Please fill in the form below to subscribe to our blog

The Week in Breach News: 04/20/22 – 04/26/22

April 27, 2022

 Two big ransomware attacks impact governments in Costa Rica and Brazil, supply chain risk takes the glow off of vacations for passengers on Canada’s Sunwing Airlines and the big benefits your clients can gain from incident response planning.


Go inside nation-state cybercrime to get the facts and learn to keep organizations safe from trouble! GET EBOOK>>



Christie Clinic

https://www.securityweek.com/500000-impacted-email-breach-illinois-healthcare-firm

Exploit: Business Email Compromise

Christie Clinic: Healthcare Provider

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.802 = Severe

Illinois medical services provider Christie Clinic has informed an estimated 500,000 individuals that their personal information was potentially compromised in a data breach that occurred last year. In the incident, a bad actor gained unauthorized access to one of the practice’s email accounts in a suspected business email compromise operation with the intent of interrupting financial communications between July 14 and August 19, 2021. The practice assured patients that the bad actor did not compromise other systems, electronic medical records, or the firm’s patient portal.  

cybersecurity news represented by a gauge indicating moderate risk

Risk to Individual: 2.771 = Moderate

Christie Clinic is unsure of the scope of the breach but says that the bad actor may have gained access to patient names, addresses, medical and health insurance information and Social Security numbers through the compromised account.  

How It Could Affect Your Customers’ Business: Business email compromise is the most expensive cyberattack businesses face and in this case, that price will come with regulatory trouble.

ID Agent to the Rescue: Cybersecurity horrors lurk around every corner, lying in wait for unwary organizations. Learn how to defeat them in our eBook Monsters of Cybersecurity. DOWNLOAD IT NOW>>


The Unified Government of Wyandotte County and Kansas City, Kansas

https://www.kshb.com/news/crime/cybersecurity-attack-targeted-unified-government-data-centers-over-easter-weekend

Exploit: Hacking

The Unified Government of Wyandotte County and Kansas City, Kansas: Regional Government

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.802 = Severe

Residents of Wyandotte Country and Kansas City, Kansas (UG) are missing access to several government services after an Easter weekend cyberattack snarled the regional government’s IT systems. Some systems have been restored, but many services remain unavailable including appraisals, court cases, motor vehicle services and procurement. A UG statement said that it is actively working with the U.S. Department of Homeland Security, Federal Bureau of Investigation, and the Mid-America Regional Council cybersecurity task force to investigate the incident. 

How It Could Affect Your Customers’ Business Government entities have been popular cybercrime targets for both data theft and ransomware in the last two years.

ID Agent to the Rescue: Security awareness training reduces the chance of an incident by 70%. Learn to build a program with the How to Build a Security Awareness Training Program eBook. GET IT>>


Bob’s Red Mill Natural Foods

https://www.infosecurity-magazine.com/news/bobs-red-mill-reports-data-breach/

Exploit: Malware

Bob’s Red Mill Natural Foods: Grocery Brand

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.761 = Moderate

Bob’s Red Mill Natural Foods has announced that it has experienced a data breach after data scraping malware was found to be operating on its website. The company said on April 15 that the malware was in operation between February 23 and March 1, 2022. The company’s initial investigation did not uncover any exfiltration, but after a customer complaint that has changed.  

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.814 = Moderate

Customer information impacted includes online customers’ payment card information, billing and shipping addresses, email addresses, phone numbers and purchase amounts. The company said that no information had been found to indicate that any Social Security numbers, dates of birth, driver’s license numbers or other government-issued ID numbers had been exposed in the attack. 

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Customers’ Business: Customers aren’t going to respond well to companies that can’t keep their payment card data safe.

