Please fill in the form below to subscribe to our blog

The Week in Breach News: Best of 2022

December 28, 2022

Welcome to our annual “Best of” edition of The Week in Breach. We’ll review some of our top stories of 2022 plus essential resources, upcoming events and product news you can use to make all the right security moves in 2023.  

This handy checklist of smart security practices helps businesses kick off the new year right! GET CHECKLIST>>

12 Breaches That Focus on 2022’s Top Cybersecurity Topics

These 12 stories are great examples of major security trends in 2022 with a few wild security tales that you won’t want to miss!

Focus on: Supply Chain Risk

United States – FinalSite 

Exploit: Ransomware

FinalSite: Education Technology Provider

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.227=Extreme

School website services provider FinalSite has suffered a ransomware attack that disrupted access to websites for thousands of schools worldwide. FinalSite provides solutions for over 8,000 K – 12 schools and universities in 115 countries. School districts that hosted their websites with FinalSite found that they were no longer reachable or were displaying errors. Bleeping Computer reports that in addition to the website outages the attack prevented schools from sending closure notifications due to weather or COVID-19. FinalSite says that approximately 5,000 school websites went offline as a result of the ransomware attack and no data was stolen. An investigation is ongoing. 

Individual Impact: No consumer or employee PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business: Ransomware risk is rising for organizations in every sector, especially companies that provide important services for other businesses.

ID Agent to the Rescue: Learn more about how ransomware is evolving and get tips for protecting your clients in 2022 in our hit eBook Ransomware ExposedGET THIS EBOOK>>

Focus on: DeFi

United Kingdom – Qubit Finance

Exploit: Hacking

Qubit Finance: De Fi Platform

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.204= Extreme

A threat actor has stolen approximately $80 million from Qubit Finance after exploiting a flaw in the De Fi platform. Qubit said the attacker was able to steal 206,809 Binance coins (BNB) from its wallet on January 27, 2022. The hacker used a vulnerability in one of its Ethereum blockchain contracts to do the deed. The company has issued a public plea for the threat actor to return the stolen funds, asking them to get in contact with its team to “disclose the bug and receive a bounty reward”. This is sometimes used as a means of circumventing legal trouble for paying a ransom.

Individual Impact: No information about exposed customer personal or financial data was available at press time.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business DeFi has been buried under an avalanche of cybercrime lately and there doesn’t appear to be an end in sight.

ID Agent to the Rescue Find and slay dastardly vulnerabilities in your clients’ security strategy and emerge victorious with the Cybersecurity Monster Hunter’s Checklist! GET IT>>

What worries security pros? The Kaseya Security Insights Report 2022 tells you. GET YOUR REPORT>>

Focus on: Nation-State Cyberattacks

Ukraine – Viasat

Exploit: Nation-State Cyberattack

Viasat: Internet Service Provider

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.661=Severe

An estimated 10 thousand people found themselves without internet access after a cyberattack took down service to fixed broadband customers in Ukraine and elsewhere on its European KA-SAT network. The attack, starting about the same time as the Russian invasion of Ukraine, is suspected to be the work of Russia-aligned nation-state threat actors. No data was accessed or stolen in the incident, which is still under investigation.

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Customers’ Business Nation-state cybercriminals are highly likely to strategically attack Utilities and Infrastructure targets during times of trouble.

ID Agent to the Rescue Ransomware is the preferred tool of nation-state cybercrime. Get an in-depth look at how ransomware is evolving and who profits from it in our hit eBook Ransomware Exposed. GET THIS EBOOK>> 

Focus on: Government Agency Cyberattacks

Costa Rica – The Government of Costa Rica

Exploit: Ransomware

The Government of Costa Rica: National Government

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.271 = Extreme

The Conti group has claimed responsibility for a ransomware attack on the federal government of Costa Rica that has caused trouble in several government agencies for more than a week. Government ministries impacted include Finance, experiencing impacts in customs and tax collection, Labor and the social security agency’s human resources system. Conti’s extortion site claims that the group has published 50% of the stolen data including more than 850 gigabytes of material from the Finance Ministry and other institutions’ databases. Reports say that the group has demanded a $10 million ransom, which the Costa Rican government has stated it will not pay.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Customers’ Business Ransomware is a major threat to governments and cybercriminals have not been shy about using it.

