Please fill in the form below to subscribe to our blog

The Week in Breach News: 12/14/22 – 12/20/22

December 21, 2022

Organizations around the world experience trouble thanks to attacks in their supply chain, big breaches at the FBI, Uber and CMS plus tips for getting the most out of BullPhish ID.

This handy checklist of smart security practices helps businesses kick off the new year right! GET CHECKLIST>>

United States Federal Bureau of Investigation

Exploit: Hacking

United States Federal Bureau of Investigation: Federal Government Agency 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.176 = Severe

The U.S. Federal Bureau of Investigation (FBI)’s InfraGard program has experienced a data breach. The program, launched in 1996, encourages physical and cyber threat information-sharing collaborations between the public and private sector. Cybercriminals advertised a database that they purportedly snatched on the dark web containing contact details of over 87,000 members of InfraGard. Initially, the threat actors were asking for $50k for the database. However, Hackread reported that the thieves had a change of heart and decided not to sell or release the database, telling that publication that they’d decided the stolen InfraGard database would no longer be posted for sale as it would ‘‘cause more harm to everyone’’ than benefit for the hackers.  

How It Could Affect Your Customers’ Business: This kind of database is especially sensitive and its exposure could have major national security implications.

ID Agent to the Rescue: Learn more about the security challenges that businesses face in the Kaseya Security Insights Report 2022. READ THE REPORT>>


Exploit: Supply Chain Attack

Uber: Ride Sharing & Delivery Service

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.657 = Severe

Uber has suffered a new data breach. A threat actor going by the name of “UberLeaks” published a sample of data purportedly snatched from Uber and Uber Eats including employee email addresses, corporate reports and IT asset information stolen from a third-party vendor, thought to be Teqtivity, which it uses for asset management and tracking services, on its dark web leak site. The leaked data also includes files claiming to be source code associated with the mobile device management platforms (MDM) used by Uber and Uber Eats as well as their third-party vendor services. No user data appears to be involved in this breach.

How It Could Affect Your Customers’ Business: This isn’t the first data breach for Uber, further eroding customer confidence in the company’s ability to keep their information safe.

ID Agent to the Rescue: Go over the Cybersecurity Risk Protection Checklist with your clients to make sure that they’re covering all of their security bases. GET CHECKLIST>>   

The Centers for Medicare and Medicaid Services (CMS)

Exploit: Supply Chain Attack

The Centers for Medicare and Medicaid Services (CMS): Federal Government Agency

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.211 = Extreme

The Centers for Medicare and Medicaid Services (CMS) has experienced a data breach that impacts 245,000 Medicare beneficiaries. The agency said that the initial security incident that led to the breach was experienced by a subcontractor to another company contracted by Medicare to resolve system errors related to beneficiary entitlement and premium payment records. The subcontractor has been identified as Healthcare Management Solutions and the main contractor is ASRC Federal Data Solutions. CMS explained in its breach notification letter that its initial investigation points to the subcontractor having “acted in violation of its obligations.”

cybersecurity news gauge indicating extreme risk

Individual Risk: 1.272 = Severe

The incident may have exposed Medicare beneficiaries’ sensitive data including names, birthdates, phone numbers, Medicare identifiers, banking information, such as routing and account numbers, Medicare enrollment, entitlement and premium information and Social Security numbers.

How It Could Affect Your Customers’ Business: This breach can put a lot of very sensitive data at risk for vulnerable people including financial details and will almost certainly incur big regulatory fines

ID Agent to the Rescue:  See the biggest risks that different sectors face today and get a look at what your clients will be facing tomorrow in The Global Year in Breach 2022. DOWNLOAD IT>> 


Exploit: Hacking

SevenRooms: Customer Relationship Platform

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.981 = Severe

SevenRooms, a customer relationship management platform used by brands including MGM and Wolfgang Puck, has confirmed it suffered a data breach. A threat actor posted samples of data purportedly stolen from the New York-based company on a dark web forum on December 15. Bad actors claim that they’ve stolen a 427 GB backup database containing information about SevenRooms customers. The company was quick to reassure the public that guests’ credit card information, bank account data, social security numbers, or any other similarly highly sensitive information was not stored on compromised servers or exposed in the attack. The incident is still under investigation.  

How It Could Affect Your Customers’ Business: Service providers of all types have been high on cybercriminals’ priority lists as they search for both data and possible backdoors into companies.

