The Week In Breach 04/13/21 - 04/13/21

by Wally Moore

on April 14, 2021

in Data Breach

The Week In Breach

DTS InfoTech is a hard-working Trusted Advisor for any business that has questions about computers, computer networks, and technology. One way to earn the title of Trusted Advisor is to provide FREE practical education in the technology field for visitors to our website.

Cybersecurity has become a matter of business life and death for computer and technology users of all types. With your security in mind, we are sharing Data Breach Examples in weekly posts entitled “The Week In Breach” from our friends at ID Agent.

ID Agent provides a comprehensive set of threat intelligence and identity monitoring solutions to private and public sector organizations and millions of individuals impacted by cyber incidents.

Read this short article and learn about cybersecurity and Data Breach examples from the experts in the field.

The life of your business may depend upon it!

by ID Agent


Cybercriminals leak the PII of millions of professionals in a new LinkedIn breach, an unwelcome visit by nation-state hackers exposes data at BlueCross BlueShield DC and kicking off Supply Chain Security Month with fresh tips for mitigating two major third-party and supply chain risks plus handy resources to brush up on it!

United States

United States – CareFirst BlueCross BlueShield Community Health Plan District of Columbia (CHPDC)

https://thehill.com/policy/cybersecurity/547250-major-dc-insurance-provider-hacked-by-foreign-cybercriminals

Exploit: Nation-State Hacking

CareFirst BlueCross BlueShield Community Health Plan District of Columbia (CHPDC): Insurer

Severity meter

Risk to Business: 1.761= Severe

CareFirst BlueCross BlueShield’s Community Health Plan District of Columbia (CHPDC) has announced a data breach carried out by what it described as a “foreign cybercriminal” group. The insurer confirmed that sensitive information about members was snatched and that they’ve notified authorities including the FBI and the Office of the Attorney General for the District of Columbia.

cybersecurity news represented by agauge showing severe risk

Individual Risk : 1.603 = Severe

In a written notification to customers, CHPDC noted that the stolen information may have included names, addresses, phone numbers, dates of birth, Medicaid identification numbers, and other medical information. The company is offering free two-year credit and identity theft monitoring and a website with more information on help for consumers.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business: Nation-state cyberattack risks aren’t just a problem for government and military targets anymore. These clever cybercriminals will exploit any opening fast.

ID Agent to the Rescue: Make sure that everyone on the IT team is up to date on today’s threats and ready for tomorrow’s with the tips and tricks in “The Security Awareness Champion’s Guide". GET THIS FREE BOOK>>


United States – Office Depot 

https://www.websiteplanet.com/blog/office-depot-leak-report/

Exploit: Unsecured Database

Office Depot: Business Supply Retailer 

Severity meter

Risk to Business: 1.803 = Severe

Security researchers discovered a non-password-protected Elasticsearch database belonging to Office Depot that contained just under a million records. The exposed records were labeled as “Production” and contained customer information, file logs, and other internal records for European customers, primarily in Germany. The company has addressed the issue.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 2.267 = Severe

The exposed data includes names, phone numbers, physical addresses (home and/or office), @members.ebay addresses, and hashed passwords. The leak also exposed Marketplace logs and order history, exposing the customers’ past purchases and costs from European customer records.

Customers Impacted: 533 million

How it Could Affect Your Customers’ Business: Cybercriminals will benefit from this trove. Data like this is transacted every day on the dark web, providing ample ammunition for future cyberattacks and fraud.

ID Agent to the Rescue: Dark Web ID alerts businesses to credential compromise fast, giving them the edge to fix vulnerabilities before the bad guys even know they’re there. WATCH A VIDEO DEMO>>


Champions guide

Get the tips, tricks, and cheat codes that you need to beat cybercriminals at their own game! DOWNLOAD THIS BOOK>>


United States – LinkedIn

https://cybernews.com/news/stolen-data-of-500-million-linkedin-users-being-sold-online-2-million-leaked-as-proof-2/

Exploit: Hacking

LinkedIn: Social Media Network 

Severity meter

Risk to Business: 1.612 = Severe

Bad actors have dropped notice that they’ve obtained an archive containing data purportedly scraped from 500 million LinkedIn profiles. A sample of data was posted on a popular hacker forum, with another 2 million records leaked as proof of the haul. More than 780,000 email addresses are associated with this leak. The initial listing contained 4 archives, but after LinkedIn denied the data breach, threat actors updated their ad to include 6 additional archives that allegedly include 327 million scraped LinkedIn profiles, putting the overall number of scraped profiles at 827 million including potential duplicates.

Severity meter

Individual Risk: 2.309 = Severe

This mass of leaked files contains PII about LinkedIn users including LinkedIn IDs, full names, email addresses, phone numbers, genders, links to LinkedIn profiles, links to other social media profiles, professional titles, and other work-related data. 

