Please fill in the form below to subscribe to our blog

The Week in Breach News: 11/15/23 – 11/21/23

November 22, 2023

This week: A strange twist in a ransomware attack on MeridianLink, a big healthcare data breach from a service provider, 13 new phishing simulation kits and a look at our newly released Kaseya Security Survey 2023 report.


See the challenges companies face & how they’re overcoming them in The Kaseya Security Survey Report 2023 DOWNLOAD IT>>

Stanley Steemer

Exploit: Hacking

Stanley Steemer: Cleaning Company

1.51 – 2.49 = Severe Risk

Risk to Business: 1.627 = Severe

Carpet cleaning company Stanley Steemer has filed a notice of data breach with the Maine Attorney General’s office. The company said that the attackers gained access to its systems in early February 2023, and it first noticed the intrusion in March 2023. Hackers may have obtained customer names, Social Security numbers, driver’s license numbers and financial account information, including credit and debit card information along with security codes and PIN codes. A total of 66,978 customers were impacted.

How It Could Affect Your Customers’ Business: Any company that holds data, especially customers’ financial data, needs to ensure that they’re protecting it strongly

Kaseya to the Rescue: Every company needs to be ready for trouble with an incident response plan in place to minimize downtime and speed up recovery. This checklist can help. DOWNLOAD CHECKLIST>>

Exploit: Ransomware

MeridianLink: Software Company 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.632 = Severe

Financial software provider MeridianLink is the star of one of this week’s weirdest cybercrime stories. The ALPHV/Black Cat ransomware group added MeridianLink to its leak site last week, and the company subsequently confirmed the attack. However, ALPHV/Black Cat took an extraordinary step in its quest to pressure the company into paying a ransom. The group announced on its dark web leak site that it had reported MeridianLink to the U.S. Securities and Exchange Commission (SEC) as being in violation of the SEC’s new reporting rules. To prove it, ALPHV/Black Cat posted a screenshot of the form it claimed to have sent to the SEC. However, those rules are not yet in effect. No ransom amount has been publicized.

How It Could Affect Your Customers’ Business: Cybercriminals sometimes choose to do dramatic things like they did here for publicity.

Kaseya to the Rescue:  An endpoint detection and response solution can help businesses stop the spread of a cyberattack fast. This checklist helps you find the right one. DOWNLOAD IT>>


Exploit: Hacking

Truepill: Pharmacy

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.403 = Extreme

 Mail order pharmacy Truepill has disclosed that it experienced a data breach that impacted an estimated 2.4 million people. The California-based company reported the data breach to federal regulators on October 30. In a breach notice, Truepill said that it had discovered that bad actors had gained access to a subset of files used for pharmacy management and fulfillment services for three days, from August 30 to September 1, 2023. Compromised files contained patient names, medication type, demographic information and/or prescribing physician names. Social Security numbers were not affected. Six Federal class-action lawsuits have been filed against the company in the last week.

How It Could Affect Your Customers’ Business: This data breach will be an expensive proposition for Truepill because it involves PHI.

Kaseya to the Rescue: This infographic shows you the benefits businesses gain by choosing a managed security operations center instead of building their own. DOWNLOAD IT>>

Perry Johnson & Associates (PJ&A)

Exploit: Hacking

Perry Johnson & Associates (PJ&A): Transcription Service

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.440 = Extreme

Major medical transcription service Perry Johnson & Associates (PJ&A) has experienced a data breach that has impacted an array of healthcare providers around the U.S. including massive health systems Cook County Health in Illinois and Northwell Health in New York. The unauthorized party may have obtained protected health information, including names, dates of birth, medical record numbers, hospital account numbers, admission diagnoses, addresses, and dates of service. The breach also included Social Security numbers, insurance information, and clinical information from medical transcription files, such as medication information and test results. 

How It Could Affect Your Customers’ Business: Every company that handles PHI in any capacity needs to make sure it is secured to avoid big fines.

Kaseya to the Rescue:  This checklist of 10 things to look for when buying an EDR solution helps narrow the field. GET CHECKLIST>>

The City of Long Beach, California

Exploit: Ransomware

The City of Long Beach, California: Municipal Government

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.673 = Severe

The city government of Long Beach, California has declared a state of emergency after a ransomware attack knocked government services offline. The November 14 attack has impacted many city systems including payment processing, public services, city call centers and the central website of the city administration. These systems are expected to remain offline for several days as the investigation is being carried out. Public safety and emergency systems have remained unaffected.

