Please fill in the form below to subscribe to our blog

The Week in Breach News: 09/14/22 – 09/20/22

September 21, 2022

This week take a look at the events that led to a big IRS data breach and trouble at Bell Canada, explore our case studies and read up on talking to clients about protecting their businesses from BEC.

Find the perfect training solution for your clients & your MSP with our MSP-focused buyer’s guide. DOWNLOAD IT>>

U.S. Internal Revenue Service (IRS)

Exploit: Human Error

U.S. Internal Revenue Service: Federal Government Agency

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.026 = Severe

The U.S. Internal Revenue Service on Friday acknowledged that thanks to an employee error, the agency accidentally published confidential information about 120,000 taxpayers on its website. The compromised data came from Form 990-T filings. This form is required for people with individual retirement accounts who earn certain types of business income within retirement plans. While the forms for individuals are supposed to be confidential, charities that generate certain types of income are also required to file Form 990-T, and those are intended to be public. An employee mistakenly uploaded private taxpayers’ data to the agency’s website along with the public charity data.

cybersecurity news represented by agauge showing severe risk

Risk to Individual: 2.406 = Severe

Exposed taxpayer data includes names, contact information, and financial information about IRA income The exposed data did not include Social Security numbers, full individual income information, detailed financial account data, or other information that could impact a taxpayer’s credit.

How It Could Affect Your Customers’ Business: Human error is the top cause of cybersecurity trouble, but training helps reduce the risk of a data disaster related to employee mistakes.

ID Agent to the Rescue: Lower your clients’ risk of an accidental or malicious insider incident with The Guide for Reducing Insider Risk. DOWNLOAD IT>>

U-Haul International

Exploit: Credential Compromise

U-Haul International: Moving & Storage Company

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.779 = Moderate

 U-Haul International disclosed a data breach related to its customer contract search tool. U-Haul says that attackers accessed some customers’ rental contracts between November 5, 2021, and April 5, 2022, after compromising two passwords. U-Haul’s email and customer-facing websites were not impacted.

cybersecurity news represented by a gauge indicating moderate risk

Risk to Individual: 2.626 = Moderate

Hackers gained access to customers’ names and driver’s license information, but U-Haul says that no credit card information was accessed or acquired during the incident.

How It Could Affect Your Customers’ Business: Cybercriminals have been concentrating their fire on suppliers and service providers, elevating risk for them.

ID Agent to the Rescue: See the biggest risks that businesses in different sectors face today and get a look at what your clients will be facing tomorrow in The Global Year in Breach 2022. DOWNLOAD IT>>

The North Face

Exploit: Credential Stuffing

The North Face: Clothing Brand 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.677 = Severe

California-based outdoor clothing company The North Face disclosed that it has had a data breach after a successful credential stuffing attack exposed the information of an estimated 200,00 customers. The company said that the attack on its website began in late July 2022 and was finally stopped in August 2022. Investigators determined that bad actors had accessed shoppers’ information shortly thereafter. 

cybersecurity news gauge indicating extreme risk

Risk to Individual: 1.636 = Severe

Exposed data includes a customer’s full name, purchase history, billing address, shipping address, telephone number, account creation date, gender and XPLR Pass reward records.

How It Could Affect Your Customers’ Business: Educational institutions have been high on cybercriminal priority lists, and the time pressure here made this attack an attractive prospect for the bad guys.

ID Agent to the Rescue:  Prevent password-related disasters by getting your clients on the zero-trust path using the 6 Tips for Implementing Zero Trust Security infographic. DOWNLOAD IT>>

Insider risk is up by 40%. Help your clients stay out of trouble with The Guide to Reducing Insider Risk GET IT>>

Bell Technical Solutions (BTS)

Exploit: Ransomware 

Bell Technical Solutions: Telecommunications Services

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.712 = Moderate

The Hive ransomware group has claimed responsibility for a ransomware strike on Bell Technical Solutions (BTS), a subsidiary of Bell Canada. BTS provides installation services for the telecom. Hive just published a claim on its dark web leak site saying that it encrypted BTS systems almost a month ago. BTS’ website is currently inaccessible. Parent company Bell Canada published a cybersecurity alert following the incident on its own website

How it Could Affect Your Customers’ Business: Critical infrastructure targets like utilities have been squarely in cybercriminal sights as ransomware targets.

