The Week In Breach News 03/10/21 - 03/16/21

by Wally Moore

on March 17, 2021

in Cybersecurity

The Week In Breach

DTS InfoTech is a hard-working Trusted Advisor for any business that has questions about computers, computer networks, and technology. One way to earn the title of Trusted Advisor is to provide FREE practical education in the technology field for visitors to our website.

Cybersecurity has become a matter of business life and death for computer and technology users of all types. With your security in mind, we are sharing Data Breach Examples in weekly posts entitled “The Week In Breach” from our friends at ID Agent.

ID Agent provides a comprehensive set of threat intelligence and identity monitoring solutions to private and public sector organizations and millions of individuals impacted by cyber incidents.

Read this short article and learn about cybersecurity and Data Breach examples from the experts in the field.

The life of your business may depend upon it.

by Kevin Lancaster

This Week in Breach News:

Molson Coors goes dry after a cyberattack impacts production, the premiere of The Global Year in Breach 2021, ransomware halts unemployment assistance in Spain and our especially timely eBook on third-party risk.

United States

United States – Molson Coors

https://edition.cnn.com/2021/03/11/tech/molson-coors-cybersecurity-hack/index.html

Exploit: Hacking

Molson Coors: Brewing Conglomerate

Severity Meter

Risk to Business: 1.727 = Severe

Molson Coors told regulators that they’ve experienced a serious cybersecurity incident. The hack has taken its systems offline, delaying and disrupting parts of Molson Coors’ operations, including its production and shipments.

Individual Impact: No sensitive personal or financial information was announced as impacted in this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Hacking that disrupts production is a big problem, and reassessing cybersecurity training is a good idea after a serious incident like this.

ID Agent to the Rescue: Grab our Security Awareness Champion’s Guide for a complete walkthrough of today’s nastiest cyberattacks and the tricks that cybercriminals use to conduct them. GET THE BOOK>>


United States – Premier Diagnostics

https://www.infosecurity-magazine.com/news/utah-company-unsecured-server/ 

Exploit: Unsecured Database

Premier Diagnostics: Medical Testing

Severity Meter

Risk to Business: 1.872 = Severe

Utah medical testing company Premier Diagnostics has exposed the sensitive information of more than 50,000 customers by storing personally-identifying information on an unsecured server. The breach at Premier Diagnostics was discovered by researchers and contains sensitive customer data including scans of passports, health insurance ID cards, and driver’s licenses. Patients affected are from Utah, Nevada and Colorado.

severity meter

Individual Risk: 1.612 = Severe

Patients should be aware of this information being used for identity theft and spear phishing.

Customers Impacted: 50,000

How it Could Affect Your Customers’ Business: Sensitive PII requires strong protection, especially in the medical sector, because failure to keep it safe incurs huge fines.

ID Agent to the Rescue: Make sure that all of your data is stored securely and improve compliance with regulations like HIPAA with Passly. SEE PASSLY IN ACTION>>


United States – University of Texas at El Paso

https://www.infosecurity-magazine.com/news/hackers-target-texas-university/

Exploit: Hacking

University of Texas at El Paso: Institution of Higher Learning 

Severity Meter

Risk to Business: 2.212 = Severe

The computer network of the University of Texas at El Paso had to be shut down as technicians discovered a significant cyberattack in progress. Email and the server hosting the university’s website were affected by the incident, forcing faculty and students to communicate via Blackboard. The cyber-attack has also led to the closure of the university’s walk-up COVID-19 testing sites.

Individual Impact: No sensitive personal or financial information was announced as impacted in this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Hackers can disrupt large parts of an operation fast, leaving businesses scrambling to get back to work and causing lost revenue.

ID Agent to the Rescue: Get The Road to Cyber Resilience to learn strategies and solutions that can make your business bounce back faster from cybersecurity failures. READ THE BOOK>>


United States - Cochise Eye & Laser

https://www.infosecurity-magazine.com/news/ransomware-attack-on-arizona/

Exploit: Ransomware

Cochise Eye and Laser: Optometry

severity meter

Risk to Business: 1.727 = Severe

A ransomware incident at an optometrist located in Sierra Vista, Arizona, has affected up to 100,000 patients. In a recent breach notice, Cochise Eye and Laser informed regulators that the practice has been hit by ransomware, encrypting the office’s patient scheduling and billing software.

