The Week In Breach News 02/03/21 to 02/09/21

by Wally Moore

on February 10, 2021

in Data Breach

The Week In Breach

DTS InfoTech is a hard-working Trusted Advisor for any business that has questions about computers, computer networks, and technology. One way to earn the title of Trusted Advisor is to provide FREE practical education in the technology field for visitors to our website.

Cybersecurity has become a matter of business life and death for computer and technology users of all types. With your security in mind, we are sharing Data Breach Examples in weekly posts entitled “The Week In Breach” from our friends at ID Agent.

ID Agent provides a comprehensive set of threat intelligence and identity monitoring solutions to private and public sector organizations and millions of individuals impacted by cyber incidents.

Read this short article and learn about cybersecurity and Data Breach examples from the experts in the field.

The life of your business may depend upon it.

by Kevin Lancaster

This Week in Breach News:

Spotify is in the spotlight with yet another breach, third-party risk backfires on multiple organizations, short and long term planning for rising remote work risk, and take a crash course I ensuring your clients and prospects that you’re the partner they need by creating a great customer experience!

United States

United States – Washington State Auditor

https://sao.wa.gov/ 

Exploit: Third Party Data Breach

Washington State Auditor: Regional Government Regulator 

Severity Meter

Risk to Business: 1.379 = Severe

The unemployment claims data of more than 1 million people in Washington State has been reported as stolen in a hack of software used by the state auditor’s office. The State announced the breach after receiving notice that it was involved through a third party service provider, Accellion, a software provider the auditor’s office uses to transfer large computer files. the breach affects the personal information of people who filed for unemployment claims with the Washington Employment Security Department (ESD) between Jan. 1, 2020, and Dec. 10, 2020, and included a total of 1.6 million claims. Those claims represent at least 1.47 million individuals, according to data from the ESD website.

Severity Meter

Individual Risk: 1.379 = Severe

The data breach involved claimants’ names, Social Security numbers and/or driver’s license or state identification number, bank information, and place of employment. The state auditor has set up a web page for people who think their personal information could have been exposed in the data breach. See https://sao.wa.gov/breach2021/.

Customers Impacted: 1.40 million or more people

How it Could Affect Your Customers’ Business: Data like this is sought-after by cybercriminals to power phishing operations. Unfortunately for these folks, it often hangs around for years on the Dark Web, acting as fuel for future cybercrime.

ID Agent to the Rescue: Watch for threats from the Dark Web without lifting a finger using Dark Web ID, 24/7/365 credential monitoring that alerts you to trouble fast. LEARN MORE>>


United States – DriveSure

https://www.scmagazine.com/home/security-news/data-on-3-2-million-drivesure-users-exposed-on-hacking-forum/

Exploit: Hacking

DriveSure: Customer Retention Platform 

Severity Meter

Risk to Business: 2.211 = Severe

Hackers dropped data on 3.2 million DriveSure users on the Raidforums hacking boards late in January. One leaked folder totaled 22 gigabytes and included the company’s MySQL databases, exposing 91 sensitive databases. The databases range from detailed dealership and inventory information, revenue data, reports, claims and client data. A second compromised folder contained 11,474 files in 105 folders and totals 5.93 GB, likely a repository of backup data.

Severity Meter

Individual Risk: 2.325 = Severe

The information exposed included names, addresses, phone numbers, email addresses, IP addresses, car makes and models, VIN numbers, car service records and dealership records, damage claims and 93,063 bcrypt hashed passwords.

Customers Impacted: 3.2 million

How it Could Affect Your Customers’ Business Data isn’t always stolen via ransomware – sometimes it’s just old-fashioned hacking. That’s one reason why it’s essential to use a secure identity and access management solution to keep hackers locked out.

ID Agent to the Rescue: Multifactor authentication can stop up to 99% of cyberattacks, and that’s just one piece of the security toolkit that you get when you start using Passly. LEARN MORE>>


United States – WestRock 

https://www.securityweek.com/packaging-giant-westrock-says-ransomware-attack-impacted-ot-systems 

Exploit:  Ransomware

WestRock: Packaging Manufacturer

Severity Meter

Risk to Business: 2.779 = Extreme

Packaging giant WestRock has experienced a ransomware attack that has impacted both its manufacturing and IT environments, severely impacting production. The company has noted in an announcement to shareholders that it expects that continued delays during the recovery and cleanup process are expected.

Individual Impact: No sensitive personal or financial information was announced as part of this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware can be especially devastating to manufacturing companies by not just impacting office business but halting production, leading to a cascade effect.

