Please fill in the form below to subscribe to our blog

The Week in Breach News: 04/13/22 – 04/19/22

April 20, 2022

New information is available about Panasonic’s Canadian data breach, McDonald’s serves up risk to customers in Costa Rica and Anonymous continues its campaign against Russia plus why dark web monitoring is a great way to grow your security business.  


Go inside nation-state cybercrime to get the facts and learn to keep organizations safe from trouble! GET EBOOK>>



Contra Costa County Government

https://sanfrancisco.cbslocal.com/2022/04/16/contra-costa-county-employee-email-accounts-hacked-in-data-breech/ 

Exploit: Hacking

Contra Costa County Government: Regional Government

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.677 = Severe

Contra Costa County officials have begun sending out letters this week to potential victims, after investigating a data breach from Q3 2021. The county’s investigation determined that an unauthorized person accessed several county employee email accounts at various times between June 24, 2021, and August 12, 2021. The intruder accessed emails and attachments containing information pertaining to certain county employees, as well as individuals who communicated with the county’s Employment and Human Services Department.

cybersecurity news represented by agauge showing severe risk

Risk to Individual: 1.702 = Severe

The exposed data includes names and one or more of the following: Social Security numbers, driver’s license or state-issued identification numbers, financial account numbers, passport numbers and medical information or health insurance information.

How It Could Affect Your Customers’ Business: Government bodies have been a popular target for cybercriminals because they usually provide access to lots of valuable data.

ID Agent to the Rescue: Cybersecurity horrors lurk around every corner, lying in wait for unwary organizations. Learn how to defeat them in our eBook Monsters of Cybersecurity. DOWNLOAD IT NOW>>


Newman Regional Health

https://www.databreaches.net/newman-regional-health-notifies-52224-patients-after-long-running-breach-of-employee-email-accounts/ 

Exploit: Hacking

Newman Regional Health: Healthcare Facility

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.802 = Severe

Newman Regional Health is a tiny facility that’s notifying patients and employees of a big breach. The 25-bed not-for-profit hospital in Kansas informed patients that their data may have been exposed in a yearlong data breach. More than 52,000 patients are being notified of the incident after an investigation revealed unauthorized access to a limited number of the hospital’s employee e-mail accounts between January 26, 2021, and November 23, 2021. 

cybersecurity news represented by agauge showing severe risk

Risk to Individual: 1.809 = Severe

Exposed patient and employee information includes names, dates of birth, medical record or other identification numbers, addresses, phone numbers, or email addresses, limited health, treatment or insurance information, or employee information collected in connection with an individual’s receipt of services from or employment. A limited group of individuals may have social security numbers or financial information affected.

How It Could Affect Your Customers’ Business No non-profit can afford the huge penalties that this organization will potentially incur after regulators get finished with them.

ID Agent to the Rescue: Security awareness training reduces the chance of an incident by 70%. Learn to build a program with the How to Build a Security Awareness Training Program eBook. GET IT>>


Florida International University 

https://therecord.media/blackcat-ransomware-group-claims-attack-on-florida-international-university/

Exploit: Ransomware

Florida International University: Institution of Higher Learning

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.177 = Severe

The BlackCat ransomware outfit has claimed they’re behind a ransomware attack at Florida International University. The group said that it has stolen a range of personal information from students, teachers and staff, amounting to 1.2 TB of data. Among the stolen data, the group says it obtained contracts, accounting documents, social security numbers, email databases and more. No further details about the stolen data was available at press time.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Customers’ Business: The Education sector has been getting hammered by cybercrime since the start of the global pandemic.

ID Agent to the Rescue: Get an in-depth look at how ransomware is evolving and who profits from it in our hit eBook Ransomware Exposed. GET THIS EBOOK>> 


Learn why secure access management is the key to a stronger defense on a budget. WATCH NOW>>



Panasonic 

https://techcrunch.com/2022/04/11/panasonic-canada-ransomware/ 

Exploit: Ransomware

Panasonic: Electronics Manufacturer

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.217 = Severe

The Conti ransomware group has claimed responsibility for an attack on Panasonic’s Canadian operations in February 2022. Panasonic confirmed that it had been the victim of a ransomware attack that impacted its systems, processes and networks. The company says that it has contracted with outside experts to investigate the attack as well as clean and restore servers and rebuild applications. No word was available about what if any data was stolen by the attackers. Panasonic says that relevant authorities have been informed.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Customers’ Business Manufacturers and industrial targets have been high on the cybercriminal hit list for months.

