The Week In Breach News 11/11/2020 to 11/17/2020

by Wally Moore

on November 18, 2020

in Data Protection, Data Breach


DTS InfoTech is a hard-working Trusted Advisor for any business that has questions about computers, computer networks, and technology.

One way to earn the title of Trusted Advisor is to provide FREE practical education in the technology field for visitors to our website.

Cybersecurity has become a matter of business life and death for computer and technology users of all types. With your security in mind, we are sharing Data Breach Examples in weekly posts entitled “The Week In Breach” from our friends at ID Agent.

ID Agent provides a comprehensive set of threat intelligence and identity monitoring solutions to private and public sector organizations and millions of individuals impacted by cyber incidents.

Read this short article and learn about cybersecurity and Data Breach examples from the experts in the field.

The life of your business may depend upon it.

November 18th, 2020 by Kevin Lancaster

This Week in Breach News: Hackers scale The North Face, ransomware rocks eCommerce, an in-depth look at the importance of cyber resilience, how remote work increases ransomware danger, and Krampus is bringing good MSPs an awesome holiday event! 

The Week in Breach News: Dark Web ID’s Top Threats This Week

  • Top Source Hits: ID Theft Forum
  • Top Compromise Type: Domain
  • Top Industry: Education & Research
  • Top Employee Count: 501+

The Week in Breach News – United States 

United States –  Delaware Division of Public Health

Exploit: Accidental Data Sharing

Delaware Division of Public Health: State Health Agency 

Severity Meter

Risk to Business: 2.311 = Severe
The Delaware Division of Public Health announced that in mid-September, a temp sent two emails containing COVID-19 test results for approximately 10,000 individuals to the wrong party. The August 13, 2020, email included test results for individuals tested between July 16, 2020, and August 10, 2020. The August 20, 2020, email included test results for individuals tested on August 15, 2020. Investigators have determined that these emails were sent by mistake, as the information was supposed to be sent to a member of the call center staff to assist individuals in obtaining their test results.

Severity Meter

Individual Risk: 2.824 = Moderate
The information mistakenly released in this foul-up included the date of the test, test location, patient name, patient date of birth, phone number if provided, and test result.

Customers Impacted: 10,000

How it Could Affect Your Customers’ Business: Human error remains the number one cause of a data breach. Security awareness training is the most effective way to prevent unfortunate employee errors.

ID Agent to the Rescue: No business can afford to overlook regular cybersecurity awareness training and risk mitigation. Our digital risk protection platform has the solutions that you need to provide strong security for your business at a great price. LEARN MORE>>

United States – Vertafore Inc.

Exploit: Unsecured Database

Vertafore Inc.: Insurance Company 

Severity Meter

Risk to Business: 1.702 = Severe
Information about 27.7 million Texas drivers has been exposed online and stolen from an unsecured database belonging to insurance company Vertafore Inc. after someone put three major company files on an unsecured storage server.

Severity Meter

Individual Risk: 2.662 = Moderate
The company says that no identification misuse has been determined, but they’re also offering free credit monitoring and identity restoration services to all Texas driver’s license holders potentially affected by the data breach.

Customers Impacted: $27.7 million

How it Could Affect Your Customers’ Business: Bad data handling is a symptom of poor cybersecurity hygiene, and it can easily lead to bigger problems like ransomware and password compromise.

ID Agent to the Rescue: Ransomware is typically delivered as the nasty cargo of a phishing attack. Improve your staff’s phishing resistance to fight back against ransomware threats. LEARN MORE>>

United States – X-Cart

Exploit: Third Party Software

X-Cart: eCommerce Platform Creator  

Severity Meter

Risk to Business: 2.003 = Severe
X-cart discovered the danger of vetting errors when attackers exploited a vulnerability in a third-party software tool to gain access to X-Cart’s store hosting systems. Some stores went down completely, while others reported issues with sending email alerts. The incident is under investigation and service has been restored for clients.

Individual Risk: No personal or consumer information was reported as impacted in this incident.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Cyberattacks can come from unexpected quarters, like a vulnerability in third-party software that you rely on.

ID Agent to the Rescue: Passly adds essential protection to your systems and data through secure identity and access management to place a strong shield between your business and cybercrime.  LEARN MORE>>

United States – Wildworks (Animal Jam)

Exploit: Third Party Data Breach

Wildworks: Video Game Developer 

Severity Meter

Risk to Business: 1.664 = Severe
Wildworks, the developer of the online kid’s playground Animal Jam, announced a data breach involving a third-party vendor that exposed the information of millions of children on the Dark Web. The information appeared on the Dark Web as the booty of cybercrime gang ShinyHunters.

