Please fill in the form below to subscribe to our blog

The Week in Breach News: 12/29/21 – 01/04/22

January 05, 2022

Happy New Year! In cybercrime news this week: Ransomware is in the picture at Shutterfly, cyberattacks are big news at two EU media companies and five trends to keep an eye on in 2022.  

Help your clients start the new year off on the right foot with this checklist of smart cybersecurity practices. GET IT>>


Exploit: Ransomware

Shutterfly: Digital Image & Photography Services 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.876=Severe

Shutterfly has been hit with a Conti ransomware attack that allegedly encrypted over 4,000 devices and 120 VMware ESXi servers. On the Conti leak site, they offer samples of stolen Shutterfly data including legal agreements, bank and merchant account info, login credentials for corporate services, spreadsheets, and customer information, including the last four digits of credit cards. Shutterfly said in a statement that their, Snapfish, TinyPrints, or Spoonflower sites were not affected by the attack. However, their corporate network, Lifetouch, BorrowLenses, and Groovebook experienced service disruptions. 

Individual Impact: Although there appears to be customer data involved in this incident including payment card data, that exposure has not been confirmed and no further information was available at press time.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business: Ransomware risk is rising for organizations in every sector, especially companies that provide important services for other businesses as well as retail users.

ID Agent to the Rescue: Learn more about how ransomware is evolving and get tips for protecting your clients in 2022 in our hit eBook Ransomware ExposedGET THIS EBOOK>>   

Pro Wrestling Tees

Exploit: Hacking (Payment Skimmer)

Pro Wrestling Tees: Merchandise & Fan Experience Platform

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.612=Severe

Pro Wrestling Tees has disclosed a data breach incident that has resulted in the compromise of the financial details of tens of thousands of its customers. In a data breach notification sent to affected individuals on December 15, 2021, Pro Wrestling Tees disclosed that it was informed by law enforcement that a small portion of its customers’ credit card numbers had been compromised in a malware infection. 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.919=Severe

The unnamed cybercriminals stole full names and credit card numbers of Pro Wrestling Tees customers who processed transactions through the platform including CVV codes. The company contends that they don’t store card info within their software and that only a small number of customers who used the checkout page were affected, although users on Reddit claim that many customers have seen fraudulent charges pile up.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business Payment card skimmers and other similar malware are an occupational hazard for any company that processes online payments.

ID Agent to the Rescue: Cybersecurity horrors lurk around every corner, lying in wait for unwary organizations. Learn how to defeat them in our eBook Monsters of Cybersecurity. DOWNLOAD IT NOW>>

Maryland Department of Health

Exploit: Hacking

Maryland Department of Health: State Government Agency

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.717= Severe

The Maryland Department of Health experienced a cyberattack in early December that disrupted reporting of COVID-19 cases, deaths, testing and vaccination data. Some outlets are pointing to ransomware as the culprit but that has not been confirmed and state officials offered no details of the incident. The attack also impacted reporting in Baltimore. Systems were restored and the state began reporting COVID-19 data again on January 4.  

Individual Impact: No consumer/employee PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business State agencies have been high on cybercriminals’ target lists throughout 2021 because they’re likely to pay the ransom and that trend is expected to continue in 2022.

ID Agent to the Rescue:  Make sure that your clients are doing everything right to stop system and data security threats with the Computer Security To-Do List checklist, available now! GET THIS CHECKLIST>>   

The Computer Security To-Do Checklist helps keep the bad guys out of businesses and data in! GET IT>>

UK – Gloucester City Council 

Exploit: Hacking

Gloucester City Council: Municipal Government Body 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.809 = Severe

Gloucester City Council is in the process of restoring municipal services in the wake of a December 20 cyberattack. Impacted functions include the council’s online revenue and benefits sections as well as planning and customer services. City residents are also unable to access interactive online application forms for housing benefits, council tax support, test and trace support payments and discretionary housing payments. The council is working with the National Crime Agency (NCA) and the National Cyber Security Centre (NCSC) to fix the issue. 

Individual Impact: No consumer/employee PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Infrastructure targets and municipalities have been very attractive to cybercriminals looking for quick ransom payments to restore essential services.

