The Week In Breach 09/16/2020 to 09/22/2020

by Wally Moore

on September 23, 2020

in Cybersecurity

thumbnail_Header-9.21.20

DTS InfoTech is a hard-working Trusted Advisor for any business that has questions about computers, computer networks, and technology. One way to earn the title of Trusted Advisor is to provide FREE practical education in the technology field for visitors to our website.

Cybersecurity has become a matter of business life and death for computer and technology users of all types. With your security in mind, we are sharing Data Breach Examples in weekly posts entitled “This Week In Breach” from our friends at ID Agent.

ID Agent provides a comprehensive set of threat intelligence and identity monitoring solutions to private and public sector organizations and millions of individuals impacted by cyber incidents.

Read this short article and learn about cybersecurity and Data Breach examples from the experts in the field.

The life of your business may depend upon it.

September 23rd, 2020 by Kevin Lancaster

The Week in Breach: Ransomware proves fatal in Germany as a hospital is left unable to treat a woman in distress, the fallout from the BlackBaud breach gets more serious and more expensive for the victims, and our new Ransomware 101 eBook delivers the information you need to demonstrate to your clients just how dangerous ransomware is and how you can help them reduce their risk of a ransomware disaster.

Dark Web ID’s Top Threats

  • Top Source Hits: ID Theft Forum
  • Top Compromise Type: Domain
  • Top Industry: Finance & Insurance
  • Top Employee Count: 501+

The Week in Breach – United States 

United States –  Artech Information Systems 

https://hotforsecurity.bitdefender.com/blog/us-staffing-firm-artech-keeps-silent-about-data-breach-leaves-customers-at-risk-of-fraud-and-id-theft-for-eight-months-24122.html?web_view=true

Exploit: Ransomware

Artech Information Systems: Staffing Firm  

Severity Meter

Risk to Business: 1.602 = Extreme
Artech Information Systems, one of the largest IT staffing companies in the US, just announced that they’d had a data breach exposing personal, financial, and health information of some of its clients. The company was informed by security researchers that the REvil gang advertised 337MB of stolen data in January, but Artech first sent out breach notifications at the beginning of September, despite completing its investigation at the end of June, leaving clients exposed to risk for 8 months.

Severity Meter

Individual Risk: 2.424 = Severe
The stolen files contained PII including names, Social Security numbers, medical information, health insurance information, financial information, payment card information, driver’s license/state identification numbers, government-issued identification numbers, passport numbers, visa numbers, electronic/digital signatures, usernames, and passwords. Affected clients have been notified and told to monitor their bank statements for suspicious activity and be on the lookout for fraud and identity theft. The firm is offering free credit monitoring and identity protection to all affected customers.

Customers Impacted: 10,000+

How it Could Affect Your Customers’ Business: Ransomware is a terrifying specter, but it can be ameliorated. What can’t is a failure to even tell your clients that they’re at risk for 8 months or more.

ID Agent to the Rescue: Ransomware is usually delivered as the result of a phishing attack. Graphus brings powerful automatic phishing protection to the table, featuring a smart AI that evolves with your business. LEARN MORE>>

United States – Department of Veterans Affairs

https://www.fedscoop.com/veterans-data-breach-va-hack/

Exploit: Unauthorized Access (Credential Compromise)

Department of Veterans Affairs: Federal Agency

Severity Meter

Risk to Business: 1.667 = Severe
The Department of Veterans Affairs (VA) informed affected users on Monday of a data breach that resulted in the exposure of 46,000 veterans’ personal information. The incident stemmed from unauthorized users accessing an application within the Financial Service Center (FSC) to steal payment away from community health care providers. In a statement, the VA said malicious actors used “social engineering techniques” and exploited “authentication protocols” to gain access to the system. Recent additional information that has come to light indicates that 17,000 community care providers may also have been affected.