ID Agent to the Rescue: Find and slay dastardly vulnerabilities in your clients’ security strategy and emerge victorious with the Cybersecurity Monster Hunter’s Checklist! GET IT>> 


Learn why secure access management is the key to a stronger defense on a budget. WATCH NOW>>



Sunwing Airlines 

https://www.infosecurity-magazine.com/news/cyberattackers-hit-sunwing-airlines/

Exploit: Supply Chain Attack

Sunwing Airlines: Passenger Air Carrier 

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.346 = Extreme

Sunwing Airlines passengers are finding themselves delayed or stranded in airports across the Caribbean after a cyberattack brought down boarding and check-in services maintained by Illinois-based service provider Airline Choice. The airline has been forced to manually check in passengers and handwrite boarding passes, causing massive delays, with passengers stranded in the Caribbean, Mexico and Central America, some for days. The company says it’s working to resolve the situation and get stranded passengers to their destinations as quickly as possible.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Customers’ Business This is a nightmare scenario that will have a serious impact on Sunwing’s future business.

ID Agent to the Rescue:  Learn to protect your clients from cybersecurity trouble and reduce their risk with the resources you’ll find in the Deep Dive Into Cybersecurity bundle. GET IT>>


Use this checklist to be sure you’ve got your clients protected against nation-state cybercrime. GET CHECKLIST>>



Costa Rica – The Government of Costa Rica

https://abcnews.go.com/International/wireStory/cyber-attack-chaos-costa-rica-government-systems-84246029

Exploit: Ransomware

The Government of Costa Rica: National Government

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.271 = Extreme

The Conti group has claimed responsibility for a ransomware attack on the federal government of Costa Rica that has caused trouble in several government agencies for more than a week. Government ministries impacted include Finance, experiencing impacts in customs and tax collection, Labor and the social security agency’s human resources system. Conti’s extortion site claims that the group has published 50% of the stolen data including more than 850 gigabytes of material from the Finance Ministry and other institutions’ databases. Reports say that the group has demanded a $10 million ransom, which the Costa Rican government has stated it will not pay.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Customers’ Business Ransomware is a major threat to governments and cybercriminals have not been shy about using it.

ID Agent to the Rescue See the mechanics of ransomware, plus get tips and expert advice to guide you through securing your clients effectively in Ransomware 101READ IT>> 


Brazil – The City of Rio de Janeiro

https://therecord.media/rio-de-janeiro-finance-department-hit-with-lockbit-ransomware/

Exploit: Ransomware

The City of Rio de Janeiro: Municipal Government

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.909-Severe

 The LockBit ransomware group claimed to have attacked systems connected to the Finance department of the city government in Rio de Janeiro, stealing about 420 GB of data. The Secretary of State for Finance confirmed the attack. The ministry has said that the attackers only captured a small fraction of the ministry’s data. Spokespeople also said that the gang was demanding an unspecified ransom to keep the data from publication. Rio de Janeiro’s economy ranks 30th in GDP among all cities in the world.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Customers’ Business In a challenging economy, no government can afford this kind of incident or the associated bills.

ID Agent to the Rescue Get an in-depth look at how ransomware is evolving and who profits from it in our hit eBook Ransomware Exposed. GET THIS EBOOK>> 


Learn to unleash the power of checklists and other downloads in your marketing efforts! WATCH WEBINAR>>



United Kingdom – Funky Pigeon

https://www.theregister.com/2022/04/19/funky_pigeon_security_incident/

Exploit: Hacking

Funky Pigeon: Retailer 

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.776 = Moderate

Gift card retailer Funky Pigeon, a division of UK retail giant WHSmith, has announced that it was the victim of a cyberattack that has seriously impacted its operations. Funky Pigeon was forced offline, suspending sales temporarily. The company was quick to reassure consumers that no payment data was at risk and did not believe any account passwords were compromised. The incident remains under investigation. 

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Customers’ Business Online retailers have been a popular target for cybercriminals, especially for payment skimming attacks.

