Please fill in the form below to subscribe to our blog

The Week in Breach: 01/15/20 – 01/21/20

January 22, 2020

This week, phishing scams cost millions, oversights compromise customer data, and Magecart targets Australian brushfire donors. 

Dark Web ID Trends:

Top Source Hits: ID Theft Forums 
Top Compromise Type: 
Domain
Top Industry:
High-Tech & IT
Top Employee Count:
1 – 10 Employees 


United States – LimeLeads
https://www.zdnet.com/article/49-million-user-records-from-us-data-broker-limeleads-put-up-for-sale-online/

Exploit: Unsecured database
LimeLeads: B2B lead generation service

1.51 – 2.49 = Severe Risk Risk to Small Business: 2 = Severe: LimeLeads failed to secure an internal server, allowing a prominent threat actor to acquire and subsequently sell the company’s data on the Dark Web. The data breach could have significant implications for the company, whose business model centers around brokering company data for marketing initiatives. Security researchers found that the database was publicly exposed since at least July 27, 2019, meaning that the company had ample time to secure the database before bad actors became involved. Now they must grapple with crippling losses, including the less quantifiable brand erosion that accompanies a data breach.
1.51 – 2.49 = Severe Risk

Individual Risk: 2.428 = Severe: Company data has been for sale since October 2019, spanning across personally identifiable information such as their names, titles, email addresses, employer/company names, addresses, phone numbers, and even total revenue numbers. This information can be strategically deployed in spear phishing attacks, so those impacted by the breach should be especially critical of online communications while also closely monitoring their accounts for suspicious or unusual information.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Customers and companies are increasingly unwilling to partner with organizations that can’t secure their data. Consequently, avoidable data breaches are an especially egregious way to compromise a company’s long-term viability. Inevitably, mistakes will be made, but identifying those errors and making corrections before hackers can capitalize on the information is critical to any defensive posture.

ID Agent to the Rescue: Compliance Manager™ automates data privacy standards, eliminating guesswork and ensuring efficiency at every stage. Learn more at: https://www.idagent.com/compliance-manager.

United States – New Albany Airport
https://www.cityandstateny.com/articles/policy/technology/albany-airport-authority-suffers-ransomware-attack.html

Exploit: Ransomware attack
New Albany Airport: New York-based airport authority

1.51 – 2.49 = Severe Risk Risk to Small Business: 2.111 = Severe: A ransomware attack on one of the airport’s MSPs spread to its servers, encrypting backup files, administrative information, and other resources. Fortunately, the malware did not extend to the Albany International Airport or airline computers. However, the company was forced to pay a five-figure ransom to recover their information. The attack’s effectiveness was predicated on the organization’s outdated hardware and lax cybersecurity standards. In response, the New Albany Airport Authority terminated its contract with the MSP and is taking steps to upgrade its defensive posture.

Individual Risk: At this time, no personal information was compromised in the breach.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: This incident underscores the cascading consequences of a data breach. For the New Albany Airport Authority, they will bear the financial cost of recovery while their MSP will lose an important contract since they failed to protect their customers’ IT. From both directions, it’s clear that data security failure is a deal breaker in today’s digital environment.

ID Agent to the Rescue: Helping your SMB customers understand the importance of security is no easy task. With Goal Assist™, we offer hands-on assistance with your direct sales interactions, setting you up for the win by providing the resources necessary to make a case for Dark Web monitoring. Learn more here: https://www.idagent.com/goal-assist.

United States – Manor Independent School District 
https://www.usatoday.com/story/money/2020/01/17/email-phishing-scam-texas-school-district-manor/4498270002/

Exploit: Phishing scam
Manor Independent School District: Public school district

1.51 – 2.49 = Severe Risk Risk to Small Business: 1.777 = Severe: Hackers successfully executed a phishing scam against employees, and they used the stolen credentials to siphon $2.3 million from the district. It took three separate transactions to acquire a significant sum, but their efforts were ultimately successful. The lost funds are just the start of an expensive process that will undoubtedly involve updating cybersecurity protocols, implementing employee awareness training, and upgrading IT infrastructure.
1.51 – 2.49 = Severe Risk