How it Could Affect Your Customers’ Business: Municipal governments and state government agencies have been prime targets for cyberattacks.

Kaseya to the Rescue:  Ransomware is a major threat to all organizations, not just businesses. Learn more about ransomware and get tips to mitigate risk in Ransomware 101. DOWNLOAD IT>> 

Find out how Datto EDR helps with Health Insurance Portability and Accountability Act (HIPAA) compliance. GET INFO>>

United Kingdom – The British Library

Exploit: Ransomware

The British Library – Library

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.891 = Severe

The British Library is struggling to recover from an October 28 ransomware attack. The attack knocked out phone lines and on-site services at its main building in London and a separate facility in Yorkshire, as well as access to digital collections, its website and digital catalog. The library informed the public that most of its services remain down, and it is only able to issue temporary reader passes and support “very limited, manual collection item ordering” via paper forms and a printed catalog. There’s no timeline available for the restoration of the impacted services. The Rhysida ransomware group has claimed responsibility.

How it Could Affect Your Customers’ Business: A successful ransomware attack can have a far-reaching effect on an organization’s services and operations.

Kaseya to the Rescue: Learn about how Datto EDR with Ransomware Rollback helps companies recover from ransomware faster. REGISTER NOW>>

Explore how AI technology helps businesses mount a strong defense against phishing GET INFOGRAPHIC>>

South Korea – Samsung

Exploit: Hacking

Samsung: Electronics Company

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.802 = Moderate

Samsung has announced a data breach that mainly impacts customers in the UK. The company admitted this week that attackers exploited a vulnerability in an unnamed third-party business application to access the personal information of customers who made purchases at Samsung UK’s store between July 1, 2019, and June 30, 2020. hackers may have accessed their names, phone numbers, postal addresses and email addresses. No financial data, such as bank or credit card details or customer passwords, were impacted.

How it Could Affect Your Customers’ Business: Customers can lose trust in a company that can’t protect their personal data.

Kaseya to the Rescue: This checklist can help businesses determine if they’re making all the right moves to prevent email-based cyberattacks. DOWNLOAD IT>>

Japan – Toyota Motor Corporation

Exploit: Ransomware

Toyota Motor Corporation: Automaker

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.716 = Moderate

The Medusa ransomware group is claiming responsibility for a ransomware attack on Toyota. The world’s largest automaker confirmed that its Toyota Financial Services (TFS) arm in Europe and Africa was hit, saying that it had discovered unauthorized activity on its network last week. Medusa claims to have snatched a variety of data including leasing contracts, email addresses, usernames and passwords, passport details and other sensitive data. The group is demanding an $8 million ransom.

How it Could Affect Your Customers’ Business: Bad actors are hungry for data like this that includes details that make identity theft easier.

Kaseya to the Rescue: See how security awareness training helps keep cybersecurity threats from becoming cybersecurity disasters. DOWNLOAD INFOGRAPHIC>>

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident

dark web threats represented by a hacker in a hoodie shrouded in shadows with faint binary code

Find out about five of today’s biggest dark web threats to businesses in this infographic. DOWNLOAD IT>>

BullPhish ID brings you 13 more new & updated phishing simulation kits

It’s time to get employees ready for the onslaught of phishing that they’ll face during the winter holiday season with the 13 new and updated phishing kits available now in BullPhish ID! Links and images for these new kits are available in the Release Notes

These kits are now available:

  • Chase Bank – Account Closed 
  • iCloud – Storage Full 
  • McAfee – Antivirus Disabled   
  • H&R Block – Verify Email 
  • Office 365 Password Notification 
  • Office 365 – Suspicious Login   
  • Office 365 – Exchange Service Outage 
  • Office 365 – Suspension Notice   
  • Office 365 Re-Authentication Detection   
  • Netflix – Update Account 
  • HSBC – Security Improvement v1  
  • NEW! HSBC – Security Improvement v2  
  • OneDrive – Changes to OneDrive 

How much is data really worth on the dark web? Find out in The IT Professionals Guide to the Dark Web! GET EBOOK>>

The Kaseya Security Survey 2023 report is here!

