The Week in Breach: 12/18/19 - 12/24/19

by Wally Moore

on January 2, 2020

in Data Breach

The Week In Breach

DTS InfoTech is a hard-working Trusted Advisor for any business that has questions about computers, computer networks, and technology. One way to earn the title of Trusted Advisor is to provide FREE practical education in the technology field for visitors to our website.

Cybersecurity has become a matter of business life and death for computer and technology users of all types. With your security in mind, we are sharing Data Breach Examples in weekly posts entitled “This Week In Breach” from our friends at ID Agent.

ID Agent provides a comprehensive set of threat intelligence and identity monitoring solutions to private and public sector organizations and millions of individuals impacted by cyber incidents.

Read this short article and learn about cybersecurity and Data Breach examples from the experts in the field. The life of your business may depend upon it.

By Kevin Lancaster on Dec 26, 2019 4:39:01 PM

This week, online stores can’t protect their customers, ransom causes chaos at school, and CCPA prepares to go into effect.

Dark Web ID Trends:

Top Source Hits: ID Theft Forums
Top Compromise Type: Domain
Top Industry: Education & Research
Top Employee Count: 501+ Employees

United States - Rooster Teeth Productions
https://www.bleepingcomputer.com/news/security/attackers-steal-credit-cards-in-rooster-teeth-data-breach/

Exploit: Malware attack
Rooster Teeth Productions: Entertainment production company

The Week In Breach Risk to Small Business: 2 = Severe: Hackers injected malware into the company’s online store that siphoned off customers’ payment details at checkout. The breach was first detected on December 2nd, and the company claims that the malware was removed on the same day. However, it’s unclear why they waited several weeks before notifying customers of the breach. Rooster Teeth Productions has sent breach notification letters to those impacted by the incident, but the episode will certainly have a negative impact on the brand’s reputation at a critical time of year for sales.

The Week In Breach Individual Risk: 2.285 = Severe: Those impacted by the breach had their names, email addresses, telephone numbers, physical addresses, and payment card information stolen in the breach. As a result, they should immediately contact their financial institutions to report the breach. Rooster Teeth Productions is offering a free year of identify monitoring services and enrolling in this service can offer long-term oversight of personal data.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: The timing of this data breach couldn’t be worse. Customers continually demonstrate that they aren’t willing to make purchases from platforms that can’t secure data, so Rooster Teeth Productions will almost certainly lose business during the busy holiday shopping season. Any company relying on e-commerce sales needs to understand cybersecurity risks and take necessary steps to ensure their revenue centers do not become liabilities.

ID Agent to the Rescue: We go into the Dark Web to keep you out of it. Dark Web ID™ is the leading Dark Web monitoring platform in the Channel. The award-winning platform combines human and sophisticated Dark Web intelligence with search capabilities to identify, analyze and proactively monitor for an organization’s compromised or stolen employee and customer data. Schedule a demo today: https://www.idagent.com/dark-web/#contact.

United States - Conway Medical Center
https://www.beckershospitalreview.com/cybersecurity/south-carolina-hospital-alerts-2-550-patients-of-data-breach.html

Exploit: Phishing attack
Conway Medical Center: Healthcare provider

The Week In Breach Risk to Small Business: 1.555 = Severe: Several employees fell for a phishing scam that provided hackers access to patients’ personal data. Although the healthcare provider quickly identified the intrusion and cut off access to those accounts, they can’t recover information already accessed by cyber criminals. As a result, Conway Medical Center will face regulatory scrutiny, which often results in fines and other penalties that can damage their reputation and profitability.

The Week In Breach Individual Risk: 2 = Severe: Hackers had access to patients’ personally identifiable information, including their names, dates of birth, Social Security numbers, phone numbers, dates of admission, account numbers, and account balances. Conway Medical Center is providing free identify and credit monitoring services to those impacted by the breach, and those affected should enroll in these services. In addition, they should be vigilant about monitoring their accounts for unusual or suspicious activity.

Customers Impacted: 2,250
How it Could Affect Your Customers’ Business: This major cybersecurity incident was entirely avoidable, since phishing scams are only effective if employees engage with malicious emails. Unfortunately, Conway Medical Center will now bear the cost of credit and identity monitoring services for thousands of patients, as well as the fines and penalties that often accompany a breach. In contrast, comprehensive employee awareness training is a bargain, protecting your company against the phishing attacks that will inevitably make their way to employee inboxes.

ID Agent to the Rescue: BullPhish ID™ simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime. Click the link to get started: https://www.idagent.com/bullphish-id.