ID Agent to the Rescue Choose the right dark web monitoring solution to protect your clients from credential compromise surprises with The Dark Web Monitoring Buyer’s Guide for MSPs. DOWNLOAD IT>>


Russia – Tendertech 

https://securityaffairs.co/wordpress/130409/hacktivism/anonymous-hacked-other-russian-organizations.html

Exploit: Nation-State Hacking (Hacktivism)

Tendertech: Documents Processor 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.976 = Severe

The Anonymous collective has announced that it penetrated systems at Tendertech, a Russia-based processor of financial services and banking documents. The firm counts Transcapitalbank, Bank Uralsib, Bank Soyuz, RGS Bank, Bank ZENIT and Otkritie Bank among its customers. Anonymous claims to have stolen 426,000 emails and leaked an archive of 160 GB in size through Demonstrated Denial of Secrets. Anonymous also claims to have hit other Russian government and quasi-governmental targets including GUOV i GS – General Dept. of Troops and Civil Construction,  Neocom Geoservice and Gazregion. 

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Customers’ Business Nation-state cybercrime can impact businesses outside the government or military sphere quickly.

ID Agent to the Rescue Nation-state cybercrime risk is escalating for businesses in every sector. Learn the basics of nation-state cybercrime and how to protect your clients. GET EBOOK>>


Use this checklist to be sure that you’ve found and mitigated every cyberattack risk that your client faces! DOWNLOAD IT>>



1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident



Go Inside the Ink to see how today’s biggest threats can impact your MSP and your customers in our blog.



Just getting started in cybersecurity? This resource bundle will help you get up to speed to protect your clients fast! GET IT>>



Fresh Resources


3 Awesome MSP Resources to Grow Your Security Business

The Dark Web Monitoring Buyer’s Guide for MSPs
Dark web monitoring is an essential tool for keeping your clients out of trouble, but how can you choose the right solution for your clients and your business? In The Dark Web Monitoring Buyer’s Guide for MSPs, we show you:

  • How the dark web has evolved in the last year
  • What that means for your clients and your business
  • The features to look for in a great dark web monitoring solution

DOWNLOAD IT NOW>>

10 Things to Look for as You Shop for Dark Web Monitoring – This handy checklist will help you make sure that the dark web monitoring you offer is really getting the job done. GET CHECKLIST>>

Are You Doing These 5 Things to Protect Your Customers from Nation-State Cybercrime? – Grab this checklist to use when determining if your clients are ready to face a nation-state attack. GET CHECKLIST>>

Did you miss… Get a step-by-step guide and tips for building a great security awareness program. DOWNLOAD IT>>


The right dark web monitoring could be the difference between security success or failure. This checklist helps you find it GET IT>>



Are Your Clients Ready for an Incident? 


Incident Response Planning is Critical (and Beneficial in Unexpected Ways) 


Cybercrime has grown exponentially in just the last few years, especially ransomware. Businesses of every size in every industry are at risk of falling victim to a ransomware attack at any time, including all of your clients. After all, cybersecurity companies aren’t the only ones innovating in the cybercrime space; cybercriminals are innovating too. Unfortunately, far too many businesses aren’t ready for trouble at all. An estimated 1 in 3 businesses is flirting with disaster by not having an incident response plan, let alone a specialized plan to handle a ransomware attack. That can have a major impact on both their security right now as well as their ability to survive a ransomware attack


This MSP-focused guide gives you insight into finding the ideal dark web monitoring solution. GET THE GUIDE>>


Businesses Face Increasing Cyberattack Pressure


IBM’s Cyber Resilient Organization Study 2021 detailed the increased pressure that businesses and the IT professionals that secure than have been facing in the rapidly-evolving cybercrime landscape of the last few years. A solid majority of respondents (67%) said that both the volume and severity of cybersecurity incidents increased or significantly increased in the past 12 months. Of the respondents surveyed, 51% admitted that their organizations had sustained a data breach in the past year. One of the biggest concerns for any IT pro is ransomware, and 46% of respondents said that their organization had experienced at least one ransomware attack over the past two years. 

Among the major consequences of a ransomware attack on an organization, loss of business due to operational disruption often has a major financial impact. New research has revealed that of their survey respondents, one in five said that their organizations have experienced a ransomware attack in the last year and 43% of those organizations said that they experienced a significant impact on their operations. While ransomware is an equal opportunity offender, some industries are at higher risk of trouble than others.  

