The Week In Breach News: 11/04/2020 to 11/10/2020

by Wally Moore

on November 12, 2020

in Data Breach

The Week In Breach 11/04/2020 to 11/10/2020

DTS InfoTech is a hard-working Trusted Advisor for any business that has questions about computers, computer networks, and technology. One way to earn the title of Trusted Advisor is to provide FREE practical education in the technology field for visitors to our website.

Cybersecurity has become a matter of business life and death for computer and technology users of all types. With your security in mind, we are sharing Data Breach Examples in weekly posts entitled “The Week In Breach” from our friends at ID Agent.

ID Agent provides a comprehensive set of threat intelligence and identity monitoring solutions to private and public sector organizations and millions of individuals impacted by cyber incidents.

Read this short article and learn about cybersecurity and Data Breach examples from the experts in the field.

The life of your business may depend upon it.

November 10th, 2020 by Kevin Lancaster

This Week in Breach News: This week: Capcom discovers ransomware isn’t a game, Magecart hackers strike gold from JM Bullion, healthcare cyberattack warnings come to fruition, and we’ve put together a Dark Web crash course for you! 

The Week in Breach News: Dark Web ID’s Top Threats This Week

  • Top Source Hits: ID Theft Forum
  • Top Compromise Type: Domain
  • Top Industry: Finance & Insurance
  • Top Employee Count: 501+

The Week in Breach News – United States 

United States –  JM Bullion

https://www.bankinfosecurity.com/precious-metal-trader-jm-bullion-admits-to-data-breach-a-15294

Exploit: Skimming (Magecart)

JM Bullion: Precious Metals Dealer

Severity Meter

Risk to Business: 1.772 = Severe
This Texas precious metals trader discovered that someone was cashing in on their clients’ transactions and it wasn’t them. In a recent regulatory filing, the company disclosed that malicious payment skimming code was present and active on their website from February 18, 2020, to July 17, 2020.

Severity Meter

Individual Risk: 1.624 = Severe
The information stolen in this attack includes customers’ names, addresses, and payment card information, including the account number, expiration date, and security codes. Customers should be alert to potential identity theft and spear phishing attempts.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Failing to notice a payment card skimmer operating on your site for 6 months does not speak well to your company’s commitment to keeping client data secure.

ID Agent to the Rescue: No business can afford to overlook regular cybersecurity awareness training and risk mitigation. Our digital risk protection platform has the solutions that you need to provide strong security for your business at a great price. LEARN MORE>>

United States – University of Vermont Medical Center

https://www.idagent.com/passly-digital-risk-protection

Exploit: Ransomware

University of Vermont Medical Center: Hospital System 

Severity Meter

Risk to Business: 1.402 = Extreme
In the wake of recent warnings from US government agencies about increased ransomware risk for healthcare targets, University of Vermont Medical Center (UVM) has landed in that trap. A ransomware attack has led to significant, ongoing tech problems for the University of Vermont Health Network, affecting its six hospitals in Vermont and New York. The Vermont National Guard and the FBI have been working with the tech team at UVM to restore service since the attack first began affecting systems on October 30th. Damage assessment and recovery are ongoing, and some systems are still offline. The hospital says that urgent patient care was not impacted.

Individual Risk: No personal or consumer information was reported as impacted in this incident.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Healthcare targets are in increasing danger from money-hungry cybercriminals who know that medical targets don’t have time for a long, complex recovery procedure, but they do have money.

ID Agent to the Rescue: Ransomware is typically delivered as the nasty cargo of a phishing attack. Improve your staff’s phishing resistance to fight back against ransomware threats. LEARN MORE>>

United States – GrowDiaries

https://www.zdnet.com/article/configuration-snafu-exposes-passwords-for-two-million-marijuana-growers/

Exploit: Misconfiguration

GrowDiaries:  Industry Blogging Platform 

Severity Meter

Risk to Business: 2.237 = Severe
Leading cannabis industry blogging platform GrowDiaries may need to clear its head after a configuration error in Kibana apps left two Elasticsearch databases unlocked and leaking data. Those open gates allowed attackers to dive into two sets of Elasticsearch databases, with one storing 1.4 million user records and the second holding more than two million user data points.

Severity Meter

Individual Risk: 2.612 = Moderate
One open database exposed usernames, email addresses, and IP addresses for platform users, and the other exposed user articles posted on the GrowDiaries site and users’ account passwords. Users should be aware of spear phishing and blackmail risks.

Customers Impacted: 1.4 million

How it Could Affect Your Customers’ Business: Cyberattacks can have cascading consequences, with information stolen in cyberattacks coming back to haunt businesses months or years later. Data like login credentials can live on in Dark Web data dumps to haunt you later.