Every year, we poll thousands of IT professionals about the challenges they face and how they plan to overcome them today and in the future. The results of this year’s survey are available now! In this report, we explore:

  • IT professionals’ experiences with cyberattacks on their organizations and their impact
  • What cybersecurity investments businesses are making
  • Major security flaws that businesses need to fix


Did you miss… The Datto Global State of the MSP Report: Trends and Forecasts for 2024 report? DOWNLOAD IT>>

Learn how managed SOC gives you big security expertise on call 24/7without the big price tag. LEARN MORE>>

EDR represented by a rendering of connected devices

How Are Businesses Handling Their Cybersecurity Management?

As organizations leverage technology to enhance efficiency and connectivity, the corresponding surge in cyber risk combined with strained budgets has brought IT professionals an array of cybersecurity challenges. Our Kaseya Security Survey Report 2023 polled 3,066 IT professionals from around the world to find out what their biggest cybersecurity challenges are right now. This year’s report delves into the multifaceted challenges faced by businesses in safeguarding their digital assets, navigating the dynamic nature of cyber threats and fortifying their organizational defenses. We also explored the moves they’re making to ensure that their organizations are prepared for tomorrow’s challenges. 

Find more exclusive data about how companies are approaching cybersecurity in the Kaseya Security Survey Report 2023 DOWNLOAD IT>>

A company’s cybersecurity framework points to the company’s cybersecurity focus 

The cybersecurity framework a company chooses is an important indicator of its security focus and security concerns. In this year’s survey, the top framework was ISO 27001, with more than one-quarter of respondents (28%) indicating that their organization uses it. CMMC wasn’t far behind, with 27% of respondents indicating it as their company’s top choice. MITRE ATT&CK and NIST tied for third place (24%).  

Which of the following cybersecurity frameworks (CSFs) do you currently utilize?  

CSF Response 
ISO 27001 28% 
CMMC 27% 
NIST 24% 
CIS 23% 
COBIT 21% 
SOC II 19% 
ASD Essential 8 17% 
Zero Trust 17% 
I don’t know 5% 
None 3.27% 

Source: Kaseya Security Survey Report 2023

Learn more about growing supply chain risk for businesses and how to mitigate it in a fresh eBook. DOWNLOAD IT>>

Which cybersecurity technologies are companies investing in? 

In response to the current fast-paced security threat landscape, most companies have deployed a wide array of security solutions to mitigate those threats. However, some significant gaps remain.  Email continues to be a top threat vector, but only a little under half of our respondents have deployed an email security solution to secure it (43%), instead choosing to rely on native security in cloud email platforms like Microsoft 365. Antivirus software and security awareness training tied for the second most implemented solution (39%).  

That’s especially surprising in terms of cybersecurity training, a low upfront cost security measure that yields high returns. Only about one-third of respondents (38%) said that their organization has implemented automated software patching or a business continuity and disaster recovery (BCDR) solution. The survey respondents indicated that penetration testing (17%), forensics (15%) and threat hunting (11%) were the least adopted technologies.  

Which of the following security solutions has your organization implemented?  

Security solution Response 
Email/spam protection 43% 
Antivirus software 39% 
Security awareness training 39% 
Business continuity and disaster recovery (BCDR) 38% 
Automated software patching 38% 
Endpoint detection and response (EDR) 34% 
File backup 33% 
Managed firewall 28% 
Identity and access management 26% 
Incident response 21% 
Security operations center 20% 
Penetration testing 17% 
Forensics 15% 
Threat hunting  11% 

Source: Kaseya Security Survey Report 2023

a red fish hook on dark blue semitransparent background superimposed over an image of a caucasian man's hands typing on a laptop in shades of blue gray

Learn how to spot today’s most dangerous cyberattack & get defensive tips in Phishing 101 GET EBOOK>>

Too many companies are neglecting incident response 

Experiencing a cybersecurity incident is no longer a matter of “if” but rather a matter of “when.” Just under half (46%) of our respondents follow best practices when it comes to preparing for an incident response by having a formal, tested incident response plan in place. More than one-fifth of respondents have a formal incident response plan but have not tested it. A shocking 23% don’t have a plan in place at all.  

Which of the following best describes your organization when it comes to having a cybersecurity incident response plan? 

