Please fill in the form below to subscribe to our blog

The Week in Breach News: 07/28/21 – 08/03/21

August 04, 2021

Canada may have just had a Civic Holiday, but hackers aren’t taking any time off as we show you in three Canadian breaches, plus hackers clearly have the cheat codes to beat security at EA, COVID-19 vaccination certifications have become a cybersecurity quagmire and the financial impact of a data breach (it goes deeper than you think). 



Electronic Arts (EA)

https://therecord.media/hackers-leak-full-ea-data-after-failed-extortion-attempt/

Exploit: Hacking

Electronic Arts (EA): Video Game Maker 

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.311 = Extreme

Hackers have leaked an estimated 751GB of compressed EA data containing FIFA 21 source code on a dark web forum. Initially, they released a cache of 1.3GB of FIFA source code on July 14 as part of a demand for payment to stop them from releasing the rest, but after EA refused to play ball, the rest was added. According to reports, the hackers used the authentication cookies to mimic an already-logged-in EA employee’s account and access EA’s Slack channel and then tricked an EA IT support staffer into granting them access to the company’s internal network, ultimately allowing them to download more than 780GB of source code from the company’s internal code repositories. EA says that no player information was ever at risk and they’ve fixed the problem internally.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business: Part of this hacking incident was powered by impersonation, which is a form of phishing, and is reminiscent of the 2020 Twitter hack that enabled cybercriminals to gain access to celebrity accounts by impersonating Twitter workers.

ID Agent to the Rescue: Developing a strong security culture that is savvy about phishing is essential for maintaining security in today’s volatile threat atmosphere. Our Security Awareness Champion’s Guide helps explain complex risks in a fun way! DOWNLOAD IT>>


University of San Diego Health 

https://www.bleepingcomputer.com/news/security/uc-san-diego-health-discloses-data-breach-after-phishing-attack/

Exploit: Phishing

University of San Diego Health: Hospital System 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.663 = Severe

UC San Diego Health has disclosed a data breach after the compromise of some employees’ email accounts. UC San Diego Health discovered that cybercriminals had gained access to some of its employees’ email accounts through a phishing attack. The attackers may have accessed the personal information of patients, employees and students between December 2, 2020, and April 8, 2021.  

cybersecurity news represented by agauge showing severe risk

Risk to Individual: 1.271 = Severe

Potentially impacted information includes: patients’ full name, address, date of birth, email, fax number, claims information (date and cost of health care services and claims identifiers), laboratory results, medical diagnosis and conditions, Medical Record Number and other medical identifiers, prescription information, treatment information, medical information, Social Security number, government identification number, payment card number or financial account number and security code, student ID number and username and password. The hospital will offer free credit monitoring and identity theft protection services through Experian IdentityWorks for one year and is contacting impacted individuals via mail.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Medical data is some of the hottest data to sell in dark web markets, earning cybercriminals a substantial profit and this hospital substantial fines under HIPAA and California Privacy regulations.

ID Agent to the Rescue: Stop phishing by recruiting every employee to the cybersecurity team. Let us show you how to expand your menu into security awareness training in just 15 minutes! WATCH NOW>>


City of Grass Valley, CA 

https://sacramento.cbslocal.com/2021/07/29/grass-valley-cyberattack-ransom/

Exploit: Ransomware

City of Grass Valley, CA: Municipality 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.223=Severe

Municipalities have been ripe targets for cybercriminals, and they’ve scored another payday in Grass Valley, California. City services except emergency services experienced outages and the city ultimately chose to pay the ransom, citing data privacy concerns for its citizens. Grass Valley officials said the Federal Bureau of Investigation (FBI) was contacted. Several state agencies are still investigating. Services were restored after the ransom payment. Federal agencies including CISA and the FBI strongly discourage paying ransoms which is illegal in many circumstances.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Cybercriminals have been striking municipalities and similar authorities frequently. Historically poor cybersecurity combined with a tendency to simply pay ransoms makes this a growth industry for cybercrime.

