The Week in Breach News: 09/18/24 – 09/24/24
This week: Bad actors double-dip for data at Dell; cybercriminals brazenly try to fool Aramark employees with a fake payroll portal; and explore our stories of cybersecurity success.
Read this week’s feature story: 10 Keys to Rapid Incident Response.
What challenges will IT pros face in the second half of 2024? Find out in the Mid-Year Cyber Risk Report. GET IT>>
David’s Bridal
https://www.jdsupra.com/legalnews/david-s-bridal-data-breach-leaks-an-4083510/
Exploit: Hacking
Industry: Retailer
Leading wedding dress retailer David’s Bridal has notified customers that their data may have been exposed in a January 2024 incident. The company reported to the Attorney General of Maine that they detected unusual activity on January 21, 2024, prompting them to secure their system, launch an investigation and notify federal law enforcement. The investigation revealed that on January 20, certain files containing confidential consumer data, including names and Social Security numbers, were accessed without authorization. David’s Bridal sent out data breach letters to anyone who was affected by this data security incident.
How It Could Affect Your Customers’ Business: Retailers are excellent sources of data for bad actors because they often have both financial and personal data.
Kaseya to the Rescue: Learn to mitigate a company’s risk of damage from often email-based cyberattacks like ransomware in A Comprehensive Guide to Email-based Cyberattacks. GET THE GUIDE>>
Access Sports Medicine & Orthopaedics
Exploit: Hacking
Industry: Healthcare
New Hampshire-based Access Sports Medicine & Orthopaedics reported a data breach involving personal health information. The healthcare provider admitted that unauthorized actors accessed patient PHI and PII including names, birthdates, medical data, Social Security numbers, health insurance and limited financial details. Impacted individuals were notified by mail after the breach was discovered in July 2024.
How It Could Affect Your Customers’ Business: A data breach can negatively impact a medical clinic’s reputation just as much as it would negatively impact any other type of business.
Kaseya to the Rescue: Learn about the factors that have shaped cybersecurity in 2024 and be ready for what’s next with the knowledge you’ll gain from our Midyear Cyber-risk Report 2024. GET REPORT>>
Mt. Carmel Behavioral Healthcare
https://www.jdsupra.com/legalnews/mt-carmel-behavioral-healthcare-3197242
Exploit: Hacking
Industry: Healthcare
Mt. Carmel Behavioral Healthcare (MCBH) reported a data breach after an unauthorized party accessed an employee email account on June 12, 2024. The breach exposed sensitive consumer information, including names, Social Security numbers, birth dates, addresses and medical and health insurance details. MCBH secured the account, launched an investigation and notified affected individuals by mail between August 9 and August 30, 2024.
How It Could Affect Your Customers’ Business: Service providers who handle mental health need to be extra cautious about data security due to the sensitive nature of the data they hold.
Kaseya to the Rescue: Learn more about the types of data that bad actors sell on the dark web and how they profit from it in The IT Professional’s Guide to Dark Web Defense. DOWNLOAD IT>>
Is building an in-house SOC a smart move? Our whitepaper breaks down the costs. READ IT>>
Aramark
https://www.jdsupra.com/legalnews/aramark-provides-notice-of-mypay-data-9603792
Exploit: Phishing
Industry: Hospitality
Aramark, a top food service and facilities services provider, has disclosed that it has experienced a data breach. Aramark discovered that an unauthorized party created a fake website to steal employee login credentials and access the myPay site. The attacker aimed to change direct deposit details but also accessed other personal information, including names, addresses, Social Security numbers, and direct deposit details.
How It Could Affect Your Customers’ Business: Training employees to resist phishing is critical for preventing cyberattacks like credential compromise and BEC.
Kaseya to the Rescue: Our infographic walks you through exactly how security awareness training prevents phishing from hooking unsuspecting employees. DOWNLOAD IT>>
Fireworks Software
https://www.jdsupra.com/legalnews/fireworks-software-notifies-27k-5089264
Exploit: Hacking
Industry: Technology
On September 17, 2024, Fireworks Software reported a data breach after discovering unauthorized access to its network, affecting sensitive data from Rowan College at Burlington County. The breach occurred between June 23 and June 26, 2024. After securing its systems and investigating, Fireworks Software notified impacted individuals. The data breach letter that was uploaded to the Maine Attorney General’s site did not mention what type of information was compromised.
How it Could Affect Your Customers’ Business: Slipping in through a service provider or third party can be an easy way for bad actors to snatch data without attacking an organization.
Kaseya to the Rescue: Are you taking advantage of the amazing benefits you get when you combine RocketCyber Managed SOC and Datto EDR? This product brief outlines them all! DOWNLOAD IT>>
Dell Technologies
https://hackread.com/dell-hit-by-second-security-breach-in-week/
Exploit: Hacking
Industry: Technology
Cybercriminals claim that Dell Technologies has experienced two related data breaches. One breach exposed over 10,000 employee records. Hackers claim to have obtained records that include an employee’s full name, ID number, active status, and internal employee ID information. The same hacker behind the original breach claims to have gone back for round two, this time snatching up data related to Jira files, database tables, and schema migrations, amounting to 3.5 GB of uncompressed data. The hackers claim to have gained access by compromising Dell’s Atlassian software suite.