Severity Meter

Individual Risk: 1.603 = Severe

Patient data stored in the billing software included names, dates of birth, addresses, phone numbers, and in some cases Social Security numbers. There is no evidence that data was exfiltrated, but customers of this practice should be ready for potential identity theft or phishing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: This is a tremendous problem for businesses of every size, and even without confirmation that data was stolen the practice will be dinged with a substantial fine.

ID Agent to the Rescue: Ransomware risks are up by more than 100%. Learn how to fight back in Ransomware 101. GET THIS BOOK>>


 

Canada

Canada – Canada Revenue Agency (CRA)

https://www.ctvnews.ca/canada/experts-call-on-cra-to-get-serious-about-cybersecurity-after-800k-users-locked-out-as-a-precaution-1.5346546

Exploit: Hacking

Canada Revenue Agency (CRA): National Taxation Authority

severity meter

Risk to Business: 1.102 = Extreme

The CRA has locked down 800,000 online taxpayer accounts following an internal investigation that found user logins and other sensitive information may have been hacked. The agency noted that it could take until March 22 for the issues to be resolved.

Individual Impact: No sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing.

Customers Impacted: 800,000

How it Could Affect Your Customers’ Business: Reports say that this hack was likely discovered by dark web monitoring, preventing a potential cybersecurity disaster.

ID Agent to the Rescue: Dark Web ID is the ideal dark web monitoring solution to guard against credential compromise for businesses. Get alerted to trouble fast. SEE IT IN ACTION>>


United Kingdom

United Kingdom – West Ham Football Club

https://www.infosecurity-magazine.com/news/west-ham-supporters-personal/

Exploit: Unsecured Database

West Ham Football Club: Professional Sports Team

severity meter

Risk to Business: 2.775 = Moderate

English Premier League football club West Ham United appears to have accidentally leaked personal data of supporters on its official website. Cybersecurity experts believe it is likely the problem was caused by an internal error.

Severity Meter

Individual Risk: 2.802 = Moderate

Details of fan account profiles including full names, dates of birth, telephone numbers, address and email address were displayed when supporters attempted to log into the club’s ticketing website.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Human error is the top cause of cybersecurity incidents. Improve security awareness training for everyone in the organization to reduce it.

ID Agent to the Rescue: BullPhish ID now features customizable “set it and forget it” phishing simulation kits that include attachments, enabling you to simulate the real threats employees face every day. LEARN ABOUT THE NEW BULLPHISH ID>>


Scotland – University of the Highland and Islands (UHI) 

https://www.theregister.com/2021/03/08/uni_highlands_islands_cyber_incident/

Exploit: Ransomware

University of the Highland and Islands (UHI): Institution of Higher Learning. 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.603 = Severe

The University of the Highlands and Islands (UHI) in Scotland has been hit with a suspected ransomware attack that has shut down its campuses. All 13 locations across were impacted as well as its Brightspace virtual learning environment.

Individual Impact: No sensitive personal or financial information was announced as compromised in this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware is almost always part of a phishing attack. Brush up on the latest phishing lures to spot and stop phishing in our eBook Phish Files. GET THIS BOOK>>


Spain – State Public Employment Service (SEPE)

https://www.cyberscoop.com/spain-ransomware-employment-agency-sepe/

Exploit: Ransomware

State Public Employment Service (SEPE): Government Agency 

Severity Meter

Risk to Business: 2.020= Severe

The cyberattack on Spain’s State Public Employment Service (SEPE) affected the agency’s offices around the country, forcing employees to use pen and paper to take appointments. The suspected ransomware attack disrupted operations at the authority for unemployment assistance snarling progress for for hundreds of thousands of unemployed Spainards. The incident is under investigation.

Individual Impact: No sensitive personal or financial information was declared as compromised immediately but the investigation is ongoing and more details may emerge.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware doesn’t discriminate, and even a narrow impact can have big consequences for operations, causing delays and dissatisfaction for clients.

