The Week in Breach: 09/11/19 – 09/17/19

 In Cyber-Security

This week, phishing scams continue to trap employees, weak passwords put company data at risk, and the consequences of a breach are higher for SMBs.

Dark Web ID Trends:

Top Source Hits: ID Theft Forums 
Top Compromise Type: 
Domain
Top Industry: 
High-Tech & IT
Top Employee Count: 
51 – 100 Employees 


 

United States – Metro Mobility
https://www.kare11.com/article/tech/metro-mobility-data-breach/89-0020c759-f8e4-4056-823d-aa273629c089

Exploit: Phishing attack
Metro Mobility: Shared ride public transportation service for riders with disabilities and health complications

twib-severe Risk to Small Business: 2.111 = Severe: A company employee fell victim to a phishing scam that provided hackers with access to an email account that contained customer data. The breach was discovered on August 14th, and it includes information from rides starting on June 13th. The company issued an apology for the incident, and they are upgrading their email security protocols to prevent this from happening in the future. However, it’s impossible to retroactively secure personal data, and Metro Mobility will certainly incur a significant cost for failing to protect sensitive information in advance.
correct severe gauge

 

Individual Risk: 2.714 = Moderate: Hackers had access to personal information for over a month, which ranged from riders’ names, pickup and drop-off addresses, ride times, and, in some cases, phone numbers. Fortunately, financial data and Social Security information was not accessed in the breach. However, such seemingly innocent information can be used to perpetuate crippling attacks, and those impacted by the breach should be especially careful to monitor their accounts for suspicious or unusual activity.

Customers Impacted: 15,200
How it Could Affect Your Customers’ Business: A data breach has far-reaching consequences for any company, which makes a preventable attack like a phishing scam especially problematic. Protecting customer data means protecting your bottom line, and cybersecurity training is a low-cost initiative to ensure that phishing threats are neutralized before they compromise customer data and put your company at risk.

ID Agent to the Rescue: BullPhish ID™ simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime. Click the link to get started: https://www.idagent.com/bullphish-id.

 

United States – Premier Family Medical
https://healthitsecurity.com/news/320k-patients-impacted-by-premier-family-medical-ransomware-attack

Exploit: Ransomware
Premier Family Medical: Comprehensive family healthcare provider

twib-severe

Risk to Small Business: 2.111 = Severe: A ransomware attack on Premier Family Medical has significantly restricted employees’ access to patient data and company services, halting key business operations. In some cases, the opportunity cost associated with a ransomware attack can be more costly than the actual recovery effort, placing a multifaceted strain on a business’s finances.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: 320,000
How it Could Affect Your Customers’ Business: Ransomware attacks have been on the rise in 2019, often targeting SMBs with limited resources for cybersecurity initiatives. Unfortunately, whether companies pay a ransom or restore operations using other recovery efforts, the implications can lead to lower ROI, or even worse, closed doors. When it comes to protecting your network against a ransomware attack, a strong defensive posture is the only option, and it’s one that every business should consider to be mission-critical in today’s digital environment.

ID Agent to the Rescue: With BullPhish ID, MSPs can provide a more complete picture of a company’s security posture and potential risk, transforming the weakest links of an organization into their strongest points of protection. Find out how you can get started with us here: https://www.idagent.com/bullphish-id.

 

United States – Entercom Communications
https://www.cyberscoop.com/entercom-ransomware-attack-radio-hack/

Exploit: Ransomware
Entercom Communications: Broadcasting and radio company based in Bala Cynwyd, Pennsylvania

twib-severe

Risk to Small Business: 2.111 = Severe: Hackers were able to spread ransomware across a company’s network using one company computer. The attack brought down email services, billing networks, and shared drives. While broadcasts continue uninterrupted, employees have been warned not to connect any devices to the company network, and Entercom expects several days of outages before services will be fully restored. Hackers are demanding $500,000 to decrypt the ransomware, but the company is choosing to use cybersecurity services to restore their network instead.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Regardless of the recovery methodology, recovering from a ransomware attack is incredibly expensive. In this case, hackers demanded $500,000 to restore Entercom’s network, a cost that comes without guarantees that bad actors will follow through on their promises. However, restoring a network often carries similar or even higher costs, meaning that there are no good solutions once an attack occurs. In a similar breach early this year, a station estimated that they lost up to $800,000 in revenue in addition to the $500,000 recovery charge. Consequently, it’s clear that every business needs to protect its bottom line by ensuring that its cybersecurity standards align with today’s emerging threat landscape.