How it Could Affect Your Customers’ Business: Multiple data breaches within a short window of time aren’t a good look for any company.
Kaseya to the Rescue: Learn about five ways that businesses may be in danger of trouble from the dark web in an infographic that’s also perfect for sharing on social media! DOWNLOAD IT>>
Learn to defend against today’s sophisticated email-based cyberattacks DOWNLOAD EBOOK>>
UK – Compass Group
Exploit: Ransomware
Industry: Hospitality
Foodservice giant Compass Group confirmed a ransomware attack on its Compass Group Australia subsidiary. The Medusa gang claims to have stolen 785.5 GB of data. Medusa is demanding $2 million to delete or sell the data and has shared stolen documents. The documents may contain employee information including employee wage declarations, passports, driver’s licenses, and other internal files. The gang has threatened to publish the data in eight days if the ransom is not paid.
How it Could Affect Your Customers’ Business: Cybercriminals aren’t just looking for consumer data, they can profit off of employee data and company proprietary data too.
Kaseya to the Rescue: Run more effective security awareness and phishing resistance campaigns with this infographic featuring 10 expert tips to maximize your training programs. DOWNLOAD IT>>
See the keys to selecting a Managed SOC to find the perfect one for your clients & your MSP. GET CHECKLIST>>
Australia – Total Tools
https://www.cyberdaily.au/security/11135-38-000-total-tools-shoppers-compromised-in-data-leak
Exploit: Ransomware
Industry: Retailer
Total Tools has disclosed that it has experienced a data breach. Initial investigations by a third-party cyber forensics team suggest that the data of 38,000 customers was compromised. Data reportedly includes customers’ names, log-on details, email addresses and credit card information. The company said that its investigation into the nature and size of the incident is still ongoing. Total Tools said that it has also informed the Australian Cyber Security Centre and Office of the Australian Information Commissioner.
How it Could Affect Your Customers’ Business: Australian companies have had a particularly rough time with hackers in the past year.
Kaseya to the Rescue: A bewildering array of acronyms are used for cybersecurity technologies. This infographic breaks down six of them. DOWNLOAD IT>>
Find out about five of today’s biggest dark web threats to businesses in this infographic. DOWNLOAD IT>>
Don’t miss the upcoming ID Agent & Graphus Product Innovation webinar
Ready for a look at what’s next for ID Agent and Graphus? Join our Product Innovation session on October 9, 2024, at 10 AM ET / 7 AM PT to learn about the plans we have for our solutions in Q4.
- Hear from the product managers of BullPhish ID, Dark Web ID and Graphus.
- Discover new time-saving integrations, automation and reporting features.
- See key features in action.
Learn more about growing supply chain risk for businesses and how to mitigate it in a fresh eBook. DOWNLOAD IT>>
Read true stories of the benefits of RocketCyber MDR
Managed detection and response (MDR) is a cybersecurity game-changer! In these RocketCyber case studies, MSPs and SMB IT professionals share how they overcame cybersecurity challenges with RocketCyber MDR.
How RocketCyber Stopped Akira Ransomware for ITPartners+– Learn how RocketCyber’s MDR service stopped an Akira ransomware attack for ITPartners+ during a crucial holiday weekend. READ IT>>
Crystal Mountain – After big hits in the hospitality sector, Crystal Mountain looked for ways to bolster its cyber resilience. READ IT>>
3545 Consulting – An MSP faced unique cybersecurity challenges due to its clients in sectors with complex compliance requirements. READ IT>>
Did you miss…The checklist 10 Tips for Successful Employee Security Awareness Training? DOWNLOAD IT>>
See why choosing a smarter SOC is a smart business decision. DOWNLOAD AN EBOOK>>
Don’t forget to register for Kaseya DattoCon Miami – the event is in just a few weeks!
October 28 – 30,2024 | Fontainebleau, Miami Beach, FL
Are you ready for Kaseya DattoCon in Miami? This exciting event will enhance your security knowledge and provide valuable technical insights from industry experts. Connect with your peers and meet the industry’s movers and shakers. You’ll leave with actionable business strategies to implement immediately upon returning to the office. Attend DattoCon Miami to:
- Gain insights into industry trends from Kaseya CEO Fred Voccola, industry experts and special guests.
- Connect with peers and experts in outstanding sessions on IT business, cybersecurity, automation, sales, and marketing.
- Become a Kaseya Certified Administrator by the end of the conference.
- Celebrate at the DattoCon Awards, honoring excellence and innovation in IT.
Plus, we have an incredible announcement that you won’t want to miss. REGISTER NOW>>
October 17: Kaseya+Datto Connect Local Washington D.C. REGISTER NOW>>
October 28 – 30: Kaseya DattoCon (Miami) REGISTER NOW>>
November 12 – 14: Kaseya DattoCon APAC (Sydney) REGISTER NOW>>
Explore how AI technology helps businesses mount a strong defense against phishing GET INFOGRAPHIC>>
Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.
Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!