Please fill in the form below to subscribe to our blog

The Week in Breach News: 07/06/22 – 07/12/22

July 13, 2022

Marriott gets hit by ransomware, another attack on an MSP, three things to remember when to secure your clients from a data disaster and everything you need to know about a new BullPhish ID integration that eliminates whitelisting and saves tech time.

See cybercrime trends & the results of thousands of phishing simulations in The Global Year in Breach 2022. DOWNLOAD IT>>

Marriott International

Exploit: Human Error

Marriott International: Hotel Operator 

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.783 = Moderate

Marriott is looking at another big data breach after a group of cybercriminals claims to have stolen an estimated 20 gigabytes of data, including financial data like credit card information and confidential information about guests and workers from an employee at the BWI Airport Marriott in Baltimore. The group identified themselves as GNN or “Group with No Name” to media outlets and sent along samples of the purportedly stolen data. Marriott contends that the stolen data consisted of “non-sensitive internal business files regarding the operation of the property.” The incident remains under investigation. 

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Customers’ Business: Hotels are a prime target for cybercriminals because they often have stores of valuable financial and personal data on guests.

ID Agent to the Rescue: Get an in-depth look at how ransomware is evolving and how to help your clients defend against it in our hit eBook Ransomware Exposed. GET THIS EBOOK>>

American Marriage Ministries (AMM)

Exploit: Misconfiguration

American Marriage Ministries (AMM): Non-Profit  

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.617 = Moderate

American Marriage Ministries (AMM), a Seattle-based non-denominational religious organization that ordains wedding officiants, has suffered a data breach. Researchers say they’ve discovered 630 GB of data on about 185,000 officiants and roughly 15,000 married couples as well as their wedding guests exposed in an unsecured Amazon Web Services bucket. The data trove contained Ministers’ program application forms, over 500,000 ordination certificates and minister identification documents, and marriage licenses that contain details about newly wedded couples and more was included in the bucket. The incident was reported to FBI IC3.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Customers’ Business SMBs that handle or store large amounts of data have been high on cybercriminal shopping lists, particularly in recent months.

ID Agent to the Rescue: The checklist Are Your Users Trained to Handle These Risks? helps program administrators make sure their training programs cover all of the bases! GET INFOGRAPHIC>>

SHI International

Exploit: Malware

SHI International: IT Services 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.601 = Severe

New Jersey-based IT services provider SHI international suffered a major business disruption over the July 4 weekend after being forced offline by a cyberattack. The company disclosed that the defensive measures it had been forced to take to stop the attack included taking SHI’s public websites and email offline while the attack was investigated. Website and email outages lasted for several days before finally being resolved about July 10. Customers were told that they could still access their representatives by phone throughout the incident which remains under investigation. 

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Customers’ Business: MSPs, MSSPs and other IT/technical services providers have been frequent targets of cybercriminals recently and should strengthen security.

ID Agent to the Rescue:  Maximize your revenue stream and client satisfaction with the tips in the webinar The Top 5 Ingredients in the Recipe of MSP Success. WATCH NOW>>

Yuma Regional Medical Center (YRMC)

Exploit: Ransomware

Yuma Regional Medical Center (YMMC): Medical System

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.903 = Severe

A ransomware attack that landed on Yuma Regional Medical Center (YRMC) in Arizona has exposed the protected health information of an estimated 700,000 patients. The company has disclosed that it experienced the ransomware attack in late April and that an unauthorized individual had access to YRMC’s systems from April 21 to April 25, allowing them to steal a subset of files from the systems. There was no impact on patient care.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Customers’ Business: A data breach for a healthcare organization is especially damaging between incident costs and regulatory penalties.

ID Agent to the Rescue:  See the biggest risks that businesses face today and get a look at what cyber threats your clients will be facing tomorrow in The Global Year in Breach 2022. DOWNLOAD IT>> 

WellDyneRx, LLC

Exploit: Hacking

WellDyneRx, LLC: Pharmacy Benefits Management

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.304 = Severe

WellDyneRx has reported a data breach that resulted from unauthorized access to one of the company’s email accounts. The company filed a notice with the U.S. Department of Health and Human Services Office for Civil Rights regarding a data breach in December 2021, indicating that the company estimates the breach affected 38,401 individuals. WellDyneRX is a pharmacy benefit manager and oversees the administration of the pharmacy benefits portion of insurance policies on behalf of insurance companies at 65,000 retail pharmacies from major chains to mom-and-pop shops. 

cybersecurity news represented by agauge showing severe risk

Individual Risk: 2.215 = Severe

Cybercriminals may have accessed the names, dates of birth, Social Security numbers, driver’s license numbers, treatment information, health insurance information, contact information, prescription information, and other medical and healthcare-related information of individuals served by WellDyneRx.  