Severity Meter

Individual Risk: 1.902 = Severe
Exposed information includes 46 million player usernames, which are human moderated to make sure they do not contain a child’s proper name, 46 million SHA1 hashed passwords and approximately 7 million email addresses of parents whose children registered for Animal Jam. 

Customers Impacted: 46 million

How it Could Affect Your Customers’ Business: Third-party service providers may not have the same commitment to data security as you do. It pays to do your homework to avoid these problems whenever possible.

ID Agent to the Rescue: Information like this can hang around for years after it hits the Dark Web. Make sure your staff’s credentials haven’t been exposed with Dark Web ID 24/7/365 monitoring. SEE HOW IT WORKS>>

United States – Pluto TV

Exploit: Hacking

Pluto TV: Online Television Service 

Severity Meter

Risk to Business: 2.166 = Severe
Hackers from the cybercrime gang ShinyHunters have announced the acquisition of 3.2 million Pluto TV user records that were purportedly stolen during a data breach. The data appears to be somewhat out of date, and Pluto TV has not confirmed the breach.

Severity Meter

Individual Risk: 2.611 = Moderate
Exposed information includes a member’s display name, email address, bcrypt hashed password, birthday, device platform, and IP address. The data is estimated to be about two years old.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Protecting your client records and other sensitive data from thieves has to be a top priority, no matter how old it is. Customers expect that you’ll keep it safe with reasonable security precautions in place.

ID Agent to the Rescue: Passly helps keep data safer by providing strong protection against hacking with single sign-on to make it easy to control access exactly where you need it. LEARN MORE>>

United States – The North Face

Exploit: Credential Stuffing

The North Face: Outdoor Apparel Retailer 

Severity Meter

Risk to Business: 2.322 = Severe
Hackers mounted a successful attack against outdoor retailer The North Face, capturing an unknown amount of client data in the process. While retail operations were not disrupted, the company has released a caution to customers about the incident.

Severity Meter

Individual Risk: 2.711 = Moderate
The company noted that the breach includes “products you have purchased on our website, products you have saved to your ‘favorites,’ your billing address, your shipping address(es), your VIPeak customer loyalty point total, your email preferences, your first and last name, your birthday (if you saved it to your account), and your telephone number (if you saved it to your account)”. Payment information was stored separately and more securely and not impacted in this incident.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Credential stuffing attacks have gained new fuel from a bountiful harvest of Dark Web data dumps adding fresh ammo for cybercrime.

ID Agent to the Rescue: Multifactor authentication with Passly is the perfect tool to guard your business against credential stuffing attacks. LEARN MORE>>

The Week in Breach News – Canada

Canada – The City of Saint John, N. B.

Exploit: Ransomware

The City of Saint John, N. B.: Municipal Government

Severity Meter

Risk to Business: 1.222 = Extreme
A massive cyberattack has ground many municipal operations to a halt in Saint John, New Brunswick. The suspected ransomware attack on the city government caused havoc. Government officials said in a statement that while its 911 communications network is open, the cyberattack has shut the city’s website, email, online payment system, and customer service applications.

Individual Risk: No personal or consumer information was reported as impacted in this incident so far, but it is still being remediated.

Customers Impacted: 68,000

How it Could Affect Your Customers’ Business: Ransomware isn’t just about capturing data anymore, it can also be intended to shut down your business. Security awareness training prevents up to 70% of cybersecurity incidents.

ID Agent to the Rescue: Phishing resistance training is one of the most important ways that any organization can protect their systems and data. Not only does it improve your staff’s phishing resistance, but it also boosts their overall cybersecurity awareness too. LEARN MORE>>

The Week in Breach News – United Kingdom & European Union

United Kingdom – Sandcliffe Motor Group

Exploit: Ransomware

Sandcliffe Motor Group: Automobile Retailer 

Severity Meter

Risk to Business: 1.802 = Severe
A ransomware attack has exposed the information of employees and customers of Sandcliffe Motor Group. The chain of 10 dealerships around the UK has traced the source to an employee clicking a link in a phishing email.

Severity Meter

Individual Risk: 1.613 = Severe
The company noted that bank account details and medical histories may be included in the information that was snatched. Clients and employees should be aware of the possibility that their personally identifiable or financial data was compromised and be alert to spear phishing and identity theft attempts.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Phishing never goes away, and it’s always the fastest, easiest way for cybercriminals to strike.