ID Agent to the Rescue: It’s critical that your SMB customers understand the importance of cybersecurity. Goal Assist™ helps with this mission by offering hands-on assistance with your direct sales interactions, setting you up for the win by providing the resources necessary to make a case for dark web monitoring. Learn more here: https://www.idagent.com/goal-assist.

 

United Kingdom – Tavistock and Portman NHS Foundation Trust
https://www.theguardian.com/society/2019/sep/06/nhs-gender-identity-clinic-discloses-email-contacts-data-breach

Exploit: Accidental sharing
Tavistock and Portman NHS Foundation Trust: Healthcare provider specializing in gender identity services

twib-severe Risk to Small Business: 2 = Severe: An employee accidentally included the visible email addresses for thousands of clinic visitors, amounting to a significant privacy breach for a particularly sensitive patient group. The incident is classified as a “serious incident” by UK law, and the company will have to report the event to the information commissioner. In total, the provider believes that the breach could cost them millions of pounds in damages, along with intense regulatory scrutiny because of the nature of the breach and the privacy violation that ensued. Moreover, the breach is a deep stain on their reputation that could discourage people from seeking the clinic’s services in the future.
correct severe gauge

 

Individual Risk: 2.857 = Moderate: The data breach exposed patient email addresses that can be linked to identities, which is uniquely troubling given the private nature of the clinic’s offerings. While there is little risk of this information being used to perpetuate cybercrimes, those impacted by the breach could face untold personal repercussions if they are identified.

Customers Impacted: 2,000
How it Could Affect Your Customers’ Business: Valuing your customers requires protecting their information, especially when that data is sensitive and private. Apologies and improvements are the right response, but companies can demonstrate they care by developing and implementing protocols to ensure that accidental sharing and other avoidable cybersecurity threats don’t compromise user data.

ID Agent to the Rescue: Designed to protect against human error, BullPhish ID simulates phishing attacks and manages security awareness training campaigns to educate employees, making them the best defense against cybercrime. Learn more herehttps://www.idagent.com/bullphish-id.

 

United Kingdom – UNICEF 
https://www.itpro.co.uk/security/34388/unicef-leaks-personal-data-of-8000-users

Exploit: Accidental sharing
UNICEF: International fund providing emergency food and healthcare for children

twib-severe Risk to Small Business: 1.888 = Severe: An employee accidentally sent an email to 20,000 recipients that contained the personal information of more than 8,000 people who enrolled in immunization courses. While the information is contained to those on the mailing list, it can easily be made available to a broad audience. What’s more, it’s impossible to recover the compromised information, underscoring the importance of implementing data security practices before a data breach occurs.
twib-severe Individual Risk: 2.285 = Severe: The personal information exposed in the breach includes names, addresses, duty stations, genders, organizations, names of supervisors, and contact preferences. This data can be used to develop and deliver spear phishing campaigns that trick users into disclosing additional personal details through social engineering. Those impacted by the breach should be on the lookout for suspicious communications and stay vigilant about monitoring their accounts for potential misuse.

Customers Impacted: 8,253
How it Could Affect Your Customers’ Business: Today’s data landscape is undoubtedly dangerous, but insider threats, can be avoided with comprehensive awareness training. When these initiatives are in place, everything from accidental sharing to weak passwords can be identified and avoided resulting in a devastating data breach.

ID Agent to the Rescue: Dark Web ID™ can find out how payment data is being used on the Dark Web, even in the case of a malware attack. We work with MSPs to strengthen their security suite by offering industry-leading detection. Find out more here: https://www.idagent.com/dark-web.

