Please fill in the form below to subscribe to our blog

The Week in Breach News: 09/22/21 – 09/28/21

September 29, 2021

It’s Double Trouble Week! Ransomware gangs double-dip in agriculture, optometry, customer service and real estate plus why data breach risk is on the rise again and what you can do to protect your clients fast.

90% of MSPs have had clients hit with a ransomware attack in the last 12 months. Help your clients build stronger defenses with the insight in Ransomware Exposed! DOWNLOAD NOW>>

New Cooperative & Crystal Valley Cooperative

Exploit: Ransomware

New Cooperative & Crystal Valley Cooperative: Agricultural Services  

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.337 = Extreme

Twin breaches in agriculture have the potential to cause significant disruptions in the US food supply chain. Iowa-based farm service provider New Cooperative was the first ag company hit with a ransomware attack early last week, causing the company to shut down its IT systems. As part of its announcement, the company stated that there would be “public disruption” to the grain, pork and chicken supply chain if its operations are not restored quickly. New ransomware group BlackMatter claimed responsibility, releasing proof on their dark web leak site, saying that they have 1,000GB of data. BlackMatter is demanding a $5.9 million ransom. Minnesota-based farm supply and grain marketing cooperative Crystal Valley was the next hit by a ransomware attack a few days later. The company announced that all of its corporate IT systems were shut down and they were unable to process credit card payments. It also noted that this is a very bad time for cyberattacks in the industry as it is harvest season. No group has yet claimed responsibility for this incident.

Individual Impact: No personal, financial or sensitive data loss was disclosed in this breach as of press time.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business: As we learned throughout the pandemic, cybercriminals are aware of when it’s the worst possible time for them to strike and they’ll use that as leverage in their attacks.

ID Agent to the Rescue: Two in five ransomware victims in 2020 were SMBs. No business is safe from this menace. Help your clients mount a strong defense with the insight gained in Ransomware Exposed. GET THIS EBOOK>>

Simon Eye & US Vision 

Exploit: Hacking

Simon Eye & US Vision: Optometry Clinic Operators

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.606=Severe

A pair of breaches in the optometry world by Simon Eye and US Vision has exposed the personal and health information of tens of thousands of US patients. Delaware-based Simon Eye Management, a chain of clinics that provide eye exams, eyeglasses and surgical evaluations, reported a hacking incident to the US Department of Health and Human Services (HHS) affecting more than 144,000 individuals. This incident also included an aborted business email compromise attempt. In their HIPAA filing, the breach involved an unauthorized third party accessing certain employee email accounts in May 2021 as cybercriminals attempted to pull off wire transfer and invoice manipulation attacks against the company. New Jersey-based USV Optical Inc., a division of US Vision, has also reported a breach to HHS caused by hacking. The company says the incident involved unauthorized access to certain servers and systems between April 20 and May 17, 2021. 

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.667= Severe

A total of 320,000 US residents may be impacted by these breach incidents. Simon Eye’s disclosure detailed patient information that had potentially been compromised by the incident including patient names, medical histories, treatment or diagnosis information, health information, health insurance information and some Social Security numbers, date of birth and/or financial account information. US Vision disclosed that patient Information potentially compromised in the incident includes patient names, addresses, date of birth and eye care insurance information.

Customers Impacted: 320,000

How It Could Affect Your Customers’ Business When companies fail to keep highly sensitive data like this safe, they take a direct hit to the wallet since it costs them a fortune in HIPAA fines once regulators get finished with them.

ID Agent to the Rescue: Building cyber resilience helps insulate organizations from trouble. Learn more about why cyber resilience is the ticket to a safer future for your clients. GET THIS EBOOK>> 

Marcus & Millichap 

Exploit: Ransomware

Marcus & Millichap: Real Estate Firm 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.636 = Severe

Real estate giant Marcus & Millichap has suffered a ransomware attack. Suspected to be the work of the BlackMatter ransomware gang, the firm disclosed in an SEC filing that it had seen no evidence of a data breach, although Black Matter did post some authentic-looking sample files with its ransomware demand on its dark web leak site. The incident is under investigation. (The second breach in this pair is in the South America section.)