ID Agent to the Rescue: The majority of ransomware arrives at businesses as the rotten cargo of a phishing attack. Our eBook The Phish Files can help you gain a strategic edge against phishing. GET THE BOOK>>

Norway – Amedia 

Exploit: Ransomware

Amedia: Media Company 

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.412= Extreme

Amedia, the largest local news publisher in Norway, experienced a suspected ransomware attack last week that shut down several of its essential systems, leaving it unable to publish its 78 printed newspapers until Friday in some cases. Amedia also said that its online news operations were unaffected, but the company suspects that unspecified that personal data belonging to employees may have been accessed during the attack. Vice Society is the ransomware gang purportedly responsible for this attack. 

Individual Impact: Although there appears to be employee data involved in this incident, that exposure has not been confirmed and no further information was available at press time.  

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Cybercriminals are especially likely to target companies that provide time-sensitive products and services in hopes of a fast extortion payment.

ID Agent to the Rescue Every client is at risk of ransomware trouble. Learn to mitigate the risk of a ransomware attack and build strong defenses in Ransomware 101DOWNLOAD FREE EBOOK>>

Portugal – Impresa

Exploit: Ransomware 

Impresa: Media Company 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.701 = Severe

Portuguese media company Impresa, the owners of the country’s largest newspaper Expresso and biggest TV channel SIC TV has been hit with a ransomware attack by the Lapsus$ ransomware group. The Impresa attack hit over the New Year holiday weekend. SIC TV’s internet streaming transmission was interrupted but broadcasts remained operational. The cybercriminals responsible also gained access to Expresso’s Twitter account, announcing their success with a pinned tweet: “Lapsus$ is officially the new president of Portugal”.

Individual Impact: No consumer or employee PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Multiple media companies were hit this week, a reminder that cybercriminals sometimes set their sights on many targets in one industry at the same time.

ID Agent to the Rescue Learn 4 highly effective ways to protect your clients from ransomware now and set them up for future defensive success in one fun, educational webinar! WATCH NOW>>

Germany – Sennheiser 

Exploit: Misconfiguration

Sennheiser: Audio Equipment Manufacturer

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.688 = Severe

Leading German audio equipment manufacturer, Sennheiser is in hot water after it misconfigured an Amazon Web Services (AWS) server. The unsecured server stored around 55GB of information on over 28,000 Sennheiser customers. The database contained data on customers that was collected between 2015-2018. The exposed AWS server was secured by Sennheiser quickly upon discovery.  

Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Simple cybersecurity blunders and employee carelessness can create complicated and expensive security incidents.

ID Agent to the Rescue Employees are the most likely cause of a cybersecurity incident in any business. See how to spot and stop insider risks in our new Guide to Reducing Insider Risk. DOWNLOAD IT NOW>> 

See how cyber insurance is changing and how to protect your clients from trouble. WATCH NOW>>

Ghana – National Service Secretariate (NSS) 

Exploit: Misconfiguration 

National Service Secretariate (NSS): National Government Agency

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.883 = Severe

Ghana’s National Service Secretariate (NSS) exposed 55GB worth of citizens’ data in a misconfigured AWS S3 bucket. The foul-up exposed 55GB of data on up to 700,000 citizens. NSS is a government program that manages a compulsory year of public service for Ghana-based graduates from specific educational institutions. The Computer Emergency Response Team of Ghana (CERT-GH) is investigating the incident and handling response.  

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.105 = Severe

The exposed database contained program membership cards and identity documents of the participants, including the participant’s details for the Ghana National Health Insurance Scheme and professional IDs for the candidates’ placements. The agency also stored different types of passport photos that the participants submitted in this bucket. 

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Any entity that is storing large amounts of sensitive data needs to make sure that they have taken reasonable precautions to protect it.