ID Agent to the Rescue: Don’t just hope that you’re not next – fight back against ransomware threats with our eBook “Ransomware 101”. See why you’re at risk and how to protect your business fast. GET THE BOOK>>

Germany – Miltenyi Biotec

Exploit: Malware

Miltenyi Biotec: Cell and Therapy Research Solutions Provider 

Severity Meter

Risk to Business: 2.322 = Severe
Malware is to blame for a recent spate of order processing snafus at Miltenyi Biotec, a major manufacturer and distributor of essential solutions used in scientific research and medical therapies. The company noted that it has been able to control the problem and does not anticipate a significant future impact.

Customers Impacted: Unknown

Individual Risk: No personal or consumer information was reported as impacted in this incident so far, but it is still being remediated.

How it Could Affect Your Customers’ Business: Malware can arrive on your doorstep in many ways, but it’s most likely to come attached to a phishing email.

ID Agent to the Rescue: Don’t wait until malware knocks on your door to update phishing resistance training for every staffer with easy, remote-friendly training using BullPhish ID. SEE BULLPHISH ID IN ACTION>>

The Week in Breach News – Australia & New Zealand

Australia – Nexia Australia and New Zealand

Exploit: Ransomware

Nexia Australia and New Zealand: Accounting Firm 

Severity Meter

Risk to Business: 1.806 = Severe
REvil ransomware strikes again, this time at major accounting firm Nexia. The company informed regulators of an attack on November 3, 2020. While the REvil gang had up until recently boasted of the score on its website, the information has since disappeared, leading to speculation that the ransom was paid. The firm has not confirmed what if any data was stolen, although the REvil group did confirm that it had data in its initial posting.

Individual Impact: No information is available about any personal or financial data that was exposed in this incident.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware is a menace that every company must be on guard for at every turn to avoid messy and damaging incidents like this, with correspondingly expensive results.

ID Agent to the Rescue: Phishing resistance training with BullPhish ID is the key to guarding against ransomware with 80+ plug and play phishing simulation campaigns just waiting to transform your staffers from your largest attack surface to your largest defensive asset. LEARN MORE>>

The Week in Breach News – Asia Pacific

India – Press Trust of India

Exploit: Ransomware

Press Trust of India: News Reporting Service

Severity Meter

Risk to Business: 2.169 = Severe
Major Indian news agency Press Trust of India was shut down for several hours over the weekend after a ransomware attack disrupted its operations, leaving millions of subscribers including major news sources in the dark. Service was restored by the next day and an investigation is underway, but the suspected culprit is ransomware.

Individual Impact: No personal data was exposed in this incident.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Snarling systems and impacting production are two goals that we’re seeing on the rise on cybercriminal hit lists, and frequently ransomware is the tool that they prefer to shut down businesses.

ID Agent to the Rescue: Don’t get locked out of your business by ransomware. Phishing resistance training with BullPhish ID transforms your staffers from your largest attack surface to your largest defensive asset. LEARN MORE>>

Singapore – RedDoorz

Exploit: Unauthorized Database Access

RedDoorz: Hotel Management and Booking Platform 

Severity Meter

Risk to Business: 2.070 = Severe
The bad guys slipped through the door at the hotel and travel booking platform RedDoorz, and they took home some souvenirs. A threat actor is selling a RedDoorz database containing 5.8 million user records on a Dark Web forum.

Severity Meter

Individual Risk: 2.037 = Severe
In the information exposed on the Dark Web, cybercriminals showed that they had obtained user records that included the member’s email, bcrypt hashed passwords, full name, gender, link to profile photo, phone number, secondary phone number, date of birth, and occupation as well as miscellaneous personal details. Users of the platform should be wary of spear phishing attempts using this data.

Customers Impacted: 5.9 million

How it Could Affect Your Customers’ Business: Putting extra security between your client records and hackers is a smart move to avoid becoming part of the booming Dark Web data economy.

ID Agent to the Rescue: Information from attacks like this frequently makes its way to Dark Web data markets and dumps, including stolen password lists. Make sure your employee credentials are protected from unexpected risk when you have them monitored with Dark Web ID SEE DARK WEB ID AT WORK>>

Malaysia – 123RF

Exploit: Unauthorized Database Access 

123RF: Stock Photo Provider 

Severity Meter

Risk to Business: 2.233 = Severe
Popular stock photo source 123RF discovered that someone had stopped by for more than just some free art this week after 8.3 million of its client records appeared on the Dark Web. Based on the dates listed, the information is likely a year or so old.