ID Agent to the Rescue:  Dark web data can present a big risk to businesses. Learn how to find the right dark web monitoring solution to protect your clients in this handy guide! GET GUIDE>>

Go inside BEC scams & get tips to keep businesses safe from today’s most expensive cyberattack. DOWNLOAD EBOOK>>

Colombia – Empresas Públicas de Medellín (EPM)

Exploit: Ransomware

Empresas Públicas de Medellín (EPM): Energy Company

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.107 = Severe

Empresas Públicas de Medellín (EPM), one of Colombia’s largest public energy, water, and gas providers, providers, has fallen victim to a ransomware attack. The BlackCat ransomware group is thought to be responsible for the attack. The company’s IT infrastructure down and websites were knocked out in the attack. However, power services were not impacted. The BlackCat group claims to have snatched a large quantity of data in the attack as well as encrypting systems. No specifics were available about the types of data stolen or the demanded ransom was available at press time.  

How it Could Affect Your Customers’ Business: Utilities and other infrastructure targets have been experiencing extreme pressure from ransomware gangs.

ID Agent to the Rescue:  Give clients this infographic to help them see how easy it is for a company to end up on The Ransomware Road to Ruin. GET INFOGRAPHIC>> 

See how security awareness training stops the biggest security threats! GET INFOGRAPHIC>>

Sweden – The Cities of Borgholm and Mörbylånga

Exploit: Hacking

The Cities of Borgholm and Mörbylånga – Municipal Governments

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.603 = Severe

The Swedish cities of Borgholm and Mörbylånga are experiencing serious systems outages across their government agencies and services after falling victim to a cyberattack. The two municipalities, which together make up the island of Öland, share an IT system. The city of Mörbylånga’s website is unavailable, but the website for the city of Borgholm, hosted by an external provider, is still accessible. A range of citizen services provided by both municipalities are unavailable. Healthcare services are also impacted, leaving clinics using pencil and paper to handle patient care. Officials warn that the outage could be extended and that websites for municipal companies including Bornholm Energi, the local energy company, may be affected. This may be a ransomware incident, however that had not been confirmed. At press time.

How it Could Affect Your Customers’ Business: Ransomware attacks on governments and government agencies have been steadily escalating in the last two years.

ID Agent to the Rescue: Security awareness training helps employees avoid ransomware traps. Learn to create a great program with How to Build a Security Awareness Training Program. DOWNLOAD IT>> 

What’s next for MSPs? Find out in the Datto Global State of the MSP Report: Looking Ahead to 2023 DOWNLOAD IT>> 

Australia – Fire Rescue Victoria (FRV)

Exploit: Hacking

Rescue Victoria (FRV): Regional Emergency Services Agency

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.904 = Severe

As Australia’s cyberattack troubles continue, Fire Rescue Victoria (FRV) has reported that it is the latest victim of a cyberattack. The fire and rescue service in the state of Victoria, Australia, reports that it has been forced to shut down its network as a result of the unspecified attack. FRV operates 85 stations in the region. FRV says that the cyberattack is affecting most of its systems, including network, emails and dispatch. However, FRV was quick to inform the public that public safety has not been impacted.

How it Could Affect Your Customers’ Business: Bad actors have been having a field day hitting small and large local government entities worldwide.

ID Agent to the Rescue: A strong security culture reduces the risk of an incident. Help your clients build one with The Building a Strong Security Culture Checklist! DOWNLOAD IT>> 

New Zealand – Medical Assurance Society (MAS)

Exploit: Supply Chain Attack

Medical Assurance Society (MAS): Insurer

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.103 = Severe

New Zealand’s Medical Assurance Society (MAS), the country’s largest provider of insurance for medical professionals, has experienced a data breach as a result of a cybersecurity incident at one of its third-party service providers. That service provider handles MAS’s after-hours call center. MAS warned that the information of its members may have been accessed by cybercriminals, but did not specify exactly what information may be at risk beyond suggesting that members change their login details.  

How it Could Affect Your Customers’ Business: Every business services provider is at risk of falling victim to a cyberattack as bad actors hunt for valuable, saleable data.