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Following hard on the heels of last week’s Facebook breach social media risks are multiplying fast and growing serious for businesses.

ID Agent to the Rescue: Dark Web danger is growing for businesses as millions of records scraped from social media dues land in Dark Web markets create new vulnerabilities. PROTECT YOUR BUSINESS>>


United States – Personal Touch Holding Corp. (PTHC) 

https://www.prnewswire.com/news-releases/personal-touch-holding-corp-identifies-and-addresses-data-security-breach-301256229.html

Exploit: Hacking

Personal Touch Holding Corp. (PTHC): Home Healthcare Provider 

Severity meter

Risk to Business: 1.241 = Extreme

New York-based medical services provider PTHC has announced a data breach impacting patients. The conglomerate operates Medicare-certified home health agencies, licensed home care service agencies, hospice at home services, and Early Intervention Programs, as well as a managed care plan in New York. Both patient data and Member information has been impacted. The incident is under investigation.

cybersecurity news gauge indicating extreme risk

Individual Risk: 1.412 = Extreme

Exposed patient information may include medical treatment information, insurance card, and health plan benefit numbers, medical record numbers, first and last name, address, telephone numbers, date of birth, Social Security number, and financial information, including check copies, credit card numbers, and bank account information. Leaked Member information may include Medicaid ID number, ID number, provider name, clinical/medical information, first and last name, address, telephone number, date of birth, Social Security numbers, and credit card numbers and/or banking information if members paid their Medicaid surplus through credit card or check.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: This breach isn’t just going to cost a fortune to fix now – it’s also likely to incur a hefty regulatory penalty from state and federal authorities.

ID Agent to the Rescue: Make sure that you’re covering all of the bases to avoid breaches and nasty regulatory action with our Cybersecurity Risk Protection Checklist. GET THE CHECKLIST>>


Global Year In Breach 2021

Have you downloaded your copy of our signature cybercrime report “The Global Year in Breach 2021” yet? GET IT NOW!>>


United Kingdom

Ireland – National College of Ireland (NCI)

https://www.bleepingcomputer.com/news/security/ransomware-hits-tu-dublin-and-national-college-of-ireland/

Exploit: Ransomware

National College of Ireland (NCI): Institution of Higher Learning 

Severity meter

Risk to Business: 2.463 = Severe

Ransomware shut down operations briefly at the National College of Ireland (NCI). School officials announced significant disruption to IT services that have impacted a number of college systems, including Moodle, the Library service, and the current students’ MyDetails service. Access to NCI’s IT systems was suspended and the campus building is also currently closed to both students and staff until IT services are restored. The Tallaght campus of the Technological University Dublin (TU Dublin) was also impacted in a similar attack.

Individual Impact: No sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware has been an increasingly popular tool for cybercriminals to use against targets in the education sector. Preventing it from hitting systems is just as important as protecting data.

ID Agent to the Rescue: Stopping ransomware starts with stopping phishing. in “The Phish Files", you’ll learn strategies to spot and stop phishing attacks fast. READ THIS BOOK>>


France – Pierre Fabre 

https://www.bleepingcomputer.com/news/security/leading-cosmetics-group-pierre-fabre-hit-with-25-million-ransomware-attack/ 

Exploit: Ransomware

Pierre Fabre: Pharmaceutical & Cosmetics Maker 

Severity meter

Risk to Business: 1.772 = Severe

REvil ransomware is to blame for an attack at leading French pharmaceutical group Pierre Fabre. The threat actors initially demanded a $25 million ransom, but that number doubled the REvil ransom to $50 million when the company missed the attackers’ deadline for contact. The nature of the information stolen is unclear, and the company is working to restore its systems and data from backups.

Individual Impact: No sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware is the weapon of choice for cybercrime, and ransoms have been skyrocketing as criminals grow more brazen.

ID Agent to the Rescue: Don’t let cybercriminals steal your profits – learn to mitigate the risk in Ransomware 101. DOWNLOAD FREE EBOOK>>


Asia

India – Upstox

https://www.news18.com/news/tech/upstox-data-breach-exposed-contact-data-kyc-details-of-customers-funds-securities-remain-safe-3630869.html 

Exploit: Ransomware

Upstox: Stock Trading App 

Severity meter

Risk to Business: 1.755 = Severe

Popular stock trading app Upstox has alerted users of a security breach that exposed some PII for an estimated 2,500,000 customers. The company was careful to note that funds and securities were not impacted. Upstox notified users that it had received messages that claimed unauthorized access to its database along with the breach of its data and KYC details from third-party data-warehouse systems.