Cybersecurity Incident Response Plan Status % of responses 
We have a formal IR plan in place, and we perform periodic drills and tabletop exercises to test it 46% 
We have some security solutions to protect us but we do not have a formal IR plan in place 23% 
We have a formal IR plan in place but we haven’t tested it   22% 
I believe our IT service provider has a plan in place for us 5% 
I don’t know 3% 

Source: Kaseya Security Survey Report 2023

What cybercriminal tricks do employees fall for in phishing simulations? Find out in this infographic. GET IT>>

Most companies prefer to handle IT in-house but not security

Our results indicate that by and large, companies prefer to handle their IT management internally, with more than half of respondents saying that their organization has chosen that route. About 41% partially or fully entrust their IT management to a managed service provider (MSP). However, companies choose to handle their IT security a little bit differently. More than half of our respondents said that they manage their security with the help of an IT service provider (55%). 

How are your organization’s IT needs managed? 

Response % of respondents 
We have a dedicated internal IT team 59% 
We have a co-managed relationship with an IT service provider 36% 
We outsource everything to an IT service provider 5% 

Source: Kaseya Security Survey Report 2023

How are your organization’s IT security needs managed?   

Response % of respondents 
We have a dedicated internal IT team 43% 
We have a co-managed relationship with an IT service provider 39% 
We outsource everything to an IT service provider 11% 
We outsource everything to a managed security service provider (MSSP) 5% 
I don’t know 1% 

Source: Kaseya Security Survey Report 2023

a young, bearded white man in a dress shirt looks pensively at charts on a computer monitor

See the keys to selecting a Managed SOC to find the perfect one for your clients & your MSP. GET CHECKLIST>>

Find the solutions you need to prepare for 2024’s challenges in Kaseya’s Security Suite

Kaseya’s Security Suite has the tools that IT professionals need to mitigate cyber risk effectively and affordably, featuring automated and AI-driven features that make IT professionals’ lives easier. 

BullPhish ID — This effective, automated security awareness training and phishing simulation solution provides critical training that improves compliance, prevents employee mistakes and reduces a company’s risk of being hit by a cyberattack.    

Dark Web ID — Our award-winning dark web monitoring solution is the channel leader for a good reason: it provides the greatest amount of protection around with 24/7/365 human and machine-powered monitoring of business and personal credentials, including domains, IP addresses and email addresses.   

Graphus — Automated email security is a cutting-edge solution that puts three layers of AI-powered protection between employees and phishing messages. It works equally well as a standalone email security solution or supercharges your Microsoft 365 and Google Workspace email security.     

Kaseya Managed SOC powered by RocketCyber — Our managed cybersecurity detection and response solution is backed by a world-class security operations center that detects malicious and suspicious activity across three critical attack vectors: endpoint, network and cloud.     

Datto EDR — Detect and respond to advanced threats with built-in continuous endpoint monitoring and behavioral analysis to deliver comprehensive endpoint defense (something that many cyber insurance companies require).     

Vonahi Penetration Testing – How sturdy are your cyber defenses? Do you have dangerous vulnerabilities? Find out with vPenTest, a SaaS platform that makes getting the best network penetration test easy and affordable for internal IT teams.  

Follow the path to see how Managed SOC heroically defends businesses from cyberattacks. GET INFOGRAPHIC>>

Are You Ready for the 12 Days of Phishmas?

Phishing risk is greatly elevated during the winter holiday season. Join us on December 12, 2023, at 1 pm ET / 10 am PT for our exclusive webinar, The 12 Days of Phishmas, where we’ll unwrap 12 cybersecurity disasters and provide insights on how to avoid the same fate. REGISTER NOW>>

November 23: Kaseya + Datto Connect Local Antwerp, Belgium REGISTER NOW>>

November 28: Kaseya + Datto Connect Local El Segundo REGISTER NOW>>

December 5: RocketCyber and Datto EDR Q4 Product Innovation Update REGISTER NOW>>

December 5: Kaseya + Datto Connect Local Orlando REGISTER NOW>>

December 7: Kaseya + Datto Connect Local Symposium Miami REGISTER NOW>>

dark web threats

Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>

Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.

Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!

let us help secure you against passwords reuse with contact information and the ID Agent logo on grey.

Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!


Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>

See Graphus in action in an on-demand video demo WATCH NOW>>

Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!