ID Agent to the Rescue: Ransomware is almost always the result of a successful phishing attack. BullPhish ID prepares staffers to spot and stop phishing attacks, putting everyone on the IT team. SEE IT IN ACTION>>


United States – SN Servicing Company

https://www.scmagazine.com/home/security-news/mortgage-loan-servicing-company-discloses-ransomware-attack-to-multiple-states/

Exploit: Ransomware

SN Servicing Company: Mortgage Loan Services 

Severity Meter

Risk to Business: 2.022 = Severe

SN Servicing, the California-based servicing arm of Security National Master Holding Company, disclosed a data breach impacting clients in Vermont and California. The incident was also reported by the Egregor ransomware gang. SN Servicing says that it has engaged a third party team of investigators to determine the scope of the incident.

Severity Meter

Individual Impact: 2.171 = Severe

The stolen data appears to be related to billing statements and fee notices to customers from 2018, including names, addresses, loan numbers, balance information, and billing information such as charges assessed, owed, or paid. Clients should be aware of potential spear phishing and identity theft risks.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware is around every corner these days, and just one misclick on a phishing email can spell disaster.

ID Agent to the Rescue: Ransomware comes in the wake of a phishing attack. Are you taking the right precautions against it? Read Phish Files to be sure that you’re using the right strategy! READ IT>>


United States – Spotify

https://threatpost.com/spotify-credential-stuffing-cyberattack/163672/

Exploit: Credential Stuffing

Spotify: Streaming Music Service

Severity Meter

Risk to Business: 1.668 = Severe

Spotify has returned for another appearance with a credential stuffing disaster eerily similar. This time, data for approximately 100k users appeared in an Elasticsearch instance spotted by researchers. This is distinctly different data than the load that researchers discovered in November 2020.

Severity Meter

Risk to Business: 1.802 = Severe

No specifics were listed about the stolen data, but Spotify users should reset their account passwords and be on the lookout for spear phishing attempts.

Customers Impacted: 100K+

How it Could Affect Your Customers’ Business: Protection against credential stuffing isn’t something that a company like Spotify should struggle with, and suffering two credential stuffing incidents in one quarter shows a sloppy attitude toward security.

ID Agent to the Rescue: Choose Passly to secure the gateways to your systems and data quickly and affordably with a multipronged solution that covers your bases. SEE IT IN ACTION>>

United Kingdom

France – StormShield

https://www.zdnet.com/article/security-firm-stormshield-discloses-data-breach-theft-of-source-code/

Exploit: Hacking

StormShield: Cybersecurity Firm 

Severity Meter

Risk to Business: 1.711 = Severe

French government contracting cybersecurity firm StormShield has confirmed that cybercriminals were able to gain access to one of its customer support portals and stole information on some of its clients. The hackers also gained access to some source code for StormShield Network Security (SNS) firewall, an upcoming tool designed for government use. The intruders may have also accessed personal and technical data for some of its customers, its tech support portal and the Stormshield Institute customer training portal.

Individual Impact: No sensitive personal or financial information was announced as part of this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Even cybersecurity experts can get tripped up by hackers. Taking extra precautions to update security awareness training and bolster access point security is always a good idea.

ID Agent to the Rescue: In Our Security Awareness Champion’s Guide, you’ll learn the details of how cybercriminals conduct today’s nastiest cyberattacks and how to beat them. GET THE BOOK>>


Luxembourg – European Volleyball Confederation

https://www.forbes.com/sites/barrycollins/2021/01/30/britains-smartest-peoplemensafail-to-secure-passwords-properly/?sh=25d023bf43f5

Exploit: Unsecured Database

European Volleyball Confederation: Sports League

Severity Meter

Risk to Business: 2.625 = Moderate

A publically accessible Microsoft Azure blob belonging to the European Volleyball Confederation led to the exposure of hundreds of passports and identity documents belonging to journalists and volleyball players from around the world. The blob also contained thousands of headshots of volleyball players from Europe, Russia, and other countries in both the ‘backup‘ directory and an ‘AccreditationPhotos‘ subfolder.

Severity Meter

Individual Risk: 2.601 = Moderate

Members of the league and journalists who cover it should be vigilant for identity theft and spear phishing attempts that use this data.

Customers Impacted: 21,000

How it Could Affect Your Customers’ Business: Failure to secure a database, especially one that contains sensitive data, is a rookie mistake that can cost you a fortune.

ID Agent to the Rescue: Make sure that the sensitive information you control is strongly protected with cutting edge secure identity and access management from Passly. LEARN MORE>>


Australia and New Zealand

Australia – Oxfam Australia 

https://www.bleepingcomputer.com/news/security/oxfam-australia-investigates-data-breach-after-database-put-up-for-sale/

Exploit: Hacking

Oxfam Australia: Charitable Organization 

Severity Meter

Risk to Business: 2.006 = Severe

A donor database for Oxfam Australia was discovered by cybersecurity researchers. Oxfam Australia is a charity focused on alleviating poverty within the indigenous Australian people. A threat actor was attempting to sell the Oxfam Australia contact and donor information for 1.7 million people. The incident is under investigation.