ID Agent to the Rescue: Look at the ascension of this menace in 2020 to see where we think it’s headed in 2021. GET THE GLOBAL YEAR IN BREACH 2021 NOW>>


Insider threat

Is Your Biggest Security Threat Already Inside Your Business? Learn to spot and stop insider threats with this kit>> DOWNLOAD IT


Guide to risk scores

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

Added intelligence

Go Inside the Ink to Get the Inside Scoop on Cybercrime


Are you up to date on the latest news that can impact your business and your customers? Here’s a recap:


Phish Files

Learn the Secret of How Cybercriminals Trick You Into Falling for Phishing Messages!

Read Phish Files Now>>


Resource files

NEW RELEASE! The Global Year in Breach 2021


2020 was certainly a wild ride – and packed with learning experiences. See how cybercrime transformed in the face of a global pandemic with a newly remote quarantined workforce, and explore the trends that we see continuing into 2021. In “The Global Year in Breach 2021” you’ll learn:

  • 5 key trends that impacted cybersecurity in 2020 and what they tell us for the future.
  • How the dark web economy drove cybercrime and emerging dark web trends.
  • What cybersecurity professionals can do to stay ahead of the curve.

Download “The Global Year in Breach 2021” and see everything. GET THIS BOOK>>


LAST DAY! Grab & Share Our St. Patrick’s Day Infographic


You need strong security solutions to secure their systems and data, not just good luck. This infographic includes 10 tips to protect businesses from data-snatching leprechauns in an adorable St. Patrick’s Day theme. Get it today and share it with your customers!

Download the infographic “Don’t Believe in Luck” today! DOWNLOAD THE INFOGRAPHIC>>


Don’t Make a Date with Third-Party Risk!

Third-party and supply chain risk is growing more dangerous for every business as cybercriminals maximize on past breaches to create new ones. Find great ways to reduce third-party and supply chain risk in our new eBook “Breaking Up with Third Party and Supply Chain Risk”. You’ll discover:

  • Examples that demonstrate third-party and supply chain data risks to businesses
  • A winning formula for solutions to secure companies
  • Statistics about how and why threats are heating up in the third-party and supply chain risk landscape

Download the NEW eBook “Breaking Up with Third Party and Supply Chain Risk” now. DOWNLOAD THIS EBOOK>>


 

2021

Don’t let supply chain and third-party risk rain on your parade in 2021! Learn how to protect your business (and your profits) in the eBook “Breaking Up with Supply Chain & Third-Party Risk“! GET IT NOW>>


Featured briefing

Third-Party Data Breaches Bring Trickle Down Trouble


As another huge bomb hits the cybersecurity world in the form of the recent Microsoft Exchange hack, it’s a good time to take a look at third-party and supply chain risk to see how it can impact businesses and how it can be mitigated. Over 90% of US businesses experienced a cybersecurity incident like a data breach in 2020 because of a third party or supply chain fault.

It’s important to prepare for this risk because it’s less of a possibility and more of an eventuality in today’s ever more connected world. Those connections are one of the reasons why it has ramped up so steadily. As more and more information about people and businesses accumulates in dark web markets and data dumps, that provides fuel for cyberattacks that perpetuate the cycle, feeding the market. More than 60% of the information available now on the Dark Web could damage businesses, and data breaches exposed 36 billion records in just the first half of 2020.  

Graphus

See how automated, affordable phishing defense with Graphus can save your business a fortune! GET THE EBOOK>>

 

More than 60% of data breaches are a result of exposure through third party or supply chain risk. Unfortunately, any business partner, supplier, or service provider with sloppy cybersecurity practices can put an innocent business at risk by doing things that make it easy for data to walk out the door, like the 17% of companies that have all of their sensitive files accessible to all of their employees – or the 41% of US companies that allow employees unrestricted access to sensitive data. 

Also included in that risk calculus, the siren song of making money on the dark web in a challenging economy has increased the possibility of data being snatched for nefarious purposes. An estimated 30% of data breaches involve internal actors with ill intent, including employees moonlighting by selling data or access on the Dark Web.