 

Australia – Get 
https://amp.theguardian.com/education/2019/sep/10/data-breach-may-affect-50000-australian-university-students-using-get-app

Exploit: Unauthorized database access
Get: Payment service for university societies and clubs

twib-severe Risk to Small Business: 1.777 = Severe: Due to a technical glitch, a platform user was able to access personal information on other accounts. After multiple attempts to contact the company, the users made the report public on Reddit, and Get ultimately responded by updating its network to prevent this access. Previously known as Qnect, the company endured a similar breach in the past and ultimately changed its name after users impacted by the breach were continually exploited with information ransom requests. It’s a reminder that data breaches have cascading consequences for businesses and their customers, and the only way to truly avert these repercussions is to prevent a breach from occurring in the first place.
extreme gauge Individual Risk: 2.142 = Severe Risk: User data was released to the public, including names, email addresses, dates of birth, Facebook IDs, and phone numbers. This information is extremely valuable on the Dark Web, and it can spread quickly, reemerging in other attacks that can further magnify the effects of a breach. Those impacted should enroll in credit and identity monitoring services, while being aware that their data could be misused again in the near future.

Customers Impacted: 50,000
How it Could Affect Your Customers’ Business: Customers and employees are increasingly unwilling to remain loyal to a company that can’t protect people’s personal information. This is especially true for organizations with a demonstrated pattern of carelessness regarding cybersecurity standards. Rather than leaving data security up to chance, every business should proactively defend user data by partnering with the right solutions.

ID Agent to the Rescue: Helping your SMB customers understand the importance of security is critical but complicated. With Goal Assist, we offer hands-on assistance with your direct sales interactions by providing the resources necessary to make a case for dark web monitoring. Learn more here: https://www.idagent.com/goal-assist.

 

New Zealand – New Zealand Transport Agency 
https://www.stuff.co.nz/business/115645154/data-breach-after-lax-nzta-security

Exploit: Unauthorized database access
New Zealand Transport Agency: Government agency overseeing transportation and land policy

twib-severe

Risk to Small Business: 2 = Severe: An API that integrates the New Zealand Transport Agency was left open, providing public access to company databases containing information related to traffic patterns, maintenance contractors, and policing services. The compromised data was available for more than a year, and the agency reported significant spikes in activity during specific periods. Such a blatant database leak is indicative of a lack of oversight that will cost taxpayers money and sharply reduce organizational efficiency.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Customer data isn’t the only thing vulnerable to lax cybersecurity standards. Proprietary information or intellectual property is often targeted by bad actors who can use this data to eliminate a company’s competitive edge or otherwise harm business interests. Data protection at every level is a critical component of doing business in the digital age.

ID Agent to the Rescue: We go into the Dark Web to keep you out of it. Dark Web ID is the leading Dark Web monitoring platform in the Channel. The award-winning platform combines human and sophisticated Dark Web intelligence with search capabilities to identify, analyze and proactively monitor for an organization’s compromised or stolen employee and customer data. Schedule a demo today: https://www.idagent.com/dark-web/#contact.

 

South Africa – Garmin SA 
https://www.bleepingcomputer.com/news/security/garmin-sa-shopping-portal-breach-leads-to-theft-of-payment-data/

Exploit: Malware attack
Garmin SA: Maker and distributor of GPS technology

twib-severe Risk to Small Business: 1.777 = Severe: Malware injected into the Garmin’s South African online store stole customer payment information when they made purchases on the site. Garmin’s online store is currently unavailable as the company works to repair its IT infrastructure after the malware attack. Consequently, the company is missing out on all online sales during the recovery process. At the same time, Garmin will have to work to restore its damaged reputation and to upgrade its cybersecurity standards to ensure that customer information is secure moving forward.
twib-severe Individual Risk: 2.142 = Severe: Hackers stole sensitive payment information, including names, addresses, phone numbers, email addresses, payment card numbers, and CVV codes. This information can be used to commit financial fraud, and it has a comprehensive market on the Dark Web where this information can quickly spread among bad actors. Those impacted by the breach should notify their bank or payment card providers, and they need to actively monitor their accounts for unusual or suspicious activity.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Online stores are a critical revenue stream for many companies and compromised online payment details can significantly reduce sales opportunities for years to come. Therefore, protecting these systems should be a top priority for every business with an online store, as studies have shown that companies may not get a chance to demonstrate their efficacy in this regard.

ID Agent to the Rescue: Helping your SMB customers understand the importance of security is no easy task. With Goal Assist, we offer hands-on assistance with your direct sales interactions, setting you up for the win by providing the resources necessary to make a case for dark web monitoring. Learn more here: https://www.idagent.com/goal-assist.


Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Recent Posts

Start typing and press Enter to search