THE WEEK IN BREACH: 05/06/20 – 05/12/20

by Wally Moore

on May 13, 2020

in Data Breach

The Week In Breach 5/6/2020 to 5/12/2020

DTS InfoTech is a hard-working Trusted Advisor for any business that has questions about computers, computer networks, and technology. One way to earn the title of Trusted Advisor is to provide FREE practical education in the technology field for visitors to our website.

Cybersecurity has become a matter of business life and death for computer and technology users of all types. With your security in mind, we are sharing Data Breach Examples in weekly posts entitled “The Week In Breach” from our friends at ID Agent.

ID Agent provides a comprehensive set of threat intelligence and identity monitoring solutions to private and public sector organizations and millions of individuals impacted by cyber incidents.

Read this short article and learn about cybersecurity and Data Breach examples from the experts in the field. The life of your business may depend upon it.

May 13th, 2020 by Kevin Lancaster

This week, the hits just keep coming for GoDaddy and the Toll Group, cybercriminals haven’t given up on targeting healthcare, and consumers are more ready than ever to walk away from companies that experience a data breach. 

Dark Web ID Trends:

  • Top Source Hits: ID Theft Forums
  • Top Compromise Type: Domain
  • Top Industry: Education & Research
  • Top Employee Count: 11-50

United States – Management and Network Service, LLC.

https://enterprisetalk.com/news/management-and-network-services-llc-notifies-patients-of-data-security-incident/

Exploit: Phishing scam  

Management and Network Services, LLC.: Managed care provider 

Severity Meter

Risk to Small Business: 1.479 = Extreme
Hackers accessed several employee email accounts containing patients’ personally identifiable information (PII) and protected health information (PHI). The breach, which occurred between April and July of 2019, wasn’t discovered until August 21, 2019. Although they haven’t detected data misuse, this extended duration could make it more difficult for victims to recover. In response, the company is updating its email security practices and implementing two-factor authentication to prevent a future incident.  

Severity Meter

Individual Risk: 1.716 = Severe
Patients’ personal information was compromised in the breach. This includes names, medical treatment information, diagnosis and medical details, insurance credentials, dates of birth, and Social Security numbers. In some cases, the breach also exposed driver’s license numbers, state identification card numbers, and financial details. Those impacted by the breach should immediately notify their financial institutions of the event while taking steps to ensure that their data isn’t used in other nefarious ways.    

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Cybercriminals are capitalizing on the chaos of COVID-19 to send millions of phishing scams each day. Even one malicious message can have cascading consequences for your business, making employee awareness training a top priority for companies looking to keep their data secure. 

ID Agent to the Rescue: BullPhish ID simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime. Click the link to get started: https://www.idagent.com/bullphish-id.  

United States – GoDaddy

https://www.zdnet.com/google-amp/article/godaddy-reports-data-breach-involving-ssh-access-on-hosting-accounts/

Exploit:  Unauthorized database access

GoDaddy: Domain service provider

Severity Meter

Risk to Small Business: 1.805 = Severe
GoDaddy has reported an October data breach to California authorities after it identified an unauthorized individual operating within their platform. Although the company believes that files were not altered or modified, the company was forced to reset user account passwords and to provide a free year of its website security and malware service. It’s possible that the intruder is related to an earlier cybersecurity incident stemming from an employee who engaged with a phishing scam. The hosting platform often touts its small business services, and these organizations will now have to decide if a platform with multiple cybersecurity lapses is the best place for their digital services to reside.  

Individual Risk: GoDaddy asserts that personal data was not compromised in this breach, but customers should carefully monitor their accounts for possible misuse.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: This incident highlights the growing cybersecurity threat posed by third-party partnerships, which SMBs often rely on to power their platforms and services. To protect account security, even in the event of a third-party cybersecurity incident, companies should enact simple but effective data security standards, like enabling two-factor authentication and requiring employees to use strong, unique passwords on all accounts.

ID Agent to the Rescue: Passly protects your data and business systems without breaking the bank. This integrated, all-in-one secure identity and access management solution includes multi-factor authentication, single sign-on, and secure shared password vaults. Find out more at https://www.idagent.com/passly

United States – Storenvy 

https://www.hackread.com/e-commerce-firm-storenvy-hacked-accounts-leaked/

Exploit: Unauthorized database access

Storenvy: Online retailer 

Severity Meter

Risk to Small Business: 2.281 = Severe
Hackers gained access to a company database containing customer information. This database was subsequently downloaded and posted online as a free resource. Making matters worse, the database contained plain-text passwords and other personal data that can quickly be used by bad actors to execute cybercrimes ranging from spear phishing scams to malware attacks. This is the company’s second data breach in two years, undermining its credibility at a critical time. Online shopping is experiencing a boon because of the COVID-19 pandemic, but customers are increasingly unwilling to do business with platforms that can’t protect their information.