Individual Risk: 2.428 = Severe: While the phishing scam didn’t compromise the district’s data, those implicated in the scheme submitted their account credentials to cybercriminals. They will need to update their account information to ensure its long-term security. At the same time, they should closely monitor their other accounts for unusual or suspicious activity.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: While some companies might be reticent to invest in employee awareness training, this incident demonstrates that the cost of a successful phishing scam far exceeds the expense of preventative measures. The district is working to recoup lost funds but is not likely to emerge unscathed. This news offers a cautionary tale for organizations of all shapes and sizes; preventative measures are only effective if they are implemented before a breach occurs.

ID Agent to the Rescue: BullPhish IDTM simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime. Click the link to get started simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime. Click the link to get started: https://www.idagent.com/bullphish-id.

Canada – PlanetDrugsDirect
https://www.bleepingcomputer.com/news/security/online-pharmacy-planetdrugsdirect-discloses-security-breach/

Exploit: Exposed client data
PlanetDrugsDirect: Online pharmacy

1.51 – 2.49 = Severe Risk Risk to Small Business: 1.666 = Severe: PlanetDrugsDirect sent emails and direct mail to its customers, notifying them of a data breach that compromised customers’ personal health information (PHI). In addition to customer blowback, PlanetDrugsDirect will face intense regulatory scrutiny because of the sensitive nature of the data compromised. Additionally, their response was ambiguous at best, minimizing the company’s ability to begin restoring customer confidence in the wake of the data breach.

Individual Risk: At this time, no personal information was compromised in the breach.

1.51 – 2.49 = Severe Risk

Individual Risk: 2 = Severe: According to the company, hackers accessed customers’ names, addresses, email addresses, phone numbers, medical information, and payment information. Those impacted by the breach should notify their financial institutions of the event. PlanetDrugsDirect is asking all customers to closely monitor their bank account and credit account activity. Increased vigilance surrounding online communications is key, as this information is often used to execute phishing scams and other cybercrimes.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: PlanetDrugsDirect sent emails and direct mail to its customers, notifying them of a data breach that compromised customers’ personal health information (PHI). In addition to customer blowback, PlanetDrugsDirect will face intense regulatory scrutiny because of the sensitive nature of the data compromised. Additionally, their response was ambiguous at best, minimizing the company’s ability to begin restoring customer confidence in the wake of the data breach.


ID Agent to the Rescue: With BullPhish ID, MSPs can provide a more complete picture of a company’s security posture and potential risk, transforming the weakest links of an organization into their strongest points of protection. Find out how you can get started with us here: https://www.idagent.com/bullphish-id.

Canada – City of Corner Brook 
https://www.cbc.ca/news/canada/newfoundland-labrador/corner-brook-privacy-1.5429593

Exploit: Unauthorized database access
City of Corner Brook: Local municipality

1.51 – 2.49 = Severe Risk Risk to Small Business: 2 = Severe: On four occasions, hackers accessed private information on the city’s website that included peoples’ personally identifiable information. Specifically, the data related to a previous voters’ directory. After identifying the breach, the city brought the entire system offline to prevent further access while officials investigate the nature and scope of the attack.
1.51 – 2.49 = Severe Risk

Individual Risk: 2.428 = Severe: The data breach included a voters’ list comprised of residents’ names and dates of birth. While the city is designating the information “low risk,” those impacted by the breach should carefully monitor their accounts. Login information that is reused across accounts can be leveraged in phishing scams that can compromise even more critical personal data.

Customers Impacted: 10,000
How it Could Affect Your Customers’ Business: Cybercriminals often pursue soft targets, organizations or institutions with weak cybersecurity standards. Budgetary restrictions are a real hurdle to cyber defense, but any organization can improve its defensive posture by implementing simple best practices, like two-factor authentication, to secure accounts and IT infrastructure.

ID Agent to the Rescue: With PasslyTM, you can protect valuable IT but securing employee accounts. We offer integrated multi-factor authentication, single sign-on, and identity management solutions to protect your credentials and your data. Find out more at: http://www.idagent.com/passly.