Severity meter

Risk to Business: 2.055 = Severe

Upstox has not been specific about the exact customer data stolen but admits that contact data and some identification details may have been exposed. The company has initiated a secure password reset via OTP (one-time password) for all accounts.

Customers Impacted: 2,500,000 customers

How it Could Affect Your Customers’ Business: Cybercrime is around every corner. It’s no longer acceptable to just survive a cyberattack – businesses have to be prepared to endure challenges and still keep going.

ID Agent to the Rescue: Is your organization ready to repel cyberattacks and keep on going? You are if you’re cyber resilient. Learn how to transform your business in “The Road to Cyber Resilience ” today. GET THIS BOOK>>


Password

Don’t miss these bad password lists & good password tips. DOWNLOAD IT>>


Guide To Risk Scores

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.


Added intelligence

Go Inside the Ink to Get the Inside Scoop on Cybercrime


Are you up to date on the latest news that can impact your business and your customers? Here’s a recap:


Phish Files

Learn the Secret of How Cybercriminals Trick You Into Falling for Phishing Messages!

Read Phish Files Now>>


Resource spotlight

It’s Supply Chain Integrity Month – Are Your Clients Protected?


The tide of supply chain risk is rising for every business. It pays to be ready for today’s risk and in a strong position to prevent tomorrow’s threats from becoming successful cyberattacks.

Go inside third-party and supply chain risk (TPR/SCR) scenarios in our essential guide Breaking Up with Third-Party and Supply Chain Risk to learn more about how this danger keeps growing for businesses and things that you and your clients can do right now to mitigate it. This 2021 publication includes fresh TPR/SCR statistics! GET THIS BOOK>>

Are your clients agile enough to keep operating in adverse conditions when unexpected cybersecurity incidents arrive at their door through third-party and supply chain enabled attacks? Building cyber resilience is key to powering through challenges, and our eBook "The Road to Cyber Resilience "can help. GET THIS BOOK>>

 

Featured briefing

Secure Your Clients Against Third Party/Supply Chain Risk Fast


CISA has declared April National Supply Chain Integrity Month. But you don’t have to be a US-based business to benefit from this helpful reminder! No business is an island and third-party/supply chain risk is snowballing for every organization. As a flood of records stolen in data breaches continues to fuel cybercrime from the dark web, your clients are at an increased risk for BEC, ransomware, spear phishing, impersonation scams and so much more. This problem isn’t going away anytime soon. In fact, expect it to continue getting worse. You’ll want to review your clients’ security posture against third-party and supply chain risk today (TPR/SCR) – and we’re here to help you address vulnerabilities fast!


Cyber resilience

Don’t let cyber attacks put the brakes on your business. Stay agile and keep your engine running under any conditions. Start your journey on "The Road to Cyber Resilience" now! DOWNLOAD THIS PACKAGE>>


Almost Every Business Experienced a TPR/SCR Risk in 2020

In an increasingly interconnected world, companies are more intertwined than ever before. MasterCard’s Risk Recon unit reported on the proliferation of risk factors that businesses face today in The State of Third-Party Risk. Their survey respondents said that when it came to the necessity of checking vendors for cybersecurity risks, one-third assessed fewer than 25 vendors annually, another third checked between 25 and 100, and the last third dealt with more than 100 vendors. About 5% of respondents were in charge of assessing more than 750 vendors per year! Even a highly reputable major vendor like Microsoft could saddle businesses with an unexpected vulnerability.

Just because they’ve reached out to assess cybersecurity procedures and policies at a potential third party or supply chain connection, that doesn’t mean that the connection is safe. While 81% of respondents claimed that 3/4 of their vendors pass their security questionnaires, only 14% of those surveyed trust those responses. 31% of respondents stated that they have vendors they considered to be a material risk in the event of a data breach. That tracks with other industry data indicating that an astonishing 98% of monitored organizations clocked a threat from a supplier domain in 2020.



More Dark Web Data = More TPR/SCR

Why are organizations facing more relationship risk than ever before? An enormous amount of data hit the dark web last year, including an estimated 22 million new records. Experts already estimated that 65% of the information on the dark web at the start of 2020 could harm businesses. Those new records and other scraped or stolen information provide abundant fresh fuel for cybercrime, increasing everyone’s risk. Threats from suppliers’ jacked domains are also a huge problem. Cybercriminals piggybacking on legitimate business domains has increased risk in every sector. About 74% of those threats are phishing attempts or impostor schemes, and almost 30% were malware-related.

Newly ascendant supply chain and third-party risks have had a profound impact on business security. When looking at the fallout, another survey reported that 80% of respondents had suffered at least one breach via the supply chain, a majority had suffered at least two breaches and one in ten had suffered more than six. The manufacturing sector was especially beleaguered, with 57% of survey respondents saying they have suffered breaches related to supply chain exposure in the past 12 months. Visibility is a major concern – 29% of the executives said they had no way of knowing if a risk was spawned at a vendor until it became a cyberattack on their business.