ID Agent to the Rescue See the mechanics of ransomware, plus get tips and expert advice to guide you through securing your clients effectively in Ransomware 101READ IT>> 

Help your clients make sure they’ve got their identity & access management bases covered. GET CHECKLIST>>

Focus on: An Outrageous Response to a Ransom Demand

Zambia – National Bank of Zambia 

Exploit: Ransomware

National Bank of Zambia: Banking & Financial Services

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.917 = Severe

A cyberattack at the National Bank of Zambia has played out with a bizarre twist. After experiencing a ransomware attack by the Hive ransomware outfit that purportedly encrypted the bank’s Network Attached Storage (NAS) device, officials responded to the cybercriminals’ ransom demands with a refusal to pay. Bloomberg reports that the refusal was accompanied by images of male genitalia and a message referencing a common NSFW insult about what the bad guys could do with their demands. In a statement, the bank said that it had experienced an incident that impacted some systems such as the Bureau De Change Monitoring System and the bank’s website.  

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Customers’ Business Organizations in the Banking & Finance sector suffered the most cyberattacks in 2021, and pressure isn’t letting up.

ID Agent to the Rescue Go behind the scenes to learn more about ransomware and how to defend against it (plus who profits from it) in our eBook Ransomware Exposed. GET EBOOK>> 

Focus on: Industrial Cyberattacks

Mexico – Foxconn

Exploit: Ransomware

Foxconn: Electronics Manufacturing

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.349 = Extreme

A major factory for Foxconn located in Tiajuana, Mexico near the California border was hit by a ransomware attack in late May that resulted in a shutdown. The plant specializes in the production of medical devices, consumer electronics and industrial operations. The operators of LockBit have claimed responsibility for the attack.  

How It Could Affect Your Customers’ Business: Manufacturers have been popular targets for cybercriminals, ranking number one for ransomware attacks in 2021.

ID Agent to the Rescue:  Find and slay dastardly vulnerabilities in your clients’ security strategy and emerge victorious with The Cybersecurity Monster Hunter’s Checklist! GET IT>> 

Find the perfect training solution for your clients & your MSP with our MSP-focused buyer’s guide. DOWNLOAD IT>>

Focus on: Shoddy Maintenance

Japan – Handa Hospital 

Exploit: Ransomware

Handa Hospital: Medical Center

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.780 = Severe

Handa Hospital in Tsurugi, Tokushima Prefecture, Japan has announced that it has been the victim of a ransomware attack. Investigators say that the October 2021 cyberattack occurred after a company that was involved in providing an electronic medical record system for the hospital had disabled anti-virus software on the hospital’s computers. Investigators laid out the chain of events and it is a lesson in security woes. Before the cyberattack occurred, the service provider configured the Windows settings of about 200 computers connected to the electronic medical record system to disable functions including anti-virus software and regular Windows updates because they made the electronic medical record system unstable. Investigators also determined that other circumstances contributed to the problem. Windows was never updated on the computers at the hospital and the hospitals’ VPN had never been updated. The investigation ultimately determined that the cybercriminals exploited defects in the hospital’s VPN device and made an unauthorized intrusion to have the ransomware infect the hospital’s system. 

Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How it Could Affect Your Customers’ Business This is a great illustration of the unfortunate sequence of events that can lead to disaster.

