted some of its member companies. The February 9, 2023, attack snarled operations for several member companies, including Delaware Life Insurance, Delaware Life Insurance Company of New York, Clear Spring Life and Annuity, Clear Spring Property and Casualty and Clear Spring Health. The company said that it did not pay a ransom but offered no specifics about the attacker, noting that they’ve brought in a third-party forensics team to investigate this incident along with the FBI. The Gainbridge subsidiary of Group 1001 was not affected. Operations have since been restored. People who were impacted are being informed by mail.

How It Could Affect Your Customers’ Business: Ransomware attacks against financial industry targets like this have proliferated in the past three years.

ID Agent to the Rescue:  Managed SOC helps overtaxed security teams detect and address security issues without spending on additional equipment or expanding the payroll. LEARN MORE>> 

Get tips & advice to help you build a smart incident response plan in our guide. GET YOUR GUIDE>>

Black & McDonald

Exploit: Ransomware

Black & McDonald: Defense Contractor

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.783 = Severe

Engineering firm Black & McDonald, a major defense contractor for the Canadian military, has been struck by a ransomware attack. Black & McDonald is the parent company of Canadian Base Operators, a contractor for Defence Construction Canada, a contractor that provides facilities management and other military infrastructure across Canada. Canada’s Department of National Defence (DND) told reporters that it was informed of the incident on February 10, 2023. DND does not believe that any sensitive information or systems were compromised. The incident is under investigation, and no ransomware group had claimed responsibility as of press time.  

How it Could Affect Your Customers’ Business: Defense contractors and other military service providers are prime targets for ransomware thanks to the data they hold.

ID Agent to the Rescue:   The Cybersecurity Risk Protection Checklist helps businesses make sure that they’re covering all of their security bases. GET CHECKLIST>>   

Learn more about how the Kaseya Security Suite helps MSPs & their customers thrive in a dangerous world. GET BRIEF>>

Spain – Hospital Clínic de Barcelona

Exploit: Ransomware

Hospital Clínic de Barcelona: Medical Center

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.709 = Severe

The RansomHouse ransomware operation has claimed responsibility for an attack on Hospital Clínic de Barcelona that caused a major disruption to the facility’s operations. All applications and communications remained down over the weekend as hospital staff were forced to resort to manual recordkeeping, slowing care and preventing doctors from accessing patients’ records. Radiology, endoscopic tests, radiological scans, dialysis, and outpatient pharmacy services will continue operating normally. Officials said that three associated medical centers, CAP Casanova, CAP Borrell and CAP Les Corts were also impacted. No information about a ransom demand was available at press time.  

How it Could Affect Your Customers’ Business: Ransomware is an especially nasty risk for medical centers that can’t afford downtime, making them a popular target.

ID Agent to the Rescue:  The IT Professional’s Guide to the Dark Web helps IT pros learn about dark web threats and cybercrime trends to help them keep businesses out of trouble! DOWNLOAD IT>>

Czech Republic – GSC Game World

Exploit: Hacking

GSC Game World: Videogame Developer

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.701 = Moderate

Ukrainian game studio GSC Game World, which moved its headquarters to Prague in response to the Russian invasion of that country, announced on Twitter that it has been the victim of a successful cyberattack, the latest in a series of cyber incidents that has buffeted the game developer. According to GSC Game World, a Russian hacker group known as Vestnik TSS gained access to staff accounts and stole about 30 GB of unpublished content about the game. The group has made some unique demands, saying that they will leak 30 GB of content from the studio’s upcoming Stalker 2 game if they aren’t met by March 15. The hackers are demanding that the company apologize to players in Russia and Belarus, that the game have a Russian translation and that the game’s launch in the region is guaranteed. GSC Game World maintains that it has been the victim of a campaign of ongoing cyber harassment from pro-Russia hackers for months.

