The Week In Breach 05/20/20 - 05/26/20

by Wally Moore

on May 27, 2020

in Data Breach

The Week In Breach 5_25_20DTS InfoTech is a hard-working Trusted Advisor for any business that has questions about computers, computer networks, and technology. One way to earn the title of Trusted Advisor is to provide FREE practical education in the technology field for visitors to our website.

Cybersecurity has become a matter of business life and death for computer and technology users of all types. With your security in mind, we are sharing Data Breach Examples in weekly posts entitled “The Week In Breach” from our friends at ID Agent.

ID Agent provides a comprehensive set of threat intelligence and identity monitoring solutions to private and public sector organizations and millions of individuals impacted by cyber incidents.

Read this short article and learn about cybersecurity and Data Breach examples from the experts in the field. The life of your business may depend upon it.

May 27th, 2020 by Kevin Lancaster

This week, accidental data exposure erodes brand reputation, ransomware disrupts operations, and insurers increase their scrutiny of cybersecurity policies. 

Dark Web ID Trends:

  • Top Source Hits: ID Theft Forums
  • Top Compromise Type: Domain
  • Top Industry: High-Tech & IT
  • Top Employee Count: 11 – 50

United States – Edison Mail 

https://threatpost.com/edison-mail-ios-bug-exposes-emails-to-strangers/155814/

Exploit: Coding error

Edison Mail: Email application 

Severity Meter

Risk to Small Business: 2.171 = Severe
A coding error in Edison Mail’s popular iOS app allowed messages to be viewed by other users. The update was released on Friday, May 15th, and the company claims that it was repaired by the end of the weekend. However, for an app that touts its advanced security features, this oversight undermines one of its primary selling points. What’s more, three days is an eternity in the cybersecurity space, giving bad actors ample time to take advantage of this vulnerability. Users, incensed by the oversight, aggressively criticized the platform on social media, adding a PR component to an already-arduous recovery process. 

Severity Meter

Individual Risk: 2.602 = Moderate
The app’s flaw only applies to iOS users who downloaded the update on May 15th. Many victims noted that they could read up to 100 emails from accounts that didn’t belong to them, potentially compromising anything in those messages. Those impacted by the breach should carefully monitor their accounts for misuse, and they should consider enrolling in credit and identity monitoring programs to help secure their information if it falls into the wrong hands.  

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: After years of seemingly endless cybersecurity incidents, many consumers are finally fed up with companies that can’t protect their privacy. As many users commented on social media, this event undermined their trust in the application, which could prompt them to turn to a competitor for a more compelling platform. In this way, cybersecurity can be considered a bottom-line differentiator that can make or break companies in the digital economy. 

United States – Home Chef 

https://www.bleepingcomputer.com/news/security/home-chef-announces-data-breach-after-hacker-sells-8m-user-records/

Exploit: Unauthorized database access 

Home Chef: Meal kit & food delivery company 

Severity Meter

Risk to Small Business: 1.790 = Severe
Hackers obtained a database containing customer data, and sold the information on the Dark Web. The database, which was lifted in a data breach in early May, was available for just $2,500, and it contains the personal data for more than 8 million customers. This incident will further stigmatize Home Chef, which is still grappling with the cybersecurity implications of the previous breach.  

Severity Meter

Individual Risk: 1.980 = Severe
The database stored customer details, including email addresses, encrypted passwords, partial credit card information, genders, ages, and subscription information. Victims should immediately update their Home Chef account passwords and any other platform credentials using the compromised data. In addition, they should carefully monitor their online accounts for instances of fraud or misuse. 

Customers Impacted: 8,000,000

How it Could Affect Your Customers’ Business: Customers’ personal data is a valuable commodity, and there is an army of ready buyers on the Dark Web. In response, every company needs to know when their company or client data is being circulated in this nefarious environment, potentially giving them an opportunity to respond before bad actors can capitalize on its availability. 