ID Agent to the Rescue:  What happens when you pay a ransom? Nothing good. See how the cash shakes down and how gangs make their money in Ransomware Exposed!. DOWNLOAD IT>>


Our partners typically realize ROI in 30 days or less. See why nearly 4,000 MSPs in 30 countries choose to grow with ID AGENT solutions and support. BECOME A PARTNER>>




Calgary Parking Authority 

https://calgaryherald.com/news/local-news/calgarians-personal-data-exposed-in-parking-authority-security-breach

Exploit: Misconfiguration

Calgary Parking Authority: Municipal Entity

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.705 = Severe

Calgary Parking Authority recently experienced a breach that exposed the personal information of vehicle owners. A misconfigured server containing computer-readable technical logs, payments, parking tickets, driver personal data and more was discovered in the wild by researchers. Reports say that the server, used to monitor the authority’s parking system for bugs and errors, was left on the internet without a password in a security blunder.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.622 = Severe

Data exposed includes drivers’ full names, dates of birth, phone numbers, email addresses and postal addresses, as well as details of parking tickets and parking offenses, including license plates and vehicle descriptions, and in some cases the location data of where the alleged parking offense took place. The logs also contained some partial card payment numbers and expiry dates.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business It’s hard enough to stay ahead of hackers without giving them an easy payday by making sloppy mistakes. Building a strong security culture is vital for keeping systems and data safe.

ID Agent to the Rescue: Help your clients build a security culture that keeps them a step ahead of cybercrime. Learn more about how to do it in a webinar full of tips from culture and team building experts! WATCH WEBINAR>>  


Homewood Health

https://bc.ctvnews.ca/unknown-number-of-british-columbians-personal-information-for-sale-online-after-health-company-extorted-1.5525715

Exploit: Nation-State Hacking

Homewood Health: Healthcare Provider 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.926 = Severe

Ontario-based Homewood Health has disclosed that it fell victim to hacking earlier this year. The organization has begun contacting companies and agencies whose information may be compromised, including BC Housing, TransLink and the Provincial Health Services Authority. The organization is blaming the breach on the state-sponsored Chinese hackers Hafnium.   

Individual Impact: There has not yet been confirmation that consumer personal or financial information has been compromised in this incident but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Cyberattacks against service providers have been steadily increasing as cybercriminals strike at lynchpins to gain access to even more valuable data.

ID Agent to the Rescue Supply chain risk is a minefield for every business in every industry. Learn how to reduce risk for your clients in our eBook Breaking Up With Third Party and Supply Chain Risk. GET THE BOOK>>


D-BOX

https://cyberintelmag.com/attacks-data-breaches/entertainment-company-d-box-recovers-from-ransomware-cyberattack/

Exploit: Ransomware

D-BOX: Gaming Specialty Electronics

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.919 = Severe

Canadian immersive entertainment technology provider D-BOX said it was gradually resuming its activities following a ransomware attack. The company said it had worked with incident response experts to determine that the impact was limited to internal systems and that its services to studios and theatre operators were not affected. All services have now been restored. The company has stated that it believes that its policy of segmentation between internal and customer-focused systems helped protect its clients.

Individual Impact: There has not yet been confirmation that consumer personal or financial information has been compromised in this incident but the investigation is ongoing. There has not been any announcement that employee information was impacted however the company is offering identity theft protection to employees.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware is the weapon of choice for both run-of-the-mill cybercriminals and nation state threat actors. Every business needs to be ready for it.

ID Agent to the Rescue: Ransomware was the story of the year in 2020, and it’s still the top story in 2021. See how its impact has shaped the future of cybercrime in The Global Year in Breach 2021. READ IT>>



The Netherlands – Raven Hengelsport

https://www.theregister.com/2021/07/27/azure_blob_raven_hengelsport/

Exploit: Misconfiguration

Raven Hengelsport: Specialty Fishing Supply

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.602 = Severe

Dutch fishing supply specialist Raven Hengelsport left details of around 246,000 customers visible to anyone on a misconfigured Microsoft Azure cloud server for months. That server, hosting 18GB of company data covering at least 246,000 customers across 450,000 records, was discovered by security researchers and had purportedly been wide open for months. Even after researchers attempted to contact the company it took a long time for them to do anything about it.

cybersecurity news represented by a gauge indicating moderate risk

Individual Risk: 2.416 = Moderate

The bonanza of information contained customer IDs, delivery dates, discounts, shipping fees, payments and shipment tracking numbers as well as PII like names, surnames, addresses, genders, phone numbers, email addresses and business names.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Mistakes like this are only compounded by blunders in the response. It shows clients that you aren’t concerned about their security if you aren’t concerned about yours.

