The Week in Breach: 12/04/19 - 12/10/19

by Wally Moore

on December 16, 2019

in Data Breach

By Kevin Lancaster on Dec 11, 2019 10:07:24 AM

This week, online stores compromise customer credentials, ransomware cancels a holiday performance, and more than half of organizations acknowledge that they are not ready for a cyberattack.

Dark Web ID Trends

Top Source Hits: ID Theft Forums

Top Compromise Type: Domain

Top Industry: Education & Research

Top Employee Count: 101 - 250 Employees

________________________________________

United States - McLaren Health Plan

https://www.beckershospitalreview.com/cybersecurity/michigan-insurer-alerts-members-of-data-breach.html

Exploit: Phishing scam

McLaren Health Plan: Health maintenance organization

Severity Meter

Risk to Small Business: 1.666 = Severe: A successful phishing attack on one of the company’s third-party vendors compromised patient data at McLaren Health Plan. The hackers used a compromised email account to send spam emails, putting patient data at risk. The exposure will inevitably lead to reputational damage, and the sensitive nature of the information breached will invite scrutiny from healthcare regulators along with the prospect of financial penalties.

Moderate severity meter

Individual Risk: 2.571 = Moderate: The breach exposed patients’ personally identifiable information, including names, dates of birth, identification numbers, health plan information, providers, diagnosis, drug information, and authorization information. Notably, this information has been available since October, so those impacted by the breach should quickly examine their accounts for unusual activity and take precautions to ensure that their personal information remains secure.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Third-party partnerships represent an opportunity to expand your company’s capabilities but can also manifest themselves as cybersecurity risks. Given the increasingly onerous consequences of a data breach, cybersecurity standards should be top consideration when establishing such relationships. Better product or service offerings can be a boon, but not if they come at the expense of data security.

ID Agent to the Rescue: BullPhish ID™ simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime. Click the link to get started: https://www.idagent.com/bullphish-id.

United States - On The Border

https://www.restaurantbusinessonline.com/topics/border-reports-data-breach

Exploit: Malware attack

On The Border: Casual restaurant chain

Severity Meter

Risk to Small Business: 1.888 = Severe: Hackers installed malware on the restaurant’s payment processing platform, which provided access to customers’ payment information from locations across 27 states. The attack occurred between April 10th and August 10th, and it did not include franchised restaurants or catering orders. Unfortunately, the breach wasn’t discovered until November 14th, giving hackers ample time to misuse customers’ personal information and financial data. Moreover, it’s unclear why the company waited several weeks to notify customers of the breach, a misstep that will certainly slow the recovery process.

Moderate severity meter

Individual Risk: 2.571 = Moderate: Customers at certain restaurant locations had their personal and financial information stolen, including their names, credit card numbers, credit card expiration dates, and security codes printed on the back of the cards. This information not only has a ready market on the Dark Web, but it can be used directly by hackers to commit financial crimes. Therefore, those impacted by the breach should immediately notify their financial institutions and enroll in identity and credit monitoring services to ensure that their information isn’t misused now or in the future.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Recovering from a data breach is a challenging process, as companies are tasked with demonstrating their data security improvements while also wooing back customers that inevitably abandon them after a breach. While the best option is to prevent a data security incident from occurring in the first place, companies can expedite the recovery process by supporting their customers at every turn. In this case, understanding what happened to payment data after it was stolen can go a long way toward mitigating the damage and restoring customer confidence.

ID Agent to the Rescue: Dark Web ID™ can find out how payment data is being used on the Dark Web, even in the case of a malware attack. We work with MSPs to strengthen their security suite by offering industry-leading detection. Find out more here: https://www.idagent.com/dark-web.

United States - New Jersey Shakespeare Theatre

https://www.bleepingcomputer.com/news/security/ransomware-writes-drama-at-shakespeare-theatre/

Exploit: Ransomware attack

New Jersey Shakespeare Theatre: Theatre company dedicated to Shakespeare and classical works

Severity Meter

Risk to Small Business: 2.111 = Severe: A ransomware attack has disabled the company’s access to its ticketing system and patron database. The attack arrives as the company is scheduled to begin its holiday production, a significant draw for the theatre. The first showing was cancelled while the company developed an alternative ticketing method. Fortunately, customer data was fully encrypted and not viewable by hackers, but the Shakespeare Theatre also can’t access this information. In response, customers are being asked to bring confirmation emails or ticket stubs to the performance so that the show can go on.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware attacks are uniquely expensive, due to the upfront cost of restoring technical services along with opportunity costs associated with lost capability. The prevalence of this threat is increasing the impetus for companies to ensure that their IT infrastructure doesn’t provide a foothold for criminals to inflict financial and reputational damage on their platform. Often employee accounts serve as the easiest targets for hackers to execute phishing attacks against, making this a good place to start when securing against malware.