Severity Meter

Risk to Business: 2.427 = Severe
The pilfered data includes user records showing 123RF members’ full name, email address, MD5 hashed passwords, company name, phone number, address, PayPal email if used, and IP address. There is no financial information stored in the database. Users should be on the lookout for possible spear phishing emails like fake PayPal notices using this data.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Guarding user records is essential in today’s business world because savvy users are likely to take their business elsewhere after a breach.

ID Agent to the Rescue: How strong are the passwords that you’re using to protect your data and systems. Find out how bad passwords are born, and how they help hackers steal your data in our eBook “Is That Your Password?". GET THE BOOK>>

The Week in Breach – South America

Chile – Cencosud

Exploit: Malware

Cencosud: Retail Conglomerate

Severity Meter

Risk to Business: 2.342 = Severe
Cencosud was hit with a ransomware attack that encrypted devices throughout their retail outlets and impacted the company’s operations. Most retail locations of the South American retail giant are operational, but other services including its in-house credit cards have been impacted. Egregor ransomware is suspected as the culprit. Cencosud manages a wide variety of stores in Argentina, Brazil, Chile, Colombia, and Peru.

Individual Risk: While it’s clear that a great deal of information and major systems were encrypted, there are no specifics on any data stolen.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Ransomware as a business disruptor is a favored weapon of nation-state hackers, and is being more frequently used to create chaos in retail, healthcare, government, and essential service operations.

ID Agent to the Rescue: Are nation-state hackers a threat to your business? Many essential services are at risk of feeling the impact. Find out more about what they’re going after and how to protect your business. LEARN MORE>>

what happens in dark web markets? find out now! before you choose DIY Dark Web Monitoring

Watch ” Unveiling Cybercrime Markets on the Dark Web” and get a FREE deck of Dark Web screenshots!>>

The Week in Breach News Guide to Our Risk Scores

1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

The Week in Breach: Added Intelligence

Go Inside the Ink to Get the Inside Scoop on Cybercrime

Every weekday, our blog features timely cybersecurity and breach news, problem-solving advice, and expert analysis of today’s threats, plus insight that helps you plan for tomorrow. Don’t miss it!

The Week in Breach: Resource Spotlight

Are Our Cybersecurity Essentials on Your Digital Bookshelf?

We’re about to release some epic new eBooks including fresh guides to security awareness training and phishing threats for your reading pleasure. Before we do, we thought we’d give you a chance to download our 3 most successful eBooks of 2020. So grab your favorite hot beverage and curl up with our required reading picks!

Ransomware 101

Learn the ins and outs of today’s nastiest cyberattack including how to secure your business and your clients fast! DOWNLOAD IT>>

Is This Your Password?

Bad passwords can cost a fortune. Learn how weak passwords are born (with example lists) and how to make strong ones. DOWNLOAD IT>>

State of the Dark Web 2020

COVID-19 changed everything, including the Dark Web. Take a deep dive to find out how that could impact your business and your clients. DOWNLOAD IT>>

a red envelope on a computer screen representing phsihing like ransomware threats up 33% in 2020

See how to enlist your staff in the fight against ransomware to transform them into your biggest security asset! WATCH THE WEBINAR>>

You’re Invited to the Event of the Holiday Season –  ‘Twas the Night Before Krampus!

This year’s served up a lot of coal to MSPs, but we’re here to help you turn it into gold! We’ve got an amazing event in store for you on December 15 from 3 pm ET – 5:30 pm ET: ‘Twas the Night Before Krampus! This holiday spectacular is chock full of sugar and spice and everything naughty and nice including:

  • A keynote presentation from a former star of the naughty list “U.S. Most Wanted”, cybercrime king Brett Johnson, The Original Internet Godfather. He’s joined the nice list now as a consultant who uses his powers for good, but he’s still got a few tricks up his sleeve and you can learn them by listening to his harrowing tales of cybercrime past and preventing cybercrime in the future.

This event will be hosted by the legendary Krampus, live and in person! Plus, we’re still making plans to bring you even more (good) surprises! You won’t want to miss this extravaganza. Reserve your seat by the fire today! REGISTER NOW>>

The Week in Breach: Featured Briefing

Cyber Resilience Gets Your Clients Ready to Fight Back Against Innovations in Cybercrime

One of the hottest topics in cybersecurity these days is cyber resilience. In a rapidly evolving threat atmosphere, organizations that are cyber resilient aren’t just following cybersecurity best practices or securing their systems and data with the latest tech, they’re also thinking about the cybersecurity disasters of the future – and that opens up new opportunities for businesses.