Individual Impact: No personal, financial or sensitive data loss was disclosed in this breach as of press time.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business Booming dark web data markets mean that cybercriminals are hungry for all kinds of data, especially customer records and financial information.

ID Agent to the Rescue:  See how to transform employees into security assets to become the real secret weapon that successful organizations deploy to fight cybercrime! WATCH NOW>>

Our partners typically realize ROI in 30 days or less. See why nearly 4,000 MSPs in 30 countries choose to grow with ID AGENT solutions and support. BECOME A PARTNER>>

Colombia – Coninsa Ramon H

Exploit: Misconfiguration

Coninsa Ramon H: Real Estate Firm

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.713 = Severe

A database owned by Colombian real estate firm Coninsa Ramon H has leaked data. More than one terabyte of data containing 5.5 million files was left exposed, leaking the personal information of over 100,000 customers of a Colombian real estate firm data exposure is the result of a misconfigured Amazon Web Services (AWS) Simple Storage Service (S3) bucket.   

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.605 = Severe

The data in the exposed bucket includes internal documents like invoices, proof of income documents, quotes and account statements dating between 2014 and 2021. The customer PII leaked may include names, phone numbers, email addresses, residential addresses, amounts paid for estates and asset values. The bucket may also contain a database backup that includes additional information such as profile pictures, usernames and hashed passwords. 

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business exposed databases are a cybersecurity incident that companies don’t need to face if everyone is on the same page about the importance of security.

ID Agent to the Rescue: Gamify cybersecurity and information safety to make it interesting. Our Security Awareness Champion’s Guide helps explain complex risks in a fun way! DOWNLOAD IT>>

Outrun the hazards that business relationships bring to your door with our eBook Breaking Up with Third-Party & Supply Chain Risk. READ IT>>

Italy – Covisian

Exploit: Ransomware

Covisian: Call Center Operator 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.661=Severe

GSS, the Spanish language division of call center giant Covisian, has informed customers that it has been subjected to a ransomware attack. The attack locked down the company’s IT systems, crippling its Spanish-language call centers. Customer service for organizations including Vodafone Spain, the Masmovil ISP, Madrid’s water supply company, television stations and many private businesses was impacted. (The second in this pair of breaches is in the Middle East section)  

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business This is a good illustration of today’s third-party/supply perils. One ransomware attack on a company like this can ripple out to impact many businesses.

ID Agent to the Rescue Are your clients protected from the hazards of third-party and supply chain risk? Our eBook Breaking Up with Third-Party & Supply Chain Risk helps you make sure you have the bases covered. GET THE BOOK>>

Use this checklist to be sure that you’ve found and mitigated every cyberattack risk that your client faces! DOWNLOAD IT>>

Israel – Voicecenter

Exploit: Ransomware

Voicecenter: Call Center Operator

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.699 = Severe

A ransomware attack against the Israeli call center service company Voicenter earlier this week is suspected to be the work of the Deus ransomware outfit who has claimed responsibility for the hack. The gang Deus claimed it would release 15 TB of data concerning 8,000 companies that work with Voicenter including Mobileye, Partner, Gett and My Heritage, among others. The data that the attackers have posted on their dark web leak site includes samples of security camera and webcam footage, ID card information, photos, WhatsApp messages, emails and recordings of phone calls. Interestingly, Deus also provided a photo of its ransom message with a demand for 15 bitcoin within 12 hours of the notification on September 19, with 10 bitcoin added every 12 hours after that deadline. After a brief disruption in services, most Voicenter functions have been restored.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business service providers are goldmines for cybercriminals because they provide a wealth of data that can be used and sold for high profit.