2020 was not a friendly year for businesses when it came to cybersecurity, especially in the supply chain. About 80% of firms responding to a recent survey said that they’d experienced an increase in cyberattacks in 2020. Supply chain cybersecurity risk warnings increased right along with surging cybercrime, up by 80% in Q2 2020 alone. Two in five SMBs were impacted by a cyberattack in 2020.


Passwords

Would you trust a flimsy old lock for your front door? Why trust one on your data? Learn to Build Better Passwords. GET IT>>


Mitigating Supply Chain & Third-Party Risk Doesn’t Have to Be an Expensive Proposition


Lock Cybercriminals Out Fast


Secure identity and access management with Passly is the gift that keeps on giving when it comes to third-party and supply chain risk. Multifactor authentication (MFA) alone tops 99% of password-related cybercrime. Passly packs MFA into a neat package with all of the best tools to control access and permissions like sign-on (SSO), secure shared password vaults. Now it even eliminates a huge headache for IT teams with automated password resets. Get a huge amount of security for a very small price! LEARN MORE ABOUT HOW PASSLY FIGHTS CYBERCRIME>>


Do Your Homework


Study up on how third-party and supply chain risk has evolved through the pandemic to have an outsized impact on cybersecurity in 2021. In our new eBook Breaking Up with Third Party and Supply Chain Risk, we’ll take you on a journey into the heart of this threat and how it can impact every business – plus we’ll give you strategies and solutions that can be put into place quickly and affordable to secure systems and data. GET THIS EBOOK>>

There are many options to increase security against third-party and supply chain risk. We’re here to help you find the perfect combination for your business. Book a demo of the ID Agent digital risk protection platform now and let’s explore the possibilities. BOOK IT>>



 

Passwords

Would you trust a flimsy lock for your front door? Add a stronger lock between cybercriminals and your business when you learn to Build Better Passwords. GET IT>>


A note for our customers

Protect Your Business From Third-Party and Supply Chain Cybersecurity Disasters 


As was recently illustrated by the Microsoft hack, third-party and supply chain risk is a threat that every business is vulnerable to in our interconnected world. But not all of your vendors, service providers, or partners take information security seriously, and that creates risk for your business.

Over 90% of US businesses experienced a cybersecurity incident like a data breach in 2020 because of a third-party or supply chain risk. These businesses didn’t make a cybersecurity misstep themselves – another company created vulnerabilities for them. Often these are vulnerabilities that you won’t even know about until it’s too late.

Third-party and supply chain risk will continue to be a growing problem in 2021 and beyond. The data that cybercriminals glean from data breaches inevitably makes its way into dark web markets and data dumps, providing ample fuel for future cyberattacks. Data breaches exposed 36 billion records in the first half of 2020 alone, feeding plenty of cybercrime. 

Are you positioned to gain the kind of intelligence that helps you get a clear picture of how stolen data may put your business at risk? If you’ve got Dark Web ID, you are. Dark Web ID sends up a red flag to warn you when your company’s credentials make an appearance on the dark web, enabling your security team to take care of that vulnerability before cybercriminals can exploit it.

This is just one increasing risk factor in 2020. As the fallout from the global pandemic settles, more risk from dark web sources will become a problem for businesses. Even cybercriminals have to work a little harder these days to make ends meet. Don’t let them snatch your piece of the pie – add dark web monitoring today to stay in the know about your company’s risk.


Champion's Guide

If Cybersecurity is Like a Game, Shouldn’t You Play to Win? Here’s How to Do It.

DOWNLOAD THE SECURITY AWARENESS CHAMPION’S GUIDE>>


DTS is very good at cybersecurity solutions for small businesses.

Seriously, we are, and we can prove it. We like being heroes!

We also know how intimidating technology can be, we make a living helping business owners and managers just like you who have questions about all things technology, and that includes cybersecurity.

Most small businesses do not have the technical resources or time to understand all this geek stuff. If this describes you, let us help you.

If you would like more information about cybersecurity as a service give us a call, we’re always happy to chat, and the call is free, every time you call!

Return to the Learning Center

Dedicated to your success,

Wally Moore

Business Development Manager

dts|infotech . . . secure computer networks that work

503.359.1275

www.dtsinfotech.com

GET HELP NOW