The Week In Breach 12/11/2019 – 12/17/2019

by Wally Moore

on December 20, 2019

in Data Breach

DTS InfoTech is a hard-working Trusted Advisor for any business that has questions about computers, computer networks, and technology. One way to earn the title of Trusted Advisor is to provide FREE practical education in the technology field for visitors to our website.

Cybersecurity has become a matter of business life and death for computer and technology users of all types. With your security in mind, we are sharing Data Breach Examples in weekly posts entitled “This Week In Breach” from our friends at ID Agent.

ID Agent provides a comprehensive set of threat intelligence and identity monitoring solutions to private and public sector organizations and millions of individuals impacted by cyber incidents.

Read this short article and learn about cybersecurity and Data Breach examples from the experts in the field. The life of your business may depend upon it.

By Kevin Lancaster

Dec 18, 2019 3:55:38 PM

This week, hackers gain front door access to company IT infrastructure, ransomware cripples social services, and lax employee password security continues to present severe financial risk.

Dark Web ID Trends:

Top Source Hits: ID Theft Forums
Top Compromise Type: Domain
Top Industry: Finance & Insurance
Top Employee Count: 101 - 250 Employees

United States - Academy Sports + Outdoors
https://www.chron.com/business/article/Academy-Sports-notifies-online-customers-of-14887751.php

Exploit: Credential stuffing attack
Academy Sports + Outdoors: Sporting goods retailer

Severity Meter

Risk to Small Business: 2 = Severe: Hackers used previously stolen, legitimate login credentials to access customer accounts. The company noticed the breach after unusual activity was detected on certain user logins. In response, Academy Sports + Outdoors is encouraging customers to reset their passwords. Unfortunately, the breach occurred during the busy holiday shopping season, and customers have increasingly shown that they are less willing to engage with platforms that have a track record of cybersecurity lapses. This could harm the company’s sales at a critical time for gaining traction.

Severity Meter

Individual Risk: 2.428 = Severe: Academy Sports + Outdoors noted that customers’ financial data wasn’t compromised in the breach, but account information, including usernames and passwords, was impacted. Every Academy Sports + Outdoors customer should reset their login credentials while carefully scrutinizing their accounts for suspicious or unusual activity.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Customers are fed up with data breaches, and they are taking out their anger on companies that can’t secure their information. Therefore, a data breach is more than just a cyber incident. It’s a collapse in customer service of the highest magnitude, and a priority that retailers looking to succeed in today’s digital environment must immediately address.

ID Agent to the Rescue: Dark Web ID™ monitors the Dark Web to find out if your employee or customer data has been compromised. We work with MSSPs to strengthen their security suite by offering industry-leading detection. Discover more at: https://www.idagent.com/dark-web.

United States - Complete Technology Solutions
https://krebsonsecurity.com/2019/12/ransomware-at-colorado-it-provider-affects-100-dental-offices/

Exploit: Ransomware
Complete Technology Solutions: IT service provider

Severity Meter

Risk to Small Business: 1.888 = Severe: A ransomware attack on Complete Technology Solutions, an IT service provider for dentistry practices, disrupted operations at more than 100 practices. When a company server was compromised, it allowed hackers to infect client computers with ransomware that disabled network security, data backups, and phone services. The attack began on November 25th and has continued to disrupt services more than two weeks later. Complete Technology Solutions declined to pay a $700,000 ransom to release the information, and decryption keys later provided by the hackers only unlocked some of the affected computers. As a result, the recovery process is incredibly complicated, and it will certainly have long-term repercussions for the company.

Individual Risk: No personal data was compromised in the breach.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware attacks always extract an expense from their victims, but the opportunity cost and reputational damage associated with a cybersecurity incident can be the most devastating. In this case, Complete Technology Solutions will almost certainly lose customers because of this incident, and their long-term business prospects are likely to be diminished. It underscores the importance of cybersecurity for any company that wants to remain competitive amidst an ominous threat landscape.

ID Agent to the Rescue: Helping you understand the importance of security is no easy task. We offer hands-on assistance by providing the resources necessary to make a case for Dark Web monitoring. 

United States - Prison Rehabilitative Industries & Diversified Enterprises
https://www.bleepingcomputer.com/news/security/ransomware-hits-florida-pride-on-saturday-systems-still-down/

Exploit: Ransomware
Prison Rehabilitative Industries & Diversified Enterprises (PRIDE): Private, non-profit social services organization

Severity Meter

Risk to Small Business: 2.111 = Severe: PRIDE was struck by a ransomware attack that crippled its website and brought its services offline. The attack, which first occurred on December 7th, continues to disrupt services nearly a week later. As a non-profit organization, PRIDE will have a difficult time procuring the resources to remove the malware, and the service outages are making it difficult or impossible to fulfill their mission and provide critical services to a client base in need.