ID Agent to the Rescue Over 80% of organizations felt the sting of cybercrime in 2020. See what cybercriminals are shopping for to better predict what will happen next in The Global Year in Breach 2021. READ IT>>

remote workers pose a cryptocurrency risk

Solve five of the most exhausting remote and hybrid security problems fast with this handy infographic! DOWNLOAD IT>>

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

Learn to defend castles from cybercriminal invaders in our How to Build Your Cybersecurity Fortress webinar! WATCH NOW>>

Go Inside the Ink to Get the Inside Scoop on Cybercrime

Are you up to date on the latest news that can impact your business and your customers? Here’s a recap:

Kaseya Patch Tuesday: Patch notes & bug fixes for September 2021 are up: SEE PATCH INFO>> 

Resource Spotlight: Fall Into Profit with Sales-Building Tips & Strategies

The Ultimate MSP Sales Process Blueprint: Automation for the Win

  • Learn how to leverage the latest tools and wow clients with them
  • See what you can do to expand your client base quickly and easily
  • Discover why security automation is the prescription for big profit

4 Essential Elements for a Dominant, Security-Focused MSP

  • Learn to harness the power of four essential elements for MSP success: Great Tech Stack, Culture, People, Processes
  • Find out what to do right now to juice up your revenue
  • See why your business structure is more important than you think

Nano Session: Sell & Deliver Security Awareness Training

  • Discover why security awareness training is a winning profit center
  • See how customization will impress customers and prospects
  • Learn how to grab this expansion opportunity in just 15 minutes

Did You Miss…? Find security risks that you may have missed with our Cybersecurity Risk Protection Checklist! DOWNLOAD IT>>

Protection from cybercrime danger is easy when you deploy your secret weapon: security-savvy employees! WATCH WEBINAR>>

should you diclose a data breach represented by the words "hacking detected" in red on a blue and white touchscreen

Data Feeding Frenzy Drives Breach Risk Up Sharply

Get Tips to Protect Your Clients From Trouble


As cybercrime rates rise, the market for the tools of the cybercrime trade is heating up. The biggest thing that cybercriminals are looking for to enable their next volley of attacks isn’t undetectable new malware or a genius hacker. It’s data. Consumer, business, financial, medical, user records – it doesn’t really matter, they’ll take data from every imaginable source and clamber for more. That’s one reason why dark web data markets are booming. While that’s great news for cybercriminals, it’s terrible news for organizations that need to protect business and consumer data from their sticky fingers. 

dark web economy represented by the words dark web in white on a black background blurred like a faint tv transmission

Are you ready to take back control of cyberattack risk from the villains on the dark web? This webinar shows you where to start. WATCH NOW>>

Data Breach Risk (and Cost) is Up Across the Board

No company can ever afford a data breach, yet far too many are having to grapple with that reality. There were 1,767 publicly reported breaches in the first six months of 2021, which exposed a total of 18.8 billion records. Data breach risk is high for companies in every sector no matter what their size and that number just keeps on climbing. Those breaches ran the gamut from small companies to huge conglomerates. If a company stores data, it is at risk for a breach, no matter where they store it. Cloud data storage has become common and is generally safe, yet an estimated 36% of organizations surveyed in a recent report on cloud data security said that they have suffered a serious data security incident like a cloud data breach in the past 12 months.   

Now, that risk is ratcheting up as cybercrime booms and cybercriminals hunt for the data that they need to fuel attacks, and IT professionals aren’t unaware of the danger.  A recent survey shows that IT professionals and business leaders understand that the possibility of a data breach seriously impacting their organization isn’t farfetched. The overwhelming majority of survey respondents, more than 85% of business leaders and II professionals surveyed worldwide agreed that they foresee an intrusion leading to a data breach in their organization’s future, and they expect that event to occur within the next 12 months. That includes 69% of Australian organizations who report they are likely to experience a data breach that impacts customer data in the next 12 months.    