ID Agent to the Rescue:  Get a full picture of defending your clients from ransomware with the resources in our Deep Dive Into Ransomware resource bundle. GET THE BUNDLE>>

Learn to identify and mitigate fast-growing supply chain risk with this eBook. DOWNLOAD IT>>

Argentina – Buenos Aires Legislature

Exploit: Ransomware

Buenos Aires Legislature: Municipal Government Body

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.219 = Extreme

Legislators in Argentina’s capital Buenos Aires were left unable to access information systems or wifi in the legislature’s facility after a successful ransomware attack last week. The incident was discovered on September 11, 2022, and persisted into the week. Officials say they took measures to contain the attack immediately and they’re working quickly to restore all operations.  No ransomware group has claimed responsibility for this attack. 

How it Could Affect Your Customers’ Business: Government agencies have been popular ransomware targets over the last few years.

ID Agent to the Rescue: Are you offering the right training solution to help your clients avoid risks like this? Find out with the Security Awareness Training: Buyer’s Guide for MSPs DOWNLOAD IT>>

See five things that you can do to reduce nation-state cyber threat risk for your clients fast. GET CHECKLIST>>

France – Damart

Exploit: Ransomware

Damart: Clothing Retailer

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.863 = Severe

Clothing store Damart has been taken down by ransomware in an attack by the Hive cybercrime gang. The company, with more than 130 stores worldwide, has had a variety of systems encrypted and operations, including sales and customer service, have been disrupted since August 15. The threat actors haven’t posted the victim on their extortion site, but reports say that they’re demanding a $2 million ransom. Damart (through parent company Damartex) says that it has not negotiated with the cybercriminals and it has informed the French national police of the incident.

How it Could Affect Your Customers’ Business: This breach is bound to have expensive consequences for Damart once regulators get through with them

ID Agent to the Rescue: A strong security culture reduces the risk of an incident. Help your clients build one with The Building a Strong Security Culture ChecklistDOWNLOAD IT>>

United Kingdom – Eurocell

Exploit: Hacking

Eurocell: PVC Manufacturing

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.122 = Severe

Derbyshire-based PVC manufacturer and building products distributor Eurocell has begun informing former employees that their information may have been stolen in a data breach after bad actors obtained access to the company’s systems. An estimated 2000 current employees and an unknown number of former employees may have been affected.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 2.236 = Severe

Among the data compromised are employment terms and conditions, PII like names, dates of birth and next of kin, financial information including bank account, NI and tax reference numbers, right to work documents, health and wellbeing documents, learning and development records and disciplinary and grievance forms.  

How it Could Affect Your Customers’ Business: This kind of data is valuable and sought-after because bad actors can parlay it into easy money.

ID Agent to the Rescue: Sell clients on the benefits of security and compliance training with the bottom-line data in The Business Case for Security Awareness Training. DOWNLOAD IT>> 

See cybercrime trends & the results of thousands of phishing simulations in The Global Year in Breach 2022. DOWNLOAD IT>>

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident

See how today’s biggest threats may impact your MSP and your customers in our security blogs.

remote workers pose a cryptocurrency risk

Solve five of the most exhausting remote and hybrid security problems fast with this handy infographic! DOWNLOAD IT>>

Case Studies Show How ID Agent & Graphus Have Benefitted Businesses & MSPs

Have you read our newest case studies? These real stories of challenges that the features in our products solved for businesses and MSPs offer a look at how our solutions help businesses thrive.

Canisius High School used BullPhish ID to effortlessly run a much-needed security and phishing awareness training program with excellent results. READ THIS CASE STUDY>>

SouthStar Bank gained effective protection from a rising tide of phishing that quickly integrated with Microsoft 365. READ THIS CASE STUDY>>

MSP TechSage Solutions was able to take advantage of a business opportunity in a fresh market successfully with BullPhish ID. READ THIS CASE STUDY>>

Read more ID Agent Case studies.

Read more Graphus case studies.