ID Agent to the Rescue: Dark Web ID helps keep credentials safe with 24/7/365 human and machine monitoring using real-time data analysis. to find compromised credentials and alert you fast.  LEARN MORE>>

United States – Mattel

https://www.bleepingcomputer.com/news/security/leading-toy-maker-mattel-hit-by-ransomware/

Exploit: Ransomware

Mattel: Toymaker

Severity Meter

Risk to Business: 2.327 = Severe
In a recent regulatory filing, Mattel told regulators that it suffered a ransomware attack in July 2020 that shut down some systems but did not include a significant data loss. Only business systems were impacted, production and distribution were not affected. Experts believe that TrickBot ransomware was used in the incident.

Individual Risk: No personal or consumer information was reported as impacted in this incident.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Cybersecurity awareness starts with phishing resistance. It’s the most likely delivery system for ransomware, but training only sticks if it’s refreshed at least every 4 months.

ID Agent to the Rescue: Don’t get caught in cybercriminal nets by ransomware lures. BullPhish ID had more than 80 plug-and-play phishing simulation campaigns ready to train your staff to spot and stop phishing now, with 4 new ones added every month. SEE HOW IT WORKS>>

United States – GEO Group

https://www.natlawreview.com/article/geo-group-hit-ransomware-attack

Exploit: Ransomware

GEO Group: Private Prison Developer 

Severity Meter

Risk to Business: 2.066 = Severe
GEO Group has begun informing impacted individuals and facilities that the Florida-based prison developer was struck by ransomware in July 2020. The company notes that some personally identifiable information and protected health information for some inmates and residents was exposed in the incident. The impacted people connected to the South Bay Correctional and Rehabilitation Facility in Florida, a youth facility in Marienville Pennsylvania, and an unnamed defunct facility in California. Employee data was also obtained in the incident.

Severity Meter

Individual Risk: 2.221 = Severe
Residents and former residents of the impacted facilities should be alert to spear phishing, identity theft, or blackmail attempts using the stolen data. Employees of GEO group should also be on the lookout for similar activity.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: failure to stop ransomware attacks from landing on your business is a fast track to a long, messy, and expensive recovery.

ID Agent to the Rescue: Don’t set yourself up for disaster by failing to train everyone in your organization. From interns to the C-suite, everyone’s a potential phishing target. BullPhish Id uses fast, effective training tools like engaging videos to make sure everyone is up to speed. LEARN MORE>>

The Week in Breach News – Canada

Canada – Saskatchewan Polytechnic

https://globalnews.ca/news/7450319/saskatchewan-polytechnic-cyberattack-online-classes/

Exploit: Ransomware

Saskatchewan Polytechnic: Institution of Higher Learning 

Severity Meter

Risk to Business: 1.317 = Moderate
Classes were canceled for a week at Saskatchewan Polytechnic after a suspected ransomware attack on October 30th rocked the school’s systems. Students and staff lost access to O365 functions, Zoom, and learning platforms. Online classes have been partially restored, but the recovery for impacted systems is ongoing with law enforcement involved. Saskatchewan Polytechnic operates campuses in 4 locations.

Individual Risk: No personal or consumer information was reported as impacted in this incident so far, but it is still being remediated.

Customers Impacted: 14,176 students, unknown staff

How it Could Affect Your Customers’ Business: Ransomware isn’t just about capturing data anymore, it can also be intended to shut down your business. Security awareness training prevents up to 70% of cybersecurity incidents.

ID Agent to the Rescue: Phishing resistance training is one of the most important ways that businesses can protect their systems and data. Not only does it improve your staff’s phishing resistance, but it also boosts their overall cybersecurity awareness too. LEARN MORE>>

The Week in Breach News – United Kingdom & European Union

United Kingdom – Flagship Group

https://www.theregister.com/2020/11/06/revil_sodinokibi_ransomware_gang_flagship_group_housing/

Exploit: Ransomware

Flagship Group: Rental Housing Facilitator 

Severity Meter

Risk to Business: 1.862 = Severe
Social housing platform Flagship Group got an unwelcome visitor – REvil ransomware. The company announced that one of their data centers was infected by the ransomware, “compromising some personal staff and customer data”. Operations were not impacted. The attack took place on November 1, 2020, and authorities are investigating as recovery continues.

Severity Meter

Individual Risk: 1.613 = Severe
Clients and employees should be aware of the possibility that their personally identifiable or financial data was compromised and be alert to spear phishing and identity theft attempts.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: As the company noted in their report, REvil came calling as part of a phishing email, the biggest cybersecurity threat your business is facing in 2020.