ID Agent to the Rescue: Identity and access management (IAM) can stop a cyberattack and prevent a hacker from stealing data. See what features a winning solution provides. GET THE CHECKLIST>>

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident

managed SOC traveling to Connect IT represenetd by a branded backpack

Don’t miss the industry’s best event, Connect IT Global April 24 – 27, 2023, in Las Vegas! REGISTER NOW>>

See how today’s biggest threats may impact your MSP and your customers in our security blogs.

Set businesses on the zero trust path with the 6 Tips for Implementing Zero Trust Security infographic! GET IT>>

3 New Training Videos

3 new training videos about hot topics have been added to BullPhish ID

  • Introduction to Vishing/Smishing
  • Safe Web Browsing Domain spoofing website forgery
  • Social Media Phishing 

Learn more about integration, other updates and new training courses in the BullPhish ID Release Notes

Did you miss… The Characteristics of a Successful Email Security Solution checklist? DOWNLOAD CHECKLIST>>

Learn how to spot and stop malicious insiders and educate users with this handy infographic! GET IT>>

4 Essential MSP-Focused Resources You Need for 2023 

These resources can help MSPs have a profitable 2023.
Security Awareness Training: Buyer’s Guide for MSPs – Find everything that you need to choose the right security and compliance awareness training solution for your MSP and your clients in this handy guide. DOWNLOAD EBOOK>>

The Dark Web Monitoring Buyer’s Guide for MSPs – Putting strong protection in place to protect your customers from cyberattacks that leverage dark web data is vital and this guide helps you find the right one. DOWNLOAD EBOOK>>

Are You Doing These 5 Things to Protect Your Clients from Nation-state Cybercrime? – Download this checklist that gives MSPs five timely tips to ensure that you’ve done everything that you can to protect your clients from nation-state cybercrime risks. DOWNLOAD CHECKLIST>>

10 Things to Look for as You Shop for a Dark Web Monitoring Solution – Choosing the right dark web monitoring solution to offer your clients and build your MSP is essential for your MSP’s success. This checklist helps you find the perfect fit. DOWNLOAD CHECKLIST>>

It’s a bird, it’s a plane, it’s your revenue rising into the stratosphere with 6 Power-Ups That Will Make You a Sales Superhero. GET IT>>

Are You Getting the Most Out of BullPhish ID?

These 10 tips can help!

BullPhish ID provides organizations with a wide range of security and compliance training videos as well as premade phishing exercises. However, starting a brand-new security training program for your employees can seem daunting. Here are 10 tips to help you and your employees make the most—painlessly—of your BullPhish ID security awareness training program. 

See how security awareness training stops the biggest security threats! GET INFOGRAPHIC>>

10 Tips for Successful Employee Security Awareness Training with BullPhish ID

1. Set up training groups by employee role and/or location.

Sync BullPhish ID’s target list with your clients’ Active Directory and set up employee groups by their role and/or geographic location. While basic cyber safety courses (like Password Best Practices or Phishing 101) are important for everyone to take, certain teams’ training needs and the threats they are likely to encounter can vary greatly. Pick videos from our course list that are most relevant to a particular job role (e.g., HR, IT or accounting) and create a learning path for that employee group. For instance, some data privacy and regulatory compliance topics may be important for HR but not accounting. If your clients have employees in other countries, like Canada or the EU, set them up with courses that cover their regions’ data protection laws

2. Schedule multiple trainings in advance, then sit back and relax.

The platform gives you the ability to schedule trainings to be sent to designated groups at your chosen frequency (e.g., weekly, bi-weekly or monthly). You can deliver training automatically without any additional work — just select the employee group, a training course or phishing kit and the desired cadence. Bonus Tip: Ensure everyone in the company receives training, from the executives to the interns and temporary contractors. 

3. Set training videos to never expire or leave them open for a while.

Leave the training courses active in the training portal for several weeks or months so employees who didn’t take the training when it was first assigned could do so later, as their schedule permits. Also, it will be beneficial for those who would like to revisit the training. However, that doesn’t mean that you should fail to set or enforce training deadlines.

4. Use phishing kits relevant to your employees’ work activities.

BullPhish ID offers a multitude of phishing kits to choose from, so pick the ones that impersonate the tools that your clients’employees interact with the most in the course of their daily activities. For instance, if your employees use Dropbox for file storage and FedEx to ship out packages, select the phishing exercises that impersonate those brands to make them more believable and effective. This may be different for every client including clients in the same industry, so don’t think about this as a one-size-fits-all proposition.