ID Agent to the Rescue Building cyber resilience helps insulate organizations from trouble like this. Learn more about why cyber resilience is the ticket to a safer future for your clients. GET THIS EBOOK>>   

We’re invested in your success! Learn about best-in-class marketing & sales support from Kaseya Powered Services. WATCH NOW>>

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

Zero Trust security is a piece of cake when you’re sure you’re giving access to the right people at the right levels. SEE HOW TO DO IT>>

Go Inside the Ink to Get the Inside Scoop on Cybercrime

Are you up to date on the latest news that can impact your business and your customers? Here’s a recap:

Kaseya Patch Tuesday: Patch notes & bug fixes for November 2021: SEE PATCH INFO>> 

Which industries saw the most phishing last year? These 5 did in a year of record-setting threat growth. See how to protect your business.

See how to fix staffing problems, fill security gaps and make more money fast with security automation. LEARN MORE>>

Help Your Clients Start 2022 Securely

Use the Reboot Your Cybersecurity Practices Now checklist to help your customers make smart cybersecurity hygiene choices and spark new, profitable security conversations. GET IT>>

2 New Webinars to Kick Off Your 2022 Sales

The Road to Prosperity

Did you resolve to make more money and drive your MSP to the next level this year? This webinar will help you race into the fast lane on the road to prosperity in 2022. You’ll learn:

  • How to transform your thinking to see weaknesses as strengths
  • What a growth-focused business really looks like
  • How to spot and overcome roadblocks before they happen
  • Where you should focus your priorities to prepare for 2022 opportunities


Our partners typically realize ROI in 30 days or less. See why nearly 4,000 MSPs in 30 countries choose to grow with ID AGENT solutions and support. BECOME A PARTNER>>

Nursing Your Ransomware Defenses Back to Health! 4 Ways to Safeguard Your Clients from Ransomware Attacks

Ransomware threats targeting your clients are multiplying every minute. In our final cybersecurity clinic of 2021, we share four important ways to keep your clients safe. You’ll learn:

• Why dark web monitoring is your secret weapon against cybercrime
• What you can do to train everyone like they’re a part of the security team
• About the one tool that stops 99% of cybercrime that uses a phished password
• How automated email security prevents employee mistakes that result in disasters


Did you miss this? Boost your sales fast with the secrets in 6 Powerups That Will Make You a Sales SuperheroGET IT NOW>>

Get the cheat codes to defeat cybercrime in our eBook The Security Awareness Champions Guide GET IT NOW>>

Help Your Clients Stay a Step Ahead of the Bad Guys!

Now is the time when everyone starts enacting plans for their organization’s success in the new year – even cybercriminals. After all, 2021 was a very successful year for them. Cybercrime is now a $6 trillion industry. Smart companies know that cybersecurity is an essential part of their plan for success in 2022. As you review your clients’ stacks and look ahead at what they may need in 2022, make sure you keep these 5 trouble spots on your radar.  

Learn how to defeat terrifying cybersecurity monsters to keep systems & data safe in a dark world! READ IT IF YOU DARE!>>

Remote Work Vulnerabilities Will Amplify Insider Risk  

Insider risk is always a bugbear for businesses, but experts expect it to become an even bigger issue in 2022. Many portions of the world are experiencing continued impact from COVID-19, spurring new restrictions and lockdowns that are leading to extended support for remote and hybrid work in 2022. Companies that haven’t thoroughly updated their security to handle the risk will be in a world of trouble. Many companies know this and they’re making security improvements around cloud software a priority. Almost 95% of security leadership respondents in a Statista survey said that securing Digital Transformation initiatives is a cybersecurity priority post-pandemic.  

Remote work has traditionally elevated malicious insider risk, and that will continue to be a problem. Insider risk rose by more than 40% in 2021, with more than 60% of cyberattacks in 2021 attributed to insiders. Remote work can be a godsend for malicious insiders, especially those selling or misusing credentials for profit due to the difficulties it presents in detection. More than 80% of malicious insider breach incidents are caused by privilege misuse. With continuing growth in the Cybercrime as a Service arena and a challenging world economy, credential misuse and selling will be an ongoing problem for businesses in 2022. An average legitimate corporate network credential goes for around $3,000. But selling a privileged credential is much more lucrative; desirable privileged credentials can go for upward of $120,000.   