Severity Meter

Individual Risk: 1.806 = Severe
No information has been provided about the exact nature of the compromised information. The VA has directed those who suspect that they may have been impacted to email or mail questions to the VA.

Customers Impacted: 46,000 veterans and 17,000 medical care providers

How it Could Affect Your Customers’ Business Social engineering attacks, typically in the form of password theft or phishing, can devastate a business, especially if it results in the compromise of a privileged account.

ID Agent to the Rescue: BullPhish ID enables you to undertake phishing resistance training campaigns quickly and painlessly with “set it and forget it” campaign management and plug-and-play training kits. LEARN MORE>>

United States – Activision Blizzard

https://www.forbes.com/sites/daveywinder/2020/09/21/activision-accounts-hacked-500000-call-of-duty-players-could-be-affected-report/?&web_view=true#6f442a6d7bbe

Exploit: Credential Stuffing

Activision Blizzard: Video Game Developer

Severity Meter

Risk to Business: 1.995 = Severe
Cybersecurity researchers have uncovered the files for more than 500,000 accounts for the company’s Call of Duty franchise with login data compromised. The eSports site Dexerto reported that a data breach occurred on September 20 and that the credentials to access these accounts have been leaked publicly. Activision Blizzard is denying the incident, but many gaming and cybersecurity news outlets have reported evidence of the incident, including directly affected user records.

Severity Meter

Individual Risk: 1.965 = Severe
Call of Duty account holders should monitor their account for unauthorized activity. No information has been reported on whether or not financial information or PII was included in this breach. Players should also be alert to potential spear phishing using this information.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Failing to acknowledge a data breach that’s widely reported and confirmed is not the way to start repairing your company’s reputation or your clients’ trust after an incident.

ID Agent to the Rescue:  Credential stuffing attacks are fueled by Dark Web data. Guard your company against credential stuffing attacks powered the information available in huge Dark Web data dumps by monitoring your company’s credentials for compromise with Dark Web ID. LEARN MORE>>

United States – Newhall School District (Valencia, CA)

https://threatpost.com/california-elementary-kids-online-learning-ransomware/159319/?web_view=true

Exploit: Ransomware

Newhall School District: School System 

Severity Meter

Risk to Business: 2.351 = Severe
A cyberattack against the Newhall School District in Valencia, CA affected all distance learning across 10 schools, shutting down remote learning for 6,000 elementary school students. Newhall’s servers have been shut down and teachers are attempting to keep students learning while the incident is investigated and systems are restored with pencil and paper assignments.

Individual Risk: No information was reported as compromised in this incident.

Customers Impacted: 6,000 students

How it Could Affect Your Customers’ Business: Attacks on education have been skyrocketing, and failure to update security awareness and phishing resistance to keep up opens schools to this massive threat.

ID Agent to the Rescue: Protect your clients from ransomware with the 1 -2 punch of updated training with BullPhish ID and automated phishing protection from Graphus, your perfectly integrated anti-phishing guardians. LEARN MORE>>

USA – University Hospital New Jersey

https://www.bleepingcomputer.com/news/security/university-hospital-new-jersey-hit-by-suncrypt-ransomware-data-leaked/?&web_view=true

Exploit: Ransomware

University Hospital New Jersey: Healthcare Provider 

Severity Meter

Risk to Business: 2.391 = Severe
The SunCrypt ransomware operation has leaked data allegedly stolen from University Hospital New Jersey (UHNJ) in a ransomware attack. The attackers have leaked 1.6 GB of the 240 GB of data containing over 48,000 documents. The documents contain patient information release authorization forms, copies of driving licenses, Social Security Numbers (SSNs), date of birth (DOB), and records about the Board of Directors.

Severity Meter

Individual Risk: 2.027 = Severe
People who have received medical treatment at the hospital may have had their PII compromised, and should be alert for spear phishing attempts, identity theft, or blackmail attempts tied to this information.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware is often the unwelcome gift that comes with a phishing email. By failing to train staffers to resist phishing attacks, companies leave themselves open for ransomware infections.