ID Agent to the Rescue See the story of phishing, dark web credential compromise and cyberattack risk today and how it impacts your tomorrow in The Global Year in Breach 2022. DOWNLOAD IT>>

Focus on: Insider Risk No One Sees Coming

Japan – The City of Amagasaki

Exploit: Insider Threat (Employee Mistake)

Amagasaki: Municipal Government 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.772 = Severe

In this week’s most interesting breach tale, the city of Amagasaki, Japan has found itself embroiled in a data breach thanks to the actions of one careless worker. A contractor who was working for this city to disburse pandemic subsidies took a USB drive containing numerous city records out of the office. But rather than heading straight home, the worker decided to go out on the town. That resulted in the worker passing out in the street and losing the bag containing the USB and all that city data.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.613 = Severe

The USB contained names, birth dates, addresses, tax details, banking information and social security records for city residents.  

How it Could Affect Your Customers’ Business Data stored on physical devices is data that can be more easily misplaced or lost with careless handling.

ID Agent to the Rescue Get tips and helpful data to start conversations about ways to mitigate insider risk with your clients in our Guide to Reducing Insider Risk. DOWNLOAD IT>> 

Find the right dark web monitoring solution for your customers & your MSP with this checklist! DOWNLOAD IT>>

Focus on: Massive Ransomware Hits

Australia – Optus

Exploit: Ransomware

Optus: Telecom

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.102 = Extreme

Australia’s second-largest telecom Optus has been hit by a ransomware attack. One of the largest data breaches in Australian history, the incident impacts an estimated 10 million customers or about one-third of Australia’s population. A bad actor using the moniker “optusdata” claimed to be the force behind the attack and initially posted a ransom demand of $1.5 million as well as the personal data of about 10k people on a dark web forum. They’ve since withdrawn that post. Some news articles have pointed at an API interface configuration error as the access point for the bad guys, but that has not been confirmed. The incident is under investigation.

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.236 = Extreme

Customer data has been exposed including home addresses, drivers’ licenses, passport numbers. names, addresses, phone numbers, email addresses and individuals’ preferred pronouns. The company says that no financial or commercial account data was accessed.

How it Could Affect Your Customers’ Business: An incident this massive is a catastrophe that may spur some changes in Australia’s data privacy laws.

ID Agent to the Rescue: Sell clients on the benefits of security and compliance training with the bottom-line data in The Business Case for Security Awareness Training. DOWNLOAD IT>> 

Focus on: Employee Errors

United States – U.S. Internal Revenue Service (IRS)

Exploit: Human Error

U.S. Internal Revenue Service: Federal Government Agency

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.026 = Severe

The U.S. Internal Revenue Service on Friday acknowledged that thanks to an employee error, the agency accidentally published confidential information about 120,000 taxpayers on its website. The compromised data came from Form 990-T filings. This form is required for people with individual retirement accounts who earn certain types of business income within retirement plans. While the forms for individuals are supposed to be confidential, charities that generate certain types of income are also required to file Form 990-T, and those are intended to be public. An employee mistakenly uploaded private taxpayers’ data to the agency’s website along with the public charity data.

cybersecurity news represented by agauge showing severe risk

Risk to Individual: 2.406 = Severe

Exposed taxpayer data includes names, contact information, and financial information about IRA income The exposed data did not include Social Security numbers, full individual income information, detailed financial account data, or other information that could impact a taxpayer’s credit.

How It Could Affect Your Customers’ Business: Human error is the top cause of cybersecurity trouble, but training helps reduce the risk of a data disaster related to employee mistakes.

ID Agent to the Rescue: Lower your clients’ risk of an accidental or malicious insider incident with The Guide for Reducing Insider Risk. DOWNLOAD IT>>

Get a step-by-step guide to building an effective security and phishing awareness training program. GET GUIDE>>

Focus on: Big Trouble from Circumventing Security Protocols

Portugal – Armed Forces General Staff agency of Portugal (EMGFA)

Exploit: Hacking

Armed Forces General Staff agency of Portugal (EMGFA): Government Agency

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.361 = Extreme

Classified NATO documents belonging to the Armed Forces General Staff agency of Portugal (EMGFA) were spotted for sale on the dark web, leading the agency to discover that it had experienced a data breach. First spotted by US Information Services, hundreds of sensitive documents have apparently been snatched by bad actors. The documents were exfiltrated from systems in the EMGFA, in the secret military (CISMIL) and in the General Directorate of National Defense Resources. Investigators determined that security rules for the transmission of classified documents had been broken, and threat actors were able to access the Integrated System of Military Communications (SICOM) and receive and forward classified documents.