How it Could Affect Your Customers’ Business It’s not just hospitals and doctor’s offices, medical services providers are also experiencing surging risk with big penalties for failure to keep data safe.

ID Agent to the Rescue Get the resources that you need to build your cybersecurity business and protect your clients from risks like this in our Intro to Cybersecurity Resource Bundle. GET BUNDLE>>

Get 10 tips to help you build a strong security culture & reduce your risk of cybersecurity trouble! GET INFOGRAPHIC>>

United Kingdom – Aon, PLC

Exploit: Hacking

Aon, PLC: Professional Services Provider 

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.829 = Moderate

AON, PLC, a U.K.-based company that handles risk mitigation for insurance, pension administration, and health insurance plans, has experienced a data breach that was recently disclosed in a notice on the Maine Attorney General’s Office website. Aon says that the data breach is believed to have affected as many as 31,799 individuals who have been informed via letter.  

cybersecurity news represented by a gauge indicating moderate risk

Individual Risk: 2.836 = Moderate

 The company says that an unauthorized party temporarily obtained documents that contained the names, driver’s license numbers, Social Security numbers, and some benefit enrollment information of plan enrollees.

How it Could Affect Your Customers’ Business professional services companies are prime targets for bad guys that are on the hunt for rich stores of data.

ID Agent to the Rescue Get tips to help your clients avoid trouble with strong security policies coupled with comprehensive security and compliance awareness training. GET INFOGRAPHIC>>

France – La Poste Mobile

Exploit: Ransomware

La Poste Mobile: Telecommunications Company

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.206 = Extreme

The Lockbit ransomware group has claimed responsibility for a ransomware attack on French telecommunications giant La Poste Mobile. The virtual mobile telephone operator La Poste Mobile was walloped by a ransomware attack on July 4 that paralyzed administrative and management services. The company was forced to suspend operations on its website and customer areas as part of its incident remediation.   

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Customers’ Business Telecoms are prime targets for ransomware because of the y cannot afford any network downtime, making them likely to pay the ransom fast.

ID Agent to the Rescue Help your clients discover dangerous vulnerabilities and slay dastardly cyberattack risks with The Cybersecurity Monster Hunter’s Checklist. DOWNLOAD IT>>

Insider threats include phishing. Explore cybercriminal tricks to stop phishing with our new book represented by a light blue comic panel of a phishing hook and old-fashioned comic book style in light blue on dark blue with facts about cybersecurity in 2020

Learn the Secret of How Cybercriminals Trick Users Into Falling for Phishing Messages! GET EBOOK>>

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident

Go Inside the Ink to see how today’s biggest threats can impact your MSP and your customers in our blog.

NEW! Product Feature News

BullPhish ID Eliminates the Need for Whitelisting with New “Drop-A-Phish” Feature

The BullPhish ID and Graphus teams are excited to announce the Advanced Phishing Simulations (Drop-A-Phish) release, a major BullPhish ID enhancement that leverages the power of integration with Graphus to eliminate the need for domain whitelisting and ensure 100% campaign deliverability to end users.

Drop-A-Phish is a huge competitive differentiator for BullPhish ID and a game-changer. The integration with Graphus makes conducting phishing simulation exercises and training campaigns easy and fast for by removing the need to whitelist sending domains or IP addresses. With Drop-A-Phish, the Graphus API gives BullPhish ID the ability to place phishing and training emails directly into the user inboxes vs. sending them through the internet, saving IT technicians hours of whitelisting time!  

How it works:   
IMPORTANT: Customers must have subscriptions to both BullPhish ID and Graphus to enable this integration.   

First, customers need to log in to Graphus and copy the API key in the Integrations tab. They then need to go to BullPhish ID and paste the API key in the Integrations tab. Once the API key is verified,  BullPhish ID will sync organizations with domains that exist in both Graphus and BullPhish ID and for those organizations, whitelisting will no longer be needed! 

Need more details? The Product team has put together a KB article on how to enable this integration.  