Many factors have contributed to a fresh buzz around cyber resilience. While it’s not a new concept, it has taken on a greater significance in 2020 as businesses around the globe have had to deal with a perfect storm of cybersecurity challenges. Experts are embracing cyber resilience as a priority at big companies, and it’s really something that every organization of any size should have on their radar.

One major contributor to a new interest in cyber resilience has been the impact of COVID-19. The global pandemic that drove most companies to remote work unveiled just how complex supporting a remote workforce can be. Remote workers are more likely to fall for phishing attacks, and they’re less likely to be working on networks that have the same protection as what they’re using in the office, sprinkle that with extra anxiety about an invisible killer, and you’ve got a recipe for disaster.

Not to mention, the opportunities for cybercrime that were created by the cycle of attacks and breaches that the pandemic set off. As more data makes its way to Dark Web markets from a wide variety of sources, cybercriminals are spinning it into gold by using it to mount credential stuffing attacks and other brute force hacks that many companies aren’t ready to withstand.

That’s why secure identity and access management is a key component of cyber resilience. Not only do major worldwide authorities like CISA recommend secure identity and access management as a strong mitigation against all types of cybercrime, but it’s also a leading priority of CISOs at major corporations around the globe. why? Because it works.

Passly is the ideal choice to improve your cyber resilience fast. It includes all of the recommended major components of an identity and access management solution that increases cyber resilience for companies of any size in one simple, affordable package. With Passly you get:

  • Single Sign-on – A game-changer for access management that enables IT teams to quickly remove access or isolate users as needed in the event of a successful penetration attack, single sign-on also makes it easy to make sure that the right people have access to the right things – and only the right people.
  • Remote Management – Passly’s comprehensive remote management capability means that not only can you control access from anywhere, but you can also be confident that it will seamlessly integrate with most common business applications.
  • Multifactor Authentication – This is the current champion of systems and data protection for a good reason. Simple and effective, multifactor authentication is still a mighty tool that prevents many cybersecurity disasters by requiring a second form of identification from users to gain access to systems and data.

Passly delivers cutting-edge tools and strong security with all of the right features as well as excellent value. Boost your cyber resilience today so that you’re ready to face the challenges of tomorrow.

The Week in Breach: A Note for Our Customers

Ransomware Risks Highest for Remote Workers  

The global pandemic has changed the way that we work, and that’s been good news for cybercriminals. Remote workers are a juicy target for ransomware attacks since they’re more likely to be drawn in by common lures and less likely to be up to date on current phishing scams. So how can you protect your business from ransomware while your staffers are still working remotely?

While we wish there was a magic bullet, the closest we’ve come is a magical solution: phishing resistance and security awareness training. Companies that engage in regular security awareness training that includes information about the latest phishing threats have up to 70% fewer cybersecurity incidents.

The biggest cybersecurity threat of 2020 is phishing, and ransomware almost always arrives on your doorstep paired up with a phishing email. More than 65% of ransomware is delivered through phishing, which has boomed during the global pandemic – Google reports that it’s measured phishing email as up by more than 600% in 2020.

Regular, easy-to-understand phishing training is essential for protecting your business from dangers like spear phishing attacks designed to deliver ransomware. BullPhish ID delivers just what you need with plug-and-play phishing simulation kits to test your staff and engaging video lessons to demonstrate today’s phishing lures, including COVID-19 bait.

Protect your business from phishing-based cybersecurity disasters with simple, sensible tools like security awareness and phishing resistance training using BullPhish ID to transform your staff from cybercriminal targets to defensive assets fast at a price you’ll love.

DTS is very good at cybersecurity solutions for small businesses. Seriously, we are, and we can prove it. We like being heroes!

We also know how intimidating technology can be, we make a living helping business owners and managers just like you who have questions about all things technology, and that includes cybersecurity.

Most small businesses do not have the technical resources or time to understand all this geek stuff. If this describes you, let us help you.

If you would like more information about cybersecurity as a service give us a call, we’re always happy to chat, and the call is free, every time you call!

Return to the Learning Center

Dedicated to your success,

Wally Moore

Business Development Manager

dts|infotech . . . secure computer networks that work