Severity Meter

Individual Risk: 2.779 = Moderate
The compromised data includes shoppers’ account passwords, order details, and payment methods. However, shipping and card information were not impacted. Victims should immediately update their account passwords, and they need to be mindful that the compromised data could be used against them in future cyberattacks.  

Customers Impacted: 1,500,000

How it Could Affect Your Customers’ Business: Both now and in the future, online retail is becoming the preferred shopping experience. This is a significant opportunity for many companies, enabling them to reach a bigger and broader audience than ever before. Unfortunately, for companies that can’t protect their platforms, many customers will take their business elsewhere.

ID Agent to the Rescue: We go into the Dark Web to keep you out of it. Dark Web ID is the leading Dark Web monitoring platform in the channel. The award-winning platform combines human and sophisticated Dark Web intelligence with search capabilities to identify, analyze, and proactively monitor for an organization’s compromised or stolen employee and customer data. Schedule a demo today: https://www.idagent.com/dark-web/#contact.

Canada – York University

https://www.cbc.ca/amp/1.5555106

Exploit: Malware attack

York University: Academic institution

Severity Meter

Risk to Small Business: 2.670 = Moderate
A cyberattack corrupted several of York University’s servers and workstations, forcing the school to take its remaining network offline to stop the spread. As a result, students and staff were unable to access remote learning applications and other digital resources. In addition, students who are upset by a lack of communication from the university are complaining to the media, inviting brand erosion and other long-term consequences.    

Individual Risk: At this time, there is no evidence that personal information was compromised in the breach. However, users should carefully monitor their accounts and credentials for misuse or abuse.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: As many organizations move their operations online, testing the integrity of IT infrastructure is a critical component of ensuring a smooth transition. Of course, cybersecurity isn’t just a matter of convenience. In today’s regulatory environment, the risks of remote work make compliance a critical issue during this unprecedented time.

ID Agent to the Rescue: With Compliance Manager, any company can automate data privacy standards and documentation responsibilities, making compliance a simple, intuitive process for everyone. Click the link to get started today: https://www.idagent.com/compliance-manager.  

France – Tarkett

https://in.reuters.com/article/tarkett-cyber/french-company-tarkett-hit-by-cyberattack-shares-fall-idINKBN22G0KR?&web_view=true

Exploit: Ransomware 

Tarkett: Floor and wall covering producer  

gauge indicating severe risk

Risk to Small Business: 2.117 = Severe
A cyberattack has disrupted Tarkett’s operations, causing its shares to plummet. The attack, which occurred on April 29th, forced the company to disable its information technology systems and to implement other defensive measures to protect employee, company, and customer data. In response, the company has hired a third-party cybersecurity team to restore operations, but the expense triumvirate, including recovery, reputation, and share costs, could be significant.    

Individual Risk: At this time, no personal information was compromised in the breach.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Tarkett has hired cybersecurity experts and has notified its cyber-insurance provider, but these measures won’t make their problems go away. Shareholders are recognizing the immense negative impact of a ransomware attack and bailing on the company, which has a long, arduous recovery ahead. Rather than waiting to respond to an attack, this incident, and hundreds like it, should encourage every organization to re-examine their defensive capabilities with this threat in mind.

Germany – Fresenius 

https://krebsonsecurity.com/2020/05/europes-largest-private-hospital-operator-fresenius-hit-by-ransomware/

Exploit: Ransomware 

Fresenius: Private Hospital operator

Severity Meter

Risk to Small Business: 1.751 = Severe
A ransomware attack has disrupted many of the company’s operations. Although patient care continues, this attack is especially problematic as the healthcare provider is playing a crucial role in the COVID-19 pandemic with a deluge of patients presenting with the virus. The incident is emblematic of a broad uptick in healthcare-related cyberattacks, and it serves as a reminder that, in 2020, quality patient care includes comprehensive cyber-readiness. 

Individual Risk: At this time, no personal information was compromised in the breach.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware attacks are a persistent and expensive threat to every organization. Ensuring that your defensive posture is equipped to handle this problem is critical to thriving in our current digital environment.

ID Agent to the Rescue: With BullPhish ID, we can provide a more complete picture of a company’s security posture and potential risk, transforming the weakest links of your organization into your strongest points of protection. Find out how you can get started with us here: https://www.idagent.com/bullphish-id

Australia – Home Affairs

https://www.infosecurity-magazine.com/news/breach-exposes-data-of-774k/

Exploit: Unsecured database

Home Affairs: Australia’s employment department

Severity Meter

Risk to Small Business: 2.157 = Severe
An unsecured database exposed the information for hundreds of thousands of users who uploaded their information to a department form for skilled workers looking to migrate to Australia. The breach compromised peoples’ personally identifiable information for an at-risk population. The breach is especially untimely because the Australian government is asking people to trust its cybersecurity and data privacy acumen by downloading a COVID-19 tracing app that relies on peoples’ sensitive personal data. It’s a reminder that brand reputation and cybersecurity are inextricably linked, and companies that care about the former will prioritize the latter.  

