Please fill in the form below to subscribe to our blog

The Week in Breach: 09/04/19 – 09/10/19

September 11, 2019

This week, a company loses competitive edge due to breach, healthcare providers struggle to protect PII, and compromised email accounts top the list of cyber insurance claims.

Dark Web ID Trends:

Top Source Hits: ID Theft Forums 
Top Compromise Type: 
Domain
Top Industry:
High-Tech & IT
Top Employee Count:
1 – 10 Employees 


United States – Fraser
https://finance.yahoo.com/news/fraser-email-compromised-phishing-scheme-145900144.html

Exploit: Phishing scam
Fraser: Provider of education, housing, and healthcare services for children and adults with special needs

1.51 – 2.49 = Severe Risk Risk to Small Business: 1.555 = Severe: A phishing scam successfully compromised an employee email account, giving hackers access to a spreadsheet containing information from the Fraser waitlist. In response, Fraser contacted a third-party IT vendor within hours of discovering the breach and was able to secure its network. Needless to say, a reactive response will not mitigate the damage inflicted on those impacted by the breach. Fraser will likely face intense regulatory scrutiny in the near future, as the information accessed is considered protected health information.
1.51 – 2.49 = Severe Risk

Individual Risk: 1.555 = Severe: The data breach did not reveal customers Social Security numbers or credit card information, but plenty of personally identifiable information was made available to hackers. This includes customers’ names, Fraser ID numbers, zip codes, and treatment notes. Affected individuals should carefully monitor their accounts for suspicious activity and consider contacting the hotline that Fraser recently opened up.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Despite a company’s best efforts, some phishing scams inevitably make their way to employees’ inboxes. Since a single click can compromise incredible amounts of sensitive data, businesses of all sizes must prioritize the awareness training that can render such attacks useless. With the cost of a data breach continually increasing, addressing this vulnerability can be one of your company’s best investments.

ID Agent to the Rescue: BullPhish ID™ simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime. Click the link to get started: https://www.idagent.com/bullphish-id.

United States – CircleCI
https://securityboulevard.com/2019/09/circleci-reports-of-a-security-breach-and-malicious-database-in-a-third-party-vendor-account/

Exploit: Unauthorized database access
CircleCI: Continuous integration and delivery platform

1.51 – 2.49 = Severe Risk Risk to Small Business: 2 = Severe: Cybercriminals gained access to a third-party database for CircleCI, which compromised customer information and company data. The breach was uncovered when an employee noticed unusual account activity and notified the CirlceCI security team. Nevertheless, the breach went undetected for nearly a month, impacting customers who accessed the platform from June 30th through August 31st. CircleCI worked with a security provider to repair the vulnerability, but their failure to adequately protect user data will remain a stain on their reputation, a less-quantifiable but uniquely important facet of doing business in 2019.
2.5 – 3 = Moderate Risk Individual Risk: 2.571 = Moderate: Customer data that was compromised included usernames, email addresses, and organization names. This data can quickly make its way to the Dark Web where it can be used to facilitate additional cybercrimes. Fortunately, authentication tokens, passwords, and payment information were not involved in the incident. Those impacted should be mindful of suspicious communications, and they should monitor their accounts for any unusual activity.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Working with third-party vendors is an inevitability for most companies, but such partnerships can manufacture additional cybersecurity vulnerabilities that need to be addressed. For businesses looking to avoid a data debacle, evaluating security standards should be a prerequisite to any professional partnership involving the exchange of sensitive data.

ID Agent to the Rescue: Dark Web ID™ alerts MSPs when their customers’ employee emails and passwords have been compromised and are for sale to the highest bidder, before a breach occurs. Learn how you can partner up with us here: https://www.idagent.com/dark-web.