One major problem that companies are grappling with is “bring your own device” and technology use policies, a key driver of insider risk. Experts at Forrester predict that one way that companies will begin to use to enforce those policies is “tattleware” that monitors employees’ activities on company devices outside the office. Companies will also be looking to enhance policies around collaboration. 91% of companies are currently using between two and six collaboration platforms like Teams, Webex, Zoom and Slack. That means more to secure for IT teams, who will be looking for a better way to streamline and standardize security and compliance policies across platforms.   

The Guide to Reducing Insider Risk can help IT pros stop security incidents before they start! GET IT>>

Massive Data Exposure Will Amplify Credential Compromise & Spear Phishing Risk   

The hazards of exposed data have been a constant for IT teams to battle in 2021 and the fight will only grow more exhausting in 2022. Forrester points to identity theft and account takeovers as top threats in 2022. Abundant dark web data combined with unsafe employee behavior around credentials is a problem that will only grow worse for companies that don’t take it seriously. The average organization is now likely to have about 17 sets of login details available on the dark web for malicious actors to exploit.  

No company is too small (or too large) to avoid danger from employee credential exposure thanks to lively traffic in credentials on the dark web. As we saw above, credentials are worth money and the right credentials are worth a lot of money. That’s a powerful reason why credentials continue to be the top type of information stolen in data breaches worldwide, with cybercriminals stealing credentials in about 60% of North American breaches, 90% of APAC region breaches and 70% of EMEA breaches.   

Added to that danger, an estimated 15 billion unique logins are circulating on the dark web right now. In 2020 alone, security professionals had to contend with a 429% increase in the number of corporate login details with plaintext passwords exposed on the dark web. That number is only going to continue to grow thanks to events like the RockYou 2021 leak.  An estimated 60% of passwords that appeared in more than one breach in 2020 were recycled or reused, a factor that every company should keep in mind when creating and setting password security policies. 

Businesses will need to update and tighten their password policies, especially around generation and handling, because dangerous and irresponsible or even flat-out malicious user behavior will continue to be a major factor in credential compromise incidents. Password sharing is an especially dangerous user practice that leaves companies exposed. Over 30% of respondents in a Microsoft study admitted that their organization had experienced a cybersecurity incident as a result of compromised user credentials that had been shared with people outside their companies.   

Insider threats include phishing. Explore cybercriminal tricks to stop phishing with our new book represented by a light blue comic panel of a phishing hook and old-fashioned comic book style in light blue on dark blue with facts about cybersecurity in 2020

Learn the Secret of How Cybercriminals Trick Users Into Falling for Phishing Messages! GET EBOOK>>

Continual Ransomware Evolution Creates Constant Pressure on Companies  

Of course, the cyberattack at the center of security conversations in 2021 was ransomware, and experts don’t think that’s going to change anytime soon. 90% of security professionals in a Forrester survey said that they’re worried about ransomware impacting their organization in 2022. They’re right to be worried because the ransomware menace is growing and evolving. A report in Information Age reveals that the UK has seen a 233% surge in ransomware attacks, and the US has witnessed a 127% year-to-date increase. Ransomware is still most typically delivered by phishing, making phishing prevention a key objective for any company that’s bolstering its defenses against ransomware. IBM just noted that 84% of US organizations experienced either a phishing or ransomware attack in the last year.  

Ransomware-as-a-service is expected to be a growing field for enterprising cybercriminals in 2022. A recent report by France’s CERT outlined the way that model works. One ransomware gang that was active in France in 2021 used several different strains of malware to do their dirty work, evidence that they were involved in affiliate programs of major ransomware operators like DoppelPaymer and REvil. Ransoms are also continuing to climb, making the price of a defensive failure even higher for companies that choose to pay the extortionists. The average ransom payment demanded by cybercriminals grows constantly, clocking in at an average of over $500,000 in 2021. That cost will not decline anytime soon. The average ransom demand is expected to stick to or exceed its current growth rate of 33%.   

Another ransomware trend that’s expected to grow in 2022 is the use of double and triple extortion tactics. Experts are cautioning that cybercriminals are no longer content with stealing data or encrypting systems. Once companies fall victim to a ransomware attack, it is becoming increasingly common for the bad guys to threaten reputation and relationship harm. Savvy cybercriminals will threaten to use a damaged company’s stolen data to contact its customers or business partners to sour relationships. Some gangs are using the threat of exposure for non-publicly available information relating to mergers or IPOs as additional leverage. That practice was detailed in a late November 2020 Private Industry Notification by the US Federal Bureau of Investigation (FBI).   