3 Resources That Show the Power of Team-ups!

Clobber Phishing Risk with a BullPhish ID Dynamic Duo See how security awareness training paired with phishing simulations reduces cyber risk. WATCH IT>>

BullPhish ID & Graphus Product Update Explore the innovations that BullPhish ID and Graphus offered in Q3 2022. WATCH IT>>

Graphus-BullPhish ID: Better Together Download this explainer to learn more about the recent integration between BullPhish ID and Graphus. READ IT>>

Did you miss…? Security Awareness Training: Buyer’s Guide for MSPs DOWNLOAD IT>>

Go inside nation-state cybercrime to get the facts and learn to keep organizations safe from trouble! GET EBOOK>>

outbound email data breach risk represented by a blue background with lighter blue envelopes on it and one red envelope i a target circle

Explain Business Email Compromise Danger Easily with the Information in This New Guide

Business Email Compromise (BEC) is the cyberattack that could cost your customers the most. 64x more financially damaging and generally worse for a business than ransomware, BEC is a slippery foe to battle due to its chameleon nature. It can also be challenging to explain what BEC looks like and the real threat that it poses to your clients.  In the new Graphus eBook The Comprehensive Guide to Avoiding Business Email Compromise, we list some of the tools and techniques that cybercriminals use in a BEC operation as well as defining BEC and the common elements of a BEC scheme in simplified language that may help you get the message across a little bit more easily.  

Excerpted in part from The Comprehensive Guide to Avoiding Business Email Compromise DOWNLOAD IT>> 

How can I define BEC simply for my clients? 

To put it in simple terms, business email compromise (BEC) is a cyberattack that cybercriminals use to utilize seemingly legitimate (or freshly stolen) email accounts from one organization to trick employees of another business into giving them credentials, money, personal information, financial details, payments, credit card numbers or other sensitive data. More than 70% of companies experienced a BEC attack in 2021. 

The 2021 IC3 Internet Crime Report, makes it clear: BEC remains the reigning champion of risks, In the U.S., BEC schemes were the costliest cybercrimes reported to IC3 in 2020 and 2021, and that’s not expected to change in 2022. In fact, BEC rose substantially in 2021. In 2020, BEC clocked in at 19,369 complaints with an adjusted loss of approximately $1.8 billion. But for 2021 those loss numbers climbed significantly. The BEC category showed that complainants to IC3 suffered $2,395,953,296 in losses in 2021, a whopping 28% higher than 2020’s record total of $1,866,642,107, with 3% more total BEC complaints. 

Get tips from experts in our webinar MSP Cybersecurity Roundtable: How to Improve Your Incident Response Plan WATCH NOW>>

What tools and techniques are used in BEC attacks?  

While cybercriminals have a wide array of tools at their disposal when planning cyberattacks, the following tools and techniques are generally their go-to moves in a BEC attack:  

Social engineering  

Social engineering is a tactic used to compel people to do something even though it may appear to be against their best interests. The No. 1 type of social engineering cyberattack is phishing, the gateway to the majority of BEC attacks. Bad actors often rely on a few varieties of social engineering to prop up their schemes. Here are some examples of social engineering schemes:  

  • Presenting the bad actor as a trusted contact or representative of a legitimate organization by providing context cues that make their communications seem authentic. Spoofing and conversation hijacking are commonly used in this scenario.  
  • Scaring the victim by claiming that they or their company will experience a negative consequence if they don’t act on the demand made in the message immediately. A message from a utility threatening to cut off service is an example of this tactic.  
  • Convincing the victim that the bad actor is an executive or some other powerful person in the victim’s company to create a sense of urgency for the request, like claiming to be an executive who is out of town and needs the employee to send them money in an emergency situation.  
  • Masquerading as representatives of a charity or nonprofit that the target has a relationship with to obtain sensitive information or money. Criminals often harvest data like the target’s alma mater or political affiliation from social media to craft these lures.  
  • Imitating a government agency or legal body to scare victims into sending them money or financial data. A bad actor might pretend to be a representative of the U.S. Internal Revenue Service, promising legal repercussions if the target doesn’t pay a fake overdue tax bill immediately. 

Get 10 tips to help you build a strong security culture & reduce your risk of cybersecurity trouble! GET INFOGRAPHIC>>

Spear phishing  

Spear phishing is a form of phishing attack that uses very specific information to send sophisticated, malicious emails to individuals or organizations. It is a deliberate attempt by threat actors to steal sensitive information, such as account passwords or financial information, from a specific victim. Actors use social engineering techniques and often leverage social media activity to obtain personal information about the victim, such as their friends, birthplace, employer, frequently visited places and recent internet purchases, to foster authenticity in their lures by pretending to be somebody the target knows and trusts. This is a very common attack scenario that just under 70% of businesses endured in 2021.  