Which Industries Faced the Most Ransomware Attacks? (By Percentage of Total Attacks) 

  1. Banking 22%   
  2. Utilities 20%   
  3. Retail 16%   

Learn the secret to making compromised credentials your biggest money maker! WATCH WEBINAR>>


Planning Ahead Makes a Difference


Just one cyberattack like a ransomware attack can be enough to put an organization out of business fast. About 60% of businesses shutter within 12 months of falling victim to a cyberattack. That’s a majority that no one wants to join. Studies have shown repeatedly that preparation for an incident response is critical for organizations that want to come out of an attack in a good position to survive. Just having a plan at all makes a big difference in a company’s cyber resilience, a big factor in its ultimate survival – 71% of companies that were classified as highly cyber resilient in the IBM survey had an incident response plan ready for a ransomware attack, compared to 51% of all respondents. 

The size of an organization doesn’t impact its readiness to respond to a ransomware attack very much, even in today’s heightened risk climate. In a recent study, 50% of companies with annual revenue greater than $1bn said they do not have a formal ransomware response plan. Drilling down, healthcare companies were the most prepared at 56% and energy companies were the least prepared with 44% of energy companies responding that they had formal ransomware response plans. 


Security and compliance training pays amazing dividends. Get tips to run an effective program with our how-to guide! GET GUIDE>>


Few Companies Have Incident Specific Plans 


However, as IBM discovered, more than half of organizations aren’t ready to swing into action at all when disaster strikes, let alone deploy an incident-tailored response plan. A paltry 26% of organizations they surveyed even had a cybersecurity incident response plan. Of those organizations, less than half had specific incident response plans for common scenarios like an attack by an Advanced Persistent Threat group (APT). The most common specific scenario response that companies had in place was a malware or ransomware attack response, with 46% of respondents saying that their organizations had an incident-specific response plan for that scenario.  

Among those organizations with incident response plans: 

  • 46% have a plan for an insider incident 
  • 36% have a plan for a business email compromise incident 
  • 32% have a plan for a supply chain-related incident 
  • 35% have a plan for disaster recovery 
  • 29% have a plan for an APT (nation-state cybercrime) incident 

Make sure your clients have all the bases covered with the Computer Security To-Do Checklist! GET IT>>


Being Ready for Consequences is Part of Having a Plan 


The healthcare industry has been particularly plagued by ransomware since the start of the lobal pandemic. That’s probably a contributing factor to healthcare companies having a higher incidence of formal ransomware response planning. In the recent Software Advice survey, 22% of small medical practices and 45% of large medical practices admitted that they have experienced a ransomware attack. In this survey, one in five representatives from small practices didn’t know if they had a formal cybersecurity response plan, and another 49% said that they definitely did not. That leaves a large number of businesses in a beleaguered industry in a weak position to weather a ransomware attack.   

Globally, IT leaders ranked malware (56%), ransomware (53%) and phishing (40%) as the leading source of security attacks. IT professionals know that ransomware is a major risk for everyone, and even organizations that say that they’re prepared for a ransomware incident face major challenges in dealing with it. Most commonly, 75% of organizations surveyed about the consequences that they experienced after a ransomware attack said that they experienced significant operational disruption. In addition, 23% said that hard financial losses from penalties, fines and legal expenses represented a source of major impact from ransomware. Just behind that were lost productivity (19%), recovery costs (18%) and breach notification (16%). Softer, long-term costs such as loss of brand reputation (11%) and customer loss (7%) trailed behind those big-ticket items. 


Show your clients how to spot and stop malicious insiders with this infographic that’s perfect for social media! GET IT>>


Don’t Let Your Clients Miss Out on Unexpected Incident Response Planning Benefits 


Having an incident response plan will definitely be a major asset if the worst does happen. But just having an incident response at all brings benefits to the table, even if your client never uses it. An incident response plan reduces your client’s overall security risk, enabling it to avoid trouble now. It also puts your clients in a solid position to come out of an incident with more cash and prevent another incident in the future. 

