Please fill in the form below to subscribe to our blog

The Week in Breach News: 03/29/23 – 04/04/23

April 05, 2023

This week: A massive breach at a Canadian finance company, AudienceView’s breach gave cybercriminals the ticket to financial data from events at half a dozen colleges, why the booming dark web economy is so dangerous and the five worst email-based scams. 

Get the scoop on 5 of the worst email-based attacks plus tips to protect businesses from them. GET INFOGRAPHIC>>

Western Digital

Exploit: Hacking

Western Digital: Computer Hardware Manufacturer

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.702 = Severe

Western Digital, a California-based provider of data storage hardware, has announced that it was hit by a cyberattack last Monday. In the March 26, 2023, incident, bad actors gained access to a number of the company’s systems, forcing the company to take some services and systems offline. In a statement, the company acknowledged that My Cloud, My Cloud Home, My Cloud Home Duo, My Cloud OS5, SanDisk ibi, SanDisk Ixp and Wireless Charger products were impacted. Reports say that cloud, proxy, web, authentication, emails and push notification services are experiencing outages.

How It Could Affect Your Customers’ Business: Manufacturers like this are sitting ducks as cybercriminals ramp up efforts against the supply chain.

Kaseya to the Rescue:  Learn more about how our Security Suite can help MSPs protect their clients from expensive and damaging cyberattacks and other information security trouble. GET IT>>

NCB Management Services

Exploit: Hacking

NCB Management Services: Debt Buyer

1.51 – 2.49 = Severe Risk

Risk to Business: 1.873 = Severe

Accounts receivable management company and debt buyer NCB Management Services has started informing consumers that their personal information was likely compromised in a data breach. The incident is expected to impact roughly 500,000 individuals. NCB said that hackers compromised some of NCB’s systems on February 1, 2023, giving them access to information from closed Bank of America credit card accounts. Included in this breach were names, addresses, phone numbers, email addresses, birth dates, driver’s license numbers, Social Security numbers and employment information for account holders. Financial data such as pay amounts, credit card numbers, routing numbers, account numbers and balances, and account statuses was also snatched.

How It Could Affect Your Customers’ Business: Finance has been the top sector hit by cybercriminals for the last few years as the economy contracts

Kaseya to the Rescue: Develop an effective, efficient incident response plan with the tips in our guide How to Build an Incident Response Plan. GET YOUR GUIDE>>

Lumen Technologies

Exploit: Ransomware

Lumen Technologies: Communications and Network Services

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.311 = Extreme

Lumen Technologies has announced that it is dealing with not one but two cyber incidents. According to a filing with the U.S. Securities and Exchange Commission (SEC), Lumen discovered that a number of their servers that support a segmented hosting service had been infected with ransomware. The Louisiana-based company acknowledged that the ransomware is impacting a small number of its enterprise customers, disrupting call center operations. The company also said that in a separate incident, it had discovered that bad actors had gained access to another part of the company’s IT systems, installed a different type of malware and stole data. The firm is evaluating whether any personally identifiable information (PII) or other sensitive information was stolen.  

How It Could Affect Your Customers’ Business: This dose of double trouble will be a powerful blow to the company’s reputation as well as its finances.

Kaseya to the Rescue: Learn how security awareness training can help businesses combat security risks from phishing to employee mistakes. LEARN MORE>>

Cornell University

Exploit: Supply Chain Attack

Cornell University: Institution of Higher Learning

1.51 – 2.49 = Severe Risk

Risk to Business: 1.819 = Severe

Cornell University has released a security alert warning that purchase data for ticketholders at some of its recent events has been stolen as the result of a platform breach at one of its vendors, AudienceView. The school cautioned that people who had purchased tickets for shows and events organized by the Cornell Concert Series, Cornell Athletics, Cornell Tickets and the Schwartz Center for the Performing Arts may have had financial data stolen. In some cases, students reported that money had already been snatched from their bank accounts. Other colleges and universities including Ithaca College, Virginia Tech University, SUNY Oswego, Colorado State University, Loyola University Chicago and McMaster University in Canada have also been impacted by the AudienceView breach. The ticketing platform company said that the breach was caused by malware discovered in its systems and that it is working with Mandiant to investigate the incident.  