Spoofing is a technique attackers use to imitate people, companies and computers with the intent to trick people into giving up personal information to gain access to something valuable. This technique is a go-to for the bad guys. One-quarter of all branded emails companies receive are spoofed. Spoofing can apply to emails, phone calls and websites, or it can be more technical, such as IP, Address Resolution Protocol (ARP) or Domain Name System (DNS) spoofing. Often, spoofing is used during a cyberattack to disguise the source of attack traffic. Nearly 50% of BEC attacks spawn from the spoofing of someone’s identity in the display name of a bogus email message.  

Conversation hijacking  

Conversation hijacking is a type of phishing attack where threat actors insert themselves into a pre-existing email conversation. Typically, conversation hijacking is preceded by the bad actor gaining access to the victim’s email account. Sometimes, this technique is used by attackers who have gained access to an email account of someone the victim regularly converses with, like a colleague or a representative of another organization. Conversation hijacking relies on the victim’s false sense of security with emails that appear trustworthy because they draw upon a victim’s previous or ongoing correspondence. This type of BEC attack soared by an eye-popping 270% in 2021

Watch this webinar to learn how to make Dark Web ID your prospecting secret weapon! WATCH NOW>>

How can I protect my clients from trouble like BEC? 

Protecting your clients from BEC and other cyberattacks is critical is a tall order, but these award-winning security solutions can help you get the job done without breaking the bank. 

Security awareness and compliance training plus phishing simulation       

BullPhish ID is the ideal security and compliance awareness training solution for companies of any size.  This powerhouse is the channel leader in phishing simulations. 

  • An extensive library of security and compliance training videos in eight languages     
  • Plug-and-play or customizable phishing training campaign kits     
  • New videos arrive 4x per month and new phishing kits are added regularly        
  • Easy, automated training delivery through a personalized user portal         

In a report by Microsoft, analysts determined that when employees receive simulated phishing training, they’re 50% less likely to fall for phishing

You’ll love our latest integration between BullPhish ID and Graphus! If you’re already using BullPhish ID for security and compliance awareness training and phishing simulations, you’ll love our latest integration Advanced Phishing Simulations (Drop-A-Phish). This feature leverages the power of integration with Graphus to eliminate the need for domain whitelisting and ensure 100% campaign deliverability to end users when running phishing simulations. LEARN MORE>>   

Dark web monitoring         

Dark Web ID offers best-in-class dark web intelligence, reducing credential compromise risk.        

  • 24/7/365 monitoring using real-time, machine and analyst-validated data          
  • Fast alerts of compromises of business and personal credentials, including domains, IP addresses and email addresses        
  • Live dark web searches find compromised credentials in seconds     
  • Create clear and visually engaging risk reports        

Automated, AI-powered antiphishing email security    

Graphus AI-enabled, automated email security that catches 99.9% of sophisticated phishing threats and offers amazing benefits.     

  • Forget old-fashioned safe sender lists. Graphus analyzes the content of messages using more than 50 points of comparison to suss out fakes fast.       
  • Cloud-native security harnesses machine learning to inform AI using a patented algorithm.      
  • 3 layers of powerful protection at half the cost of competing solutions      
  • Don’t waste time on fussy configurations or adding threat reports. AI does that for you, getting everything up and running with just a few clicks and minimal maintenance.  

Make sure your clients have all the bases covered with the Computer Security To-Do Checklist! GET IT>>

Connect IT Local is coming to a city near you! Join us for our free Cybersecurity Series in Hartford, CT on October 4th for a half-day of informative sessions from Kaseya IT experts and industry leaders, lunch and a networking happy hour at the beautiful Society Room. REGISTER NOW>> 

September 21: 15-Minute Graphus Demo REGISTER NOW>>

September 28-30: SpiceWorld 2022 REGISTER NOW>>

October 6-7: ASCII MSP Success Summit 2022 – Dallas REGISTER NOW>>

October 13: Cybersecurity Summit in Scottsdale REGISTER NOW>>

October 25-26: Southwest US Summit REGISTER NOW>>

November 2-3: ChannelPro SMB Forum 2022: Los Angeles REGISTER NOW>>

December 6: Connect IT Local – Atlanta REGISTER NOW>>

December 8: Connect IT Local – Miami REGISTER NOW>>

dark web threats

Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>

Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.

ID Agent Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!

let us help secure you against passwords reuse with contact information and the ID Agent logo on grey.

Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!


Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>

See Graphus in action in an on-demand video demo WATCH NOW>>

Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!