ID Agent to the Rescue: We go into the Dark Web to keep you out of it. Dark Web ID is the leading Dark Web monitoring platform available. The award-winning platform combines human and sophisticated Dark Web intelligence with search capabilities to identify, analyze, and proactively monitor for an organization’s compromised or stolen employee and customer data. Schedule a demo today: https://www.idagent.com/dark-web/#contact

United States – Wishbone

https://www.zdnet.com/article/hacker-selling-40-million-user-records-from-popular-wishbone-app/?&web_view=true

Exploit: Unauthorized database access

Wishbone: Poll & Comparison App

Severity Meter

Risk to Small Business: 1.562 = Severe
A company database was stolen by hackers, who then released the data in full on the Dark Web. The information was captured as part of a cybersecurity incident that occurred in January 2020, and it’s unclear why it took Wishbone more than five months to identify the incident. This is the second cybersecurity incident for the perennially popular company. Now, consumers are much less forgiving. In addition, today’s regulatory environment is significantly more critical of companies’ cybersecurity stance, which could contribute to a multifaceted problem for the platform moving forward.

Severity Meter

Individual Risk: 1.670 = Severe
Users’ personal data was exposed in the breach. This includes usernames, email addresses, phone numbers, hashed passwords, and profile pictures. This information is easily obtained on the Dark Web, and everyone impacted should immediately update their account passwords and take steps to secure their personal details. Since this information can quickly be redeployed in a spear phishing campaign, victims need to be especially vigilant about monitoring the veracity of incoming messages.

Customers Impacted: 40,000,000

How it Could Affect Your Customers’ Business: Consumers and data privacy regulators are increasingly critical of companies that fail to protect customer data. Moving forward, it’s evident that data security will be a bottom-line issue for many companies, as they will rely on their defensive capabilities to bolster consumer sentiment and to ward off regulators, both of whom are ready to hold businesses accountable for privacy violations.

ID Agent to the Rescue: Dark Web ID is the leading Dark Web monitoring platform for a reason. Our award-winning platform combines human and sophisticated Dark Web intelligence to identify, analyze, and proactively monitor the Dark Web for your organization’s compromised or stolen employee and customer data. Schedule a demo today: https://www.idagent.com/dark-web/#contact.

United States – Mathway

https://www.bleepingcomputer.com/news/security/mathway-investigates-data-breach-after-25m-records-sold-on-dark-web/

Exploit: Unauthorized database access 

Mathway: Online tutoring and mathematics education platform

severity meter

Risk to Small Business: 1.807 = Severe
Hackers accessed a company database and made it available for sale on the Dark Web. The breach was first detected by cybersecurity researchers when the platform’s data was available for private purchase. Now, it’s widely available to bad actors for $4,000. The incident is especially untimely, as students and teachers turn to online platforms to supplement learning opportunities while schools operate remotely. It could impact the platform’s ability to capitalize on this prominent moment for ed-tech services.   

Severity Meter

Individual Risk: 1.780 = Severe
While Mathway is unable to detail specific data sets compromised in the breach, they acknowledged that users’ account credentials were exposed. Consequently, all users should reset their account passwords and continue to monitor their accounts for instances of fraud. As the company provides more specific details, users should continue to adjust their response accordingly. 

Customers Impacted: 25,000,000

How it Could Affect Your Customers’ Business: There are millions of account credentials available on the Dark Web, and businesses that are serious about securing their data will put an additional layer of protection between login credentials and IT infrastructure. Taking simple steps, like adding Dark Web monitoring to a company’s cybersecurity plan, can help companies keep their data secure even when passwords are compromised. 

ID Agent to the Rescue:  Let us search the Dark Web so you don’t have to. Dark Web ID is the top solution because it works, using human and machine intelligence to monitor the Dark Web for your business information and passwords 24/7/365, giving you peace of mind that fits your business and your bottom line. https://www.idagent.com/dark-web-id-enterprise

Cyprus – Covve

https://portswigger.net/daily-swig/covve-revealed-as-source-of-data-breach-impacting-23m-individuals

Exploit: Unauthorized database access  

Covve: Address book app

Severity Meter

Risk to Small Business: 2.208 = Severe
A cybersecurity researcher identified an unsecured database containing millions of customers’ personal data. The database was first discovered in February, but the breach wasn’t linked to Covve until May 15th. It took the company several days to identify the scope of the incident before notifying customers. Although the company notes that the breach contains “mostly scrapable data from public sources,” it will undoubtedly have meaningful customer satisfaction and public relations blowback for the company.  

Severity Meter

Individual Risk: 2.702 = Moderate
The exposed database includes some users’ names, job titles, email addresses, phone numbers, and physical addresses. Covve notes that account details, including login credentials, remain secure, but this information can be repurposed for numerous identity and financial crimes. Those impacted by the breach should enroll in an identity monitoring service to ensure the long-term integrity of their information, and they need to carefully vet their incoming messages to identify potential spear phishing messages.  