ID Agent to the Rescue: Make sure that your clients are crossing the “Ts” and dotting the “Is” to reduce vulnerabilities with out Cybersecurity Risk Protection Checklist. GET THE CHECKLIST>>



Indonesia – BRI Life

https://www.reuters.com/business/finance/indonesias-bri-life-probes-reported-data-leak-2-million-users-2021-07-27/

Exploit: Hacking

BRI Life: Insurer 

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.802 = Moderate

BRI Life, the insurance arm of Indonesia’s Bank Rakyat Indonesia disclosed that it is investigating claims that the personal details of over two million of its customers were available in a dark web hacking forum. In a post on  RaidForums, an unnamed user said they were selling a collection of 460,000 documents compiled from the user data of over two million BRI Life clients for $7,000. 

cybersecurity news represented by a gauge indicating moderate risk

Individual Risk: 2.802 = Moderate

The user selling the data on RaidForumsprovided a video clip for proof that displayed bank account details, copies of Indonesian identification cards and taxpayer details. researchers estimate that 2 million people may have had PII exposed but information about specifics is hazy.  

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Personal data like this is catnip for hackers because it sells quickly at a nice profit and retains value into the future.

ID Agent to the Rescue: Learn more about what happens in hacker hotbeds and malicious marketplaces in this exciting webinar to learn defensive secrets that will give your clients an edge. WATCH IT>>



1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.


Go deep into the cybercrime underworld in “Hacker Hotbeds and Malicious Marketplaces” WATCH THIS WEBINAR>>


Go Inside the Ink to Get the Inside Scoop on Cybercrime


Are you up to date on the latest news that can impact your business and your customers? Here’s a recap:

Kaseya Patch Tuesday: See the patch notes and bug fixes for July 2021: SEE PATCH INFO>> 



See Three Infographics Packed with Useful Tips!


New Resources to Bring You New Revenue! 4 Ways to Safeguard Your Clients from Ransomware Attacks

Amelia Paro of ID Agent and Miles Walker of Graphus show you 4 smart ways to protect your clients from ransomware and enhance your revenue.

You’ll learn:

  • Why dark web monitoring is your secret weapon against cybercrime
  • What you can do to train everyone like they’re part of the security team
  • How automated email security prevents employee mistakes that result in disaster

WATCH NOW>>
Q3 Product Update Webinar

Join ID Agent experts for a sneak peek at what we’ve got in store for you in our Q3 Product Update Webinar.

You’ll see:

  • Product updates that you won’t want to miss
  • New features and functions that can secure systems and data
  • Innovations that improve your quality of life

WATCH NOW>>

Looking for something interesting to read? Our eBook Ransomware Exposed! is packed with data including an in-depth look at how cybercriminals in the ransomware game get paid! READ IT NOW>>


password reuse danger can sink unwary businesses with poor security awareness. A cartoon image on black shows a blue shield with a lock

See how to grow your business with a new revenue stream in the time it takes to drink a cup of coffee. LEARN MORE>>



How Deep Can The Impact of a Breach Hit Businesses Financially? Deeper Than Your Clients May Realize


A data breach is an expensive, damaging proposition for any company. In the IBM/Ponemon annual Cost of a Data Breach Report, the average cost of a breach in 2021 is estimated at $4.2 million per incident, the highest ever. The expense of that nightmare starts immediately and doesn’t stop until the last jot of remediation is complete. Those initial costs are punishing, but there is another kind of cost that’s often not considered – the ongoing financial damage that a data breach can do to a business including the damage done to opportunities that business may have to gain a much-needed financial shot in the arm.  


dark web economy represented by the words dark web in white on a black background blurred like a faint tv transmission

Explore the dark web with experts & get a deck of screenshots in Unveiling Cybercrime Markets on the Dark Web. WATCH NOW>>


Even One Security Incident Costs a Fortune


It’s not just the initial hit in a cyberattack that’s driving companies into the red. An estimated 60% of companies go out of business within six months of experiencing a cyberattack, many due to the high costs and lost revenue. As shown in the article above, it’s easy to see that even after paying for the upfront expense of an incident like immediate investigation, mitigation and repair, the bills from a cyberattack don’t stop coming. Around 61% of the cost of a data breach is paid in the first year after impact, an estimated 24% comes due in the next 12 to 24 months, and the bills for the final 15% can arrive more than two years later. An estimated 47% of businesses reported experiencing five or more attacks in 2020, opening them up to facing this desolate proposition.