Germany – Bithouse Inc.
https://www.infosecurity-magazine.com/news/peekaboo-moments-data-breach/

Exploit: Unsecured database
Bithouse Inc.: App developer

1.51 – 2.49 = Severe Risk Risk to Small Business: 2.111 = Severe: Security researchers discovered an exposed database for Bithouse Inc.’s Peekaboo Moments app. The software is used by parents to collect photos and videos of their children’s memorable moments, making the exposure of this information to the open internet a serious privacy violation that is certain to have significant consequences for developers. The exposed database included files dating back to March 2019, and security researchers described their IT infrastructure as “bizarrely done and grossly insecure.” Customer blowback and the subsequent financial repercussions will be considerable.
1.51 – 2.49 = Severe Risk

Individual Risk: 2.428 = Severe: In addition to user email addresses, photos and videos collected by app users were available on the exposed database. This information could be deployed in additional cyberattacks, including phishing campaigns, but the most significant violation is a profound privacy intrusion due to company negligence.

Customers Impacted: 800,000
How it Could Affect Your Customers’ Business: Bithouse Inc. is enduring serious media scrutiny because of the uniquely sensitive nature of the content. Ultimately, functionality, accessibility, or even novelty can’t supplant data security. The episode should serve as a lesson to every company collecting personal information and encourage developing digital platforms to rethink their data security postures.

ID Agent to the Rescue: It’s critical that your SMB customers understand the importance of cybersecurity. Goal Assist is an expansion of our White Glove Support that includes hands-on assistance with your direct sales interactions. Let us help to ensure you are getting the most from your Partnership selling Dark Web ID. ID Agent’s Partner Success Team will set you up for the win! Learn more here: https://www.idagent.com/goal-assist.

United Kingdom – Fresh Film Productions
https://www.verdict.co.uk/fresh-film-data-breach-dove/

Exploit: Unsecured database
Fresh Film Productions: Advert film production company

1.51 – 2.49 = Severe Risk Risk to Small Business: 2 = Severe: The production company failed to secure a company database, accidentally sharing their personally identifiable information (PII) online. After learning of the incident, the company immediately secured the database, but the server has been publicly available since 2018 and was accessed by cybercriminals. Most notably, the database contained the personal information of 40 men who participated in a Dove Men Plato ad campaign.
1.51 – 2.49 = Severe Risk

Individual Risk: 1.666 = Severe: The exposed database included personally identifiable information, including names, addresses, email addresses, telephone numbers, dates of birth, and bank details. Those affected need to notify their financial institutions of the breach and consider enrolling in identity and credit monitoring services to protect their information against additional cybercrimes or fraud attempts.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: For many consumers, trust in a brand’s data security standards is a prerequisite for doing business. Therefore, companies that fail to avoid even the most preventable data disasters are not well-positioned for success in today’s breach-averse culture. To be a successful, impactful organization, data security has to be a top priority.

ID Agent to the Rescue: With Compliance Manager, any company can automate data privacy standards and documentation responsibilities, making compliance a simple, intuitive process for everyone. Click the link to get started today: https://www.idagent.com/compliance-manager.

Australia – P&N Bank
https://www.zdnet.com/article/p-n-bank-discloses-data-breach-customer-pii-account-information-stolen/

Exploit: Information breach
P&N Bank: Financial services provider

1.51 – 2.49 = Severe Risk Risk to Small Business: 1.777 = Severe: A third-party partner with P&N Bank was accessed by hackers, compromising the bank’s customer data. The breach occurred during a December server upgrade. In response, P&N shut down the servers to prevent further access or infiltration. Unfortunately, they may not have acted quickly enough, and will now have to manage the trifecta of customer outrage, media scrutiny, and regulatory oversight that’s likely to accompany the event.
1.51 – 2.49 = Severe Risk

Individual Risk: 2.285 = Severe: Although the bank doesn’t believe that customer data was misused, hackers could have accessed customers’ names, addresses, email addresses, phone numbers, customer numbers, ages, account numbers, and account balances. Those impacted by the breach should carefully monitor their accounts for unusual activity and enrolling in credit or identity monitoring services can ensure that their personal information remains secure.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: In every sector, third-party partnerships are proving to be a vulnerability when it comes to data security. While these collaborations are often necessary to provide a compelling customer experience, data security should be a central element of the vetting process. Otherwise, what companies gain from increased functionality could be lost to the steep consequences of a data breach.