ID Agent to the Rescue: Don’t just hope that you’re not next – fight back against ransomware threats with our eBook “Ransomware 101”. See why you’re at risk and how to protect your business fast. GET THE BOOK>>

Sweden- Folksam Insurance Group

https://www.pymnts.com/news/security-and-risk/2020/sweden-folksam-insurance-data-breach-big-tech/

Exploit: Accidental Data Sharing

Folksam Insurance Group: Insurance Company

Severity Meter

Risk to Business: 2.801 = Moderate
Swedish insurer Folksam made a misstep last week, when employees accidentally shared access to sensitive client data with Facebook, Google, Microsoft, LinkedIn, and Adobe. There are no indications that the data was used. The data was generated as part of an internal marketing analysis.

Severity Meter

Individual Risk: 2.654 = Moderate
Folksam has not said precisely what data was shared, but data they maintain includes financial, personal, and professional information about clients.

Customers Impacted: 1,000,000

How it Could Affect Your Customers’ Business: Accidental data sharing is often a result of sloppy data handling and security practices. Clients will lose trust in companies that promise to secure their sensitive data and fail.

ID Agent to the Rescue: Passly adds extra protections between outsiders and your data with a robust suite of secure identity and access management tools at a price that’s also sweet. SEE PASSLY IN ACTION>>

Spain – Prestige Software

https://www.hackread.com/hotel-reservation-platform-data-leak-online-booking-sites/

Exploit: Misconfiguration

Prestige Software: Travel Industry Software Developer 

Severity Meter

Risk to Business: 1.613 = Severe
International booking software provider Prestige is in hot water for a misconfiguration incident that led to the exposure of personally identifiable data for potentially millions of travelers worldwide. An AWS S3 bucket was left open with free access to 24.4 GB of information, about 10 million files. Clients of Prestige Software include Booking.com, Expedia, Agoda, Amadeus, Hotels.com, Hotelbeds, Omnibees, Sabre, and several others. Credit card data for businesses including travel agents and hotel customers was also stored in this database without any security measures.

Severity Meter

Risk to Business: 1.624 = Severe
Travelers from as far back as 2013 who have used Booking.com, Expedia, Agoda, Amadeus, Hotels.com, Hotelbeds, Omnibees, Sabre, and smaller service providers may be impacted. The information exposed includes travelers’ full names, NIC numbers, email addresses, phone numbers, hotel reservation number, date and duration of stay, credit card numbers including owner’s name, CVV code, and card expiration date. 

Customers Impacted: Unknown, 10 million files were exposed

How it Could Affect Your Customers’ Business: This egregious data handling and security error isn’t just a PR disaster – it’s also going to cost a pretty penny in fines and penalties once regulators get finished, including an anticipated large GDPR bill.

ID Agent to the Rescue: Compliance is a major concern in many industries. Are you checking off the boxes on your industry’s compliance checklist? We can help make sure that you’re on the ball. LEARN MORE>>

Italy – Campari Group

https://www.zdnet.com/article/italian-beverage-vendor-campari-knocked-offline-after-ransomware-attack/

Exploit: Ransomware

Campari Group: Beverage Vendor 

Severity Meter

Risk to Business: 2.607 = Severe
The Ragnar Locker ransomware gang stopped by Italian beverage maker Campari Group, leaving a sticky situation in its wake. The company, creators of brands including Campari, Cinzano, and Appleton, had a large part of its IT systems encrypted leading to a business disruption. Campari has announced that it was able to restore affected systems and no sensitive data was impacted. The ransom demand is currently set for $15 million.

Individual Risk: No personal or consumer information was reported as impacted in this incident.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Backup and restoration is an important tool in ransomware recovery – but training your staff to not be fooled by the phishing email that launches a ransomware attack is an effective mitigation strategy.

ID Agent to the Rescue: BullPhish ID is available in 8 languages to keep worldwide staff up to date to spot and stop the latest phishing threats, including COVID-19 scams. LEARN MORE>>

The Week in Breach News – Asia Pacific

India – Lupin

https://www.businesstoday.in/sectors/pharma/lupin-hit-by-cyberattack-threat-increases-for-pharma-firms-amid-covid-19/story/421348.html

Exploit: Ransomware

Lupin: Drugmaker

Severity Meter

Risk to Business: 1.806 = Severe
As the race to find a vaccine or treatment for COVID-19 heats up, Mumbai-based Lupin became the second major Indian pharmaceutical company to be hit by a suspected ransomware attack in the last few weeks. The company was forced to shut down operations and production at several of its facilities for a brief period, but systems have been restored.

Individual Impact: No personal data was exposed in this incident.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Snarling systems and impacting production are two goals that we’re seeing on the rise on cybercriminal hit lists, and frequently ransomware is the tool that they prefer to shut down businesses.