How it Could Affect Your Customers’ Business: This incident is interesting because while it doesn’t meet the definition of nation-state cybercrime, it is an attack with political overtones

ID Agent to the Rescue: Develop an effective, efficient incident response plan with the tips in our guide How to Build an Incident Response Plan. GET YOUR GUIDE>> 

Learn how managed SOC gives you big security expertise on call 24/7without the big price tag. LEARN MORE>>

Taiwan – Acer

Exploit: Hacking

Acer: Computer Hardware Manufacturer

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.697 = Moderate

Technology giant Acer has confirmed that its servers were breached in a cyberattack in mid-February. However, the company says that no customer data was stolen or exposed in this incident. A hacker has advertised the data for sale on dark web marketplace BreachForums including 655 directories and 2,869 files. The threat actor claims to have snatched confidential slides and presentations, staff technical manuals, Windows Imaging Format files, binaries, backend infrastructure data, confidential product documents, Replacement Digital Product Keys, ISO files, Windows System Deployment Image files, BIOS components and ROM files.

How it Could Affect Your Customers’ Business: Data pertaining to operational technology (OT) is very valuable, and attacking manufacturers is an easy way for bad actors to get their hands on it.

ID Agent to the Rescue: Show the dollars and cents value of security awareness training with the data you’ll find in our eBook The Business Case for Security Awareness Training. DOWNLOAD IT>>

See how security awareness training stops the biggest security threats! GET INFOGRAPHIC>>

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident

See how today’s biggest threats may impact businesses in our security blogs.

managed SOC traveling to Connect IT represenetd by a branded backpack

Don’t miss the industry’s best event, Connect IT Global April 24 – 27, 2023, in Las Vegas! REGISTER NOW>>

New BullPhish ID User Reports Give You Detailed Campaign Results for Each End User

The BullPhish ID team is excited to announce the availability of new individual user reports that provide the phishing and training campaign status for every end user you manage. You can now easily obtain a single user view for all training/phishing campaigns you manage within a specified period.

To generate an individual user report, select an SMB organization, define a date range and download a CSV report that will display phishing and training campaign results at the user level. The report will contain:

  • The names and email addresses of users that have received a campaign within your selected date range
  • The training course/phishing kit name followed by the campaign name
  • The status of each user/what action they’ve taken and the progress they’ve made with the course/kit

For step-by-step instructions on how to create individual user reports, please check out the BullPhish ID release notes.

This infographic helps IT professionals get the most out of a security awareness training solution. DOWNLOAD IT>>

NEW EBOOK! Explore Today’s Dark Web Threats

In The IT Professional’s Guide to the Dark Web, you’ll gain valuable knowledge to help you mitigate dark web risk. You’ll learn:

  • Who the major cybercrime players are and their motivations
  • What they’re trading and selling and how much it costs
  • How to mount a strong defense against dark web threats to businesses


Did you miss… our NEW infographic 5 Ways the Dark Web Endangers BusinessesDOWNLOAD INFOGRAPHIC>>

Go inside BEC scams & get tips to keep businesses safe from today’s most expensive cyberattack. DOWNLOAD EBOOK>>

Are SMBs Around the World Ready to Recover from a Cyberattack?

In today’s volatile cybersecurity landscape, it’s less of a question of “if” a business is hit by a cyberattack and more of a “when”. Constantly rising risk means that every business of every size needs to be ready to handle a cybersecurity incident like a cyberattack and have a plan in place that enables them to smoothly swing into recovery mode and get back to work. But that’s not always the case, and many businesses need help preparing for the worst. In the Datto SMB Cybersecurity for MSPs Report, we asked cybersecurity decision-makers around the world about their organizations’ incident response and recovery plans to give MSPs and other IT security professionals a glimpse behind the curtain into SMB thinking about what to do when disaster strikes.  

How much is data really worth on the dark web? Find out in The IT Professionals Guide to the Dark Web! GET EBOOK>>

Only half of businesses are ready for trouble 

Over half of the overall respondents said that they have a standard recovery plan ready to go. However, some businesses still need serious help making a recovery plan. About one-quarter of respondents in Germany don’t have a recovery plan in place or don’t know about their company’s recovery plan. Respondents in Australia and New Zealand were the second most likely to say that they didn’t have or know about recovery plans for their company. Organizations in Singapore were most likely to have a best-in-class plan ready. This opens up a world of opportunity for MSPs to guide clients into investing in the resources they’ll need to create or enact a strong recovery plan like BCDR or remote identity and access management tools. 