That data breach will be more expensive than ever before according to the IBM/Ponemon Institute Cost of a Data Breach Report 2021. The recently released report contained a few surprises this year, but one major conclusion wasn’t a surprise to IT professionals: the cost of a data breach climbs every year. In the 2021 report, researchers noted that the average total cost of a data breach increased by nearly 10% over 2020’s numbers to $4.24 million, the highest ever recorded in the 17-year history of the survey. The era of remote work has ratcheted up all sorts of business expenses and risks, and that’s been consistent for data breach costs as well. The study showed that costs were even higher when remote working was presumed to be a factor in causing the breach, increasing to $4.96 million. 

Zero Trust security is the key to keeping your clients safe – and the cornerstone is access management. We can help. LEARN MORE>>

 But Why Exactly is Data Breach Risk Rising?

There are a variety of reasons why data breach risk is rising for companies, but three main contenders top the list as the main culprits of this rising tide of danger. 

A Booming Dark Web Economy 

In 2020, Constella Intelligence’s identity theft threat intelligence team detected over 8,500 breaches and leakages circulating in dark markets and underground forums, representing nearly 12 billion records.  Researchers determined that there was a large spike in the price of sensitive personal records sold on the dark web in 2020, with the prices of identity documents like driver’s licenses, passports and ID cards increasing significantly from previous years. That trend has held steady in 2021. The prices of all sorts of PII trafficked on the dark web exploded in 2020, including passports (+1,185%), driver’s licenses (+328%) and ID cards (+642%), possibly due to increased demand for false identification records during the pandemic. 

Personally identifying information (PII) has historically been a top seller in dark web data markets, and that holds true this year as well. PII is the second most sought-after type of data by cybercriminals conducting data breach operations according to the Verizon/Ponemon Institute Data Breach Investigations Report 2021 (credentials held steady as the most sought-after type of data in dark web markets). That matches up with other expert analyses on data exposure. Nearly 60% of the data breaches analyzed in the identity theft report exposed some form of PII, and 72% of these breaches included passwords

More Multi-Party Breaches 

Third-party and supply chain risk has been steadily climbing for the last few years, another trend that shows no sign of slowing down. Cybercriminals know that if they gain access to customer records and other data at a business that is a service provider for other businesses or government agencies, that can get them at foot in the door at organizations on their victim’s client list. An uptick in the number and severity of multi-party breaches is an example of why business data is so valuable to bad actors and the damage that they can do with just one company’s client records.  Almost 900 multi-party data breach incidents, also referred to as ripple events, have been tallied by data breach researchers since 2008. While that doesn’t sound like it’s a frequent event that would be present much of a problem for businesses over such a long time span, that’s definitely not the case.  

Unlike a regular data breach, a multi-party data breach has a nasty ripple effect that can catch other businesses in its wake months or even years later. In a recent Cyentia Institute study, researchers reported that on average, it takes 379 days for a typical ripple event to impact 75% of its downstream victims. That’s an extremely long time for a company to wait to discover whether or not they’re in trouble when another company that they do business with has had a breach. Multi-party breaches like this are also extremely expensive, dwarfing the already high costs of an average data breach. In fact, they make a run-of-the-mill data breach look like a bargain in comparison. Ultimately the researchers determined that a median ripple data breach event caused an estimated 10x the financial damage of a traditional single-party breach -and the worst of the multi-party data breach events that they studied caused an astonishing 26x the financial damage of the worst single-party breach in the study. 

security awareness training cuts costs represented by a bright blue-white digitized dollar bill on a red, white and navy background of computer code

Dive into a stream of new revenue with The Tools and Techniques for MSPs to Close More New Clients. WATCH NOW>>

Huge Data Leaks Prime the Pump for More 

The fact that there are simply more data breaches these days means that there is a larger chance for massive data breaches to occur, adding an abundance of records to the dark web, ripe for cybercriminal picking. Every data breach that exposed PII, credentials and similar information can help cybercriminals pull off a future cyberattack that can then cause another data breach. It’s a vicious cycle, especially as the world becomes even more interconnected. Every huge exposure opens up new visits of opportunity for cybercriminals and new avenues of risk for businesses. Approximately 22 billion new records landed in dark web data markets and dumps in 2020, providing further fuel for cybercrime. 