ID Agent to the Rescue: Automate your company’s defense against phishing with Graphus and put three layers of protection between a phishing email and your data fast. SEE HOW IT WORKS>>

The Week in Breach – Canada

Canada – College of Nurses Ontario

https://www.cp24.com/mobile/news/ontario-nurses-college-hit-by-ransomware-attack-personal-data-at-risk-1.5111009

Exploit: Ransomware

College of Nurses Ontario: Professional Organization 

Severity Meter

Risk to Business: 2.107 = Severe
The College of Nurses of Ontario (CNO), which oversees about 188,000 members, discovered that it had been impacted by ransomware on Sept. 8. CNO is still trying to figure out if the personal information of its 300 employees and 195,500 members has been compromised as has been reported by cybersecurity researchers who spotted information on the Dark Web. Many services, including “Find a Nurse”, are shut down as the investigation and recovery progresses.

Severity Meter

Individual Risk: 2.397 = Severe
The organization has not officially informed members of a PII or financial data breach but based on researcher reports, PII was affected. Members should be wary of phishing attempts using this information.

Customers Impacted: 195,000 nurses and 300 staffers

How it Could Affect Your Customers’ Business: Information gets to the Dark Web quickly these days, making obfuscating an incident a challenge. Rebuilding customer trust starts with admitting that there’s a problem instead of covering up an incident, especially one that’s been widely reported.

ID Agent to the Rescue: Information like this lives forever on the Dark Web. Dark Web ID provides 24/7/365 protection against compromised user credentials alerting you if they appear in Dark Web markets. SEE DARK WEB ID IN ACTION>>

The Week in Breach – United Kingdom & European Union

Wales – Public Health Wales

https://ciso.economictimes.indiatimes.com/news/wales-says-personal-data-of-18000-covid-patients-accidentally-published/78117931

Exploit: Accidental Data Exposure  

Public Health Wales: Government Agency 

Severity Meter

Risk to Business: 2.112 = Severe
Personal data concerning 18,105 residents of Wales who tested positive for COVID-19 was uploaded by mistake to a public server and spent 20 hours online in August, Public Health Wales said on Monday. The agency says that for the majority of cases, 16,179 people, the information consisted of initials, dates of birth, geographical area, and sex. For 1,926 people living in nursing homes and supported housing, the information also included the names of the homes.

Severity Meter

Individual Risk: 2.771 = Moderate
While no financial information was exposed, the data that was exposed could open victims up to spear phishing or blackmail attempts.

Customers Impacted: 18,105

How it Could Affect Your Customers’ Business: The number one cause of a data breach is human error. Increasing security awareness training can decrease the number of staff errors that become cybersecurity disasters.

ID Agent to the Rescue: Security awareness training can reduce cybersecurity risks by up to 70%. See how training with solutions like BullPhish ID reduces your risk as a key component of our digital risk protection platform SEE OUR SOLUTIONS IN ACTION>>

Germany – University Hospital Dusseldorf

https://www.nytimes.com/2020/09/18/world/europe/cyber-attack-germany-ransomeware-death.html

Exploit: Ransomware

University Hospital Dusseldorf: Healthcare Provider 

Severity Meter

Risk to Business: 1.5 = Extreme
In a chilling series of events, ransomware invaded 30 servers at University Hospital Dusseldorf, crashing systems and forcing the hospital to turn away emergency patients. As a result, a woman who needed immediate emergency care was sent to a hospital 20 miles away in Wuppertal and died from treatment delays. This is the first reported death that directly resulted from a cyberattack

Individual Risk: No individual information was been reported as compromised in this incident.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware can shut an organization down entirely, especially an organization that’s dependent on cloud applications or technology-driven equipment like a hospital, with sometimes disastrous results.