ID Agent to the Rescue: With AuthAnvil™, you can protect your employees’ password integrity. We offer integrated multi-factor authentication, single sign-on, and identity management solutions to protect your credentials and your data. Find out more at: https://www.idagent.com/authanvil-multi-authentication.

United Kingdom - Sweaty Betty

https://www.bleepingcomputer.com/news/security/uk-retailer-sweaty-betty-hacked-to-steal-customer-payment-info/

Exploit: Payment skimming malware

Sweaty Betty: Activewear retailer

Severity Meter

Risk to Small Business: 1.555 = Severe: Hackers injected payment skimming malware into the company’s online store, compromising customers’ personal and financial information. The breach impacts customers shopping online between November 19th and November 27th who paid with a credit or debit card. However, shoppers using PayPal and Apple Pay did not have their information stolen. Sweaty Betty has contacted customers impacted by the breach, but they are not publicly acknowledging the compromise on their website.

Severity Meter

Individual Risk: 2.286 = Severe: Online shoppers impacted by the breach had their personal and financial information forwarded to a malicious third-party. This information includes names, passwords, addresses, email addresses, telephone numbers, payment card numbers, CVV numbers, and card expiration dates. Victims should immediately contact their financial institutions to notify them of the breach. Moreover, enrolling in credit and identity monitoring services can detect unusual or malicious activity, helping customers ensure that their information is secure. Finally, customers should change their passwords across other accounts that share similar login details because this information was compromised by hackers and will likely find its way to the Dark Web.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: As witnessed by this year’s holiday shopping frenzy, e-commerce comprises an increasingly larger slice of the retail pie. However, customers have demonstrated an unwillingness to do business with companies that can’t protect their data, and instances like this undermine the financial viability of businesses reliant on online sales to drive revenue. Ensuring that your IT infrastructure is fortified serves as an advantageous and necessary next step for any company hoping to build their business around online shopping.

ID Agent to the Rescue: We go into the Dark Web to keep you out of it. Dark Web ID is the leading Dark Web monitoring platform in the Channel. The award-winning platform combines human and sophisticated Dark Web intelligence with search capabilities to identify, analyze and proactively monitor for an organization’s compromised or stolen employee and customer data. Schedule a demo today: https://www.idagent.com/dark-web/#contact.

United Kingdom - Mixcloud

https://techcrunch.com/2019/11/29/mixcloud-data-breach/

Exploit: Exposed database

Mixcloud: Audio streaming platform

Severity Meter

Risk to Small Business: 1.777 = Severe: The music streaming platform failed to secure a database containing customer data, and that information was quickly shared on the Dark Web. Embarrassingly, the company was notified of the error by the media who were contacted by the hackers who stole the information in early November. Now, Mixcloud has to contend with a deluge of public criticism as well as a cadre of angry customers who are upset that their personal information is available for purchase on the Dark Web.

Moderate severity meter

Individual Risk: 2.714 = Moderate: The stolen data includes usernames, email addresses, and encrypted passwords. In addition, the breach included sign in data, including IP addresses and links to profile photos. This information can be used in identity crimes or to execute other cybercrimes, such as phishing scams. Those impacted by the breach should be especially critical of unusual digital correspondence, while monitoring their accounts for unusual or suspicious activity.

Customers Impacted: 20,000,000

How it Could Affect Your Customers’ Business: The cost of a data breach is enormous, and it’s continually climbing. Given that reality, an unforced error, like an exposed database, is an especially egregious way to diminish your business prospects. Indeed, companies that don’t adequately account for their data security will face harsh technical, consumer, and regulatory costs now and in the years ahead.

ID Agent to the Rescue: Helping your SMB customers understand the importance of security is no easy task. With Goal Assist™, we offer hands-on assistance with your direct sales interactions, setting you up for the win by providing the resources necessary to make a case for Dark Web monitoring. Learn more here: https://www.idagent.com/goal-assist.

United Kingdom - British American Tobacco

https://www.securitymagazine.com/articles/91356-british-american-tobacco-suffers-data-breach-and-ransomware-attack

Exploit: Ransomware attack

British American Tobacco: Tobacco manufacturing company

Severity Meter

Risk to Small Business: 1.888 = Severe: An exposed database was seized by hackers who encrypted 352 GB of company data and demanded a ransom payment to release the information. The specific exposed platform stored data from Romanian residents who supplied their information in an effort to win tickets to parties and events featuring famous local and international performers. British American Tobacco was first notified of the database on November on September 22nd, when cybersecurity researchers attempted to contact the company. Unfortunately, no action was taken, and now both the company and its customers will suffer the consequences.

Moderate severity meter

Individual Risk: 2.857 = Moderate: The exposed database included customers’ personally identifiable information, such as full names, email addresses, phone numbers, dates of birth, gender, source IP, and tobacco product preferences. It’s unclear if the hackers intend to use this information to target consumers, but personal data is often sold on Dark Web, so those impacted by the breach should enroll in identity monitoring services to ensure that their information isn’t misused.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Customers are fed up with companies that can’t protect their personal information, and many are choosing to take their business elsewhere after a data breach occurs. This sentiment is only amplified when SMBs demonstrate indifference or incompetence toward data security. In contrast, companies that actively prioritize data security position themselves to thrive in today’s cybersecurity landscape.