How It Could Affect Your Customers’ Business: This is a valuable score of fast-selling credit card and financial data that means big profits for the bad guys.

Kaseya to the Rescue:  Dark web data and other dark web-related risks are big threats to businesses. Learn more about them in our infographic 5 Ways the Dark Web Can Harm Businesses. GET IT>>

See how Managed SOC gives businesses an essential edge against cyberattacks. DOWNLOAD INFO SHEET>>

TMX Finance

Exploit: Hacking

TMX Finance: Consumer Lender

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.423 = Extreme

TMX Finance, a lender based in Canada with operations in the U.S. and Canada, has disclosed a data breach that impacts customers of its subsidiaries TitleMax, TitleBucks, and InstaLoan. TMX said that the breach likely began in early December 2022 but that it did not detect the breach until February 13th, 2023. The personal data of 4,822,580 customers was potentially exposed in the incident. TMX says that the exposed customer data includes a client’s Full name, date of birth, passport number, driver’s license number, federal/state identification card number, tax identification number, U.S. Social Security number, financial account information, phone number, physical address and email address. 

How it Could Affect Your Customers’ Business: This will be an expensive disaster for TMX after regulators in both countries wind their way through its subsidiaries.

Kaseya to the Rescue:  Managed SOC helps overtaxed security teams detect and address security issues without spending on additional equipment or expanding the payroll. LEARN MORE>>   

Go inside BEC scams & get tips to keep businesses safe from today’s most expensive cyberattack. DOWNLOAD EBOOK>>

UK – Capita

Exploit: Hacking 

Capita: Business Services Provider 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.709 = Severe

London-based business services giant Capita has disclosed that it has been hit by a cyberattack that has caused disruption to some of its internal processes. The company said in a statement that the cyberattack, which took place last Friday primarily impacted access to internal Microsoft Office 365 applications and some online services for customers. The fallout lasted for about three days. Capita performs crucial operations for the NHS and the military in Britain. The company was still restoring online services for customers on Monday morning.  

How it Could Affect Your Customers’ Business: Business services providers have been front and center in the rising tide of supply chain cyberattacks.

Kaseya to the Rescue:   See the biggest SMB security challenges and decision-maker attitudes toward security, training and more in the Kaseya Security Insights Report. DOWNLOAD IT>>

Italy – Toyota Italy

Exploit: Human Error 

Toyota Italy: Car Company 

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.836 = Moderate

Toyota Italy has acknowledged that it accidentally leaked sensitive data about its customers for at least the last 18 months. The data leak occurred through likely misconfiguration in its Salesforce Marketing Cloud and Mapbox APIs. The company exposed its credentials to the Salesforce Marketing Cloud, giving bad actors possible access to Toyota clients’ phone numbers and email addresses, customer tracking information and email, SMS and push-notification contents. The company also exposed application programming interface (API) tokens for Mapbox, a U.S. based mapmaker. Toyota Italy said that it has taken steps to close those gaps.

How it Could Affect Your Customers’ Business: Even a small misconfiguration or mistake with an API can be a huge, expensive disaster for a company

Kaseya to the Rescue: The Cybersecurity Risk Protection Checklist helps businesses make sure that they’re covering all of their security bases. GET CHECKLIST>>   

How much is data really worth on the dark web? Find out in The IT Professionals Guide to the Dark Web! GET EBOOK>>

Crown Resorts

Exploit: Hacking

Crown Resorts: Casino Operator

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.733 = Moderate

Crown Resorts is the latest company to fall victim to the exploitation of GoAnywhere. By the Cl0p ransomware group. The company said last Monday that a ransomware group had contacted Crown Resorts, claiming to have gained access to some files through the GoAnywhere file transfer service zero-day exploit. Crown Resorts was quick to reassure the public that no customer data was compromised, and the company’s resort, casino and business operations have not been impacted. More than 100 companies have been hit by Cl0p in the GoAnywhere snafu.  