ID Agent to the Rescue: Protect your systems from ransomware with Graphus, the automated phishing guardian that’s on duty 24/7/365. Graphus starts protecting you from email threats on day 1, with no IT professional setup needed. LEARN MORE>>

Germany – Windeln.de 

https://www.hackread.com/shopping-site-leaks-miners-data-database-mess-up/?web_view=true

Exploit: Unsecured Database

Windeln.de: Retailer 

Severity Meter

Risk to Business: 2.327 = Severe
A misconfigured database is to blame in an incident at the German retail giant Windeln.de. Failure to even lock the company’s production server database exposed 6.4 terabytes of data containing 6 billion records and leaking the personal information of over 700,000 customers. The company compounded the mistake by leaving the database open for more than a month, even after being informed about the mistake. It wasn’t rectified until Germany’s CERT became involved.

Severity Meter

Individual Risk: 2.701 = Severe
In formation exposed in this incident includes purchase invoices, full names, IP addresses, internal logs, phone numbers, email addresses, home addresses, hashed passwords, payment methods without payment data, and family data including children’s names, dates of birth, and gender.

Customers Impacted: 700,000

How it Could Affect Your Customers’ Business: Failing to secure a database with so much as a password is a rookie mistake that shows a culture of neglect toward cybersecurity best practices, and it will make customers less likely to do business with them.

ID Agent to the Rescue: Don’t just rely on a password to secure access to your business’ most sensitive information like customer records. Passly provides strong security that deploys in days, not weeks to secure your points of entry at a price that you’ll love. LEARN MORE>>

The Week in Breach – Australia & New Zealand

Australia – Anglicare Sydney

https://www.abc.net.au/news/2020-09-19/anglicare-sydney-victim-of-cyber-security-breach-involving-data/12681510

Exploit: Ransomware

Anglicare Sydney: Family Services and Mental Healthcare Organization

Severity Meter

Risk to Business: 2.077 = Severe
Anglicare Sydney has revealed that 17 gigabytes of data were transmitted to a remote location on August 31 as part of an ongoing ransomware incident. The company maintains that it will not pay any ransom and that the main system relating to Anglicare Sydney’s Out of Home Care program, which includes the foster care program, was not impacted. The company has not released details on what information was stolen.

Individual Risk: No personal or financial data has been reported as compromised in this breach so far, but it remains under investigation.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Failing to keep information secure as a service provider in such a sensitive industry can impact a company’s reputation as a reliable partner, and have a negative effect on future contract bids.

ID Agent to the Rescue: This kind of information is highly prized in the Dark Web data markets – data from any health and human services source is a hot commodity. Dark Web ID helps keep your organization safe from Dark Web data like compromised credentials. SEE A DEMO>>

Australia – University of Tasmania

https://7news.com.au/news/education/university-of-tasmania-students-personal-information-exposed-in-email-bungle-c-1331622?&web_view=true

Exploit: Accidental Data Exposure 

University of Tasmania: Institution of Higher Learning  

Severity Meter

Risk to Business: 2.217 = Severe
That classic human error is to blame for the accidental exposure of students’ personal data to faculty members at the University of Tasmania. In a security bungle, the personal information of 19,900 students was made public through a misconfigured Microsoft Office365 SharePoint site that was accessible to anyone with a utas.edu.au email address.

Severity Meter

Individual Risk: 2.419 = Severe
The University has established a dedicated support line – 1800 019 897 – to assist students with any questions or concerns about their personal information, and experts in national identity and cyber support services IDCARE have also been engaged to provide independent advice and support to students, including dedicated case managers who work with individuals to develop tailored response plans.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware can devastate your business while creating a storm of negative publicity, expensive recovery costs, and operational difficulties that’s hard to sail through.