ID Agent to the Rescue: Don’t get locked out of your business by ransomware. Phishing resistance training with BullPhish ID transforms your staffers from your largest attack surface to your largest defensive asset. . LEARN MORE>>

Japan – Capcom Inc. Ltd.

https://www.bleepingcomputer.com/news/security/capcom-hit-by-ragnar-locker-ransomware-1tb-allegedly-stolen/

Exploit: Ransomware

Capcom Inc. Ltd.: Videogame Company

Severity Meter

Risk to Business: 2.070 = Severe
Ragnar Locker ransomware is on the case again, this time in an incident at legendary Japanese game company Capcom. The gang claims to have scored 1TB of sensitive data from Capcom, including data from corporate networks in the US, Japan, and Canada. Industry sources report that Ragnar Locker claims to have encrypted 2,000 devices on Capcom’s networks and are demanding $11,000,000 in bitcoins for the key.

Individual Risk: No individual information was reported as impacted in this incident, although the extent and type of the stolen data is still unclear.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Even giant corporations can become victims of the humble phishing attack, and huge amounts of data like what was captured here help fuel the spear phishing attacks that often lead to ransomware events.

ID Agent to the Rescue: Information from attacks like this frequently makes its way to Dark Web data markets and dumps, including stolen password lists. Make sure your employee credentials are protected from unexpected risk when you have them monitored with Dark Web ID SEE DARK WEB ID AT WORK>>

The Week in Breach – South America

Brazil – Superior Court of Justice

https://www.hackread.com/ransomware-attack-brazil-top-court-encrypts-backups/

Exploit: Ransomware

Superior Court of Justice: Judiciary Body 

Severity Meter

Risk to Business: 1.227 = Extreme
A ransomware attack savaged the Brazilian judiciary system last week, encrypting or disrupting all major services including the official website. Outlets are also reporting that the system cannot be easily restored because the backups have also been encrypted, which squares with the demands made by cybercriminals for a ransom payment. The Court is collaborating with the Brazilian Army’s Cyber ​​Defense Command and other relevant authorities for investigations. Court actions are suspended pending the restoration of required services.

Individual Risk: While it’s clear that a great deal of information has been stolen or encrypted, there are no specifics on the type.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware is also becoming a favored weapon of nation-state hackers, and is being more frequently used to disrupt government and essential service operations.

ID Agent to the Rescue: Are nation-state hackers a threat to your business? Many essential services are at risk, especially in healthcare. Find out more about what they’re going after and how to protect your business. LEARN MORE>>

The Week in Breach News Guide to Our Risk Scores

1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

Is This Your Password? Protect your access points with ransomware up 33% in 2020

Get the eBook “Is This Your Password?” now>>
Jump to our list of “10 Password Security Statistics You Need to See Right Now” >>

The Week in Breach: Added Intelligence

Go Inside the Ink to Get the Inside Scoop on Cybercrime

Every weekday, our blog features timely cybersecurity and breach news, problem-solving advice, and expert analysis of today’s threats, plus insight that helps you plan for tomorrow. Don’t miss it!

The Week in Breach: A Note for Our Customers

Compliance Essentials Save You Money in More Ways Than One

As we head into the last weeks of 2020 (finally!), businesses are starting to take stock of what they’ve accomplished this year and what they need to get done in Q1 2021. 

Take a moment to review how compliance requirements may have changed in your industry. Japan’s 2005 Protection of Personal Information law received a major update in 2020. India and Hong Kong are also set to enact and enforce updated data privacy regulations.

In the US, data privacy bills were put before legislatures in at least 30 states and Puerto Rico in 2020, and new regulations were enacted in Virginia and Michigan. The newly enacted California Consumer Privacy Act could also impact your business. California voters also just passed Proposition 24 on November 3, 2020, allowing consumers to stop businesses from selling or sharing their personal information, including race, religion, genetic details, geographic location, and sexual orientation.

One data security best practice that is required or encouraged in many industry compliance regulations is multifactor authentication (MFA), and Passly is an ideal choice. Protect your data with more than one lock: a password and MFA. With Passly’s MFA feature, a separate code or token is also needed to gain access to your systems and data, guarding you from the impact of a compromised employee password.

Compliance is a tricky field, and it’s always best to consult with an expert to ensure that you’re safe. Your managed services provider can help you find out exactly what you need to do to ensure that your company’s data handling and storage are on track with industry best practices and compliance requirements, giving you peace of mind as you head into the end of a challenging year.

DTS is very good at cybersecurity solutions for small businesses.

Seriously, we are, and we can prove it. We like being heroes!

We also know how intimidating technology can be, we make a living helping business owners and managers just like you who have questions about all things technology, and that includes cybersecurity.

Most small businesses do not have the technical resources or time to understand all this geek stuff.

If this describes you, let us help you.

If you would like more information about cybersecurity as a service give us a call, we’re always happy to chat, and the call is free, every time you call!

Return to the Learning Center

Dedicated to your success,

Wally Moore

Business Development Manager

dts|infotech . . . secure computer networks that work

503.359.1275

www.dtsinfotech.com

GET HELP NOW