How it Could Affect Your Customers’ Business: This might have been avoidable with fast patching once this exploit became public weeks ago.

Kaseya to the Rescue: Most ransomware attacks start with phishing. See how Graphus protects businesses from phishing danger in this infographic. DOWNLOAD INFOGRAPHIC>>


Exploit: Hacking

Meriton: Hotel Operator

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.733 = Severe

Major Australian hotel and holiday home operator Meriton has disclosed that it has experienced a cyber indent that led to the exposure of personal data. More than 1800 guests and staff members employed by Meriton may potentially have had their data stolen when hackers struck the luxury developer on January 14, 2023. Guests staying in Meriton properties may have had their contact information exposed. Meriton employees were hit harder, with their bank accounts, tax file numbers and employment information, which includes particulars about salaries, disciplinary history and performance appraisals possibly accessed by hackers. The company said that the incident was reported to the Australian Cyber Security Centre and the Office of the Australian Information Commissioner.

How it Could Affect Your Customers’ Business: This breach hit two tracks of data for Meriton, doubling its chance of a big fine.

Kaseya to the Rescue: Learn how to achieve complete endpoint security in a flash without blowing up your budget with antivirus and Datto EDR in this information sheet. DOWNLOAD IT>>

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident

managed SOC traveling to Connect IT represenetd by a branded backpack

Don’t miss the industry’s best event, Connect IT Global April 24 – 27, 2023, in Las Vegas! REGISTER NOW>>

3 New Campaigns from Powered Services Pro

These three new campaigns from Powered Services Pro can help get your Q2 off to a sweet start!

Ramping Up the Fight Against Ransomware Pro Campaign

MSP Value Proposition: 

Businesses are coming around to the realization that ransomware attacks are a very real and persistent threat that could sink them, and they’re searching for ways to prevent that from happening. Show clients and prospects that you stand ready to help lead their fight against escalating ransomware threats. 

End Buyer Value Proposition: 

With ransomware attacks ratcheting up in both scale and cost, now is the time to make sure your business is prepared to put up a formidable defense against ransomware while also ensuring you’re ready to mitigate, respond, and recover from a successful attack. 


MSSP Bonus Campaign 

MSP Value Proposition:  

Help your followers understand what a Managed Security Service Provider (MSSP) can do for their business. 

End User Value Proposition:   

As cybercriminals become more automated, sophisticated, and motivated, their attacks continue to intensify, making it more important than ever to protect your business. Trying to keep your company secure is complex, expensive, and risky. Outsourcing cybersecurity ensures you’re putting up the best defense against today’s mounting cyber threats. 


Q2 Bonus Holiday Campaign 

Leverage our celebratory bonus ads to start a conversation about security with your clients!

  • National Flash Drive Day (4/5)
  • Easter (4/9)
  • National IT Provider Day (4/22)
  • May the 4th (5/4)
  • National Technology Day (5/11)
  • Mother’s Day (5/14)
  • Memorial Day (5/29)
  • Father’s Day (6/18)


This infographic helps IT professionals get the most out of a security awareness training solution. DOWNLOAD IT>>

NEW INFOGRAPHIC! 5 Nastiest Email-Based Scams

In the last 14 months, the FBI’s Internet Crime Complaint Center (IC3) has already registered over 1 million cybercrime reports. That speaks volumes about the dire cybercrime situation today’s businesses face. That’s why you need to know about the threats that can have catastrophic consequences for businesses and individuals alike.