How it Could Affect Your Customers’ Business: This problem could have been prevented by simple adherence to security rules and compliance with security policies.

ID Agent to the Rescue: The infographic 6 Tips for Creating a Security Awareness Training Policy can help you and your clients draft strong security policies that prevent disasters like this. DOWNLOAD IT>>

Focus on: Healthcare Cyberattacks

United States – CommonSpirit Health

Exploit: Ransomware

CommonSpirit Health: Healthcare System Operator

cybersecurity news gauge indicating extreme risk

Risk to Business: 2.771 = Extreme

One of the largest healthcare systems in the US is experiencing outages impacting patient care after a suspected ransomware attack knocked some hospital systems offline. Subsidiaries of CommonSpirit have reported being affected by the attack including CHI Health facilities in Nebraska and Tennessee, Seattle-based Virginia Mason Franciscan Health providers, MercyOne Des Moines Medical Center, Houston-based St. Luke’s Health and Michigan-based Trinity Health System. The company disclosed that it has rescheduled some patient procedures because of an inability to access electronic medical records or lab results. Some hospitals are using paper charts. The company says it is working to restore systems and the incident is under investigation.

How It Could Affect Your Customers’ Business: Ransomware is an especially devastating prospect for a healthcare organization because it can impact patient care and even mortality rates.

ID Agent to the Rescue:  Learn more about ransomware and reduce your clients’ risk of falling victim to an attack with the tips in our eBook Ransomware Exposed! GET EBOOK>>

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident

managed SOC traveling to Connect IT represenetd by a branded backpack

Don’t miss the industry’s best event, Connect IT Global April 24 – 27, 2023, in Las Vegas! REGISTER NOW>>

Top 12 Blog Posts of 2022

2022 Top 10 Lists

Learn how to spot and stop malicious insiders and educate users with this handy infographic! GET IT>>

2022 Resources

Make Smart Cybersecurity New Year’s Resolutions 

12 Days Of Tips To Help Businesses Reduce Holiday Cyber Risk 

Security Awareness Training: How It Prevents The Biggest Smb Security Threats 

Kaseya Security Insights Report 2022 

10 Tips For Successful Employee Security Awareness Training 

The Complete IAM Checklist 

6 Tips For Implementing Zero Trust Security 

Security Awareness Training: Buyer’s Guide for MSPs

Security Awareness Training: Buyer’s Guide For Businesses 

The Global Year in Breach 2022

The Dark Web Monitoring Buyer’s Guide For MSPs 

 The Dark Web Monitoring Buyer’s Guide For Businesses 

How Nation State Cybercrime Affects Your Business 

How To Build A Security Awareness Training Program 

Top 5 Nation-State Cybercrime Risks For Businesses 

Are You Doing These 5 Things To Protect Your Clients From Nation-state Cybercrime? 

10 Things To Look For As You Shop For A Dark Web Monitoring Solution 

The Business Case For Security Awareness Training 

Do You Need Best-in-Class Dark Web Monitoring? 

6 Tips For Creating A Security Awareness Training Policy 

Security Awareness Training: Your Best Investment 

Are Your Users Trained To Handle These Risks? 

It’s a bird, it’s a plane, it’s your revenue rising into the stratosphere with 6 Power-Ups That Will Make You a Sales Superhero. GET IT>>

Looking Ahead to 2023 

News & Events

Learn more about the security suite innovations that you can expect to see in 2023 in our Security Suite Q4 Product Update Webinar. We also introduced multiple new features and enhancements for our security products in Q4 2022 — BullPhish ID, Dark Web ID, Passly and Graphus — that we are excited to share with you. 