Severity Meter

Individual Risk: 2.285 = Severe
The exposed database included users’ partial names, ADUserIDs, age, country of birth, marital status, and desired application outcomes. It applies to applicants as far back as 2014, and it could be used to execute additional cybercrimes or instances of fraud. Those impacted by the breach should carefully scrutinize incoming messages while also being aware that their data could quickly spread on the Dark Web where cybercriminals use that information for a variety of malicious purposes.   

Customers Impacted: 774,326

How it Could Affect Your Customers’ Business: This week, the Australian government is asking citizens to download the CovidSafe app, a contact tracing app that can help deter the spread of the novel Coronavirus. Unfortunately, as we detail at the end of the newsletter, consumers are increasingly unwilling to work with platforms that can’t protect data. In this case, preserving consumer trust may be an actual matter of life or death, and, for many organizations, their survival in today’s digital landscape is likely predicated on their ability to protect their data.

ID Agent to the Rescue: Dark Web ID monitors the Dark Web to find out if your employee or customer data has been compromised. We work with you to strengthen your security suite by offering industry-leading detection. Discover more at https://www.idagent.com/dark-web/.  

Australia – Toll Group 

https://www.securitymagazine.com/articles/92334-toll-group-suffers-ransomware-attack-again

Exploit: Ransomware

Toll Group: Transportation and logistics company

Severity Meter

Risk to Small Business: 2.105 = Severe
After recovering from a ransomware attack in early 2020, Toll Group has once again been victimized by bad actors. This attack exploited vulnerabilities in a Remote Desktop Protocol to infect the company’s network. To prevent the malware’s spread, Toll Group brought many of its servers offline, compounding the cost by curtailing productivity during an already precarious time.  

Individual Risk: At this time, no personal information was compromised in the breach.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: COVID-19 is reorienting our business practices. Most notably, many employees are now working remotely, which opens organizations up to a litany of cybersecurity threats. Bad actors are exploiting those vulnerabilities, which means that organizations intending to thrive throughout this time will need to account for those risks as part of their evolving defensive posture.

Risk Levels:

1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk

Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.

In Other News

Our Bigger, Better Blog is Buzzworthy

Have you been reading our blog? We’ve revamped it to offer more news, problem-solving advice, and expert analysis of today’s threats, plus fresh cybersecurity insight that helps you plan for tomorrow. 

Catch up on what you need to know now:

Watch our new free webinar for an inside look at the real cybercrime market on the Dark Web!

Don’t fall for tall tales, get the facts! Learn the truth about the Dark Web economy from experts in our newest must-see webinar, plus get a free PowerPoint slide deck to explain what you’ve learned to your customers.

DOWNLOAD “Unveiling Cybercrime Markets on the Dark Web”  NOW

Consumers Seek New Options After a Cyberattack

While many organizations are focused on the bottom line during the COVID-19 downturn, cyber-readiness must be considered as a critical piece of the puzzle. According to a recent consumer survey, today’s customers are placing a high priority on cybersecurity, often requiring it as a prerequisite for doing business.

For instance, 90% of those surveyed consider a company’s trustworthiness when deciding to purchase a product, and nearly 60% indicated that they would avoid doing business with a company that experienced a cyberattack in the past year. 

When cyberattacks cause a service disruption, 37% of survey participants indicated that they would switch to a competitor, and 66% were prepared to leave if operations weren’t restored within three days. The survey results were especially problematic for financial service providers and communications products, two industries that consumers are readily prepared to abandon in the event of a cybersecurity incident. 

The global survey that included shoppers in North America, the United Kingdom, France, and Germany found that consumers overwhelmingly feel that businesses aren’t doing enough to protect their information.

80% of respondents noted that they shared negative ransomware-related brand experiences with family, friends, or colleagues, accelerating brand erosion and piling on to the long-lasting implications of a cyberattack. For companies navigating an already harsh business environment, it’s clear that customer retention may be contingent on their ability to defend their networks from an ever-evolving threat landscape.

https://www.helpnetsecurity.com/2020/05/04/ransomware-related-service-disruption/

DTS is very good at cybersecurity solutions for small businesses.

Seriously, we are, and we can prove it. We like being heroes!

We also know how intimidating technology can be, we make a living helping business owners and managers just like you who have questions about all things technology, and that includes cybersecurity.

Most small businesses do not have the technical resources or time to understand all this geek stuff. If this describes you, let us help you.

If you would like more information about cybersecurity as a service give us a call, we’re always happy to chat, and the call is FREE, every time you call!

Return to the Learning Center

Dedicated to your success,

Wally Moore

Business Development Manager

dts|infotech . . . secure computer networks that work

503.359.1275

www.dtsinfotech.com

GET HELP NOW