Credentials and PII are constantly being exposed in major breaches in 2021 as well, jacking up risk dramatically each time a new one breaks. Staring in February 2021 with the COMB aka the Compilation of Many Breaches, a flood of PII and credentials cascaded into the dark web. The COMB contained data that was a goldmine for bad actors including 3.2 billion email-and-password pairs  In June 2021, a 100GB text file dubbed RockYou2021 was leaked by an anonymous user on a popular hacker forum. This new cache of data is estimated to contain 8.4 billion passwords. Researchers estimate that the RockYou2021 compilation includes the passwords of the complete global online population almost two times over. Just one month later in July 2021, the data of 700M LinkedIn users including PII and passwords was exposed and made its way to a popular dark web forum. That number is more than 92% of LinkedIn’s estimated total of 756M users.  

Which industries saw the most phishing last year? These 5 did in a year of record-setting threat growth. See how to protect your business.

See how to fix staffing problems, fill security gaps and make more money fast with security automation. LEARN MORE>>

What Are Cybercriminals Looking For?

Cybercriminals are constantly on the hunt for fresh data. While they’ll snatch up pretty much anything, they do have a few preferences for different types of data. The desirability of data from different industries waxes and wanes based on many factors like scarcity, usability, relevance and quality. 2020 was very much the year that everyone wanted healthcare data, with myriad breaches and cyberattacks hitting every cog on the healthcare supply chain from hospitals to research institutions to trucking companies moving COVID-19 vaccines to market.  

That trend has continued into 2021. As expected, the healthcare industry continues to be firmly in the sights of threat actors, reporting more data breaches than any other industry sector already this year. The healthcare sector has been at the top of the most targeted industry list since at least 2017 and it was the undisputed champion of data breaches in 2020. So far in the first 6 months of 2021, 238 healthcare data breaches were reported with finance & insurance the next most attacked sector with 194 reported incidents, followed by information with 180 data breaches. 

us government hack by suspected russsian cybercriminals represented by a hacker in a hoodie in silhouette against a russioan flag created in binary code

Go inside the world of hackers and see how it really works with these true tales of cybercrime undercover operations! WATCH NOW>>

How Can I Help My Clients? 

The ID Agent digital risk protection platform offers every organization help in dealing with these problems, as these businesses discovered. Our solutions address operational issues as well as constantly rising cybercrime risk, enabling companies to get twice as much value out of security expenditures. That value doesn’t just stop at the point of purchase – we’re constantly innovating to keep you a step ahead of cybercriminals while improving your IT team’s quality of life.  

Passly includes an array of identity and access management tools cited by experts as key security moves that add immediate protection with robust functionality. Essentials like multifactor authentication and single sign-on make remote management and access control easy, and Automated password resets will make your IT team happy.

Dark Web ID features 24/7/365 always-on monitoring that alerts businesses when their credentials appear on the dark web. This reduces credential compromise risk from phising and malicious insiders. Automated alerts and reporting mean that your team doesn’t need to spend time staring at a dashboard or pulling reports.  

BullPhish ID improves your staff’s security awareness on topics like phishing, compliance, password safety, security hygiene and more. Choose from our plug-and-play complete training modules and phishing simulations or customize the content to reflect the unique industry risks that employees face daily.  

See them in action in these short demonstration videos:  

The ID Agent digital risk protection platform has the strong solutions that every business needs to protect their systems and data from today’s biggest threats. Contact our solutions experts today to learn how your business can benefit and receive a free, personalized demonstration. 

Get the cheat codes to defeat cybercrime in our eBook The Security Awareness Champions Guide GET IT NOW>>

JUST ANNOUNCED: “Parks and Rec” Actor Nick Offerman is coming to Connect IT Global!

We have exciting news to share! Have you ever wanted to have a scotch with Ron Swanson? Who doesn’t? That’s why we’re thrilled to bring you the next best thing!