ID Agent to the Rescue:  See the mechanics of ransomware, plus get tips and expert advice to guide you through securing your clients effectively in Ransomware 101READ IT>>


Use this checklist to be sure you’ve got your clients protected against nation-state cybercrime. GET CHECKLIST>>



Costa Rica – McDonald’s

https://ticotimes.net/2022/04/15/mcdonalds-alerts-costa-rica-customers-of-data-hack 

Exploit: Supply Chain Risk

McDonald’s: Fast Food Restaurant Chain 

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.734 = Moderate

McDonald’s is informing customers in Costa Rica that they may have had data exposed after a data breach at one of the company’s service providers. The company says it has notified relevant authorities and the incident is under investigation. The name, location or type of the service provider was not disclosed, nor how many customers had their data exposed. 

cybersecurity news represented by a gauge indicating moderate risk

Risk to Individual: 2.623 = Moderate

McDonald’s is informing customers in Costa Rica that they may have had data exposed after a data breach at one of the company’s service providers. The company says it has notified relevant authorities and the incident is under investigation. The name, location or type of the service provider was not disclosed, nor how many customers had their data exposed. 

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Customers’ Business Cybercriminals have been hitting small supply chain targets to gain access to their clients, especially big-name companies.

ID Agent to the Rescue Security and compliance training is a cost-effective defense against all types of cybercrime. Show your clients why with Security Awareness Training: Your Best Investment. GET EBOOK>>


Learn the secret to making compromised credentials your biggest money maker! WATCH WEBINAR>>



UK – CitySprint 

https://grahamcluley.com/citysprint-confirms-security-breach-warns-delivery-drivers-their-personal-data-may-be-in-the-hands-of-hackers/ 

Exploit: Hacking

CitySprint: Courier

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.417 – Severe

 UK same-day delivery company CitySprint has informed its drivers of a data breach that may have exposed their personal information. The company says that an unauthorized party gained access to its iFleet internal management and routing system. While CitySprint says that it doesn’t think that drivers’ personal data was compromised, it can’t be sure.

cybersecurity news represented by a gauge indicating moderate risk

Risk to Individual: 2.766 – Moderate

Drivers may have had information exposed including photos of their driving license, vehicle pictures, and records of their weekly earnings. 

How it Could Affect Your Customers’ Business UK GDPR ensures means that this could be a very expensive incident when all the penalties are added up.

ID Agent to the Rescue Find and slay dastardly vulnerabilities in your clients’ security strategy and emerge victorious with the Cybersecurity Monster Hunter’s Checklist! GET IT>> 


Spain – The Royal Spanish Football Federation (RFEF)

https://www.espn.in/football/spain-esp/story/4642921/spanish-fa-report-cyber-attack-to-police-after-email-accounts-private-texts-stolen 

Exploit: Hacking

The Royal Spanish Football Federation (RFEF): Sports Organization

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.176 = Severe

RFEF announced that it has been the victim of hacking after a journalist warned the organization that they’d been offered stolen data. The organization has determined that documents and information from email accounts, private texts and audio conversations from top executives of the federation are among the stolen data. The journalist claimed to have received or gained access to confidential contracts, private WhatsApp conversations, emails and abundant documents regarding the RFEF management. An investigation is ongoing. 

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Customers’ Business It pays to keep an eye on your network for intrusions instead of waiting for the media to tell you about one.

ID Agent to the Rescue Choose the right dark web monitoring solution to protect your clients from credential compromise surprises with The Dark Web Monitoring Buyer’s Guide for MSPs. DOWNLOAD IT>>


Russia- Ministry of Culture of the Russian Federation

https://securityaffairs.co/wordpress/130106/hacktivism/anonymous-hacked-russia-ministry-of-culture.html

Exploit: Nation-State Hacking (Hacktivism)

Ministry of Culture of the Russian Federation: Federal Government Agency 

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.976 = Moderate

The Anonymous Collective hasn’t stopped its push against Russia after the country’s unjust invasion of Ukraine. This time, Anonymous hackers obtained and exposed 446 GB of data from Russia’s Ministry of Culture as part of a larger hacking operation targeting Russia’s national government. The trove of data purportedly includes more than 200,000 emails. The information was published by Demonstrated Denial of Secrets, a hacktivist organization that has been involved in the Anonymous effort.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Customers’ Business It pays to keep an eye on your network for intrusions instead of waiting for the media to tell you about one.

ID Agent to the Rescue Nation-state cybercrime risk is escalating for businesses in every sector. Learn the basics of nation-state cybercrime and how to protect your clients. GET EBOOK>>


Use this checklist to be sure that you’ve found and mitigated every cyberattack risk that your client faces! DOWNLOAD IT>>



1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident



Go Inside the Ink to see how today’s biggest threats can impact your MSP and your customers in our blog.



Just getting started in cybersecurity? This resource bundle will help you get up to speed to protect your clients fast! GET IT>>



Fresh Resources


This Is The Perfect Time to Grow Your Dark Web Monitoring Revenue!