Reduction of Risk 

 Making, testing and maintaining an incident response plan will reduce your clients’ chances of experiencing a damaging cybersecurity incident.  How much of a difference can it make? An enormous difference. IBM researchers announced that 39% of organizations with a formal, tested incident response plan experienced an incident, compared to 62% of those who didn’t have a plan 

Incident Cost Savings 

Many businesses are not prepared for the high cost of falling victim to a cyberattack. If you haven’t planned how your business will handle a cyberattack, you may not have a solid grasp of the costs involved in a response. But having a tested incident response plan can save 35% of the cost of an incident

Improved Cyber Resilience 

Building your company’s cyber resilience is a key component of mounting a successful incident response. Cyber resilient companies can quickly make moves that enable them to isolate intrusions, minimize damage and keep functioning in any conditions. They also have a better eye on compliance and data handling practices which enables them to spot and fix vulnerabilities efficiently. 


The Guide to Reducing Insider Risk can help IT pros stop security incidents before they start! GET IT>>


Help Your Clients Reduce Risk and Avoid Trouble with ID Agent Solutions 


Help your clients reduce their risk and fight back against cybercrime by improving their protection against dark web danger and cyberattacks effectively and affordably with the channel-leading solutions Dark Web ID and BullPhish ID.  

Security and Compliance Awareness Training   

BullPhish ID is the ideal security and compliance awareness training solution for companies of any size.  

  • A huge library of security and compliance training videos in 8 languages – and 4 new video lessons are added a month!    
  • Plug-and-play or customizable phishing training campaign kits with new kits released regularly   
  • Easy, automated training delivery through individual user portals   

Dark Web Monitoring   

Dark Web ID offers businesses best-in-class protection from dark web credential compromise risk  

  • 24/7/365 monitoring using real-time, analyst validated data    
  • Fast alerts to compromises of business and personal credentials, including domains, IP addresses and email addresses  
  • Find compromised credentials in minutes   

You’ll also benefit when you choose to offer ID Agent solutions by gaining access to the best sales enablement program in the business through Kaseya Powered Services. Join the over 4,000 MSPs who are prospering as an ID Agent partner! 


See how security awareness training grows your MRR + get tips for selling it! WATCH NOW>>



April 28: BullPhish ID & Graphus Product Updates REGISTER NOW>>

May 3: Cyber Resilience: The TWO fast fixes you need to know about REGISTER>>

May 3: Dark Web ID & Passly Product Updates REGISTER NOW>>

May 10-11: MSP Sales Revolution REGISTER NOW>>

May 24-25: ASCII MSP Success Summit – Boston REGISTER NOW>>

Jun 20-23: Connect IT Global in Las Vegas REGISTER NOW>>


It’s a bird, it’s a plane, it’s your revenue rising into the stratosphere with 6 Power-Ups That Will Make You a Sales Superhero. GET IT>>



Incident Response Planning Pays Off


Did you know that incident response planning is a powerful tool to use against cybercrime even if you never use the plan? IBM researchers announced that 39% of organizations with a formal, tested incident response plan experienced an incident, compared to 62% of those who didn’t have a plan 

Just drawing up a plan offers your business big plusses. One way you benefit is by finding security and compliance vulnerabilities before the bad guys do. You’ll also gain greater cyber resilience, helping your business resist cyberattacks. If the worst does happen, having a tested incident response plan can save 35% of the cost of an incident.  

Don’t wait another day to consult your MSP about incident response, then make your incident response plan and start enjoying these great benefits. 


Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.

ID Agent Partners: Feel free to reuse this post (in part or in its entirety) When you get a chance, email [email protected] to let us know how our content works for you!


let us help secure you against passwords reuse with contact information and the ID Agent logo on grey.

Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!

LEARN MORE>>


Is your password compromised? Find out in seconds!

USE OUR PASSWORD COMPROMISE CHECKER>>


Book your demo of Dark Web ID, BullPhish ID and Passly now!

SCHEDULE IT NOW>>