The legendary Nick Offerman, of Parks and Rec fame, will be kicking off Day 2 of our Connect IT Global with an act sure to leave you in stitches. Will he BBQ on stage? Will he whittle us a canoe out of a majestic piece of redwood? Who knows, but you have to be there to experience it!

We anticipate a sellout crowd and we want you to be in it! If you want your chance to see this legend in person

Choose from three ticket options:

  • In-person tickets + training – $850
  • Virtual tickets + training – $299
  • Virtual ticket – $99


cyberpunk 2077 malware represented by a futuristic looking cityscape featuring many neon signs at night

Want to Borrow Our Sales and Marketing Teams? OK!

Get expert sales and marketing help to power up your MSP in a flash with Powered Services Pro. LEARN MORE>>

Oct 05: Connect IT Local: San Francisco REGISTER NOW>>

Oct 06-07: CompTIA EMEA Member and Partner Conference REGISTER NOW>>

Oct 07: Connect IT Local: Seattle REGISTER NOW>>

Oct 13: DattoCon NOW REGISTER NOW>>

Oct 19-22: Connect IT in Las Vegas! REGISTER NOW>>

Oct 21-22 Robin Robins Roadshow: Newark REGISTER NOW>>

Oct 27-28: ASCII Success Summit: Orlando REGISTER NOW>>

Oct 28-29: Robin Robins Road Show: Chicago REGISTER NOW>>

Nov 02-03:Robin Robins Road Show: Las Vegas REGISTER NOW>>

Nov 02-03: ASCII Success Summit: Washington DC REGISTER NOW>>

Dec 07: Connect IT Local: Atlanta REGISTER NOW>>

Dec 08-09: ASCII Success Summit: Anaheim REGISTER NOW>>

Dec 09: Connect IT M&A Symposium: Miami REGISTER NOW>>

us government hack by suspected russsian cybercriminals represented by a hacker in a hoodie in silhouette against a russioan flag created in binary code

Go inside the world of hackers and see how it really works with these true tales of cybercrime undercover operations! WATCH NOW>>

Is Your Data on a Cybercriminal’s Shopping List?

Data breach risk is rising around the globe, and no industry is safe from cybercriminals hunting for the next big score. More than 85% of IT professionals polled in a recent survey said that they believe that their organization will experience an intrusion leading to a data breach in the next 12 months. That probably leaves you wondering what’s causing them to believe that and what you can do to stay safe from a data breach disaster? 

Booming dark web data markets are one reason why IT professionals expect that their organization may be in cybercriminal sights. The prices of all sorts of personally identifying information (PII) skyrocketed on the dark web in 2020 and they continue to remain high. Cybercriminals love PII because it provides fuel for other cybercrimes that they may be planning, like spear phishing and ransomware attacks.  

Huge quantities of credentials or email and password pairs also hit the dark web in 2020 and that trend also continues into 2021. These resources can make it easy for bad actors to undertake hacking, credential stuffing and business email compromise operations. Credentials are the data type that is the most sought-after by cybercriminals, followed by PII. 

Protect your business against data breach risk by reviewing your security plan and carefully considering adding stronger protection for any spots where you may be leaving your business vulnerable. Multi-factor authentication using a solution like Passly adds a huge boost of security overall for your business protecting you from 99% of password-based cybercrime in just one move. Adding defenses like that will go a long way to protecting your data from cybercriminals who are on the hunt.  

ID Agent Partners: Feel free to re-use this blog post (in part or in its entirety) for your own social media and marketing efforts. Please send an email to [email protected] to let us know – we love to hear about how our content works for you!

let us help secure you against passwords reuse with contact information and the ID Agent logo on grey.

Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!


Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>

See Graphus in action in an on-demand video demo WATCH NOW>>

Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!


We’d love to hear your story of security success with ID Agent. Contact our marketing/pr team to set up a meeting with our staff to tell the world about your experiences in our next case study! To learn more about how the ID Agent Digital Risk Protection Platform can secure your prosperity, book a personalized demo today.