The Dark Web Monitoring Buyer’s Guide for MSPs
Putting strong protection in place to protect your customers from cyberattacks that leverage dark web data is vital but choosing the right solution for your clients and your business may be tricky. We can help. In The Dark Web Monitoring Buyer’s Guide for MSPs, we show you:

  • How dark web danger is increasing for every organization
  • The nuts and bolts of dark web monitoring
  • What the right solution will do for your clients and your business
  • DOWNLOAD THIS EBOOK>>

10 Things to Look for as You Shop for Dark Web Monitoring – This handy checklist will help you make sure that the dark web monitoring you offer is really getting the job done. GET CHECKLIST>>

The Dark Web Monitoring Buyer’s Guide for Businesses – Give your clients this informative eBook that explains the need for dark web monitoring and shows them how to choose the right solution to get the job done, opening the door for profitable conversations. GET THIS EBOOK>>

Did you miss… Nation-state cybercrime risk has exploded this year. Learn the basics about nation-state risk. GET EBOOK>>


The right dark web monitoring could be the difference between security success or failure. This checklist helps you find it GET IT>>



Why Now is the Best Time to Grow Your MSP With Dark Web Monitoring  


Your Clients Face More Dark Web Danger Than Ever Before


Cyberattack danger is ramping up for organizations in every sector as the world grows more technology-dependent and interconnected. Shifting circumstances due to tumultuous world events are giving the bad guys golden opportunities to profit from cybercrime, and they’re not hesitating to act. Just like any other business, cybercrime outfits have been evolving their business models to maximize their growth opportunities and making adjustments to their strategies because of market fluctuations, industry innovation and world events. But unlike legitimate businesses, their market is the dark web, and their organization’s success always requires another organization’s failure. Thanks to abundant credentials on the dark web and endless employee reuse, the bad guys are able to find more success in their strikes against businesses than ever before. 


Learn to unleash the power of checklists and other downloads in your marketing efforts! WATCH WEBINAR>>


Credential Compromises Keep Growing Adding More Credentials to the Dark Web 


Dark web monitoring is a great way to keep your clients safe from trouble. The cradle of cybercrime, the dark web is where some of the nastiest existential threats to organizations get their start including ransomware, hacking and phishing. It is a constantly growing resource for cybercriminals with new stores of data, new cybercrime tools and Cybercrime-as-a-Service offerings emerging every day. In fact, the demand for things like malware is so high that it outstrips the supply by three times. It’s also the marketplace the bad guys use to source assets for cyberattacks like malware and stolen credentials, and 2021 was another banner year for data breaches and credential compromises. Credential compromise is the easiest and most common way that cybercriminals will gain access to your client’s business. 

Credential Compromises in 2021 

Data Breaches 1789 
Data Exposures54
Data Leaks7
Unknown Source7
Total Compromises1862 
Total Victims293,927,708

Source: Identity Theft Resource Center


Get a step-by-step guide to building an effective security and compliance awareness training program. GET GUIDE>>


Why Dark Web Monitoring Matters Right Now


In a world of economic uncertainty, cybercrime is a sector that’s booming, and that isn’t good news for anyone but the bad guys. Take a look at a few compelling reasons why keeping an eye on potential risks emerging from the dark web is an essential component of a strong defense

The Dark Web is Hopping 

Dark web activity has steadily grown in the last two years. While not everyone using the dark web is doing so for nefarious purposes, it’s safe to say that’s exactly what many dark web users are up to. Take a look at traffic patterns on The Onion Router (TOR), the most popular dark web browser.  

TOR… 

Where in the World Are Dark Web Users? 

Country  Mean daily users  % of Total 
Russia 35546 46.98 % 
United States 7128 9.42 % 
Germany 3372 4.46 % 
Iran  2639 3.49 % 
France  1925 2.54 % 
Netherlands 1864 2.46 % 
United Kingdom 1765 2.33 % 
China 1427 1.89 % 
Belarus 1342 1.77 % 
India  1331 1.76 % 

Source: https://metrics.torproject.org/userstats-bridge-table.html 


Learn the secret to conjuring up amazing stress-free marketing campaigns in 5 Ways to Make Marketing Magic! GET IT>>


Dark Web Credential Exposure is a Gateway to Disaster 


Your Clients’ User Credentials Are at Risk

User credentials are the key that unlocks the door to your customers’ systems and data. Unfortunately, it’s far too easy for bad actors to get a copy of that key.  

Selling Credentials on the Dark Web is Profitable

Bad actors don’t always come from outside an organization. Keeping an eye out for users selling their credentials in the booming dark web markets is a power move for reducing insider risk. 

  • An average legitimate corporate network credential sells for around $3,000.  
  • Legitimate privileged user credentials can go for as much as $120,000.   
  • Malicious insider actions like selling credentials result in an estimated 25% of data breaches

Get the guide that helps you choose the ideal dark web monitoring solution for your clients & your MSP. GET THE GUIDE>>


Dark Web Monitoring Offers Your MSP 3 Excellent Benefits


Dark web monitoring provides a host of benefits for your MSP in both the short and long term.