Customers Impacted: 23,000,000 

How it Could Affect Your Customers’ Business: Today’s companies are constantly under siege from bad actors, making an accidental, avoidable data breach especially problematic. Given the numerous ways that company or customer data can make its way into the wrong hands, every company needs advanced notification when their information could be compromised.

ID Agent to the Rescue: Dark Web ID monitors the Dark Web to find out if your employee or customer data has been compromised. We work with you to strengthen your security suite by offering industry-leading detection. Discover more at https://www.idagent.com/dark-web/.

United Kingdom – EasyJet

https://www.dailystar.co.uk/news/latest-news/breaking-easyjet-hacked-9m-customers-22050964

Exploit: Unauthorized database access 

EasyJet: Airline 

Severity Meter

Risk to Small Business: 1.809 = Severe
Hackers accessed EasyJet’s network, compromising customer details and exposing them to potential cybersecurity risks. The company took quick action to secure compromised IT, but the breach will still have costly implications for the company, which now has a triumvirate of responsibilities, including repairing IT vulnerabilities, restoring customer trust, and addressing regulatory scrutiny. The timing couldn’t be worse, as the airline industry, like many sectors, has been severely degraded by the COVID-19 pandemic, making this breach especially problematic for the company.  

Severity Meter

Individual Risk: 2.191 = Severe
Customers’ personally identifiable information was exposed in the breach. This includes usernames, passwords, credit card numbers, and passport credentials. The company encourages customers to carefully monitor incoming communications, as this information is often used to craft convincing-looking spear phishing campaigns. In addition, customers should consider enrolling in a credit or identity monitoring service to help ensure their information’s security even after the immediate crisis subsides.

Customers Impacted: 9,000,000

How it Could Affect Your Customers’ Business: As many companies begin turning their attention to post-COVID-19 recovery strategies, the growing number of cybersecurity risks threaten to undermine these efforts. Companies looking to thrive after the crisis need to address these risks that stand in opposition to data security and many organizations’ viability.

ID Agent to the Rescue: Designed to protect against human error, Bullphish ID simulates phishing attacks and manages security awareness training campaigns to educate employees, making them the best defense against cybercrime. Training including video is now available in 8 languages! Learn more here: https://www.idagent.com/bullphish-id

Australia – BlueScope Steel 

https://www.cisomag.com/bluescope-cyber-incident/

Exploit: Ransomware 

BlueScope Steel: Steel manufacturer

Severity Meter

Risk to Small Business: 1.702 = Severe
A cybersecurity incident at the steel producer has disrupted operations at the company’s Australia-based facilities. In response, the company shuttered parts of its digital operations, reverting to manual operations whenever possible. BlueScope Steel expects its capabilities to be diminished as it works to recover from this disruptive cyberattack.

Individual Risk: At this time, no personal data was compromised in the breach.  

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware attacks are a uniquely expensive cyber threat. Not only do they force companies to pay high recovery costs, but the productivity loss and opportunity costs compound the problem. These attacks are not inevitable. Companies can defend against these attacks by ensuring that their digital environment doesn’t offer a foothold to bad actors.

Australia – The Toll Group 

https://www.zdnet.com/article/tolls-stolen-data-finds-itself-on-the-dark-web/

Exploit: Ransomware 

The Toll Group: Transportation and logistics company

Severity Meter

Risk to Small Business: 1.205 = Extreme
The cascading consequences of a January cybersecurity incident are becoming increasingly apparent for The Toll Group. Earlier this month, the logistics company suffered a ransomware attack predicated on this earlier network compromise. The incident included data exfiltration. That information has now been shared and sold on the Dark Web, complicating an already arduous recovery process for the company and its customers. This incident is a reminder that cybercriminals are no longer content to encrypt networks in hopes of a financial windfall. They are willing to steal and sell company data to ensure that they earn a return on their efforts. 

Severity Meter

Individual Risk: 1.407 = Severe
The compromised server contains personal information for many past and present employees. While the company didn’t identify the specific data points, employees should assume the worst and take precautionary measures to secure their personal and financial information. This includes monitoring accounts for suspicious activity and enrolling in credit and identity monitoring services to oversee their personal information 

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: This incident highlights a troubling trend in ransomware. Criminals are exfiltrating data before encrypting company networks, creating multifaceted income streams that make their work more lucrative, and, consequently, more advantageous. However, ransomware attacks are not inevitable, and companies can defend their networks and data by ensuring that their accounts are secure and their network is protected against bad actors. 