United States – Artesia General Hospital
https://www.beckershospitalreview.com/cybersecurity/new-mexico-hospital-alerts-14-000-patients-of-data-breach.html

Exploit: Phishing scam
Artesia General Hospital: Healthcare provider offering primary and specialty health services

1.51 – 2.49 = Severe Risk Risk to Small Business: 1.666 = Severe: An unauthorized third party compromised an employee’s email account, which included patient information. Hackers had access to the account between June 11th and June 18th, but it’s unclear if the patient data was viewed. Artesia General Hospital is prioritizing staffing training about suspicious emails, but a reactive response will not restore the exposed patient data or lessen impending fines that almost always follow a healthcare-related breach.
1.51 – 2.49 = Severe Risk Individual Risk: 2.285 = Severe: Patient data was exposed in the breach, including names, dates of birth, medical record or account numbers, health insurance information, and treatment information. In addition, some patients had their Social Security numbers compromised. Personally identifiable information has an established market online, and it can be difficult to prevent its distribution once accessed. Those impacted by the breach should be especially mindful of unusual communications or account activity, as those can be indications of data misuse.

Customers Impacted: 13,905
How it Could Affect Your Customers’ Business: Comprehensive awareness training about the prevalence and best practices regarding phishing campaigns is a necessary step, but those initiatives have to be in place before a data breach in order to truly be effective. Phishing scams will inevitably land in your employees’ inboxes and developing a readiness posture can prevent them from exploiting additional vulnerabilities or instigating a data breach.

ID Agent to the Rescue: Monitoring the Dark Web for stolen credentials is critical for MSPs who want to provide comprehensive security to their customers. BullPhish ID compliments that data with simulated phishing attacks and security awareness training campaigns to educate employees, making them the best defense against cybercrime: https://www.idagent.com/bullphish-id.

United States – Foxit Software
https://www.oodaloop.com/briefs/2019/09/02/foxit-software-discloses-data-breach-exposing-user-passwords/

Exploit: Unauthorized database access
Foxit Software: Developer of portable document format software

1.51 – 2.49 = Severe Risk Risk to Small Business: 2.111 = Severe: Bad actors hacked into Foxit Software’s database, which contained the personal details of customers using the platform with a free account. In response, the company is encouraging all users to reset their passwords. In a competitive software environment, Foxit Software will have to grapple with the financial and reputational implications of a data breach, both of which can significantly impact the company’s bottom line.
1.51 – 2.49 = Severe Risk Individual Risk: 2.428 = Severe: The accessed database included “My Account” data that contained personal information such as names, email addresses, passwords, phone numbers, company names, and IP addresses. It’s unclear if passwords were encrypted, and Foxit is warning customers to be wary of phishing scams that could leverage compromised data to promulgate damaging campaigns.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Customers and employees are increasingly unwilling to remain with platforms that can’t protect customer data, making data breaches a logistical and PR nightmare for any company. Therefore, when information is compromised, companies need to be swift and robust in their response. Providing supportive services that can identify how data is used after it is stolen can hasten a holistic recovery effort.


ID Agent to the Rescue: We go into the Dark Web to keep you out of it. Dark Web ID is the leading Dark Web monitoring platform in the Channel. The award-winning platform combines human and sophisticated Dark Web intelligence with search capabilities to identify, analyze and proactively monitor for an organization’s compromised or stolen employee and customer data. Schedule a demo today: https://www.idagent.com/dark-web/#contact.

United States – UC Health 
https://www.bizjournals.com/cincinnati/news/2019/09/05/uc-health-phishing-attack-may-have-compromised.html

Exploit: Phishing scam
UC Health: Healthcare network based in Cincinnati, Ohio

1.51 – 2.49 = Severe Risk Risk to Small Business: 1.888 = Severe: A phishing attack successfully duped hospital employees into compromising patients’ medical records. The breach, which was disclosed on September 4th and discovered on July 6th, impacted email accounts until July 12th. In response, UC Health is updating its email security policies and providing an employee education program to prevent a similar breach in the future. Unfortunately, future-focused initiatives won’t help those whose information is already compromised. To compound the issue, the healthcare provider will now face regulatory scrutiny, bad press, and additional costs of recovery that could have been entirely prevented.
1.51 – 2.49 = Severe Risk Individual Risk: 2.142 = Severe: The compromised employee accounts contained limited amounts of patient data, including names, dates of birth, medical record numbers, and clinical information. Patients are encouraged to review their accounts for suspicious activity, and UC Health has established an incident hotline where anyone can report possible malfeasance.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: The ROI on proactive security measures continues to rise in the face of crippling breaches which come with costly implications. This incident serves as a cautionary tale for all SMBs and highlights the importance of securing customer and employee data before it is compromised.