Does your organization have a best-in-class recovery plan in place?

Recovery Plan Status  US UK Germany The Netherlands Australia & New Zealand Singapore 
We have a best-in-class recovery plan in place   32% 25% 26% 29% 26% 30% 
We have a standard recovery plan in place   51 55 48 53 52 52 
We have solutions to protect us, but do not have a formal recovery plan in place  13 13 17 12 15 15 
We do not have any recovery plan in place  
I believe my service provider has a recovery plan in place, but I do not know the details  

Source: Datto

Explore SMB cybersecurity pain points and spending plans in the Datto SMB Cybersecurity for MSPs Report. READ IT>>

SMBs around the world face big recovery challenges 

Many companies told us that recovery after a cyberattack would be a major challenge or even impossible. About half of our respondents worldwide categorized recovery from a cyberattack as difficult. Even worse, many businesses say they won’t recover at all. Businesses in Australia and New Zealand and Singapore that the grimmest recovery outlooks. There is ample opportunity for MSPs to dive into in this area, like suggesting new solutions to mitigate risk or encouraging clients to invest in security solutions that can also help in an incident response or recovery. upgrades to a client or prospect’s security buildout to make it even stronger. 

How easily would your organization recover from a cyberattack?

Recovery Status  US UK Germany The Netherlands Australia & New Zealand Singapore 
We would recover easily 41 36 38 32 26 38 
Recovery would be difficult 46 56 45 53 45 41 
We would not recover 13 17 15 28 21 

Source: Datto

Find the perfect training solution for your clients & your MSP with our MSP-focused buyer’s guide. DOWNLOAD IT>>

Successful disaster recovery is easier said than done 

Recovery of systems and data is the biggest challenge that businesses face in the event of a cybersecurity disaster. This is especially true in a ransomware or wiper malware situation, both risks that should be front and center for every business’s incident response and recovery planning efforts. About one-third of our respondents in the U.S., Germany, Australia and New Zealand and Singapore said that when they’d experienced their last cyberattack, they’d been able to perform full, smooth recovery using backups. However, just under half of respondents worldwide said that they had to reinstall and reconfigure at least some systems to get on the road to recovery. MSPs can provide SMBs with invaluable guidance here to steer their clients toward the help that they need to improve their backup and recovery processes

How did your organization recover systems and data after experiencing a successful cyberattack?

Action taken to return to baseline US UK Germany The Netherlands Australia & New Zealand Singapore 
Performed disaster recovery (DR) and restored everything from full backups 30 28 32 26 30 35 
Restored a portion of the systems, and reinstalled and reconfigured the rest 31 28 29 29 29 28 
Reinstalled and reconfigured all our systems from scratch    21 20 19 25 21 20 
Paid the ransom to have our data decrypted    
Did not pay the ransom and lost our data completely    
Paid the ransom but still could not decrypt our data, losing it completely    
Could not recover and have closed / are closing our business    
Something else  
No action was needed    10 16 11 

Source: Datto

Learn how a new integration between BullPhish ID & Graphus saves time & money. SEE THE DETAILS>>

Downtime is punishingly expensive at an average cost of $126k 

One of the most expensive and damaging results of a cyberattack is downtime, and about half of our survey respondents experienced it in the past year. Our survey showed that the average cost of downtime worldwide is $126k. Unfortunately, that cost is significantly higher for organizations in Australia and New Zealand ($190k) and Singapore ($175k). The business impact and punishing expense of downtime present MSPs with a profitable pathway to recommend solutions, like making and testing an incident response plan, that can reduce downtime in the case of a security incident. The cost of downtime is also a factor that can be put into play when talking about the value of preventative measures like security awareness training and phishing simulation

How much downtime did your organization endure after experiencing a successful cyberattack?