United States - Central Square Technologies
https://www.cbs46.com/news/security-breach-threatens-credit-card-info-of-marietta-utility-customers/article_b70e1b7e-21f2-11ea-8797-834dde57a97e.html

Exploit: Malware attack
Central Square Technologies: Technology services provider for public sector agencies

The Week In Breach Risk to Small Business: 1.888 = Severe: Hackers compromised the Click2Gov payment system that allowed customers to pay their utility bills online, allowing them to siphon off payment details from customers. Specifically, the breach impacts the City of Marietta, as customers who entered payment information on the website between August 26th and October 26th may have had their credit card information stolen. However, the breach does not impact those paying in person, over the phone, or who are enrolled in the auto-pay system. Unfortunately, the company didn’t identify the breach until early December, which will complicate their recovery efforts and place customers at greater risk for data misuse.

The Week In Breach Individual Risk: 2.428 = Severe: The data breach compromised customers’ personal and payment details. Those impacted by the breach should contact their financial institutions to notify them of the breach, and they should carefully monitor their accounts for unusual activity both now and during the period when accounts were compromised.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Third-party partnerships are important business initiatives in today’s digital environment, but when they result in a cybersecurity incident, the repercussions often far outweigh the opportunities. Moreover, vendors with a track record for lax cybersecurity standards will likely find it difficult to find customers willing to work with them, making data security a critical component of any successful business model.

ID Agent to the Rescue: We go into the Dark Web to keep you out of it. Dark Web ID™ is the leading Dark Web monitoring platform available. The award-winning platform combines human and sophisticated Dark Web intelligence with search capabilities to identify, analyze and proactively monitor for an organization’s compromised or stolen employee and customer data. Schedule a demo today: https://www.idagent.com/dark-web/#contact.

United States - Nexus Mods
https://www.bleepingcomputer.com/news/security/nexus-mods-game-modding-site-discloses-data-breach/

Exploit: Unauthorized database access
Nexus Mods: Game modification website

The Week In Breach Risk to Small Business: 2.111 = Severe: Hackers exploited a legacy code-base on the platform to access user credentials. Although the company discovered the breach in November, they just revealed it this week, a move that will likely increase the customer blow-back from the incident. While Nexus Mods moved up the development of new software and worked to mitigate the risks posed by their outdated code base, the incident reflects a lack of attention to detail and breach response plan.

The Week In Breach Individual Risk: 2.428 = Severe: A subset of users had their account information accessed, including names, email addresses, usernames, and passwords. The platform recommends that victims carefully scrutinize digital communications, as this data is often used to create authentic-looking phishing scams that can further compromise customers’ information.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Exposed user account details can be a serious vulnerability to your customer and company data. Even if your platform isn’t breached, many customers reuse their credentials, allowing hackers to easily deploy phishing scams and gain front-door access to user accounts. However, when equipped with security features like two-factor authentication, customer accounts remain secure even when credentials fall into the wrong hands.

ID Agent to the Rescue: We offer integrated multi-factor authentication, single sign-on, and identity management solutions to protect your credentials and your data. Find out more at: https://www.idagent.com/authanvil-multi-factor-authentication.

Canada - Life Labs
https://www.zdnet.com/article/lifelabs-pays-hackers-to-recover-data-of-15-million-customers/

Exploit: Ransomware
Life Labs: Laboratory diagnostics and testing service

The Week In Breach Risk to Small Business: 2.222 = Severe: Hackers accessed Life Labs’ IT, stealing copious amounts of customer information and demanding a ransom for the data’s return. In a notice to customers, Life Labs notes that it identified the breach in October, but waited until December to notify customers, a concerning time frame that will make it more difficult for victims to protect their credentials against misuse. According to the company, they paid the ransom and their data was returned. Now they are declaring the incident a “low risk” to customers”, but given their poor communication so far, this is unlikely to assuage anyone’s concerns anytime soon.

The Week In Breach Individual Risk: 2.285 = Severe: Hackers stole customers’ personally identifiable information, including their names, home addresses, email addresses, usernames, passwords, and health card numbers. Those impacted by the breach should monitor their accounts for unusual or suspicious activity, while being mindful that this information is often reused to commit other cybercrimes, including phishing attacks, that attempt to extract even more sensitive personal information.

Customers Impacted: 15,000,000
How it Could Affect Your Customers’ Business: Life Labs had a number of missteps in their handling of this data breach. However, the company did deploy Dark Web monitoring to ensure that their customers’ information wasn’t for sale to the highest bidder. These services can provide peace-of-mind to customers while also helping companies mitigate the often cascading consequences of a data breach.

ID Agent to the Rescue: Dark Web ID monitors the Dark Web to find out if your employee or customer data has been compromised. We work for you to strengthen your security suite by offering industry-leading detection. Discover more at: https://www.idagent.com/dark-web.