Release date:   
The release went live on June 30, 2022.   

Learn more about BullPhish ID for MSPs

Not a Graphus customer yet? Learn more about Graphus now!

Take a deep dive into ransomware and learn to protect your clients affordably with this resource bundle! GET IT>>

Ready to sell more cybersecurity training? Give your clients The Security Awareness Training Buyer’s Guide! This essential guide to security and compliance training solutions offers insight and tips to help your clients choose the right training solution for their needs. Your clients will learn:

  • What features they should look for
  • The benefits they’ll enjoy from training
  • Which training styles are the most effective


Did You Miss This? The 6 Tips for Implementing Zero Trust Security infographic. DOWNLOAD IT NOW>>

Insider risk is swamping your clients. Learn to mitigate it quickly & profitably. WATCH WEBINAR>>

3 Things You Need to Know to Reduce Data Breach Risk for Your Customers

Start Profitable & Important Conversations About Data Security Before its Too Late 

Keeping data safe is a complex proposition for businesses and MSPs these days. Cybercriminals are hunting for fresh data to peddle in the busy dark web data markets as well as fresh targets for ransomware and business email compromise attacks. Your clients are facing a higher number of cyberattacks than they’ve ever faced before, with researchers determining that organizations face 50% more cyberattacks per week right now than they have in prior years. That kind of pressure makes preventing a data breach in your client’s business an ongoing challenge. 

Get tips from experts in our webinar MSP Cybersecurity Roundtable: How to Improve Your Incident Response Plan WATCH NOW>>

3 Things You Need to Know About the Data Breach Landscape 

These three data points from the 2022 Data Breaches Survey Report by Cymulate can help you start important and profitable conversations with your clients about reducing their data breach risk. 

1. Employees & Partners Are Flashpoints 

Your clients are facing a flood of cyberattacks, and many of them are in the form of a familiar foe: phishing. More than half of the cyberattacks that respondents to this survey experienced arrived as part of a phishing attack, which is not good news for businesses considering the record-breaking pace of phishing in today’s cybercrime landscape. Phishing continues to escalate cyberattack and data breach danger, scoring an all-time high in Q1 2022 by surpassing one million recorded attacks. Other common points of origin for cyberattacks include insider threats and through a company’s supply chain.  

Top 5 Sources for Cyberattacks 

By % of total responses rounded

Phishing 56%
3rd Party/Supply chain37%
Direct attacks34%
Insider threats29%
IoT devices19%

Source: Cymulate, 2022 Data Breaches Survey

As you may have suspected, bad actors are primarily coming after businesses with malware including ransomware. It’s a versatile tool that runs the gamut of purposes from snatching information to cryptomining. While ransomware isn’t even close to the only type of malware that businesses face, it’s certainly the most prominent right now and the most feared by businesses, even if it’s not the most expensive cyberattack that businesses can experience. (That honor goes to business email compromise.) Over half of the survey respondents indicated that their organizations experienced malware attacks last year, and the majority were ransomware incidents.  

Top 5 Attack Types 

by % of total responses rounded

Application attacks31%
Insider threats26%

Source: Cymulate, 2022 Data Breaches Survey

Go inside nation-state cybercrime to get the facts and learn to keep organizations safe from trouble! GET EBOOK>>

2. If They’re Breached Once, They’ll Be Hit Again 

Forbes reports that bad actors can penetrate an estimated 93% of company networks and on average it only takes them about two days to do it. That’s very bad news for MSPs and businesses. However, there’s another layer of bad news on the subject for you and your clients to consider. This survey shows that if your client is unfortunate enough to fall victim to a cyberattack, the cycle of that incident is hardly the end of the story. Just about 40% of the companies in this survey reported that they dealt with a cyberattack that spurred a data breach last year. Even worse, 67% of the companies that experienced a breach last year were hit more than once.   

Number of Breaches  

% of total responses rounded

6 – 97%
2 – 516%

Source: Cymulate, 2022 Data Breaches Survey

Those breaches led to a variety of unpleasant outcomes that ensured that no one at any of the breached companies was going to put the incident behind them quickly. Survey respondents reported that the breaches that they experienced did major damage and took a painfully long time to remediate. One quarter of the companies reported that it took a long time to remediate the incident. Making that remediation just a touch more difficult, just over one-quarter of the survey respondents said that the attacks that they endured did major damage to their IT systems.  