Downtime US UK Germany The Netherlands Australia & New Zealand Singapore 
None 11 18 17 
Less than 1 day 27 27 20 18 22 21 
1 day 20 19 21 20 18 19 
2 – 3 days 30 25 31 41 31 31 
4 – 6 days 15 16 
1 week or more 
Average 127 65 105 87 190 175 

Source: Datto

A diverse group pf It professionals collaborate at a computer workstation

Learn about SMB attitudes toward cybersecurity and other growth opportunities for MSPs. GET INFOGRAPHIC>>

Kaseya’s Security Suite can help businesses mitigate cyber risk affordably.  

Our best-in-class security solutions provide big pritection witout a big price tag.

Security awareness and compliance training plus phishing simulation          

BullPhish ID is the ideal security and compliance awareness training solution for companies of any size.  This powerhouse is the channel leader in phishing simulations, featuring an extensive library of security and compliance training videos and plug-and-play or customizable phishing training campaign kits.  

Automated, AI-powered antiphishing email security       

Graphus AI-enabled, automated email security catches 99.9% of sophisticated phishing threats and deploys in minutes to stand alone or complement Microsoft 365 or Google Workspace at half the cost of the competition. 

Dark web monitoring            

Dark Web ID offers best-in-class dark web intelligence with 24/7/365 monitoring and live dark web search capability to find compromised credentials in seconds. Get fast alerts of compromises of business and personal credentials, including domains, IP addresses and email addresses.           

Managed SOC   

Get the top Managed SOC that leverages our Threat Monitoring Platform to give you access to an elite team of security veterans hunt, triage and work with your team when actionable threats are discovered across three critical attack vectors: Endpoint, Network & Cloud. NEW! Ransomware detection is now included! 

Datto EDR 

Datto Endpoint Detection and Response (EDR) gives MSPs that tools that they need to quickly detect and respond to even the most advanced threats. Isolate hosts, terminate processes, delete files and protect your clients fast right from the dashboard. 

Find the right dark web monitoring solution for your customers & your MSP with this checklist! DOWNLOAD IT>>

Here’s Your Pot of Gold: Save on Your Kaseya Connect Global Ticket + New Training 

Kaseya Connect is just around the corner! In addition to the amazing networking opportunities, we’re offering education and certifications that can transform your career. We’ve taken our training program to new heights with a first-ever CISSP Level 1: Introduction to Concepts, Techniques & Domains course. Enjoy everything from exam preparation to awesome tools and resources while you study 8 essential CSSIP domains. As a special bonus, you’ll receive an exclusive enrollment rate in FIU’s online CISSP certification program upon completion. 

Plus, we’re sweetening the pot: Register now to take advantage of our St. Patrick’s Day Special and get $100 off* the conference pass + training for a limited time only! There are also a limited number of rooms left at the MGM Grand at our special price. Hurry – spots are filling up fast and this offer is only good until March 31 

Use code PADDY23 at checkout to claim your special offer! 


Does not apply to hotel bundles. Other terms and conditions may apply. 

March 2: Kaseya + Datto Connect Local New Jersey REGISTER NOW>>

March 7 – 8: Kaseya + Datto Connect Local Pittsburgh REGISTER NOW>>

March 8: Security Suite Product Demo Webinar REGISTER NOW>>

March 9: Kaseya + Datto Connect Local Philadelphia REGISTER NOW>>

March 14: Kaseya + Datto Connect Local Chicago REGISTER NOW>>

March 16: Kaseya + Datto Connect Local Dallas REGISTER NOW>>

March 16: Kaseya + Datto Connect Local London REGISTER NOW>>

March 21: Kaseya + Datto Connect Local Washington D.C. REGISTER NOW>>

March 23: Kaseya + Datto Connect Local Netherlands REGISTER NOW>>

March 23: Kaseya + Datto Connect Local Denver REGISTER NOW>>

March 30: Kaseya + Datto Connect Local Boston REGISTER NOW>>

April 24 – 27: Connect IT Global in Las Vegas REGISTER NOW>>

June 26-28: DattoCon Europe REGISTER NOW>>

dark web threats

Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>

Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.

ID Agent Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!

let us help secure you against passwords reuse with contact information and the ID Agent logo on grey.

Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!


Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>

See Graphus in action in an on-demand video demo WATCH NOW>>

Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!