ID Agent to the Rescue: Helping your SMB customers understand the importance of security is no easy task. With Goal AssistTM we offer hands-on assistance with your direct sales interactions, setting you up for the win by providing the resources necessary to make a case for dark web monitoring. Learn more here: https://www.idagent.com/goal-assist.

Canada – Yves Rocher
https://www.infosecurity-magazine.com/news/data-leak-affects-25m-customers/

Exploit: Unprotected database
Yves Rocher: Cosmetics and beauty brand

1.51 – 2.49 = Severe Risk Risk to Small Business: 2 = Severe: An unprotected database exposed the personal information of millions of Yves Rocher’s Canadian customers and intimate details about the company’s inner workings. Not only is Yves Rocher tasked with supporting the millions of customers impacted by the breach, the company data could be incredibly valuable to competitors who can gain unparalleled insights into Yves Rocher’s strategies, performance, and future promotions. Companies can pair this data with the customer information available from the breach to create precisely targeted advertising campaigns that could lure customers away from Yves Rocher. To make matters worse, security researchers found that employee credentials from a previous data breach were still compromised, allowing anyone to access other databases where they could modify or delete information.
1.51 – 2.49 = Severe Risk Individual Risk: 2.285 = Severe Risk: The exposed database included significant amounts of personal information, including names, phone numbers, email addresses, birth dates, zip codes, transaction history, and store location.

Customers Impacted: 2,500,000
How it Could Affect Your Customers’ Business: There is always a direct cost to a data breach, but the ancillary expenses can be even more catastrophic than the original charge. In this case, Yves Rocher could have their business practices significantly undermined as competitors use their lax data security to their competitive advantage. It’s a reminder that data security isn’t just an altruistic priority, it’s a bottom-line issue that every company needs to grapple with.

ID Agent to the Rescue: Dark Web ID monitors the Dark Web to find out if your employee or customer data has been compromised. We work with MSSPs to strengthen their security suite by offering industry-leading detection. Discover more at: https://www.idagent.com/dark-web.

United Kingdom – Monster.com
https://www.itpro.co.uk/data-breaches/34347/monstercom-job-seeker-data-exposed-in-third-party-leak

Exploit: Exposed database
Monster.com: Job recruitment website

1.51 – 2.49 = Severe Risk Risk to Small Business: 1.888 = Severe: A database belonging to a former Monster.com partner was discovered online. The file contained the personal information from thousands of US and UK users who uploaded their CVs to the job recruitment website. The breach applies to those who uploaded their CVs between 2014 and 2017, but the server wasn’t secured until last month. Since many of those impacted by the breach reside in the EU, the company will face serious GDPR fines along with less quantifiable consequences.
1.51 – 2.49 = Severe Risk Individual Risk: 2.285 = Severe: The personal information of users, uploaded as part of their CVs, was readily available online. This includes names, addresses, phone numbers, email addresses, and work history. This data is often used to facilitate other cybercrimes including advanced phishing attacks and identity fraud. Therefore, those impacted by the breach should enroll in credit and identity monitoring services to ensure that their information isn’t being misused.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Today’s regulatory landscape makes data security a top priority at every level. For Monster.com, failing to account for the data security status of their vendors could cause them to incur fines that will negatively impact revenue, creating additional downstream repercussions. For companies that are fortunate enough not to have experienced a data breach, evaluation and fortification can help ensure that their information remains secure and their bottom line is protected.

ID Agent to the Rescue: Dark Web ID monitors the Dark Web to find out if your employee or customer data has been compromised. We work with MSSPs to strengthen their security suite by offering industry-leading detection. Discover more at: https://www.idagent.com/dark-web/.