Is someone’s behavior suspicious? Learn to spot trouble fast with 5 Red Flags That Point to a Malicious Insider at Work.  DOWNLOAD IT>>

Protect Your Clients from 2022 Risks Now 

Are your customers’ defenses ready to face a battering from the cybercrime threats they’ll be facing this year? Now is the time to shore them up and ID Agent’s digital risk protection platform has the right tools for the job at a price you’ll both love. BOOK A DEMO NOW>> 

Dark Web ID – Don’t let cybercriminals sneak into your network to set up cryptominers, deploy ransomware or steal your data with a compromised credential. Keeping an eye on this area can also quickly root out malicious insiders when you use dark web search to find all of a company’s compromised credentials in minutes. That protection also keeps running to alert you to new credential compromise risks through 24/7/365 human and machine-powered monitoring of business and personal credentials, including domains, IP addresses and email addresses.    

Passly – A major building block of zero-trust security, secure identity and access management is the cure for many of the cybersecurity headaches that plague businesses. Multifactor authentication alone adds an extra layer of protection between hackers and your valuable data, stopping 99% of password-based cybercrime. Passly seamlessly integrates with over 1,000 common business applications for no-fuss configuration. Get quick and easy access to SSO applications and passwords with the ability to automatically fill in the blanks for web logins and automated password resets to make everyone’s life a little bit better.    

BullPhish ID – Create a strong security culture that boosts a company’s cyber resilience through security awareness training that can be quickly implemented and automated for easy management. A frequently updated library of preloaded phishing kits makes it a snap to make sure employees have been trained to resist the phishing lures they face every day. But they’ll learn about much more than just phishing including ransomware, compliance, password safety, security hygiene and more, giving every employee a solid grounding in cybersecurity pitfalls and best practices.    

See these solutions in action in short demonstration videos:   

Don’t just take our word for it. ID Agent solutions help MSPs drive revenue fast. Hear what our partners have to say about the benefits of teaming up with ID Agent: 

Our partners typically realize ROI in 30 days or less. See why nearly 4,000 MSPs in 30 countries choose to partner with ID Agent. BECOME A PARTNER>>   

dark web economy represented by the words dark web in white on a black background blurred like a faint tv transmission

Are you ready to take back control of cyberattack risk from the villains on the dark web? This webinar shows you where to start. WATCH NOW>>

Make This New Year’s Resolution to Reduce Your Company’s Cyberattack Risk by up to 70% 

Now is the time to get your business ready to face new and evolving risks in 2022. Smart companies are making cybersecurity a cornerstone of their growth strategy and it’s easy to see why – just one cybersecurity incident can be devastating for any business. 

Those cyberattacks are coming faster than ever before, putting your business in more danger than you may be expecting. IBM reports that 84% of US organizations have experienced either a phishing or ransomware attack in the last year, and that number is expected to keep on climbing. 

Phishing is the most common way for ransomware to come to your business. Today’s cybercriminals are stepping up their game with expertly crafted emails that use social engineering to lure your employees –and an estimated 97% of employees in a wide array of industries are unable to recognize a sophisticated phishing email. 

That’s what makes keeping up with your staff’s security awareness training is so important. Businesses that engage in regular security awareness training experience up to 70% fewer cybersecurity incidents than companies that don’t. 

Your company can easily achieve that reduction in risk with a dynamic security awareness training solution like BullPhish ID. You can even automate the training program for set-it-and-forget-it convenience. Make sure that improved security awareness training is one of your company’s new year’s resolutions to stay out of cybercrime trouble in 2022.  

Do you have comments? Requests? News tips? Compliments? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.

ID Agent Partners: Feel free to reuse this post (in part or in its entirety) When you get a chance, email [email protected] to let us know how our content works for you!

let us help secure you against passwords reuse with contact information and the ID Agent logo on grey.

Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!


Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>

See Graphus in action in an on-demand video demo WATCH NOW>>

Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!