5. Stagger phishing exercise delivery.

BullPhish ID gives you the ability to stagger the delivery of phishing simulation emails to the intended targets over several hours and days. We recommend you take advantage of this feature to reduce the likelihood of employees warning each other of the phishing exercise, which defeats the intended purpose and makes the training less effective. 

6. Train on a regular, ongoing basis.

Aim for a monthly training cadence. Much like going to the gym once a year is not enough to make a person physically fit, once-a-year cybersecurity training is not going to create a vigilant, aware employee. According to a recent report from the consulting firm Accenture, each employee should receive about 11 sessions per year for maximum effectiveness. Stay consistent by scheduling multiple training sessions at regular intervals and review the topics periodically to ensure they reflect the types of threats your clients’ employees are likely to experience. 

7. Delegate platform access to designated employees or teams.

Do you have clients who want to manage their own training? You can grant them access to BullPhish ID and select the appropriate access level for their needs. A Standard User has read-only access and can view and download reports. A Privileged User can create employee groups, create and manage campaigns and download reports. 

9. Review progress to show the value of training.

Review BullPhish ID campaign reports with your clients on a monthly and quarterly basis to keep them informed about their training progress. Compare the percentage of employees opening phishing emails, clicking through to the phishing landing pages and submitting their credentials (the worst outcome of all!) at the beginning of the training program vs. the present time. This will help evaluate training effectiveness and demonstrate the value of security training to the leadership team during budget planning. Bonus Tip: BullPhish ID can automatically deliver reports via email to designated recipients in your organization. 

10. Identify high-risk employees and take action to mitigate the risk.

When you and your clients review training reports to learn who is completing training courses, taking quizzes and passing tests, look closely at individual employee actions to identify who is exhibiting poor cybersecurity skills. That way you can assign additional training to them or contact their manager to ensure they participate in the training and take it seriously before they make a costly mistake.

Get to know BullPhish ID

This is the perfect time for businesses to reboot their cybersecurity practices and put strong protections in place against a cyberattack. Our security solutions can help keep businesses out of trouble effectively and affordably. 

Security awareness and compliance training plus phishing simulation         

BullPhish ID is the ideal security and compliance awareness training solution for companies of any size.  This powerhouse is the channel leader in phishing simulations.   

  • An extensive library of security and compliance training videos in eight languages       
  • Plug-and-play or customizable phishing training campaign kits       
  • New videos arrive 4x per month and new phishing kits are added regularly          

Explore the features & benefits of BullPhish ID

Read the BullPhish ID FAQ 

Learn more about BullPhish ID’s features 

Learn more about BullPhish ID integrations 

Watch a video of BullPhish ID in action 

Book a demo of BullPhish ID 

See cybercrime trends & the results of thousands of phishing simulations in The Global Year in Breach 2022. DOWNLOAD IT>>

January 17: Kaseya + Datto Connect Local Tampa, FL REGISTER NOW>>

January 19: Kaseya + Datto Connect Local Los Angeles, CA REGISTER NOW>

January 23 – 25, 2023: Schnizzfest in Phoenix, AZ REGISTER NOW>>

April 24 – 27, 2023: Connect IT Global in Las Vegas, NV REGISTER NOW>>


Mark your calendar now for these upcoming Kaseya + Datto live events, registration opens soon!

February 2: Kaseya + Datto Connect Local Orlando
February 9: Kaseya + Datto Connect Local Washington D.C.
February 14: Kaseya + Datto Connect Local Atlanta
February 16: Kaseya + Datto Connect Local Miami
February 23: Kaseya + Datto Connect Local Phoenix
February 28: Kaseya + Datto Connect Local New York
March 2: Kaseya + Datto Connect Local New Jersey
March 7 – 8: Kaseya + Datto Connect Local Pittsburgh
March 9: Kaseya + Datto Connect Local Philadelphia
March 14: Kaseya + Datto Connect Local Chicago
March 16: Kaseya + Datto Connect Local Dallas
March 21: Kaseya + Datto Connect Local Washington D.C
March 23: Kaseya + Datto Connect Local Denver
March 28: Kaseya + Datto Connect Local Boston

dark web threats

Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>

Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.

ID Agent Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!

let us help secure you against passwords reuse with contact information and the ID Agent logo on grey.

Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!


Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>

See Graphus in action in an on-demand video demo WATCH NOW>>

Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!