The necessary adjustments that the world made in the way that we do business because of the global pandemic did not help the cause as security protocols often fell by the wayside. IBM estimates that roughly 60% of organizations worldwide transferred their operations to the cloud to keep their businesses going in 2020. Unfortunately, many of those organizations failed to make the necessary security shifts to support a remote workforce, leaving dangerous vulnerabilities that hackers were more than happy to exploit. Cloud-based attacks rose 630% between January and April 2020. When companies reported that the majority of their staffers were working from home, researchers discovered that they experienced an increase of up to $1 million more when a data breach occurred, with the highest rates of $4.96 million in comparison to $3.89 million. 

But the hidden financial repercussions of a data security incident can become material much sooner. Companies that are recovering from a data breach are also likely to be looking for some help paying the bills, and that brings financing into the equation. While the impact of a data breach on investors may not be that steep in many cases, the same cannot be said for banks. That’s where things start to get especially sticky. In the American Accounting Association study, “Do Banks Price Firms’ Data Breaches?”, hard facts illustrate a potentially overlooked truth: A data breach can be a huge blot on a company’s financing applications with banks and other lenders, incurring even more costs for years t come.  


malicious insider threats can include cryptocurrency risk represented by a crime comic style blue eye looking through a peephole.

Use our Cybersecurity Risk Protection Checklist to find vulnerabilities before the bad guys do! GET IT>>


Banks Don’t Look Kindly on a Data Breach


This study is based on data compiled from 1,081 bank loans to publicly traded companies over a multi-year period, and it paints a fairly stark picture of what a breached company that may have made some bad choices can expect to encounter the next time it goes looking for financing. Companies that suffer a data breach face a 22% higher loan spread and a 40-basis-point increase in borrowing costs on average. While higher lending costs were experienced by companies in every sector, some industries and areas experienced a particularly hard blow. The negative lending cost impact of a breach is shown in this study to be worse for companies in what the researchers consider “vulnerable industries”, including healthcare, business services and transportation. 

Many factors can affect the calculus. The number of customers impacted in a breach is relevant, as are potential regulatory penalties. The cause of the breach is also relevant and can have a deeper impact if the breach is caused by an employee error or malicious hacking. Companies with a reputation for strong internal controls can also experience a steeper slide because a breach forces banks to make a greater adjustment in their risk assessment of the company than they may have otherwise. That study also reported that breached firms experience significantly higher increases in loan spread, as well as encountering the increased likelihood of collateral requirement. 


phishing email imitating famous brands dangers represented by a cartoon hacker in a hoodie at a laptop with an eye mask on done in shades of blue, Batman style.

Is Your Password a Zero or a Hero? Learn the difference and how you can strengthen yours in Build Better Passwords. GET IT>>


Bigger Interest Rates Are Bad News


In another study, done by economists and technology experts at Yeshiva University in New York City and Hong Kong Polytechnic University, researchers found that breached companies also tend to face a roughly 25% increase in loan covenants. They also didn’t qualify for the best interest rates, a troublesome prospect when a company is in a difficult spot that requires seeking out fresh resources. No matter how they ended up in the situation, from social engineering to nation-state cybercrime, on average a company that suffered a data breach paid $3.7 million extra in interest costs each year on the average loan of $923 million.     

That’s not all of the potentially expensive complications that companies that have an incident like a ransomware-related data breach might incur from banks and lenders. One of the clearest ways to see the difference in the way that banks look at breached organizations versus non-breached companies is to look at the spread on basis points in loans made to them. On average, breached firms pay 40 basis points, or about 0.4 percentage points, substantially higher interest rates than the average for all companies when compared to this study’s stated 28 basis points for firms that did not have a breach under their belt. Only financial restatement carried a higher penalty at 65 basis points. 

There is a little light at the end of the tunnel for companies seeking financing after they’ve suffered a data breach. Researchers in that study found that banks were responsive to improvements that companies made in their security after a breach. Lenders were likely to reward organizations that took strong actions to improve security controls, preserve data and mitigate the impact of the breach quickly. Companies that are able to demonstrate that they’ve invested in remaking their defenses and my adding sensible security enhancements that help transform their security into a best-in-class system may be able to impress banks enough with their commitment to preventing future incidents that they can reduce the impact of their breach on their borrowing costs down the road.