ID Agent to the Rescue: Stop ransomware cold by adding automatic phishing defense with Graphus. Plus, when you choose to add Threat Intelligence to your Graphus Insights Dashboard, you’ll get detailed information on the threats that your company has faced recently. SEE A DEMO>>

The Week in Breach – India

India – National Informatics Centre 

https://www.thenewsminute.com/article/almost-100-union-government-computers-suffered-big-security-breach-report-133367

Exploit: Malware

National Informatics Centre: Government Department 

Severity Meter

Risk to Business: 2.217 = Severe
100 computers at India’s National Informatics Centre (NIC) were infected with damaging malware, locking up many operations at the agency that is responsible for securing critical cyber infrastructure in the country. The investigation led to an infected email received and opened by a NIC staffer from a third party service provider.

Individual Risk: No individual information is reported as impacted in this incident.

Customers Affected: Unknown

How it Could Affect Your Customers’ Business: Employees falling for a phishing email can cause any company a world of trouble. Just one fatal click is enough to wreak havoc.

ID Agent to the Rescue: Stop phishing email from reaching employee inboxes to prevent that fatal click with automated phishing protection from Graphus. SEE A DEMO>>

The Week in Breach Risk Levels

1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

The Week in Breach: Added Intelligence

Go Inside the Ink to Get the Inside Scoop

Every weekday, our blog features timely cybersecurity and breach news, problem-solving advice, and expert analysis of today’s threats, plus insight that helps you plan for tomorrow. Don’t miss it!

Catch Up on What You Need to Know Right Now to Protect Your Business.

The Week in Breach: New Resources

Learn How to Fight Back Against Ransomware Before you Get Schooled

Ransomware is the playground bully of cyberattacks. It’s nasty, brutish, and you know it’s just around the corner – but you hope it never finds you. That’s why it’s time for you to go back to school for a crash course in all things ransomware.

Our new book Ransomware 101 spells out everything you need to know about ransomware in the post-pandemic threat landscape, and what you can do to protect your business and your clients.

You”ll learn:

  • Get the facts about ransomware in 2020 with hard data that details the explosion of ransomware threats
  • Explore the lifecycle of ransomware
  • Learn to clearly and concisely explain ransomware to non-IT decision-makers to justify cybersecurity spending
  • See how simple solutions can make a big difference when it comes to protecting your clients from ransomware

The Week in Breach: Featured Threat

The BlackBaud Breach is a Nightmare That Won’t Stop

The BlackBaud Breach Just Keeps Getting Worse, Illustrating the Dangers of Third Party Threats

The fallout from the huge breach at fundraising and non-profit services provider BlackBaud is continuing to land, impacting colleges, foundations, trusts, and other organizations throughout the US, Canada, and the UK.

The breach exposed the donor and fundraising program details of non-profits of every size, but it’s spawned an unexpected new wrinkle – the exposure of data that it had collected and maintained for hospitals around the US, a circumstance that could have major repercussions.

Shockwaves stated traveling through the medical community as the first reports of patient information compromised as a result of the BlackBaud breach began to come to light. It’s estimated that more than 1 million records were exposed. Here’s a list of just a few of the impacted institutions:

  • Children’s Hospital of Minnesota (Minneapolis, MN)
  • Trinity Health of New England (Boston, MA)
  • Virginia Commonwealth University Hospital ( Richmond, VA)
  • Our Lady of the Lake Regional Medical Center (Baton Rouge, LA)
  • The Christ Hospital Health Network in Cincinnati.
  • UMass Memorial Medical Center (Worcester, MA).
  • Vidant Health in (Greenville, NC)
  • Texas Children’s Hospital (Houston, TX)
  • ChristianaCare in (Newark, DE)
  • Trinity Health in Livonia, MI)
  • Montefiore Medical Center (New York, NY)
  • Catholic Medical Center (Manchester, NH)
  • Memorial Sloan Kettering Cancer Center (New York, NY)
  • Atrium Health (Charlotte, NC)
  • Catholic Health (Buffalo, NY)
  • MultiCare Health System (Tacoma, WA)
  • Northern Light Health Foundation (Brewer, ME)
  • NorthShore University Health System (Evanston, IL)
  • Northwestern Memorial HealthCare (Chicago)
  • Saint Luke’s Health System (Kansas City, MO)
  • Spectrum Health (Grand Rapids, MI)
  • UF Health (Gainesville, FL)
  • UK HealthCare (Lexington, KY)
  • UT Health San Antonio(San Antonio, TX
  • Inova Health System (Falls Church, VA)