Download this infographic to learn about five of the nastiest email-based attacks and get tips to protect businesses from them. DOWNLOAD IT>>

Did you miss…? The checklist Elements of an Incident Response Plan? DOWNLOAD IT>>

A diverse group pf It professionals collaborate at a computer workstation

Learn about SMB attitudes toward cybersecurity and other growth opportunities for MSPs. GET INFOGRAPHIC>>

  The Booming Dark Web Economy is a Bust for Businesses

Many economies around the world are experiencing challenges in the wake of the global pandemic. But there’s one economy that isn’t: the dark web economy. Unfortunately, it’s thriving. Cybersecurity Ventures estimates that the dark web is projected to cost the world $8 trillion in 2023 and $10.5 trillion by 2025. That constant upward trend also fuels a hot talent market. Cybercrime groups are almost perpetually recruiting. Over a 30-month period, cybercriminal gangs and threat groups posted more than 200,000 advertisements seeking workers with skills in software development, maintaining IT infrastructure, and designing fraudulent sites and email campaigns. This look at the dark web economy offers context for why companies need to be concerned about dark web danger.  

Excerpted in part from The IT Professional’s Guide to the Dark Web. DOWNLOAD IT>> 

Cybercrime-as-a-Service is a growth industry 

The Cybercrime-as-a-Service gig economy is the main driver of economic growth on the dark web and it is getting bigger every year. Cybercrime specialists typically sell their goods and services on dark web message boards, Discord servers and Telegram channels, and are generally paid in cryptocurrency. An estimated 90% of posts on popular dark web forums are from buyers looking to contract someone for cybercrime services. Just like any other marketplace, prices on the dark web for things like data, malware or hacking services are fluid, with certain data types or services trending and fading for a wide variety of reasons, just like commodities in any other sector. This snapshot offers an idea of what services and commodities sell for on the dark web.  

Malware, Premium quality, per 1,000 installs $5550 
DDoS attack, Unprotected website, 10-50k requests per second, 24 hours $45 
1k followers for a LinkedIn page $10 
Hacked Coinbase verified account $120 
10 million USA email addresses $120 

Source: Privacy Affairs 

Get tips & advice to help you build a smart incident response plan in our guide. GET YOUR GUIDE>>

Growth leads to cybercrime innovation too

CaaS is a powerhouse economic engine that has spawned its own related industries.

Malware-as-a-Service or Ransomware-as-a-Service  

Malware-as-a-Service (MaaS), or its offshoot Ransomware-as-a-Service (RaaS), is a thriving sector of the dark web service economy. This type of operation offers pay-and-use malware for conducting cybercrime. Think of it as bad actors adopting the Software-as-a-Service revenue model. Malware authors develop and maintain software for prospective customers, much like any other software company. And like any other business, hiring specialists and service providers often makes good business sense for major cybercrime groups and nation-state threat actors. It is estimated that 300,000 new pieces of malware are created daily.  


According to Microsoft researchers, a Phishing-as-a-Service(PhaaS) group’s subscription prices depend on a host of factors, but in general, the service can cost about $800 per month. Many of these operators offer what amounts to a one-stop shop for phishing, with phishing kits available for as little as $30. These groups feature everything from DIY kits to full-service contracting. It’s easy and cheap for a cybercrime group to hire a PhaaS practitioner who will take care of everything — build and host a phishing site, create and install a phishing template on the site, configure the domain and take care of every technical aspect, send emails to victims and collect credentials or other desired data.  

This infographic helps IT professionals get the most out of a security awareness training solution. DOWNLOAD IT>>

Stolen data to fuel cyberattacks is cheap (or free) 

Stolen data is fuel for many cybercrimes, and all kinds of stolen data is readily available on the dark web. Cybercriminals aren’t picky. They’ll steal personal data, medical data, customer records, financial information, proprietary data, payment information, intellectual property, trade secrets and just about any other type of data they can get their hands on. The prices of various types of data vary, but the following from the Identity Theft Resource Center paints a picture of what stolen credentials sell for on the dark web. For example, A full range of documents and account details for identity theft can be obtained for an estimated $1,010.   