Get a Revenue/MRR Boost 

Not only does dark web monitoring help you juice up your revenue immediately by offering a new or improved high-value solution, but it also keeps the revenue flowing with an MRR boost. Plus, you’ll walk into conversations about renewals armed with clear, easy-to-understand data that proves its value. 

Increase Your Stack’s Value 

Adding dark web monitoring to your offering bolsters your stack’s value for your business and your clients while showing clients and prospects that you’re being careful to cover all of the security bases to keep them safe, enhancing your stack’s perceived value to differentiate you from the competition. 

Close Deals Fast with Live Credential Search 

Shock wary decision-makers out of doubt or complacency about their organization’s actual dark web risk by showing them every one of their organization’s compromised credentials in minutes. The results of that search flat-out knock people’s socks off, sealing deals fast. It’s the single most powerful prospecting tool you’ll ever use. 


It’s a bird, it’s a plane, it’s your revenue rising into the stratosphere with 6 Power-Ups That Will Make You a Sales Superhero. GET IT>>


What Can Dark Web Monitoring Do for My Clients? 


Dark web monitoring offers a host of benefits, but these two definitely stand out.

Protect Your Clients from Nasty Credential Compromise Surprises 

Dark web monitoring is an essential part of a strong defensive strategy because it enables your team to find out about your clients’ compromised credentials quickly. That gives your team the edge that they need to act to protect your client immediately, reducing the chance of a cyberattack.  

Watch for Trouble in Your Clients’ Supply Chain 

What cyber risk is 64x worse than ransomware? Business email compromise. A common source of business email compromise attacks is an organization’s supply chain. However, that risk can be mitigated by encouraging your clients to add the email addresses and domains of each of their’ common suppliers and service providers to its dark web monitoring, making it easy to see when their supply chain has become compromised


Insider risk is swamping your clients. Learn to mitigate it quickly & profitably. WATCH WEBINAR>>


Grow Your Security Business with the Leading Dark Web Monitoring Solution in the Channel 


It’s critical that you offer your clients the right protection from dark web danger to set them (and you) up for security success. Dark Web ID is the ideal solution to guard against unpleasant credential compromise surprises featuring 27/7/365 monitoring and analysis that alerts you to trouble fast. 

Dark Web ID scans every shady corner of the dark web to hunt for your clients’ credentials including: 

  • Hidden chat rooms 
  • Unindexed sites 
  • Private websites 
  • P2P (peer-to-peer) networks 
  • IRC (internet relay chat) channels 
  • Black market sites  
  • Botnets 

Protect your client’s valuable credentials like: 

  • Employee credentials 
  • Privileged user credentials 
  • Personal credentials 
  • Domains  
  • IP addresses  
  • Privileged users’ email addresses 

Book a demo of Dark Web ID >> 


Don’t just take our word for it, see what these MSPs have to say: https://www.idagent.com/case-studies/


See how security awareness training grows your MRR + get tips for selling it! WATCH NOW>>



Apr 19-22: Robin Robins Boot Camp REGISTER NOW>>

Apr 26: MSP Roundtable – Nation-State Hacking: It’s Everyone’s Problem Now REGISTER NOW>>

Apr 26: Phish and Chips EMEA REGISTER NOW>>

May 10-11: MSP Sales Revolution REGISTER NOW>>

May 24-25: ASCII MSP Success Summit – Boston REGISTER NOW>>

Jun 20-23: Connect IT Global in Las Vegas REGISTER NOW>>



Are Your Credentials on the Dark Web? 


The dark web is the place where all sorts of shady characters do business, and that business includes cybercrime. One popular commodity in dark web markets is stolen credentials. Your organization’s credentials appearing in dark web markets opens the door to all sorts of nasty surprises. 

Bad actors value credentials because it gives them an easy way to conduct operations against businesses.  Credentials are worth their weight in gold and the more privileged a credential is, the more it’s worth. Just one legitimate privileged credential can sell for $120,000 

That’s why it pays to know if your organization’s credentials are floating around on the dark web. Dark web monitoring using a quality solution like Dark Web ID is a great investment, ensuring that you’re not going to be facing unpleasant credential compromise surprises. 


Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.

ID Agent Partners: Feel free to reuse this post (in part or in its entirety) When you get a chance, email pr@kaseya.com to let us know how our content works for you!


let us help secure you against passwords reuse with contact information and the ID Agent logo on grey.

Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!

LEARN MORE>>


Is your password compromised? Find out in seconds!

USE OUR PASSWORD COMPROMISE CHECKER>>


Book your demo of Dark Web ID, BullPhish ID and Passly now!

SCHEDULE IT NOW>>