Individual Risk: No personal data was compromised in the breach.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware attacks can feel ominous and inevitable. However, organizations can protect against these common, increasingly expensive malware attacks by ensuring that their IT infrastructure doesn’t provide a foothold for infiltration. For instance, securing employee accounts, guarding against phishing scams, and updating firewall protections can all ensure that ransomware doesn’t compromise your company’s mission or bottom line.

ID Agent to the Rescue: With AuthAnvil™, you can protect your employees’ password integrity. We offer integrated multi-factor authentication, single sign-on, and identity management solutions to protect your credentials and your data. Find out more at: https://www.idagent.com/authanvil-multi-authentication.

Canada - Alectra Utilities
https://www.cbc.ca/news/canada/hamilton/alectra-breach-1.5393106

Exploit: Unauthorized data access
Alectra Utilities: Electricity and utility distributor

Severity Meter

Risk to Small Business: 1.666 = Severe: A data breach at Alectra Utilities compromised customers’ personally identifiable information. The data, which does not include financial information, was gleaned from customers’ water bills that were viewed by hackers. While the company notes that there is no evidence of data misuse, some of its third-party vendors may have had access to customer data without appropriate credentials, making this a near miss for what could have been a widespread data breach.

Severity Meter

Individual Risk: 2.142 = Severe: Customers’ personal information, including names, addresses, water bill details were compromised in the breach. Alectra Utilities hasn’t identified instances of misuse, but it is encouraging all customers to scrutinize their accounts for unusual activity and ensure that their passwords are not being reused across other platforms.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Today’s businesses can’t afford to leave cybersecurity up to chance. The exposure at Alectra Utilities compromised sensitive data, and their lax cybersecurity standards could have made this incident much worse. Rather than waiting for a doomsday scenario to unfold, assess your cybersecurity vulnerabilities and take precautions to avoid a costly data loss event.

ID Agent to the Rescue: We go into the Dark Web to keep you out of it. Dark Web ID is the leading Dark Web monitoring solution. The award-winning platform combines human and sophisticated Dark Web intelligence with search capabilities to identify, analyze and proactively monitor for an organization’s compromised or stolen employee and customer data. Schedule a demo today: https://www.idagent.com/dark-web/#contact.

Canada - City of Woodstock
https://www.cbc.ca/news/canada/london/cyber-attack-woodstock-cost-1.5391680

Exploit: Ransomware
City of Woodstock: Local government organization

Severity Meter

Risk to Small Business: 2.111 = Severe: A ransomware attack on the City of Woodstock has cost the municipality more than $667,000. Although the government declined to pay the ransom, they spent over $560,000 on cybersecurity assistance, $55,000 on overtime compensation for IT staff, and $31,000 on IT infrastructure upgrades. It took the city more than two months to fully recover from the ransomware attack, an extreme duration that underscores the long-term opportunity costs that often accompany a ransomware attack.

Individual Risk: No personal data was compromised in the breach.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: This incident illustrates the fact that there are no affordable or advantageous response plans once a ransomware attack occurs. Instead, every organization needs to regularly review its cybersecurity standards to prevent ransomware from finding its way on networks. This form of malware always requires an access point and phishing scams are a prominent delivery vector, giving companies a tangible place to start for defending against ransomware attacks.

ID Agent to the Rescue: With BullPhish ID™, MSPs can provide a more complete picture of a company’s security posture and potential risk, transforming the weakest links of an organization into their strongest points of protection. Find out how you can get started with us here: https://www.idagent.com/bullphish-id.

United Kingdom - Cheshire West
https://www.cheshire-live.co.uk/news/chester-cheshire-news/confidential-details-published-error-cheshire-17403564

Exploit: Accidental data exposure
Cheshire West: Local government organization

Severity Meter

Risk to Small Business: 2.333 = Severe: Cheshire West inadvertently published the personal information of 50 foster caregivers on its website. The error was related to a government best practice standard requiring publication of all transactions over £500. Unfortunately, this oversight undermines a valuable social program, effectively punishing people who are doing important, selfless work.

Severity Meter

Individual Risk: 2.428 = Severe: The published information included foster caregivers’ surnames and was made available online. In addition, information related to amounts paid for accommodation, mileage, and other expenses was shared. This data could be used by bad actors who are developing authentic-looking phishing campaigns or other scams, so those impacted by the breach should remain vigilant when assessing digital communications.