ID Agent to the Rescue: BullPhish ID simulates phishing attacks, including new COVID-19 phishing kits, and conducts security awareness training campaigns including video to educate your employees, making them the best defense against cybercrime – and training is available in 8 languages. Click the link to get started: https://www.idagent.com/bullphish-id.  

Risk Levels:

1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk

Risk scores are calculated using a formula that considers a wide range of factors related to the assessed breach.

Go Inside the Cybersecurity Landscape When You Read Inside the Ink

Get expert news and analysis of the current breach landscape as you learn how to mitigate the risks you face today and prepare for the threats of tomorrow in our blog Inside the Ink

Catch up on what you need to know now:

Verizon’s 2020 Data Breach Investigations Report Narrows Down the Threat Landscape

Cybersecurity is a known threat that can be hard for non-tech folks to understand and can be seen as too broad to truly prioritize. Giving solid, actionable information about the nature and frequency of today’s threats is helpful when illustrating why cybersecurity matters. Verizon’s 2020 Data Breach Investigations Report shows that threats continue to grow and lays out a few facts that make it easier to quantify the importance of strong security, especially when supporting a remote workforce

More than two-thirds of all data breaches are attributable to just three factors: credential theft, social engineering attacks like phishing scams, and human error.

Insider threats are a constant problem in the breach landscape, and that hasn’t changed.  While we usually think of threats as coming from outside an organization, malicious insider threats are incredibly devastating and need to be a major concern. 

The listed attack methodologies comprise the most likely vulnerabilities, allowing businesses to respond with more pinpoint precision. Cybersecurity tools are becoming more effective at blocking common malware strains, with human error overtaking malware this time. Some of it still gets through,  though especially as part of a phishing attack. 

Watch 10-minute demo videos of how ID Agent’s solutions like BullPhish ID and Dark Web ID can help you secure your data and your remote workforce quickly without breaking the bank!

The threat of phishing attacks has never been higher, making updated training and testing essential. Although technology has become more successful at filtering phishing scams, many continue to make their way to employees’ inboxes, which is why the report called for businesses to implement security awareness training programs to combat these attacks.  BullPhish ID contains phishing training materials in 8 languages including COVID-19 phishing kits.

While today’s threat landscape is ominous and expansive, Verizon’s latest report makes it clear that businesses can make significant improvements to their defensive posture by prioritizing the most prescient risks in a comprehensive digital risk protection strategy.  

https://www.itworldcanada.com/article/three-factors-involved-in-the-bulk-of-data-breaches-verizon/430915

A Note for Our Customers

Cyber Insurers Increase Scrutiny of COVID-19 Claims As the Pandemic Increases Their Submission 

Businesses hoping to rely on cybersecurity insurance coverage to offset the cost of a data breach may have a more difficult time recouping their losses. According to reporting by The Wall Street Journal, insurers are becoming increasingly critical of cybersecurity-related claims. Specifically, companies are adding questions to surveys used to calculate premiums and assess damages.

Download your FREE Remote Work Cybersecurity Toolkit now to get our “6 Risks to Mitigate to Quickly Secure a Remote Workforce” eBook and checklist.   

In some ways, this change is the result of a rapid shift to remote work. As we’ve covered extensively, remote work comes with many cybersecurity risks, and insurers are hedging their bets, assuming that they could incur an influx of claims as companies fail to grapple with the ramifications of remote work. For businesses, this is a reminder that they shouldn’t rely on cyber insurance to bail them out if they have a cybersecurity incident. Instead, they should invest in the tools that can prevent a cybersecurity incident in the first place.    

https://www.infosecurity-magazine.com/news/cyber-insurers-increase-scrutiny/

DTS is very good at cybersecurity solutions for small businesses. Seriously, we are, and we can prove it. We like being heroes!

We also know how intimidating technology can be, we make a living helping business owners and managers just like you who have questions about all things technology, and that includes cybersecurity.

Most small businesses do not have the technical resources or time to understand all this geek stuff. If this describes you, let us help you.

If you would like more information about cybersecurity as a service give us a call, we’re always happy to chat, and the call is FREE, every time you call!

Return to the Learning Center

Dedicated to your success,

Wally Moore

Business Development Manager

dts|infotech . . . secure computer networks that work

503.359.1275

www.dtsinfotech.com

GET HELP NOW