Severity Meter

Individual Risk: 2.719 = Moderate

The exposed information appears to be limited to donor names, email addresses, addresses, phone numbers, and donation amounts. No financial information was exposed.

Customers Impacted: 1.7 million donors

How it Could Affect Your Customers’ Business: Hacking is an ever-present menace, and organizations that have a strong security plan coupled with high cyber resilience are more likely to make it through an incident with minimal damage.

ID Agent to the Rescue: Read our eBook The Road to Cyber Resilience to learn strategies and solutions that can make your business bounce back faster from cybersecurity failures. READ THE BOOK>>


Australia – SitePoint

https://www.zdnet.com/article/webdev-tutorials-site-sitepoint-discloses-data-breach/

Exploit: Third Party Data Breach

SitePoint: Web Development Education Resources 

Severity Meter

Risk to Business: 1.616 = Severe

Web developer education platform SitePoint has disclosed a security breach this week in emails sent to some of its users after a threat actor listed a collection of one million SitePoint user details for sale on a cybercrime forum. SitePoint has now initiated a password reset on all accounts and is asking users to choose new ones that are at least ten characters long.

Severity Meter

Individual Risk: 1.711 = Moderate

The stolen passwords were hashed with the bcrypt algorithm and salted, but SitePoint encourages users who may be recycling their password elsewhere to reset those accounts too.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Password reuse and recycling is endemic, and it can lead to a world of cybersecurity trouble. Add protections that blunt the impact of a reused (and compromised) password.

ID Agent to the Rescue: Limit the damage that can be done to your company with a recycled or compromised password with affordable, multifunctional secure identity and access management starring Passly. SEE IT IN ACTION>>


 Dark Web

COVID-19 has changed everything – including the Dark Web. See how it has evolved and how that impacts security in our eBook. DOWNLOAD IT>>


Guide to risk scores.

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

 

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.


Added intelligence

Go Inside the Ink to Get the Inside Scoop on Cybercrime

Our blog features timely cybersecurity and breach news, problem-solving advice, and expert analysis of today’s threats, plus insight that helps you plan for tomorrow. Don’t miss it!

Featured briefing

Extended Remote Work is Changing the Calculus on Risk


The rapid transition to remote work was a fundamental shock for many companies. Getting used to a new out-of-the-office culture, new technology and new stressors was hard enough, but the fact that this state of affairs is fated to continue for a long time with no real end in sight has caused companies to need to thoroughly rethink their approach to cybersecurity.

An estimated 90 percent of companies experienced a sharp increase in cyberattacks during the global pandemic. In the UK, 65 percent of organizations noted they have either been breached or exposed to an attack during the lockdown. Plus, 73 percent of security and IT executives are concerned about new vulnerabilities and risks that have been created or extended by supporting a remote workforce.

Some of those risks were exacerbated by both a lack of preparation to be ready to go fully remote and a lack of essential upkeep because of pandemic chaos after going remote – 98 percent of IT professionals in an international survey said they experienced security challenges within the first two months of the pandemic. Only 42 percent of survey respondents felt that their organization was “well prepared” for moving to remote work, compared to 45 percent that considered their companies “somewhat prepared” and 13 percent who stated that their businesses were were not prepared at all.


Extended Remote Work Means Extended Risk

Companies suddenly discovered a lot more challenges that threw them off their game as they made the transition to remote operations, as well as unexpected stumbling blocks. In the same survey, 93 percent of respondents said they had to delay key security projects in order to work on the transition to remote work forced by the pandemic. Over 30 percent of security executives said that software updates and BYOD policy considerations were deprioritized during the switch, and 42 percent said that routine reporting had been neglected since the start of the pandemic.

The cascade effect of those choices coincided with a huge global increase in cybercrime, as businesses were often forced to take on more cybersecurity risk in order to keep operating if they were unprepared for the transition. Like allowing workers to use personal devices until business devices could be obtained for workers who had never been remote – 43 percent experienced difficulties patching remote workers’ personal devices, exposing their organization to risk and more than 90 percent reported that their companies were forced to make rapid decisions about cybersecurity policy just to keep the lights on.


Cyber Resilience

Don’t let cyberattacks put the brakes on your business. Stay agile and keep your engine running under any conditions. Start your journey on The Road to Cyber Resilience now! DOWNLOAD THIS PACKAGE>>


The Time for Excuses is Over

While the start of the global pandemic was extremely chaotic and disruptive throughout the world, that was almost a year ago. Companies have had time to solve these complex security issues, but many haven’t. Researchers note that only about half of the surveyed companies had adopted simple security tools like multifactor authentication to combat the increased risk of remote work.