Credit card information  $17 – $120  
Digital wallets of platforms, like Coinbase  $250 and under  
Online banking account information  $65  
A hacked Facebook profile  $45   
Cloned Visa with a PIN  $20  
Stolen PayPal account with a $1,000 balance  $20 

Source: ITRC

Can you spot a phishing message? This infographic points out red flags to watch for to sniff them out! DOWNLOAD IT>>

Dangerous data is easy to find 

It’s not a challenge for bad actors to find the data that they’re looking for when planning a cybercrime operation. Major sources of data that can be used to conduct cyberattacks are everywhere on the dark web. Information like user records, intellectual property, operational technology assets, financial records, personally identifying information and credentials can be found easily in many cybercriminal hangouts including:  

  • Hidden chat rooms  
  • Unindexed sites  
  • Private websites  
  • P2P (peer-to-peer) networks  
  • IRC (internet relay chat) channels  
  • Black market sites  
  • Botnets  
  • Torrents  
  • Chat channels in apps like Telegram  
  • Message boards/Forums  
  • Discord servers 

Learn how a new integration between BullPhish ID & Graphus saves time & money. SEE THE DETAILS>>

Dark web monitoring reduces dark web exposure risk 

Dark web monitoring helps companies ensure that there aren’t any nasty surprises waiting for them because of dark web data exposure. Everyone wants to spend their money wisely, especially in a challenging economy. When looking at dark web monitoring, whether a company is choosing a solution for the first time or considering switching to a different solution, asking these questions can help businesses ensure that they’re investing in the right one. This is also a great list of talking points for MSPs to share with their clients.  

Does your dark web monitoring solution…  

  • Uncover your company’s compromised credentials in seconds?  
  • Show your organization’s accurate real-time risk 24/7/365?  
  • Use human and machine-powered monitoring?  
  • Protect business and personal credentials?  
  • Monitor your domains, IP addresses and email addresses?  
  • Leverage out-of-the-box integrations with popular PSA platforms?  
  • Offer a fast, frictionless alerting and mitigation process?  
  • Have SaaS or API options available?  
  • Get to work in minutes with no extra hardware or software required?  
  • Guard the personal email addresses and credentials of your privileged users?  
  • Find out quickly if supply chain or third-party risks are putting your company in danger?    

dark web threats represented by a hacker in a hoodie shrouded in shadows with faint binary code

Find out about five of today’s biggest dark web threats to businesses in this infographic. DOWNLOAD IT>>

Put the leading dark web monitoring solution to work for you

Dark Web ID is the ideal dark web monitoring solution for businesses of any size, It’s also an amazing prospecting tool for MSPs. One dark web search that shows decision-makers a company’s compromised credentials in minutes opens the door for profitable conversations about the need for strong security. Dark Web ID offers best-in-class dark web intelligence about compromises of business and personal credentials, domains, IP addresses and email addresses.  

Dark Web ID features: 

  • 24/7/365 monitoring using real-time, machine- and analyst-validated data.      
  • Live dark web searches that find compromised credentials in seconds.    
  • Clear and visually engaging risk reports.    
  • Enjoy seamless integration with popular PSA platforms, including Kaseya BMS, Autotask and ConnectWise.  
  • Easy integration with your security operations center (SOC) and other alerting and remediation platforms with available APIs. 

Book a demo of Dark Web ID  

Learn more about how the Kaseya Security Suite helps MSPs & their customers thrive in a dangerous world. GET BRIEF>>

Register Now for the ID Agent & Graphus Q2 Product Update on Tuesday, April 11, 2023, at 10:00 AM ET & 6:00 PM ET

This action-packed webinar will present the new features and enhancements that were delivered in Q1, the reasons behind our roadmap decisions and catch a preview of what’s to come in Q2 and for the rest of the year. REGISTER NOW>>

April 18: Kaseya + Datto Connect Local London REGISTER NOW>>

April 24 – 27: Kaseya Connect Global in Las Vegas REGISTER NOW>>

May 9 – 10: Kaseya + Datto Connect Local Hartford REGISTER NOW>>

May 23: Kaseya + Datto Connect Local Houston REGISTER NOW>>

June 26-28: DattoCon Europe REGISTER NOW>>

dark web threats

Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>

Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.

ID Agent Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!

let us help secure you against passwords reuse with contact information and the ID Agent logo on grey.

Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!


Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>

See Graphus in action in an on-demand video demo WATCH NOW>>

Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!