Customers Impacted: 50
How it Could Affect Your Customers’ Business: While the error was quickly identified and corrected, the event illustrates a harsh reality: companies need to regularly revisit their data management standards and have provisions in place to protect sensitive information. These assessments should certainly include an overview of data management expectations, but they can extend to broader practices such as multi-factor authentication and Dark Web monitoring.

ID Agent to the Rescue: With AuthAnvil, you can protect your employees’ password integrity. We offer integrated multi-factor authentication, single sign-on, and identity management solutions to protect your credentials and your data. Find out more at: https://www.idagent.com/authanvil-multi-factor-authentication.

United Kingdom - Landauer
https://arstechnica.com/tech-policy/2017/03/hackers-steal-nhs-staff-data-landauer-server-breached/

Exploit: Unauthorized database access
Landauer: Radiation monitoring technology provider

Severity Meter

Risk to Small Business: 1.888 = Severe: Late last year, Landauer’s UK-based servers were breached by hackers, exposing the personally identifiable information of employees from several of the company’s clients. Notably, the breach impacted hundreds of employees at the National Health Service who use the company’s radiation monitoring technology at many of their healthcare facilities. The delayed reporting time is especially alarming given that the company waited almost a near before publicly reporting the breach. Not only will industry regulators likely take issue with this timeline, customers are already expressing their displeasure to news outlets, construing the breach as “deeply disappointing.” Surely, the company has a long road to reputational recovery ahead.

Severity Meter

Individual Risk: 2.285 = Severe: Fortunately, the data breach did not include patient data, but it did compromise employee information, including their names, dates of birth, National Insurance Numbers, and radiation dose records. Since this information can be used in spear phishing or other cyber attacks, those impacted by the breach should be especially critical of communications across all their digital channels.

Customers Impacted: 530
How it Could Affect Your Customers’ Business: With customers and companies increasingly demonstrating an unwillingness to work with businesses that can’t protect data, a robust response plan is a must-have element to any cybersecurity strategy. A quick response and clear communication can go a long way toward rebuilding trust and beginning the often tedious journey toward full restoration. In contrast, lengthy response times and opaque messaging are a turnoff to consumers, and they compound the damage of any data breach.

ID Agent to the Rescue: Helping you understand the importance of security is no easy task. We offer hands-on assistance by providing the resources necessary to make a case for Dark Web monitoring. 

Australia - Woolworths
https://www.dailymail.co.uk/news/article-7778897/Woolworths-Rewards-customers-lose-points-phishing-scam.html

Exploit: Phishing scam
Woolworths: Supermarket chain

Severity Meter

Risk to Small Business: 2.111 = Severe: A Woolworths’ employee fell for a phishing scam that ultimately compromised customer login credentials to the company’s customer rewards system. Hackers repurposed this information to access user accounts using valid credentials and then siphoned off rewards money. Now, just weeks before Christmas, Woolworths is scrambling to identify compromised accounts and to rectify the situation with their customers, many of whom are taking to social media to complain about the missing funds. A data breach during the holidays can amplify customer blowback, which can have long-term reputational damage that negatively impacts the bottom line for years to come.

Severity Meter

Individual Risk: 2.285 = Severe: Woolworths emphasized that this data breach is not a widespread episode, but an undisclosed number of accounts were compromised. While it appears that hackers used this access to steal rewards money, user credentials could also be compromised. Anyone identifying suspicious account activity should immediately report it to the company. In addition, they should be aware that personal details are often redeployed in other cybercrimes, like phishing attacks, that can compromise additional data. Therefore, continued vigilance is advised.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Phishing scams are arriving in employees’ inboxes with regularity, and when acted upon, have the potential to wreak havoc on your company’s data. Not only does failure in this regard come with an immense cost, but the less quantifiable reputational damages and brand erosion invite an inevitable drag on future growth. In that sense, employee awareness training, which can equip employees to detect and report these scams, is a relative bargain compared to the total cost of a data breach.

ID Agent to the Rescue: BullPhish ID simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime. Click the link to get started: https://www.idagent.com/bullphish-id.

Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

DTS can help.

DTS is very good at cybersecurity solutions for small businesses. Seriously, we are, and we can prove it. We like being heroes!

We also know how intimidating technology can be, we make a living helping business owners and managers just like you who have questions about all things technology, and that includes cybersecurity and data breach.

Most small businesses do not have the technical resources or time to understand all this geek stuff. If this describes you, let us help you.

If you would like more information about cybersecurity as a service give us a call, we’re always happy to chat, and the call is FREE, every time you call!

Return to the Learning Center

Dedicated to your success,

Wally Moore

Business Development Manager

dts|infotech . . . secure computer networks that work

503.359.1275

www.dtsinfotech.com

GET HELP NOW