The numbers are in for 2020, and it was a record-breaking year for new vulnerabilities, with a 30 percent year over year increase. That’s not even counting attacks like phishing that have skyrocketed by more than 660 percent. That leaves huge gaps for security teams to handle – only 11 percent confirmed they could confidently maintain a holistic view of their organizations’ attack surfaces.

Remote working isn’t going anywhere either, and that continues to be problematic for companies that have failed to adjust. Some companies have chosen to remain fully remote as both a cost-cutting measure and an employee convenience aid. Many companies also intend to return to their offices as soon as they’re safely able, but that doesn’t mean anytime soon. More than 70 percent of respondents projected that at least one-third of their employees will remain remote 18 months from now.

Make sure you're guarding every door into your organization against cybercriminals.

Passly is the lock that they need to put on the front door to their systems and data. Multifactor authentication alone can stop up to 99 percent of password-based cybercrime, and that’s just one of the secure identity and access management features that will improve your clients’ security posture in the short and long term. If they’re only going to make one change to their cybersecurity stack because of budget concerns, adopting Passly is the change to make.

BullPhish ID is the key to keeping the little windows into your data closed that are opened by phishing attacks. It only takes one mis-click for an employee to unleash a devastating cyberattack, and phishing boomed worldwide because of the opportunity created by remote work and tumultuous times. Security awareness training including phishing resistance with a solution like the freshly updated and upgraded BullPhish ID can stop up to 70 percent of cyberattacks before they start, making training a smart investment at any time. LEARN MORE ABOUT THE NEW BULLPHISH ID IN THIS WEBINAR>>

Dark Web ID is the ideal choice for businesses to use to keep an eye on the back door. Increased cybercrime means an increased amount of data has hit the Dark Web, including millions of new records full of data to power cyberattacks. Dark Web ID helps mitigate the risk caused by that data flood by monitoring and reporting on credential compromise pitfalls that can sneak up unexpectedly.

Contact the experts at ID Agent and let’s talk about how we can work together to help you find exactly the right solutions to secure your clients, build your business, and deliver an excellent customer experience.

A note for our customers

Why Don’t Employees Comply with Cybersecurity Rules?


You’ve set policies, sent out emails and had meetings – and some of your employees still aren’t compliant with your cybersecurity policies. Why won’t they listen, and what will it take to get through to them?

Is the policy that you’ve chosen antithetical to the functions of some of your teams? Organization-wide choices that make sense from one department’s perspective may be strange and disruptive to another division’s workflow. Researchers in a recent study on the subject determined that each subculture within an organization will interpret and implement new security policies differently based on that subculture’s focus.

You might want to consider taking a wider approach. Instead of starting from the top when making choices about information security and technology policies, start from the bottom in every team. Non-IT staff may ignore or subvert security policies that directly make their job more difficult if they fail to understand the “why” of them – especially when they’re working remotely.

That’s one reason why security awareness training and secure identity and access management are essential for companies that are striving to build their cyber resilience in a tumultuous world. This power pair adds to both your long-term and short-term security to deter employees from playing fast and loose with security policies and make sure everyone’s on the same page about cybersecurity dangers.

Secure identity and access management with Passly is a great way to immediately secure your systems and data without creating, implementing and enforcing complex security policies. The combination of multifactor authentication, which blocks up to 99 percent of cybercrime on its own with other remote security keys prevents unauthorized access while making it easy for every staffer to get to the applications and tools that they need to do their job with minimal fuss.

Security awareness and phishing resistance training with a solution like our freshly updated BullPhish ID is a solution that benefits your business right away and in years to come. When your staffers understand cybersecurity risks, they’ll be more likely to buy in to preventative measures that may not have made sense to them before – putting everyone on your cybersecurity defense team.

By taking the time to consider the impact of security policies on the work that each of your teams does, educating your staffers about cybersecurity dangers, and adding essential protections that guard against cybercrime automatically, you can transform your employees’ approach to cybersecurity, taking them from being your biggest security risk to your biggest security asset.

DTS is very good at data breach solutions for small businesses. Seriously, we are, and we can prove it. We like being heroes!

We also know how intimidating technology can be, we make a living helping business owners and managers just like you who have questions about all things technology, and that includes data breach.

Most small businesses do not have the technical resources or time to understand all this geek stuff. If this describes you, let us help you.

If you would like more information about data breach as a service give us a call, we’re always happy to chat, and the call is free, every time you call!

Return to the Learning Center

Dedicated to your success,

Wally Moore

Business Development Manager

dts|infotech . . . secure computer networks that work

503.359.1275

www.dtsinfotech.com

GET HELP NOW