Canada - Andrew Agencies
https://www.bleepingcomputer.com/news/security/canadian-insurance-firm-hit-by-maze-ransomware-denies-data-theft/

Exploit: Ransomware
Andrew Agencies: Insurance and financial services provider

The Week In Breach Risk to Small Business: 2.222 = Severe: A ransomware attack has encrypted hundreds of the agency’s computers, rendering them unusable and leaving the company searching for a solution. The company first discovered the attack back in October but has declined to pay the ransom. However, the hackers are continuing to set new payment deadlines with promises to publish the company’s data if they don't comply. The group claims to have 1.5GB of customer data, but that claim has gone unverified by hackers and the media.

Individual Risk: At this time, no personal information was compromised in the breach.

Customers Impacted: 876
How it Could Affect Your Customers’ Business: While ransomware attacks are incredibly expensive, they often don’t result in a data breach, as hackers merely encrypt a company’s IT while trying to extract a payment. However, this event illustrates the potential for ransomware attacks to become data breaches, a progression that will become more costly and concerning as it inevitably becomes more widespread.

ID Agent to the Rescue: We go into the Dark Web to keep you out of it. Dark Web ID™ is the leading Dark Web monitoring platform available. The award-winning platform combines human and sophisticated Dark Web intelligence with search capabilities to identify, analyze and proactively monitor for an organization’s compromised or stolen employee and customer data. Schedule a demo today: https://www.idagent.com/dark-web/#contact.

United Kingdom - Missoma
https://www.jewelleryfocus.co.uk/27034-missoma-victim-of-data-breach

Exploit: Malware attack
Missoma: Jewelry retailer

The Week In Breach Risk to Small Business: 1.888 = Severe: An attack on the company’s online store has compromised customers’ payment details. The heist, which was quickly resolved by the jeweler, allowed hackers to make off with customer data. The breach is likely to negatively impact the company's online sales during the holiday shopping season. Moreover, the company may face regulatory fines or penalties under Europe’s privacy regulation, GDPR.

The Week In Breach Individual Risk: 2 = Severe: Customers impacted by the breach had personally identifiable information and financial data compromised. This includes names, addresses, payment card numbers, and CVVs. Those impacted by the breach should immediately notify their financial institutions of the incident, and they should take every necessary step to ensure that this information isn’t misused now or in the future.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Any company expecting to thrive in today’s digital-first shopping experience has to have their cybersecurity standards locked down. Today’s customers will not put up with retailers that can’t protect their personal or payment data, which could have serious implications for the company’s viability.

ID Agent to the Rescue: With BullPhish ID, we can provide a more complete picture of a company’s security posture and potential risk, transforming the weakest links of an organization into their strongest points of protection. Find out how you can get started with us here: https://www.idagent.com/bullphish-id.

Germany - Justus Liebig University
https://www.zdnet.com/article/more-than-38000-people-will-stand-in-line-this-week-to-get-a-new-password/

Exploit: Ransomware
Justus Liebig University: Public university

The Week In Breach Risk to Small Business: 1.777 = Severe: A ransomware attack on the university has crippled their digital operations and instigated several time-intensive recovery procedures. Notably, 38,000 students were asked to stand in line with their ID cards and a piece of paper to receive new email account passwords. At the same time, university staff was individually scanning every computer for malware, using more than 1,200 USB flash drives equipped with scanners to complete the job. The bizarre image of thousands of students standing in line for passwords created a buzz on social media, which placed a spotlight on the university’s cybersecurity incident.

Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: This ransomware attack is complete with absurd images and time-consuming recovery initiatives. However, such peculiarities underscore the opportunity cost that always accompanies a ransomware attack. These attacks extract concessions from their victims on many fronts, and they are a scourge on a brand’s bottom line and reputation. Often, ransomware attacks are instigated through open vectors like compromised employee accounts, and companies can readily address these avenues by putting proper account security protocols in place.

ID Agent to the Rescue: With AuthAnvil, you can protect your employees’ password integrity. We offer integrated multi-factor authentication, single sign-on, and identity management solutions to protect your credentials and your data. Find out more at: https://www.idagent.com/authanvil-multi-factor-authentication.

Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

DTS is very good at cybersecurity solutions for small businesses. Seriously, we are, and we can prove it. We like being heroes!

We also know how intimidating technology can be, we make a living helping business owners and managers just like you who have questions about all things technology, and that includes cybersecurity.

Most small businesses do not have the technical resources or time to understand all this geek stuff. If this describes you, let us help you.

If you would like more information about cybersecurity as a service give us a call, we’re always happy to chat, and the call is FREE, every time you call!

Return to the Learning Center

Dedicated to your success,

Wally Moore

Business Development Manager

dts|infotech . . . secure computer networks that work

503.359.1275

www.dtsinfotech.com

GET HELP NOW