  • 27% report very high to high damage to their IT systems, with 31% reporting moderate damage and 41% categorizing their damage as low. 
  • 25% reported a long to very long remediation time, with 43% designating their remediation time as moderate and 38% saying that their remediation time was short.  

Learn how to spot and stop malicious insiders and educate users with this handy infographic! GET IT>>

3. Everyone’s at Risk but Smaller Businesses Suffer More Damage Longer 

One of the most significant impacts to its revenue and ability to survive a cybersecurity disaster that a company experiences in the wake of an attack is a disruption to its ability to do business at all. Experts estimate that one-quarter of companies that fall victim to a ransomware attack are forced to close temporarily due to the inability to operate. For many companies, any closure or loss of operational capacity, even for a few days is a major disaster. The average downtime from ransomware attacks increased from 15 days in Q1 2020 to 22 days in Q3 2021.   

A report by IBM and Forbes Insights found that 46% of organizations that experience a cybersecurity breach suffered a major hit to their reputation and their brand’s value as a result regardless of the size of the organization. However, the business impact of a cyberattack in terms of disruption to the ability to conduct operations is substantially different for medium-sized organizations than it is for the big guys. In this report, researchers categorized a large company as one that had 2,500 or more employees and a medium – small company as one that has fewer than 2,500 employees. Over half of the big businesses surveyed designated the disruption to their operation from a cyberattack as short, but only a third of smaller companies could say the same thing.  

Level of Disruption to Business Operations from a Cyberattack 

in % of respondents rounded

Very High4%2%2%

Source: Cymulate, 2022 Data Breaches Survey

The level of overall damage that a company experiences after a cyberattack follows a similar pattern. Response, remediation, investigating, recovery – all of these phases are pricey. A data breach is punishingly expensive, and the price increases every year. The average cost of a breach in 2021 is estimated at $ 4.2 million per incident, 10% higher than in 2020 and the highest recorded in 17 years. That cost doesn’t include the regulatory penalties that businesses face for a data breach if the data exposed is covered by data privacy statutes. In this survey, about one-fifth of all respondents said that they’d experienced very high damage as the result of a cyberattack. However, the level of damage that medium-sized businesses suffer is significantly higher than the level of damage that large businesses have to deal with in the wake of a cyberattack. 

Level of Damage to Businesses 

in % of respondents rounded

Very High8%6%6%

Watch this webinar to learn how to make Dark Web ID your prospecting secret weapon! WATCH NOW>>

Reduce Your Clients’ Data Breach Risk Effectively & Affordably 

The innovative solutions in the ID Agent digital risk protection platform can help secure your clients’ data and reduce their data breach risk affordably.   

Security awareness and compliance training plus phishing simulation   

BullPhish ID is the ideal security and compliance awareness training solution for companies of any size.    

  • An extensive library of security and compliance training videos in eight languages 
  • Plug-and-play or customizable phishing training campaign kits 
  • New videos arrive 4x per month and new phishing kits are added regularly    
  • Easy, automated training delivery through a personalized user portal     

Dark web monitoring     

Dark Web ID offers best-in-class dark web intelligence, reducing credential compromise risk.    

  • 24/7/365 monitoring using real-time, machine and analyst-validated data      
  • Fast alerts of compromises of business and personal credentials, including domains, IP addresses and email addresses    
  • Live dark web searches find compromised credentials in seconds 
  • Create clear and visually engaging risk reports    

Join the over 4,000 MSPs who are prospering as an ID Agent Partner and you’ll gain access to the best sales enablement program in the business through Kaseya Powered Services.

This MSP-focused guide gives you insight into finding the ideal dark web monitoring solution. GET THE GUIDE>>

July 13 -14: The Future of Cybersecurity (Virtual) REGISTER NOW>>

July 19: MSP Security Roundtable: GRC Compliance REGISTER NOW>>

July 21: BullPhish ID and Graphus Product Update REGISTER NOW>>

July 27 – 28: ASCII Success Summit Toronto REGISTER NOW>>

August 6 – 7: ISSA Cyber Executive Forum REGISTER NOW>>

Learn the secret to conjuring up amazing stress-free marketing campaigns in 5 Ways to Make Marketing Magic! GET IT>>

Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.

ID Agent Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!

let us help secure you against passwords reuse with contact information and the ID Agent logo on grey.

Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!


Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>

See Graphus in action in an on-demand video demo WATCH NOW>>

Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!