Peephole

Inspect your defenses to find vulnerabilities before the bad guys do with our Cybersecurity Risk Protection Checklist GET IT>>


Mitigating This Risk Isn’t Impossible

TPR/SCR may be growing, but there’s no reason why your clients can’t gain some peace of mind against it when you guide them into taking a few practical, affordable steps to minimize their exposure and keep their data safe. The best part is that not only will these moves protect them from TPR/SCR, they’ll also gain additional protection against other cyberattacks that they might be faced with, increasing their overall cyber resilience.

Password Compromise

This huge pitfall is one of the top ways that companies gain risk exposure through the supply chain because password reuse is endemic and at least 65% of people reuse passwords across the board, including for business or enterprise accounts. But two solutions are strong defenders in the fight against password compromise risk from these sources.

  • Multifactor authentication stops 99% of password-based cybercrime including an employee’s often-recycled password, and it’s just one of the many tools that boost security through Passly.
  • Dark web monitoring with Dark Web ID gives IT teams crucial time to respond if a company’s passwords hit dark web markets or dumps no matter where they’re snatched from enabling companies to react before the bad guys do.

Spear Phishing & Ransomware

Exponential growth in phishing risk has put every business solidly in cybercriminal sights. Bad actors are using the data gleaned from breaches at service providers, manufacturers, wholesale suppliers, transportation companies, business services firms, and more to mount phishing-based cyberattacks on companies in every industry.

  • Reduce the chance of a phishing attack from harming a business by up to 70% with security awareness and phishing resistance training through BullPhish ID
  • Repeat that training at least quarterly using preloaded phishing simulation kits or customize the content to reflect industry-specific dangers including attachments and URLs

Securing your clients against the escalating risk that comes from third parties or the supply chain immediately is crucial – 72% of compliance leaders expect the number of TPR/SCR risk that companies face to increase in 2021. By acting now to take sensible precautions, you and your clients can feel confident that you’re insulated against this growing threat vector. Contact the experts at ID Agent to find the perfect combination of solutions to defeat this risk.

 

Bullphish ID

See the NEW BullPhish ID: unbeatable value, now updated & upgraded! SEE THE WEBINAR>>


Events and Webinars

Third-Party Risk Brings Danger to Your Door Daily


Even if you’re making all the right cybersecurity moves, can you be certain that every organization that your business has a relationship with is doing the same thing? 98% of organizations have had a threat arrive at their doorstep because of a data breach or security incident a third party or supply chain source in the last 12 months – and that’s a vector for incoming cyberattacks that you may not even know about.

Third-party and supply chain risk can come from any vendor or service provider that you do business with. Are you outsourcing file transfers or information storage? That’s how more than a dozen universities were hacked using information gained in a breach at transference and collaboration specialist Accellion. Using specialized software for fundraising? Hundreds of leading charitable organizations and trusts were too – and many of them were hacked because of a data breach at software provider BlackBaud.

No business can exist without others. Any organization that has information about your business could be putting your systems and data at risk. As the world becomes more interconnected and cloud-based, that risk is growing every year. New cyberattacks fueled by dark web data are adding to that risk too. At the start of 2020, an estimated 65% of the information already on the dark web could harm businesses, and 22 million more new records were added by the end of that year.

Reduce your company’s chance of damage from a third party or supply chain-based attack by taking a few simple precautions. Add multifactor authentication to every account – Microsoft says that it stops 99% of password-based attacks. Increase phishing resistance training too. Much of the data that bad actors gain is used for spear phishing. Dark web monitoring helps reduce risk too by alerting you if any of your company’s protected credentials are exposed.

How about some good news? By following these tips, you’re not just increasing your company’s protection against third party and supply chain risk. You’re also boosting your organization’s overall cybersecurity posture against many other damaging risks like ransomware and account takeover as well as increasing your cyber resilience – and that delivers you some much-needed peace of mind.

DTS is very good at cybersecurity solutions for small businesses.

Seriously, we are, and we can prove it. We like being heroes!

We also know how intimidating technology can be, we make a living helping business owners and managers just like you who have questions about all things technology, and that includes cybersecurity.

Most small businesses do not have the technical resources or time to understand all this geek stuff. If this describes you, let us help you.

If you would like more information about cybersecurity as a service give us a call, we’re always happy to chat, and the call is free, every time you call!

Return to the Learning Center

Dedicated to your success,

Wally Moore

Business Development Manager

dts|infotech . . . secure computer networks that work

503.359.1275

www.dtsinfotech.com

GET HELP NOW