In the webinar, you’ll learn about: 

  • New product features and enhancements and what they mean to you 
  • A roadmap of each product highlighting how we plan to provide additional value to our customers this quarter and beyond 
  • A recap of each product’s previous quarter releases 


Can you spot a phishing message? This infographic points out red flags to watch for to sniff them out! DOWNLOAD IT>>

Connect IT Global 2023 | April 24, 2023 – April 27, 2023 | Las Vegas, Nevada 

Now is the time to reserve your seat at Connect IT Global 2023 in fabulous Las Vegas! This legendary four-day event brings industry professionals around the world together to share insight and have fun. Meet all of the Kaseya family brands and find out what IT Complete is all about. 

You’ll get an exclusive first look at our plans for innovation with the low-down on updates, upgrades and integrations for all of our solutions. Plus you’ll have the opportunity connect with industry heavyweights and learn about what’s next for Kaseya.  

Take intensive training and get certified in several Kaseya solutions at the con! You’ll also have the opportunity to attend breakout sessions with technology and sales experts who are ready to share their knowledge with you.  

Oh yeah, did we mention it’s in fabulous Las Vegas? Mingle and have fun at amazing parties, receptions and evening events. As always, we’ll have awesome entertainment and fun surprises in store for you! 

What is Connect IT Global? 

Connect IT Global is designed for leaders and experts in the IT service industry looking to help build systems, evolve their companies, and help lead the industry into a stronger tomorrow. 

  • Over $15,000 worth of in-depth training and certifications lead by industry leaders.  
  • Network and be inspired by the most successful MSPs in the industry. 
  • Connect one-on-one with the Kaseya Leadership team. 
  • Over 100 sessions to attend, celebrity keynotes, and access to our pre-day event: The M&A Summit, which will focus on Mergers and Acquisitions, and Sales and Marketing. 
  • Take time in the Exhibit Hall to meet with the vendors that help make your business run. 
  • Celebrate and party with us! Join us for bottomless drinks, jaw-dropping entertainment and more! 

Don’t miss the industry’s premiere event of the year! Register now! 

Register now>> 

Just getting started in cybersecurity? This resource bundle will help you get up to speed to protect your clients fast! GET IT>>

DattoCon 2023 | October 2, 2023 – October 4, 2023 | Miami, Florida  

DattoCon is heading for some fun in the sun in Miami in 2023. Thus marquee industry event brings together industry movers and shakers all in one place.  Aside from the unmatched quality of the main stage programming, you can choose from a wide variety of breakout sessions and peer discussion groups to gain insight into challenges and solutions that you may experience in personnel management, recruiting, marketing, selling and other daily business operations.   

You’ll gain insight into the next innovation cycle for Kaseya and Datto and be among the first to know about exciting new integrations and solutions. Plus, you’ll have access to experts that can help guide you into choosing the right solutions to grow your business.  

Play just as hard as you work with cocktail receptions and parties including the Elements Party and channel events. Plus, Miami is a city with plenty for you to explore – beautiful beaches, fantastic food, unbeatable sights and warm Florida nights to enjoy. 

Register now >> 

See cybercrime trends & the results of thousands of phishing simulations in The Global Year in Breach 2022. DOWNLOAD IT>>

January 23 – 25, 2023: Schnizzfest in Phoenix, AZ REGISTER NOW>>

October 2 – 4, 2023: DattoCon in Miami, FL REGISTER NOW>>

April 24 – 27, 2023: Connect IT Global in Las Vegas, NV REGISTER NOW>>

dark web threats

Read case studies of MSPs and businesses that have conquered challenges using Kaseya’s Security Suite. SEE CASE STUDIES>>

Do you have comments? Requests? News tips? Complaints (or compliments)? We love to hear from our readers! Send a message to the editor.

ID Agent Partners: Feel free to reuse this content. When you get a chance, email [email protected] to let us know how our content works for you!

let us help secure you against passwords reuse with contact information and the ID Agent logo on grey.

Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!


Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>

See Graphus in action in an on-demand video demo WATCH NOW>>

Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!