ID Agent to the Rescue: Dark Web ID can find out how payment data is being used on the Dark Web, even in the case of a malware attack. We work with MSPs to strengthen their security suite by offering industry-leading detection. Find out more here: https://www.idagent.com/dark-web.

Risk Levels:
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.



In Other News:

Magecart Attack Targets Australian Bushfire Donations 

Australia’s bushfire natural disaster is one of the most profound in recent memories, inspiring donors from around the world to contribute resources to the cause. Unfortunately, a legitimate donations site was infected with a Magecart payment-card skimmer that stole donors’ personal information when making an online payment.

The breach was discovered by security researchers, who declined to identify the specific website impacted by the breach. Payment-card skimming malware is an increasing concern for e-commerce platforms, as it collects users’ most sensitive personal data. In addition, it undermines customer confidence in the online payment process, which could decrease their willingness to spend money online.

In this case, payment-card skimming could cost valuable resources in a dire situation. For all companies relying on e-commerce to drive revenue, it’s a reminder that customer confidence is a crucial component of successful online sales initiatives.

https://securityintelligence.com/news/australian-bushfires-donation-website-compromised-by-magecart-credit-card-skimming-attack/


Where in the World is ID Agent:

Jan. 30 – Long Beach, CA: Kaseya Connect IT Local
Jan. 31 – Franklin, TN: Robin Robins’ Producers Club
Feb. 3 – 7 – Phoenix, AZ: ConnectWise Evolve Quarterly
Feb. 4 – Dallas/Ft. Worth, TX: Kaseya Connect IT Local
Feb. 4 – Birmingham, UK: Kaseya Connect IT Local
Feb. 5 – London, UK: Kaseya Connect IT Local
Feb. 6 – Austin, TX: Kaseya Connect IT Local


A Note for Your Customers:

Two-thirds of UK Healthcare Organizations Breached in 2019 

Healthcare companies store peoples’ most sensitive personal information, and data breaches in the industry are both increasingly prevalent and incredibly expensive. A compromised healthcare record is nearly twice as costly as that of the next highest sector. 

The consequences of this new reality are especially acute in the UK, where two-thirds of healthcare organizations experienced a data breach in 2019. According to a study by Vanson Bourne, nearly half of these incidents were malware-related. At the same time, other factors, including unauthorized data sharing, phishing scams, and noncompliance with data protection policies, also represented serious threats to healthcare data.

Notably, as the industry becomes increasingly tech-driven and comprised of third-party partnerships, these risks will continue to expand. In the year ahead, healthcare organizations around the world will need to reprioritize data security as an added element of quality patient care.

https://www.computerweekly.com/news/252476696/Two-thirds-of-UK-healthcare-organisations-breached-last-year

 


Data Breach Lists by State:

There are a lot of U.S. state agencies that publish lists of reported data breaches in their respective states. We created a chart of published lists and will keep this updated:

STATE BREACHES
California 1,806 (2012-present)
Delaware 47 (2018-present)
Hawaii 61 (2007-present)
Indiana 5,207 (2014-present)
Iowa 223 (2011-present)
Maine 2,653 (2010-present)
Maryland 4,487 (2015-present)
Massachusetts 14,298 (2007-present)
Montana 1,695 (2015-present)
New Hampshire 2,786 (2007-present)
New Jersey 152 (2017-present)
North Carolina 6,230 (2005-present)
North Dakota 56
Oregon 377 (2015-present)
South Carolina 568
Vermont 536 (2017-2020)
Virginia 3,244 (2012-2018)
Washington 342 (2015-2019)
Wisconsin 166 (2012-2019)


 Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in entirety) for your own social media and marketing efforts! Just send an email to [email protected] to let us know!

Not a Partner? Learn more about Dark Web ID™ and the benefits it holds for your Business. Contact us today!