Protecting your company from danger created by a third party vendor is crucial to building a strong cybersecurity strategy. No business is an island – we all do business with partners, vendors, service providers, and other entities. and those folks will do business with other entities.

While we can strive to choose the best partners by carefully reviewing the security postures of other companies, variables like insider threats, and cybercrime as a service ensure that no company is guaranteed “safe”. Adding protections on your end to mitigate potential compromise is the only way to protect your business from third party risk danger.

Use Dark Web ID

Credential security is important for any business. With so many passwords for people to keep track of these days, password sharing and reuse is endemic. Use Dark Web ID to monitor an organization’s passwords for compromise, giving you the chance to close a security vulnerability before bad guys find it.

Adopt Passly Now

Take the sting out of a stolen, cracked, or compromised password with multifactor authentication provided by Passly. It also adds protection against credential stuffing attacks fueled by the huge quantities of Dark Web information that get added every day from epic breaches like this one.

By adding a few simple protections, companies can reduce their risk of damage from a third party data breach, because in today’s increasingly dangerous world, you can never be sure who is on the ball with security and who has already dropped the ball.

The Week in Breach: A note for your customers:

Rising Breach Costs Call for Increased Email Security 

As data breach risks continue to climb, the cost of a data breach is rising too – especially breaches caused by employee email account compromise. Taking a few simple steps can help fend off expensive email threats.

A new report from IBM analyzing the cost of a data breach concluded that the most expensive data breaches that they’d studied in the last 12 months were all a result of a compromised employee email account and that in 80% of those breaches, customer Personally Identifiable Information was leaked.

The same report also concluded that using smart technology including automation could cut not only the cost of a data breach in half but it also dramatically reduced the chance of a company having a data breach while enabling companies to respond to an incident 27% faster.

Automation in cybersecurity isn’t just the wave of the future – it’s the technology that businesses need to start using right now to reduce their risk of a data breach or ransomware attack in an increasingly dangerous world, and it’s very affordable.

That’s why solutions like Graphus, our automated phishing protection solution, have become so sought-after. Automated security means that someone is always on guard against potential threats so you don’t have to be – giving you peace of mind that allows you to concentrate on your business instead of your cybersecurity.

Watch this 10-minute technical demonstration video of our digital risk protection platform including Graphus, Dark Web ID, BullPhish ID, and Passly.

Catch Up With Us at These Virtual Events

  • SEPT 27 – 29: GlueX 2020 REGISTER>>
  • OCT 14: A Cybersecurity Trilogy: PROTECT – The Dark Side Strikes Back Webinar REGISTER>>
  • OCT 20 – 22: Kaseya Connect IT Europe REGISTER>>
  • NOV 10: A Cybersecurity Trilogy: PLAN – The Rise of Technology Webinar REGISTER>>

DTS is very good at cybersecurity solutions for small businesses.

Seriously, we are, and we can prove it. We like being heroes!

We also know how intimidating technology can be, we make a living helping business owners and managers just like you who have questions about all things technology, and that includes cybersecurity.

Most small businesses do not have the technical resources or time to understand all this geek stuff. If this describes you, let us help you.

If you would like more information about cybersecurity as a service give us a call, we’re always happy to chat, and the call is free, every time you call!

Return to the Learning Center

Dedicated to your success,

Wally Moore

Business Development Manager

dts|infotech . . . secure computer networks that work

503.359.1275

www.dtsinfotech.com

GET HELP NOW