France – Option Way
https://www.scmagazine.com/home/security-news/flight-booking-site-option-way-exposed-personal-info-on-customers/

Exploit: Unprotected database
Option Way: Flight booking website

1.51 – 2.49 = Severe Risk Risk to Small Business: 1.666 = Severe: Incorrect password reset links exposed the personal information of Option Way customers and it provided a leverage point for hackers to access the company’s broader IT infrastructure. Security researchers accessed more than 100GB of company data that included personally identifiable information, billing data, and employee credentials. Taken together, the exposed database raises serious concerns about the platform’s ability to secure company and customer data. In an industry that has historically been cutthroat in regard to acquiring customers and turning profits, such an incident can leave an irreparable blemish on the company’s brand and overall reputation.
1.51 – 2.49 = Severe Risk Individual Risk: 2.428 = Severe: The exposed database included unencrypted personal information, such as names, birth dates, travel destinations, flight prices, and departure dates. In addition, credit card details were viewable by anyone with access to the database, making it a veritable treasure trove for bad actors perpetrating identity theft or financial fraud. Therefore, those impacted by the breach should enroll in credit and identity monitoring services to ensure that their data isn’t misused now or in the future.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Exposed databases are self-inflicted wounds that come with sizeable price tags. Not only do businesses have to carry the cost of recovery, but the reputational damage can have a meaningful impact on their bottom line. As a result, every business should prioritize regular assessments of their cybersecurity threat landscape, ensuring that their defenses are adequate and that their systems are secure.

ID Agent to the Rescue: With BullPhish ID, MSPs can provide a more complete picture of a company’s security posture and potential risk, transforming the weakest links of an organization into their strongest points of protection. Find out how you can get started with us here: https://www.idagent.com/bullphish-id.

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.



In Other News:

Half of Canadians Impacted By Data Breach in 2019 

2019 has been a difficult year for data security, a reality that Canadians are feeling especially acutely. 

According to data released by the Office of the Privacy Commissioner of Canada, 19 million Canadians were impacted by a data breach in an 8-month period from November 2018 to June 2019.

Canada’s population is just under 38 million, which means that more than half of all Canadians experienced a data privacy event in the past eight months. During this time, 448 data breaches were reported to the agency, a stunning number for a relatively small country.

The report found that 59% of these breaches were derived from hacks and insider threats, and an additional 22% came from accidental disclosures. Regardless of the cause, it’s illustrative of our broad digital moment where data breaches are more of an inevitability than an unrealized risk.

The findings underscore the importance of data security in today’s digital landscape, and businesses can differentiate themselves by prioritizing and executing on a comprehensive data security strategy.

https://www.thepostmillennial.com/over-half-of-canadians-had-their-online-data-breached-between-november-and-june/


What We’re Listening to:

Know Tech Talks
Security Now
Defensive Security Podcast
Small Business, Big Marketing – Australia’s #1 Marketing Show!
IT Provider Network – The Podcast for Growing IT Service
TubbTalk – The Podcast for IT Consultants
Risky Business
CHANNELe2e


A Note for Your Customers:

Business Email Compromise Overtakes Ransomware With Insurance Claims 

By virtually every metric, phishing scams have been increasing in frequency and sophistication this year, making them one of the most prominent cybersecurity risks for any business. That reality was reiterated this week when insurance provider AIG published its most recent statistics on cyber-insurance claims. 

Business email compromise (BEC) has surpassed ransomware and data breaches as the primary reason that companies file a claim. These vulnerabilities, which include everything from credential stuffing to phishing campaigns, account for 23% of all cyber-related claims.

AIG blames weak passwords and a lack of employee training as the primary reasons that BEC claims are on the rise.

Moreover, regardless of the methodology, cyber-insurance claims have risen precipitously in the past several years. AIG notes that more claims were filed in 2018 than in the previous two years combined.

However, this latest release is a reminder that not all cyber vulnerabilities are out of our control, and accessible measures like comprehensive cybersecurity training can help position businesses for success.

https://www.zdnet.com/article/bec-overtakes-ransomware-and-data-breaches-in-cyber-insurance-claims/

 


 Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in entirety) for your own social media and marketing efforts! Just send an email to [email protected] to let us know!

Not a Partner? Learn more about Dark Web ID™ and the benefits it holds for your Business. Contact us today!