ID Agent to the Rescue: It’s critical that your SMB customers understand the importance of cybersecurity. Goal Assist is an expansion of our White Glove Support that includes hands-on assistance with your direct sales interactions. Let us help to ensure you are getting the most from your Partnership selling Dark Web ID. ID Agent’s Partner Success Team will set you up for the win! Learn more here: https://www.idagent.com/goal-assist.

New Zealand - Council of Licensed Firearm Owners

https://www.tvnz.co.nz/one-news/new-zealand/police-investigating-potential-privacy-breach-firearms-buy-back-database

Exploit: Accidental data exposure

Council of Licensed Firearm Owners: Volunteer shooting-related organization

Severity Meter

Risk to Small Business: 1.666 = Severe: A buyback program for registered gun owners failed to protect its database, exposing participants’ information to the public. The error brought significant ridicule from the program's critics, and it underscores the importance of ensuring that user data is locked down and secure at all times. As a result of this oversight, the organization was forced to take their website offline, which will undermine its goals and could hinder its long-term prospects.

Moderate severity meter

Individual Risk: 2.571 = Moderate: Internet users were able to view and take screenshots of participants’ personal details and financial information. Not only does this potentially produce a security concern because of the controversial nature of the program, but this information can quickly make its way to the Dark Web where it can be repurposed into other, more nefarious, cybercrimes. Those impacted by the breach should notify their financial institution of the event, and they should enroll in identify and credit monitoring services to ensure that their information remains secure.

Customers Impacted: 70,000

How it Could Affect Your Customers’ Business: Today’s organizations face cyber threats on multiple fronts, so an unforced error is uniquely problematic and egregious. With the holistic cost of a data breach continually rising, every organization has millions of reasons to embrace this priority and to get it right. By evaluating your organization’s entire threat landscape, it’s possible to ensure that technological capabilities are an asset rather than a liability.

ID Agent to the Rescue: With BullPhish ID, MSPs can provide a more complete picture of a company’s security posture and potential risk, transforming the weakest links of an organization into their strongest points of protection. Find out how you can get started with us here: https://www.idagent.com/bullphish-id.

Australia - Monash IVF

https://www.smh.com.au/national/fears-over-patient-data-breach-after-cyber-attack-on-monash-ivf-20191203-p53gj0.html

Exploit: Phishing scam

Monash IVF: Cash logistics and private security company

Severity Meter

Risk to Small Business: 1.666 = Severe: A widespread phishing scam at Monash IVF was more effective than originally thought. While the group reported the breach in early November, the original assessment did not account for patient data that was compromised in the breach. The company’s confidential patient databases were unharmed in the attack, but many of the compromised staff emails contained patient data, which could have been accessed by hackers. Monash IVF stores peoples’ highly sensitive personal data, and it’s likely that this updated assessment will bring further customer and regulatory scrutiny to their business, a development that will slow the recovery process and could increase costs.

Severity Meter

Individual Risk: 2.142 = Severe: Monash IVF stressed that many of those impacted by the breach only had their email addresses accessed, but some patients had more sensitive information compromised. This includes names, contact information, partner details, dates of birth, nationality, occupation, financial details, medical insurance details, health information, drivers’ license or passport numbers, and medical history. Victims should be aware that this data is often repurposed to compile authentic-looking phishing scams that, if acted upon by recipients, can further compromise personal data.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: When employees fall for phishing scams, everyone loses. While these malicious messages will inevitably make their way into employees’ inboxes, they don’t have to lead to a breach. Instead, employee awareness training is a proven way to reduce the risk of phishing scams leading to costly data breaches that negatively impact your company's reputation and customers’ well-being.

ID Agent to the Rescue: Designed to protect against human error, BullPhish ID simulates phishing attacks and manages security awareness training campaigns to educate employees, making them the best defense against cybercrime. Learn more here: https://www.idagent.com/bullphish-id.

Risk Levels:

1 - 1.5 = Extreme Risk

1.51 - 2.49 = Severe Risk

2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

DTS is very good at cybersecurity solutions for small businesses. Seriously, we are, and we can prove it. We like being heroes!

We also know how intimidating technology can be, we make a living helping business owners and managers just like you who have questions about all thing’s technology, and that includes cybersecurity.

Most small businesses do not have the technical resources or time to understand all this geek stuff. If this describes you, let us help you.

If you would like more information about cybersecurity as a service give us a call, we’re always happy to chat, and the call is free, every time you call!

Return to the Learning Center

Dedicated to your success,

Wally Moore

Business Development Manager

dts|infotech . . . secure computer networks that work

503.359.1275

https://www.dtsinfotech.com/blog

GET HELP NOW