Is your email domain protected against phishing? Are your customers? Find out now with the Graphus Domain Checker. CHECK NOW>>


Making Smart Choices Matters


Protecting your client’s business also includes protecting the financial prospects of their organization. While there is no definitive way to prevent a company from falling victim to cybercrime that causes a data breach, there are a few things that you can do right now to reduce that risk and ensure that your clients have a fighting chance.  

Insist That Every Client Adopt MFA

There’s no good justification for refusing to add the simple yet powerful safety of MFA, one dynamic feature of Passly. It’s also a requirement for compliance under HIPAA, PCI-DSS, CJIS, FFIECC and most other data privacy rules and will imminently be a requirement for all companies that do business with the US federal government.

Show Clients Their Risk to Show Them the Value Dark Web Monitoring

Use the live credential search tool that you get with Dark Web ID to show your clients their actual risk. Everything about the dark web can seem remote. Dark web threats become a little easier to wrap your head around when you’re looking at your company’s actual credential compromise risk right now.

Tell Your Clients the Secret to Reducing Cybersecurity Incidents by 70%

Everyone wants a security hack. Give your clients a good one by explaining that security awareness training with a solution like BullPhish ID can reduce their chances of experiencing a cybersecurity disaster like a data breach by up to 70%, and that protection just keeps growing without big spending.

We’re ready to help you shepherd your clients into a safer future with the ID Agent Digital Risk Protection Platform. Don’t roll the dice with password security for another day.  Contact our solutions experts and let’s get started! 


Is your email domain protected against phishing? Are your customers? Find out now with the Graphus Domain Checker. CHECK NOW>>



Aug 05 The Ultimate MSP Sales Process Blueprint: Automation for the Win REGISTER NOW>> 

Aug 10 Cybercrime Undercover: Inside Real Security Stings REGISTER NOW>>

Aug 12 How to Build Your Cybersecurity Fortress Mini Guide (EMEA) REGISTER NOW>>

Aug 17 Right People. Right Tools. Right Levels: Passly Demonstration REGISTER NOW>> 

Aug 15-17 XChange+ August 2021(San Antonio, TX) REGISTER NOW>>

Aug 18-19 ASCII Success Summit (Raleigh, NC) REGISTER NOW>>

Aug 31 Stuck in a Break-Fix Rut? Overcome the Hurdles of Moving to MRR! REGISTER NOW>> 

Sep 02 Owning the Dark Web: How You Can Take Back Control REGISTER NOW>>



Does a Data Breach Damage Your Company’s Financing Prospects? 


The last thing that you want to discover when your company is in a bind is that a data breach that you had two years ago is impacting your ability to secure new financing at a rate that you can afford, but that’s exactly what has happened to many companies in the last few years.

In a recent study by the American Accounting Association, “Do Banks Price Firms’ Data Breaches?” it’s easy to see that a data breach can be a huge blot on a company’s financing prospects from banks and other lenders. Companies that experience a breach pay higher interest rates, face a 22% higher loan spread and a 40-basis-point increase as well as negative impacts on their collateral requirements and loan covenants.

The best way to stay out of that group is to take every possible security measure that you can to keep your systems and data safe. The most effective one for you to adopt immediately is secure identity and access management using a smart, affordable solution like Passly. Just by adding Multifactor Authentication (MFA), you’ll stay safe from 99.9% of password-based cybercrime. Plus, Passly gives you so many additional security boosters it’s like getting three solutions for the price of one.

Waiting until you’ve had a security disaster isn’t a good way to save money. Make a small investment in secure identity and access management now to ensure that you’re taking sensible precautions to protect your organization’s financial future.


ID Agent Partners: Feel free to re-use this blog post (in part or in its entirety) for your own social media and marketing efforts. Please send an email to pr@kaseya.com to let us know – we love to hear about how our content works for you!


let us help secure you against passwords reuse with contact information and the ID Agent logo on grey.

Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!

LEARN MORE>>


See our innovative, cost-effective digital risk protection solutions in action.

WATCH DEMO VIDEOS>>


Contact us for an expert analysis of your company’s security needs and a report on your Dark Web exposure!

SCHEDULE IT NOW>>



We’d love to hear your story of security success with ID Agent. Contact our marketing/pr team to set up a meeting with our staff to tell the world about your experiences in our next case study! To learn more about how the ID Agent Digital Risk Protection Platform can secure your prosperity, book a personalized demo today.